understanding the understanding the
play

Understanding the Understanding the Bios/Photos Internet - PDF document

Oct 02, 2023 •122 likes •240 views

5/3/2004 Announcements U.S. National Cybersecurity Axess U.S. National Cybersecurity Forum Understanding the Understanding the Bios/Photos Internet Internet Law School Event William J. Perry Martin Casado Keith

  1. 5/3/2004 Announcements U.S. National Cybersecurity • Axess U.S. National Cybersecurity • Forum Understanding the Understanding the • Bios/Photos Internet Internet • Law School Event William J. Perry Martin Casado • Keith Coleman • Dan Wendlandt MS&E 91SI Spring 2004 Stanford University U.S. National Cybersecurity March 31, 2004 U.S. National Cybersecurity March 31, 2004 The Internet is … Goal: Provide Working Knowledge of the Internet (as it relates to this class!) U.S. National Cybersecurity March 31, 2004 And … At Present: • More than 500 million computers • 287.5 Million English Users • 516.7 Million Non English Users • Over 38 million active domains • So … how does it all work? U.S. National Cybersecurity March 31, 2004 U.S. National Cybersecurity March 31, 2004 1

  2. 5/3/2004 First: A Story A Network Is … • Computers • Wires Connecting computers AT&T SPRINT U.S. National Cybersecurity March 31, 2004 U.S. National Cybersecurity March 31, 2004 “Internet” Really a Network of Networks (ISPs) Sprint To Complex for my Brain.. (and not really modular) MCI AT&T MCI U.S. National Cybersecurity March 31, 2004 U.S. National Cybersecurity March 31, 2004 Organized Into Hierarchy by Separated into “Layers” Function Application Transport Network Physical U.S. National Cybersecurity March 31, 2004 U.S. National Cybersecurity March 31, 2004 2

  3. 5/3/2004 The Physical Layer Application The Physical Layer Transport Network Physical U.S. National Cybersecurity March 31, 2004 U.S. National Cybersecurity March 31, 2004 Physical Layer Physical Layer The hardware that makes up the Internet • Computers are physically located in some-ones jurisdiction (whose? implications?) • Must be physically protected • Anything you can “touch” (destroyed computers don’t work, nor to clipped wires) • One wire, can carry a lot of data … better to use • The physical computers less? (2 fiber lines across Rockies) • Hard limitation (about 5 ways in and out of US) • The wires connecting computers • Often overlooked, though a serious component in security!!! U.S. National Cybersecurity March 31, 2004 U.S. National Cybersecurity March 31, 2004 Network Layer Application The Network Layer Transport Network Physical U.S. National Cybersecurity March 31, 2004 U.S. National Cybersecurity March 31, 2004 3

  4. 5/3/2004 IP Addresses IP Packets Every reachable computer (not really) on Information leaving computers is broken the Internet is given a unique identifier into discrete segments or packets, marked called an IP address with the IP address of the destination and the IP address of the source. IP Packet 171.67.71.18 data source destination U.S. National Cybersecurity March 31, 2004 U.S. National Cybersecurity March 31, 2004 Routing Packet Flow on Internet Computers on the Internet that lie between sending and receiving computers (called “routers”) forward received packets to connecting computers. ? The choice of wire to send a packet out of ? is based solely on the destination of the packet. U.S. National Cybersecurity March 31, 2004 U.S. National Cybersecurity March 31, 2004 Network Layer : (Overview) A Look at ISPs • Computers are identified by globally unique • Carry their customers traffic to anywhere address (32 bits) called and IP address (note: in the globe this is somewhat of a white lie) • Data is broken into small “chunks” called • What kind of power does an ISP have? packets • What factors determine routing decisions? • Packets flow between computers over • How can ISPs trust each other? specialized computers. “routers” • Each router makes its own decision where to • Why would an ISP want to limit attacks on send a packet the network? • Routers ONLY make the decision via the • What is the potential damage of a rogue packets destination ISP? U.S. National Cybersecurity March 31, 2004 U.S. National Cybersecurity March 31, 2004 4

  5. 5/3/2004 Domain Name System • When trying to contact a computer (www.google.com) do not use IP addresses … A Quick Digression: Domain Name System • Instead use DNS … converts “names” (can remember) to IP addresses (cannot remember) U.S. National Cybersecurity March 31, 2004 U.S. National Cybersecurity March 31, 2004 Domain Name System • Convert Name (www.foo.com) to 32 bit value (134.114.223.91) • Must ask special machine (name The Transport Layer server) for answer (problems here?) • Has good and bad properties! (as we will see!) U.S. National Cybersecurity March 31, 2004 U.S. National Cybersecurity March 31, 2004 Transport Layer Transport Layer Uses “IP packets” to send information from computer A to computer B Application Transport e.g. TCP Network A Reliable method of sending information to someone Physical “hi there mom “hi there mom” U.S. National Cybersecurity March 31, 2004 U.S. National Cybersecurity March 31, 2004 5

  6. 5/3/2004 TCP Transport Layer • 99% of Internet Traffic • ICMP, UDP : Other methods of • Must set up a connection before hand sending information Sure! • Not “seen” by normal users Internet • Nuts and bolts are good for Can I connect to port 80? understanding attacks and • Uses PORTs to differentiate multiple vulnerabilities connections per machine • Once established can be reasonably assured you are talking to a real machine! (http://www.ja.net/CERT/Morris/r.t.morris-TCP.html) U.S. National Cybersecurity March 31, 2004 U.S. National Cybersecurity March 31, 2004 Application Layer Application The Application Layer Transport (finally some familiarity) Network Physical U.S. National Cybersecurity March 31, 2004 U.S. National Cybersecurity March 31, 2004 The Application Layer The Application Layer • Email Applications use transport layers (such as TCP) to communicate • World Wide Web across the Internet • SSH • Telnet • FTP Netscape www.google.com • Applications we love and use every day! TCP Connection U.S. National Cybersecurity March 31, 2004 U.S. National Cybersecurity March 31, 2004 6

  7. 5/3/2004 The Application Layer The Application Layer Common application use known • Usually gets the most attention “PORTs” for establishing connections because it is what we see/interact with • However, on top of all other layers Netscape www.google.com (which we don’t normally consider!) TCP Connection port 80 Email Client Email Server TCP Connection port 110 U.S. National Cybersecurity March 31, 2004 U.S. National Cybersecurity March 31, 2004 Real Networking Stack Complete Picture ? Users (not even close) Application Policy Transport Network Physical U.S. National Cybersecurity March 31, 2004 U.S. National Cybersecurity March 31, 2004 Vulnerabilities & Attacks The nature of the network technologies, protocols, and operators are the basis for attacks. Why do we need to know Attacks can (and will) come at vulnerabilities in every layer. this technology ? Big Question: What is it about the Internet architecture that causes these vulnerabilities to exist? Users Application Attacks Transport Network Physical U.S. National Cybersecurity March 31, 2004 U.S. National Cybersecurity March 31, 2004 7

  8. 5/3/2004 Definitions Attacks on the Internet In cybersecurity: Why do attacks matter? def. vulnerability (n): Attacks affect the Internet’s ability to any avenue for attack. function as a reliable and secure critical infrastructure. def. attack (n) Any action that without authorization exposes, modifies, utilizes or denies the availability of an Internet related resource. U.S. National Cybersecurity March 31, 2004 U.S. National Cybersecurity March 31, 2004 Scanning & Fingerprinting Exploits What is it? What is it? The use of vulnerabilities in or misconfiguration of software or hardware to gain access to information or resources on Reconnaissance technique to explore a system. Exploits may be manual or networks, classify + analyze connected hosts, and identify potential automated. vulnerabilities. example: Blaster worm exploits RPC bug Example: nmap security scanner U.S. National Cybersecurity March 31, 2004 U.S. National Cybersecurity March 31, 2004 Denial of Service Social Engineering Attack What is it? What is it? Any attempt that employs non-technical means to attack a system. Often the attacker uses information gleaned from outside sources to produce false credentials. Attacks are often The malicious consumption of resources in order to hybrid, relying on human and technical factors. make a system incapable of fulfilling its designed role. Attacks are often “distributed” to increase resource consumption. example: Beagle virus used email domain name to pose as a message from the user’s ISP. example: SYN flood against Yahoo U.S. National Cybersecurity March 31, 2004 U.S. National Cybersecurity March 31, 2004 8

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Understanding Others Understanding Others From Dots to Robots From Dots to Robots Ayse P.

Understanding Others Understanding Others From Dots to Robots From Dots to Robots Ayse P.

Understanding Others Understanding Others From Dots to Robots From Dots to Robots Ayse P. SAYGIN . University of California San Diego http://apsaygin.googlepages.com Understanding Others Understanding Others Theory 3 rd person

1.34k views • 75 slides
2018 Understanding the status of NPE funding Understanding the changes to the ACIP Process

2018 Understanding the status of NPE funding Understanding the changes to the ACIP Process

2018 Understanding the status of NPE funding Understanding the changes to the ACIP Process Understanding the planning role Understanding the phasing of projects 2 9:00 a.m. Welcome 9:05 a.m. Introduction - Michelle Frazier 9:25 a.m.

815 views • 81 slides
COMP31212: Concurrency Topics 2.3: Understanding FSP Topic 2.3: Understanding FSP Outline Topic

COMP31212: Concurrency Topics 2.3: Understanding FSP Topic 2.3: Understanding FSP Outline Topic

Topic 2.3: Understanding FSP COMP31212: Concurrency Topics 2.3: Understanding FSP Topic 2.3: Understanding FSP Outline Topic 2.3: Understanding FSP About Transition Systems Prefix & Definition Rules Choice Rule Parallel Composition

923 views • 66 slides
Toward an Understanding of C++ Writing and Understanding C++ Writing programs in any language

Toward an Understanding of C++ Writing and Understanding C++ Writing programs in any language

Toward an Understanding of C++ Writing and Understanding C++ Writing programs in any language requires understanding the Traditional first program, doesnt convey power of computing syntax and semantics of the programming language as

519 views • 5 slides
Understanding functionality and structure Aim Design scaffolds for understanding IT use

Understanding functionality and structure Aim Design scaffolds for understanding IT use

Understanding functionality and structure Aim Design scaffolds for understanding IT use Complete Assignment 2 Core literature: Chapter 4. Understanding IT Additional literature Aharoni, D. (2000) Cogito, ergo sum!

862 views • 32 slides
Understanding functionality and structure Aim Design scaffolds for understanding IT use

Understanding functionality and structure Aim Design scaffolds for understanding IT use

INF 3280, 29 Jan 2019 Understanding functionality and structure Aim Design scaffolds for understanding IT use Complete Assignment 2 Core literature: Chapter 4. Understanding IT Additional literature Aharoni, D.

168 views • 16 slides
Understanding functionality and structure Aim Design scaffolds for understanding IT use

Understanding functionality and structure Aim Design scaffolds for understanding IT use

INF 3280, 5 Feb 2020 Understanding functionality and structure Aim Design scaffolds for understanding IT use Complete Assignment 2 Core literature: Chapter 4. Understanding IT Additional literature Aharoni, D.

440 views • 12 slides
CS1063: Understanding CS1063: Understanding CS1063: Understanding CS1063: Understanding

CS1063: Understanding CS1063: Understanding CS1063: Understanding CS1063: Understanding

12/7/2009 CS1063: Understanding CS1063: Understanding CS1063: Understanding CS1063: Understanding Computer Hardware Computer Hardware Computer Hardware Computer Hardware A CD has a single spiral track of data, circling from the A CD has a

214 views • 3 slides
Understanding Me, Understanding You KATHY J. LANGSTON, PHD UNIVERSITY OF SOUTH CAROLINA #1

Understanding Me, Understanding You KATHY J. LANGSTON, PHD UNIVERSITY OF SOUTH CAROLINA #1

Understanding Me, Understanding You KATHY J. LANGSTON, PHD UNIVERSITY OF SOUTH CAROLINA #1 INTERNATIONAL BUSINESS PROGRAMAGAIN!! Seamus Heaney, Irish Poet 1995 Nobel Prize Winner I have begun to think of life as a series of ripples

497 views • 18 slides
OVERVIEW Understanding of Grief & Loss Understanding the Uniqueness of Suicide Grief

OVERVIEW Understanding of Grief & Loss Understanding the Uniqueness of Suicide Grief

Healing Hearts' Approach to Building Resiliency in Children and Families in the Face of Loss & Aversity Presented by: Morgan Griffin & Melissa Minkley 1 OVERVIEW Understanding of Grief & Loss Understanding the Uniqueness of

110 views • 7 slides
Understanding a Sites Traffic With Google Analytics UNDERSTANDING GOOGLE ANALYTICS Daniel

Understanding a Sites Traffic With Google Analytics UNDERSTANDING GOOGLE ANALYTICS Daniel

Understanding a Sites Traffic With Google Analytics UNDERSTANDING GOOGLE ANALYTICS Daniel Stern CODE WHISPERER @danieljackstern Understanding Google Analytics Understanding how it works and when to use it is the first step to

261 views • 15 slides
the social church crea%ng understanding between different genera%ons

the social church crea%ng understanding between different genera%ons

frido aalbers 1381717 the social church crea%ng understanding between different genera%ons creating understanding strengthening the community crea%ng understanding insights people

560 views • 17 slides
Information Needs Understanding the population Understanding the population of Mui dolphins is a

Information Needs Understanding the population Understanding the population of Mui dolphins is a

Information Needs Understanding the population Understanding the population of Mui dolphins is a large area of work and ranges from knowing what the population size is, to where it is, and what it is doing. In relation to this it is important to

496 views • 31 slides
Un Understanding an and Im Impac act on HR Organ

Un Understanding an and Im Impac act on HR Organ

Un Understanding an and Im Impac act on HR Organ anis isat atio ional al De Develo lopment Azrinah Rahman, CSPS Co Content Understanding Industrial Revolution 4.0

666 views • 30 slides
Understanding Urban Dynamics with Community Behaviour Modelling Understanding our cities and

Understanding Urban Dynamics with Community Behaviour Modelling Understanding our cities and

Understanding Urban Dynamics with Community Behaviour Modelling Understanding our cities and citizens Dr. Afra Mashhadi Bell Laboratories Alcatel-Lucent January 2015 The world is in the midst of an immense population shift 50% living in

128 views • 9 slides
AN OVERVIEW Understanding the basics of accreditation Understanding the role of the

AN OVERVIEW Understanding the basics of accreditation Understanding the role of the

AN OVERVIEW Understanding the basics of accreditation Understanding the role of the institutions board in the accreditation process Discussion of current issues (institutional and national) in higher education today National

265 views • 25 slides
Combining data mining and text mining for detec1on of early

Combining data mining and text mining for detec1on of early

Combining data mining and text mining for detec1on of early stage demen1a: the SAMS framework Christopher Bull, Dommy Asfiandy, Ann Gledson, Joseph

284 views • 14 slides
Sta$s$cs & Experimental Design with R Barbara Kitchenham

Sta$s$cs & Experimental Design with R Barbara Kitchenham

Sta$s$cs & Experimental Design with R Barbara Kitchenham Keele University 1 General Linear Models Logis$c and Poisson Regression 2 Logis$c Regression

187 views • 17 slides
Winners and Losers $ Within 5 years after deregulation of airlines, how many communities in the

Winners and Losers $ Within 5 years after deregulation of airlines, how many communities in the

Winners and Losers $ Within 5 years after deregulation of airlines, how many communities in the U.S. lost all of their commercial air service? $ Answer: About 116. Who Does Competition Help? 160 140 120 Residential Basic Index (1984=100)

88 views • 6 slides
Secure Border Gateway Protocol (S-BGP): Real World Performance & Deployment Issues Stephen

Secure Border Gateway Protocol (S-BGP): Real World Performance & Deployment Issues Stephen

Secure Border Gateway Protocol (S-BGP): Real World Performance & Deployment Issues Stephen Kent, Charles Lynn, Joanne Mikkelson, and Karen Seo BBN Technologies A Part of Outline BGP Model BGP security concerns & requirements

528 views • 20 slides
Engagement and STEM Learning with Models and Probes Carolyn Staudt, Curriculum/Professional

Engagement and STEM Learning with Models and Probes Carolyn Staudt, Curriculum/Professional

Revolutionary digital learning for science, math and engineering Deeply Digital Student Engagement and STEM Learning with Models and Probes Carolyn Staudt, Curriculum/Professional Developer The Concord Consortium, Concord, MA Project work

745 views • 48 slides
Programming the Demirci-Selc uk Meet-in-the-Middle Attack with Constraints Danping Shi 1 Siwei

Programming the Demirci-Selc uk Meet-in-the-Middle Attack with Constraints Danping Shi 1 Siwei

Programming the Demirci-Selc uk Meet-in-the-Middle Attack with Constraints Danping Shi 1 Siwei Sun 1 Patrick Derbez 2 Yosuke Todo 3 Bing Sun 4 Lei Hu 1 1 Institute of Information Engineering, Chinese Academy of Sciences, China 2 Univ Rennes,

1.17k views • 87 slides
Access Design: Past, Present, and Future Janusz A. Ordover New York University ACCC Regulation

Access Design: Past, Present, and Future Janusz A. Ordover New York University ACCC Regulation

Access Design: Past, Present, and Future Janusz A. Ordover New York University ACCC Regulation Conference Gold Coast, Australia July 28-29, 2005 Why Access Regulation? The starting point is the view that access regulation is necessary to

469 views • 26 slides
MCIWEST MCIWEST Sustainability of USMC Ranges Sustainability of USMC Ranges (Southwest CONUS)

MCIWEST MCIWEST Sustainability of USMC Ranges Sustainability of USMC Ranges (Southwest CONUS)

MCIWEST MCIWEST Sustainability of USMC Ranges Sustainability of USMC Ranges (Southwest CONUS) (Southwest CONUS) MGen Michael Michael Lehnert Lehnert MGen 04 December 2007 04 December 2007 Marine Corps Installations Marine Corps

139 views • 10 slides

More recommend