Internet security are you at risk
Download
1 / 21

vandt - PowerPoint PPT Presentation


  • 632 Views
  • Updated On :

Internet Security: Are You at Risk?. Dan Massey Colorado State University November 10, 2004. Some Motivation.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'vandt' - lotus


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Internet security are you at risk

Internet Security:Are You at Risk?

Dan Massey

Colorado State University

November 10, 2004


Some motivation
Some Motivation

The asking price for use of a network of 20,000 zombie PCs: $2,000 to $3,000. Such networks typically are used to broadcast spam and phishing scams and to spread e-mail viruses designed mainly to create yet more zombies.


Vulnerabilities and counter measures
Vulnerabilities and Counter Measures

  • Vulnerabilities: Why Should You Care

    • You Receive The Resulting Spam Email

      • An annoyance if you simply filter or delete the email

      • A real problem if you believe it and reveal private data.

    • You May Be The Owner of a Zombie PC

      • Essentially a PC where attackers have gained access.

      • Thriving market exists for compromised network PCs

    • You Rely on Network Based Services

      • Bank ATMs, airlines, utilities, etc. all make use of networks

      • Compromised PCs can be used to disrupt networks

        • or conceal the identity of attackers.

  • Counter Measures: What features help protect you?


Historical development
Historical Development

  • Internet Originally a Small Research Project

    • Few computers at research centers

    • Connected via slow (by today’s standard) links

    • All users are experts on the system

    • First real “killer application”: email

  • Planned for Some “Security” Concerns

    • The main “threat” was that computers or network links might stop working.


Early security problems
Early “Security” Problems

  • Rare Cases of Malfunctioning Computers

    • Computer at MIT malfunctioned and most east coast computers could no longer reach the west coast.

    • Solution: user community teamed up to find and fix the problem.

  • Rare Cases of Application Misuse

    • Someone sent an email message announcing a new product that was for sale.

    • Solution: community instructed the sender to never again send “spam” email and the sender apologized


Spam email today
Spam Email Today

From: PowerSafe@citibank.com

We recently noticed one or more attempts to log in to your Citibank account from a foreign IP address and we have reasons to believe that your account was used by a third party without your authorization. If you recently accessed your account while traveling to Brasil, the unusual login attempts may have been initiated by you.

…<visit some website that will ask for account data>…

If you choose to ignore our request, you leave us no choice but to temporally suspend your account.


Countering this attack
Countering This Attack

  • Solution 1: Block Email Before It Enters the Network

    • Great Deal of Ad Hoc Work In This Area

    • But hard to control all access points

      • and often block valid email as collateral damage.

  • Solution 2: Drop Email Before It Reaches Receiver

    • Hard to determine valid vs. invalid senders

  • Solution 3: Drop or Ignore the Message at Receiver

    • The only defense that will save me in this case.

    • But fortunately we have a solid solution…


Cryptographic counter measures
Cryptographic Counter Measures

  • The Solution:Cryptographic Magic Happens

    • Citibank establishes a key pair

      • Private key is known only by Citibank

      • Public key is published and known by all

    • Enables Secure Communication with Citibank

      • I encrypt my account number using the Citibank public key.

      • Send encrypted data to the requestor

      • Only someone with the private key can decrypt.

  • Result: Attacker just gets an encrypted mess

    • No need for you or Citibank to worry about this email.


Does this work in practice
Does This Work in Practice?

  • Do You Encrypt Confidential Data Using Public Key Cryptography?

From My Bank’s Website:

At (BigBank), ensuring the security of your online information is

important to us, and that's why you can rest assured that no one but

Wells Fargo has access to your information.

Signing on to view your accounts from the (BigBank) Home Page

is safe. The moment you click the Sign On button, your username and

password are encrypted using Secure Sockets Layer (SSL) technology,

keeping your information secure.


Your role in the system
Your Role in the System

  • In theory, we have fixed the problem….

  • The Problem:Cryptographic Magic Happens

  • Several Important Assumptions About You

    • You will only send data over encrypted channels.

    • You will obtain the correct Public Key for Citibank

    • You will encrypt data with the correct key.

      • No point encrypting your data with the attacker’s key!

  • In practice, the system really relies on you ignoring the email message.

    • Otherwise Citibank and you share the damages.


Internet risks so far
Internet Risks So Far

  • Attackers Seek Your Private Data

    • Your job is to protect this information

  • Defense 1: I’m smart enough to ignore spam email

    • Ideally because you know the attacker doesn’t have the right x509 certificate.

  • Defense 2:I pick hard to crack passwords and change them.

  • Defense 3:I’m a student and my bank account is already empty.

    • You are probably more valuable as a Zombie!


Compromised pcs
Compromised PCs

  • Network PCs are a valuable commodity

    • Provides attackers with resources (cpu, disk)

    • Makes tracking attackers difficult

    • Enable Distributed Denial of Service Attacks

  • Real and Thriving Market in Hacked PCs

    • Network Security Discussion from NANOG:One problem hackers face: “Botnets (compromised PC collections) contain too many government computers”


How can this happen
How Can this Happen

  • From “Secrets and Lies” by Schneier (all old issues so don’t try them!)

    • Under certain conditions, a malformed clip art file can let arbitrary code execute on the users computer.

    • MS Explorer 5.0 allows an attacker to setup a Web page giving him the ability to execute any program on a visitor’s machine.

  • Vulnerabilities in complex software an unavoidable.

    System Relies on You to Install Updates


Impact of compromised pcs
Impact of Compromised PCs

A visit from the FBI

By Scott Granneman, SecurityFocus

Posted: 28/01/2004 at 13:02 GMT

A favorite trick is to surreptitiously turn on the Webcam of an

owned computer in order to watch the dupe at work, or watch

what he's typing on screen. This part isn't surprising. But Dave

had countless screenshots, captured from impounded machines

or acquired online from hacker hangouts, where the script kiddie,

after watching for a while, just can't help himself any longer,

and starts to insult or mock or screw with the duped owner.

<snip> A man was working a crossword puzzle online when

the hacker helpfully suggested a word for 14 Down


Impact of compromised pcs1
Impact of Compromised PCs

  • More Serious (non-webcam) Consequences

    • Attacker has access to your files

    • Logs your keystrokes

    • Gains data about you

  • Real Goal is Likely Something Larger

    • Your PC provides the attacker a hiding place

    • Provides resources

    • Provides bandwidth


Distributed denial of service
Distributed Denial of Service

  • Attackers Control Massive Resources

    • Networks of 100,000+ compromised PCs

    • Each PC can send thousands of messages/sec

    • What if one directs all messages at singe site?

  • Example:

    • attacker selects www.colostate.edu as target

    • Direct all zombies to send data to target as fast as possible

    • Consumes all available resources at target

      • No bandwidth, no CPU, etc to handel valid requests.

  • How Do You Defend Against This?

    • Answer today: largely ad hoc filtering


Ddos remains a real threat
DDoS Remains a Real Threat

Akamai DDoS Attack Whacks Web Traffic, Sites

ByChris Gonsalves

June 15, 2004

An apparent DDoS (distributed denial of service) attack on the DNS run by Akamai Technologies Inc. slowed traffic across the Internet early Tuesday and brought the sites of the firm's major customers to a screeching halt for roughly two hours.



Worms and network design
Worms and Network Design

  • Assumed there is some important purpose for the communication

    • Ex: data and resources used in calculations to find a cure for cancer.

  • Resource Identification Success

    • Found and made use of 75K computers on 6 continents

    • Located 90% of available resources in 10 minutes

  • Routing and Transport Success

    • UDP transport provided successful simple best effort delivery

    • Network routing delivered packets from one end of globe to another

  • Of Course Some Challenges Still Remain….

    • Unforeseen interactions resulted in canceled airline flights, ATM failures…

to exploit a known microsoft security hole

these 75K did not want to provide resources!


Network security today
Network Security Today

  • Designed a Robust Network That Finds a Way to Deliver Data

    • Now recognize some data shouldn’t be delivered.

  • Strong Theoretical Models To Block Attacks

    • But typically assume expert configuration and informed users.

  • Open Research Challenge:Build Robust and Secure Networks That Survive Both Failures and Attacks


Challenges to you
Challenges To You

  • Network Security Depends On You

    • Use security models when possible

    • Update and patch your PC

  • Help Us Build the Necessary Systems

    • Need approaches the apply state of the art mathematics and computer science.

    • But must also assume human errors and lack of expertise.

    • Many open challenges…


ad