1 / 28

Deficiencies in Networks

Deficiencies in Networks. Anonymity Lack of Access Control Anything can be forged Shared medium Crowded Unpredictable Complexity Difficult to comprehend Difficult to do right. Large Network. Implication of Those Deficiencies. Criminals have found the Internet FTC Report 2007

midori
Download Presentation

Deficiencies in Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Deficiencies in Networks Anonymity Lack of Access Control Anything can be forged Shared medium Crowded Unpredictable Complexity Difficult to comprehend Difficult to do right

  2. Large Network

  3. Implication of Those Deficiencies Criminals have found the Internet FTC Report 2007 $1.2 billion in fraud 1/3 Identity Theft 64% initiated through Net Border Protection $200 Million IP theft Stealth Worms Outbreaks rare since 2004 Botnets growing to huge size Increase in spam DOS to Georgia

  4. Actual Fraud Complaints 05-07

  5. Confiscated IP

  6. Network Security • The field of network security is about: • how bad guys can attack computer networks • how we can defend networks against attacks • how to design architectures that are immune to attacks • Internet not originally designed with (much) security in mind • original vision: “a group of mutually trusting users attached to a transparent network”  • Internet protocol designers playing “catch-up” • Security considerations in all layers! Introduction

  7. Malware can get in host from a virus, worm, or trojan horse. Spyware malware can record keystrokes, web sites visited, upload info to collection site. Infected host can be enrolled in a botnet, used for spam and DDoS attacks. Malware is often self-replicating: from an infected host, seeks entry into other hosts Bad guys can put malware into hosts via Internet Introduction

  8. Trojan horse Hidden part of some otherwise useful software Today often on a Web page (Active-X, plugin) Virus infection by receiving object (e.g., e-mail attachment), actively executing self-replicating: propagate itself to other hosts, users Bad guys can put malware into hosts via Internet • Worm: • infection by passively receiving object that gets itself executed • self- replicating: propagates to other hosts, users Sapphire Worm: aggregate scans/sec in first 5 minutes of outbreak (CAIDA, UWisc data) Introduction

  9. Viruses Executed by user or app Inserts into code In empty regions of app Redirects app start instructions Effect Mischief Spyware Spread Locally As used Init Code

  10. Trojans Already Exists in Code Does not propagate Effect Mischief Spyware Anything

  11. Worms Self Replicating Exploit vulnerabilities Effect Cause High Net Traffic Mischief/Spyware Spread Over Networks Actively Polymorphic

  12. Code Red Propagation

  13. Sapphire Worm Propagation

  14. Backdoor Adding illicit access to a host Remotely Creating a server Adding User with remote access Locally Bury alternative access in code

  15. Hybrid Bugs Bugs are people too!

  16. What about Anti-virus? Can only match known signatures Fine if there is a match Not so fine if there isn’t Zero-day attack (a bit presumptuous term) Unknown attack Some bugs disable anti-virus

  17. target Bad guys can attack servers and network infrastructure • Denial of service (DoS): attackers make resources (server, bandwidth) unavailable to legitimate traffic by overwhelming resource with bogus traffic select target break into hosts around the network (see botnet) send packets toward target from compromised hosts Introduction

  18. Denial of Service Denial of Service Typically one source Utilizes weaknesses in App or Proto to bring services down Distributed Denial of Service Many hosts attacking a small network Indistinguishable from certain network phenomena (Flash Crowds).

  19. Syn Flood Server TCP Session SYN TCP Session TCP Session TCP Session TCP Session TCP Session TCP Session

  20. Ping of Death (POD) Feed the target more than he can handle Host Chokes

  21. src:B dest:A payload The bad guys can sniff packets Packet sniffing: • broadcast media (shared Ethernet, wireless) • promiscuous network interface reads/records all packets (e.g., including passwords!) passing by C A B • Wireshark software used for end-of-chapter labs is a (free) packet-sniffer Introduction

  22. src:B dest:A payload The bad guys can use false source addresses • IP spoofing: send packet with false source address C A B Introduction

  23. The bad guys can record and playback • record-and-playback: sniff sensitive info (e.g., password), and use later • password holder is that user from system point of view C A src:B dest:A user: B; password: foo B Introduction

  24. Network Security • more throughout this course • chapter 8: focus on security • crypographic techniques: obvious uses and not so obvious uses Introduction

  25. Sources Federal Trade Commission, Consumer Fraud and Identity Theft Complaint Data: January-December 2007, 2008. Department of Justice, Report to the President and Congress on Coordination of Intellectual Property Enforcement and Protection, January 2008

More Related