1 / 23

Network Programming and Network Security

Network Programming and Network Security. Lane Thames Graduate Research Assistant. Outline for Today. Discuss Network security and how it relates to network programming After the presentation, we will go to DNAL to tour our data center. Then we are going to hack some computers :>).

mitch
Download Presentation

Network Programming and Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network Programming and Network Security Lane Thames Graduate Research Assistant

  2. Outline for Today • Discuss Network security and how it relates to network programming • After the presentation, we will go to DNAL to tour our data center. Then we are going to hack some computers :>)

  3. Network Programming • What is the Goal? • Sending data to and from hosts via TCP/IP over a network. • Client—Server • Source—Sink A B C

  4. NETWORK SECURITY Firewall IDS IPSEC (VPN) Encryption…. Data flowing thru the network COMPUTER SECURITY Firewall Virus Protection Encryption… Data on a machine Information Security

  5. Definitions • Virus? • Passive malware that is embedded within a program. Will not execute on its on. You have to run the “host” program. After being activated, it attempts to spread to other programs and hosts (usually via email)

  6. Definitions • Worm? • Acitve malware that can spread on its own using a network. Takes advantage of some exploit (usually an anomaly known as buffer overflow)

  7. The Infamous Buffer • So, how does a worm take advantage of an exploit? • send(sockfd,&buffer,sizeof(buffer),0); • recv(sockfd,&buffer,sizeof(buffer),0); • What if the receiving buffer keeps getting data added beyond its boundary? • OVERFLOW—overwrite data beyond the boundary and causes problems.

  8. Common Types of Computer Attacks • Buffer Overflow Attacks—used for local and remote root exploits • The ultimate goal is to redirect program control flow which causes the computer to execute carefully injected malicious code (example to follow) • Code can be crafted to elevate the privileges of a user by obtaining super user (root) privileges (demo in the lab afterwards) • Note: These exploits can create a “propagation medium” for worms

  9. Common Types of Attacks • Denial of Service (DoS) • Exhaust a computer’s resources: e.g. TCP SYN flooding attack. (3-way handshake exploit) • Consume a computer’s available networking bandwidth: e.g. ICMP Smurf Attack (IP spoofing and ICMP)

  10. TCP SYN Flooding Attack—what happens?

  11. ICMP Smurf Attack Victim Subnet Slaves Master Spoof IP with the IP of the Victim

  12. Why will this program crash?

  13. Buffer Overflow-Stack Image • Overflow buf with *str so that the Return Address (RA) is overwritten • If carefully designed, the RA is overwritten with the address of the injected code (contained in the *str input—shell code) buf SFP Return Address * str = buffer Rest of Stack

  14. Buffer Overflow • After running the program on XP we get the famous Microsoft alert • In Linux you get “Segmentation Fault”

  15. Buffer Overflow—Exception Info

  16. Buffer Overflow—Stack Trace

  17. So, How does the worm work (in a nutshell)? • Programmer finds a flaw in a program, i.e. a server using a buffer where length is not checked. • Calculate approximate return address for the given machine. • Create a buffer that holds copies of the desired address, followed by a NOP (No Operation code) sled, and then followed by the code to be executed, and create the code needed to send the buffer to server’s running the flawed program. • The code injected into the buffer is a replica of the original program.

  18. Generic Example buf 0xbfffff00 Return Address 0xbfffff00 buffer 0xbfffff00 data NOP sled data Replication code

  19. What are we doing in Network Security? • Created a Honynet—a network of computers waiting to be hacked. • Network Monitoring—monitor the Honeynet with packet sniffers, traffic monitors, and host-based monitoring software • Artificial Intelligence Classifier—make intelligent security decisions based on the data collected by the monitors

  20. The Network Setup

  21. AI Classifier—Hybrid System Architecture Init. Train. Data Bayesian/SOM Classifier Monitored Data SOM Training Modified Data IDS Classification File Struct. Developer Struct. File Processed Data Bayesian Trainer

  22. Related Grad Classes • ECE 6607—Computer Communication Networks (Dr. Abler) • ECE 6612—Network Security (Dr. John Copeland) (Real time hacking competition) • ECE 8833—Intelligent Systems (Dr. Ashraf Saad)

  23. Questions? Want to go hack a computer and see some of this stuff in action?

More Related