Depaul university computer network security
Download
1 / 24

DePaul University Computer Network Security - PowerPoint PPT Presentation


  • 85 Views
  • Uploaded on

DePaul University Computer Network Security. Are We Safe?. Telephone System central authority network in control billing records per connection legal issues well understood provisions for law enforcement (wiretapping). Internet no central authority end systems in control

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'DePaul University Computer Network Security' - neith


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Depaul university computer network security

DePaul UniversityComputer Network Security

Are We Safe?

John Kristoff


Internet 101

Telephone System

central authority

network in control

billing records per connection

legal issues well understood

provisions for law enforcement (wiretapping)

Internet

no central authority

end systems in control

no central knowledge of connections

no per-packet billing

legal issues not well understood

anonymity is easy

Internet 101

John Kristoff


Internet security stinks
Internet Security Stinks

  • Hosts are hard to secure

  • Bad defaults

  • Poor software

  • Fixes rarely applied

  • Average user/administrator is clueless

  • An overly secure system is not useful

  • It’s difficult to coordinate among sites

John Kristoff


Exploits overview
Exploits Overview

  • Passwords

    • hacking and sniffing

  • System specific

    • NT, UNIX, NetWare, Linux

  • Application specific

    • web browser, ftp, email, finger

  • Protocol specific

    • spoofing, TCP hijacking, ICMP redirects, DNS

  • Denial of Service

    • PING of death, trinoo, tribe flood

John Kristoff


The process
The Process

  • Reconnaissance

  • Scanning

  • Exploit Systems

  • Keep access with backdoors/trojans

  • Use system

    • Often as a springboard

  • Cover any tracks

John Kristoff


The problem is real
The Problem is Real

  • Just over a year ago...

  • ResNet/DPO

  • cgi-bin/phf

  • Oracle

  • CTI

  • Plain text

John Kristoff


Recently
Recently...

  • We receive hundreds of probes every day

    • This weekend a single host sent at least 2000 scans to our address space for port 23

  • .kr and .tw are popular sources

  • DNS scans

  • @home.com, aol.com are frequent flyers

  • ResNet students

John Kristoff


Gotcha
Gotcha!

John Kristoff


Password hacking
Password Hacking

  • Attackers can watch packets go by

  • Usually part of the attacker’s plan when compromising a host

  • One of the most common problems

  • Encryption for remote access helps

  • Note: even encrypted password files can be cracked

John Kristoff


Denial of service attacks
Denial of Service Attacks

  • A Very Difficult Problem to Solve!

  • Real World Example

    • Everyone dials 911 at the same time

    • How do you screen and more importantly, stop the bad ones?

  • Most effective when source address is spoofed

John Kristoff



Viruses and worms
Viruses and Worms

  • Programs written with the intent to spread

  • Worms are very common today

    • Usually email based (e.g. ILOVEYOU)

  • Viruses infect other programs

    • Code copied to other programs (e.g. macros)

  • Requires the code to be executed

    • Proves users continue to do dumb things

    • Sometimes software is at fault too

John Kristoff


Buffer overflows and weak validation of input
Buffer Overflows and Weak Validation of Input

  • One of the most popular security issues

  • Popular exploits with CGI scripts

  • Regular users can gain root access

  • Can pass commands to be executed

    • e.g. Network Solutions easysteps.pl

  • Sometimes root access can be gained

John Kristoff


Network mapping
Network Mapping

  • PING

  • DNS mapping (don’t need zone transfer)

    • dig +pfset=0x2020 -x 10.x.x.x

  • rpcinfo -p <hostname>

  • nmap <http://www.insecure.org/nmap/>

    • very nice!

  • Microsoft Windows is NOT immune

    • nbtstat, net commands

  • Just look around the ‘net!

John Kristoff


Firewall solutions
Firewall Solutions

  • They help, but not a panacea

  • A network response to a host problem

    • Packet by packet examination is tough

  • Don’t forget internal users

  • Need well defined borders

  • Can be a false sense of security

John Kristoff


Internal security
Internal Security

  • Most often ignored

  • Most likely the problem

  • Disgruntled (ex-)end user

  • Curious, but dangerous end user

  • Clueless and dangerous end user

John Kristoff


Security by obscurity
Security by Obscurity

  • Is no security at all.

  • However

    • It’s often best not to advertise unnecessarily

    • It’s often the only layer used (e.g. passwords)

  • Probably need more security

John Kristoff


Layered defenses
Layered Defenses

  • The belt and suspenders approach

  • Multiple layers make it harder to get through

  • Multiple layers take longer to get through

  • Basic statistics and probability apply

    • If Defense A stops 90% of all attacks and Defense B stops 90% of all attacks, you might be able to stop up to 99% of all attacks

  • Trade-off in time, money and convenience

John Kristoff


Physical security
Physical Security

  • Trash bins

  • Social engineering

  • It’s much easier to trust a face than a packet

  • Protect from the whoops

    • power

    • spills

    • the clumsy

    • software really can kill hardware

John Kristoff


If i were you i d
If I Were You, I’d...

  • Keep up on your host patches/fixes

  • Be very careful with email attachments

  • Disable unnecessary services

  • Use encryption (ssh) whenever possible

    • avoid telnet, ftp, pop-3 email, etc.

  • Audit often

    • keep logs, keep backups

John Kristoff


A word about network address translation
A Word About Network Address Translation

  • It has no place in this talk

  • It is misunderstood and misapplied

  • It is fundamentally bad for the Internet

  • Just say NO to RFC 1918

John Kristoff


Food for thought
Food For Thought

  • http://networks.depaul.edu/security/

  • dpu.security

  • DePaul FIRST Team

  • Any further interest in security education and research?

John Kristoff


References
References

  • bugtraq mailing list

  • http://www.sans.org

  • http://www.cert.org

  • http://www.cerias.perdue.edu

  • http://www.securityportal.com/lasg/

  • http://cale.cs.depaul.edu

  • http://www.securityfocus.com

  • http://www.denialinfo.com

  • http://www.enteract.com/~lspitz/pubs.html

  • http://www.robertgraham.com/pubs/

  • http://cm.bell-labs.com/who/ches/

  • http://www.research.att.com/~smb/

  • http://packetstorm.securify.com

John Kristoff


My information
My Information

  • Networks Group, DePaul University

  • http://condor.depaul.edu/~jkristof/

  • [email protected]

  • (312) 362-5878

John Kristoff


ad