Depaul university computer network security
1 / 24

DePaul University Computer Network Security - PowerPoint PPT Presentation

  • Uploaded on

DePaul University Computer Network Security. Are We Safe?. Telephone System central authority network in control billing records per connection legal issues well understood provisions for law enforcement (wiretapping). Internet no central authority end systems in control

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'DePaul University Computer Network Security' - neith

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Depaul university computer network security

DePaul UniversityComputer Network Security

Are We Safe?

John Kristoff

Internet 101

Telephone System

central authority

network in control

billing records per connection

legal issues well understood

provisions for law enforcement (wiretapping)


no central authority

end systems in control

no central knowledge of connections

no per-packet billing

legal issues not well understood

anonymity is easy

Internet 101

John Kristoff

Internet security stinks
Internet Security Stinks

  • Hosts are hard to secure

  • Bad defaults

  • Poor software

  • Fixes rarely applied

  • Average user/administrator is clueless

  • An overly secure system is not useful

  • It’s difficult to coordinate among sites

John Kristoff

Exploits overview
Exploits Overview

  • Passwords

    • hacking and sniffing

  • System specific

    • NT, UNIX, NetWare, Linux

  • Application specific

    • web browser, ftp, email, finger

  • Protocol specific

    • spoofing, TCP hijacking, ICMP redirects, DNS

  • Denial of Service

    • PING of death, trinoo, tribe flood

John Kristoff

The process
The Process

  • Reconnaissance

  • Scanning

  • Exploit Systems

  • Keep access with backdoors/trojans

  • Use system

    • Often as a springboard

  • Cover any tracks

John Kristoff

The problem is real
The Problem is Real

  • Just over a year ago...

  • ResNet/DPO

  • cgi-bin/phf

  • Oracle

  • CTI

  • Plain text

John Kristoff


  • We receive hundreds of probes every day

    • This weekend a single host sent at least 2000 scans to our address space for port 23

  • .kr and .tw are popular sources

  • DNS scans

  •, are frequent flyers

  • ResNet students

John Kristoff


John Kristoff

Password hacking
Password Hacking

  • Attackers can watch packets go by

  • Usually part of the attacker’s plan when compromising a host

  • One of the most common problems

  • Encryption for remote access helps

  • Note: even encrypted password files can be cracked

John Kristoff

Denial of service attacks
Denial of Service Attacks

  • A Very Difficult Problem to Solve!

  • Real World Example

    • Everyone dials 911 at the same time

    • How do you screen and more importantly, stop the bad ones?

  • Most effective when source address is spoofed

John Kristoff

Viruses and worms
Viruses and Worms

  • Programs written with the intent to spread

  • Worms are very common today

    • Usually email based (e.g. ILOVEYOU)

  • Viruses infect other programs

    • Code copied to other programs (e.g. macros)

  • Requires the code to be executed

    • Proves users continue to do dumb things

    • Sometimes software is at fault too

John Kristoff

Buffer overflows and weak validation of input
Buffer Overflows and Weak Validation of Input

  • One of the most popular security issues

  • Popular exploits with CGI scripts

  • Regular users can gain root access

  • Can pass commands to be executed

    • e.g. Network Solutions

  • Sometimes root access can be gained

John Kristoff

Network mapping
Network Mapping

  • PING

  • DNS mapping (don’t need zone transfer)

    • dig +pfset=0x2020 -x 10.x.x.x

  • rpcinfo -p <hostname>

  • nmap <>

    • very nice!

  • Microsoft Windows is NOT immune

    • nbtstat, net commands

  • Just look around the ‘net!

John Kristoff

Firewall solutions
Firewall Solutions

  • They help, but not a panacea

  • A network response to a host problem

    • Packet by packet examination is tough

  • Don’t forget internal users

  • Need well defined borders

  • Can be a false sense of security

John Kristoff

Internal security
Internal Security

  • Most often ignored

  • Most likely the problem

  • Disgruntled (ex-)end user

  • Curious, but dangerous end user

  • Clueless and dangerous end user

John Kristoff

Security by obscurity
Security by Obscurity

  • Is no security at all.

  • However

    • It’s often best not to advertise unnecessarily

    • It’s often the only layer used (e.g. passwords)

  • Probably need more security

John Kristoff

Layered defenses
Layered Defenses

  • The belt and suspenders approach

  • Multiple layers make it harder to get through

  • Multiple layers take longer to get through

  • Basic statistics and probability apply

    • If Defense A stops 90% of all attacks and Defense B stops 90% of all attacks, you might be able to stop up to 99% of all attacks

  • Trade-off in time, money and convenience

John Kristoff

Physical security
Physical Security

  • Trash bins

  • Social engineering

  • It’s much easier to trust a face than a packet

  • Protect from the whoops

    • power

    • spills

    • the clumsy

    • software really can kill hardware

John Kristoff

If i were you i d
If I Were You, I’d...

  • Keep up on your host patches/fixes

  • Be very careful with email attachments

  • Disable unnecessary services

  • Use encryption (ssh) whenever possible

    • avoid telnet, ftp, pop-3 email, etc.

  • Audit often

    • keep logs, keep backups

John Kristoff

A word about network address translation
A Word About Network Address Translation

  • It has no place in this talk

  • It is misunderstood and misapplied

  • It is fundamentally bad for the Internet

  • Just say NO to RFC 1918

John Kristoff

Food for thought
Food For Thought



  • DePaul FIRST Team

  • Any further interest in security education and research?

John Kristoff


  • bugtraq mailing list













John Kristoff

My information
My Information

  • Networks Group, DePaul University


  • [email protected]

  • (312) 362-5878

John Kristoff