1 / 39

Internet Security 1 ( IntSi1 )

Internet Security 1 ( IntSi1 ). 1 Introduction. Prof. Dr. Peter Heinzmann Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA). Internet Security 1 ( IntSi1 ). 1.1 What is Internet Security?. Definition of Information Security.

gaius
Download Presentation

Internet Security 1 ( IntSi1 )

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Internet Security 1 (IntSi1) 1 Introduction Prof. Dr. Peter HeinzmannProf. Dr. Andreas SteffenInstitute for Internet Technologies and Applications (ITA)

  2. Internet Security 1 (IntSi1) 1.1 WhatisInternet Security?

  3. Definition of Information Security • InformationSecurity(ISO/IEC 27001:2005) • Preservation of confidentiality, integrity and availability of information; in addition, other properties such as authenticity, accountability, non-repudiation and reliability can also be involved. • InformationSecurity(Wikipedia) = IT Security • Information securitymeansprotectinginformation and informationsystemsfromunauthorizedaccess, use, disclosure, disruption, modification, ordestruction. • IT Security • IT Security is a subset of Information Security and isconcernedwiththeprotection of computersand/orprotectinginformationbymeansof computers. • Internet Security (Wikipedia) • Internet Security is a branchof Computer Security specificallyrelatedtothe Internet. Itsobjectiveistoestablishrulesandmeasurestouseagainstattacksoverthe Internet.

  4. 2095 Mio Internet users (March'11) vs. 850 Miohosts(July'11) Worldwide Criminal Potential in the Internet Commerce, Shops ISP PrivateHomes xyz.ch Business, Administration

  5. What do youexpectfromInternet Security? • ? • ? • ? • ?

  6. Security Elements: The CIA Triad + Extensions • ConfidentialityValuableinformationor sensitive data must beprotectedfromunauthorizedaccess. • IntegrityData must beprotectedfromgettingaccidentallyormischievouslychangedeither in itsstoragelocationorduringtransmission. • AvailabilityIn a global businessenvironmenttheserverandcommunicationsinfrastructure must beavailable on a 24/7 basis. • AuthenticityIn any electronic transactionthetrueidentityofthecommunicationpartners (hosts/users) shouldbeverifiable. • Accountability (Non-Repudiation)Thereshouldbe a provableassociationbetweenanelectronic transactionandtheentitywhichinitiated it.

  7. Identifying the Security Elements Authenticationverifies the host Availability waiting for response Integrityprotects data against change SSL/TLSmakes it allpossible Confidentialitykeep information secret

  8. Internet Security 1 (IntSi1) 1.2 Security Risks

  9. Cost Value of system to be protected Overall cost Cost of security measures Cost of incidents Security level unprotected high level protection Security Risk Analysis Risk = Value ThreatVulnerability Assets, Values Data Security measures Threats Vulnerabilities

  10. Internet Security 1 (IntSi1) 1.3 Security Threats

  11. Spy Thief Trespasser Vandal Author Script Kiddy Hacker / Expert Professional Vandals, Script Kiddies, Thieves and Spies National Interest PersonalProfit Motivation PersonalEgo Curiosity Expertise and Resources

  12. Auto Coordinated Tools Cross site scripting “stealth” / advanced scanning techniques Staged packet spoofing denial of service Technical Knowledge distributed attack tools sniffers sweepers www attacks automated probes/scans GUI back doors network mgmt. diagnostics disabling audits Attack Sophistication hijacking sessions burglaries exploiting known vulnerabilities password cracking self-replicating code Intruders password guessing Attack Sophistication vs. Intruder Knowledge High Low 2000 1980 1985 1990 1995

  13. Vandalism - Web Defacing

  14. Vandalism - Web Defacing

  15. Internet Security Threat Situation in 2010 Source: Symantec

  16. Internet Security Threat Situation in 2010 Source: Symantec

  17. TrojanHorsehidden in AndroidApp Source: Symantec

  18. The Year 2010 in Numbers Source: Symantec

  19. Global Threat Situation Today • New malicious code threats Source: Symantec

  20. Global Threat Situation Today • Top Web-based attacks Source: Symantec

  21. Global Threat Situation Today • Web browser plugin vulnerabilities Source: Symantec

  22. Global Threat Situation Today • Malicious activity by country Source: Symantec

  23. Global Threat Situation Today Source: Symantec

  24. The Underground Economy • Goodsandservicesavailableforsale in theundergroundeconomy Source: Symantec January 2010 fraud of 1600$

  25. Denial of Service Attacks • A Denial of Service (DoS) attackagainst a computersystemmakestheserviceunavailable to legitimateusers. • DoSisusuallyattemptedbyconsumingCPU time, memoryornetworkbandwidth of thetargetsystemornetwork. • The original DoSattacksusuallyexploitedbugs in a targetplatform • e.g. bysendingmalformedpackets to a host (Ping of Death, Winnuke) in order to crashthe system. • OtherclassicDoSattacks • SYN flood: send TCP connectionrequestswithspoofedsource IP addressesquicklycausingtheserver to reachitsmaximumnumber of half-openconnections (countermeasures: SYN cookies) • Smurfattack: send ICMP pingrequests to an IP broadcastaddressusingthe IP sourceaddress of thetargetwhichthenreceives allICMP pingreplies. • Today, assumingcorrectlyconfiguredhosts and networks, thethreatfrom a singlehostto bring down a serverisrathersmall.

  26. Firewall pings to broadcast address of corporate network with spoofed source address of victim Denialof Service – Ping Attackwith IP Spoofing Internet CorporateNetwork Victim Attacker

  27. DistributedDenial of Service Attacks (DDoS) Handler Handler Attacker Target AttackTraffic Zombie Zombie Zombie Zombie Control & Command AvailableDDoS Tools:Trinoo, TribeFloodNetwork, Stacheldraht

  28. Vulnerability of amazon.com’s Internet Business • Net sales in 2Q 2011: • 9’910’000’000 $US • Lost business due to one hour off the Internet • 4’600’000 $US • U.S. Server Outage on June 6, 2008 • 2 hour downtime due to human error

  29. Novartis – a Global Player

  30. Many Hops to www.novartis.com traceroute to www.novartis.com (164.109.68.201) 1 edugw.zhwin.ch (160.85.160.1) Winterthur 2 intfw.zhwin.ch (160.85.111.1) 3 winfh1.zhwin.ch (160.85.105.1) 4 swiEZ2-G2-9.switch.ch (130.59.36.157) Zurich 5 swiIX1-10GE-1-1.switch.ch (130.59.36.250) 6 zch-b1-geth3-1.telia.net (213.248.79.189) 7 ffm-bb1-pos0-3-3.telia.net (213.248.79.185) Frankfurt 8 prs-bb1-pos7-0-0.telia.net (213.248.64.110) Paris 9 ldn-bb1-pos7-2-0.telia.net (213.248.64.10) London 10 nyk-bb1-pos0-2-0.telia.net (213.248.65.90) New York 11 nyk-b1-link.telia.net (213.248.82.14) 12 POS3-1.IG4.NYC4.ALTER.NET (208.192.177.29) 13 0.so-2-3-0.XL2.NYC4.ALTER.NET (152.63.19.242) 14 0.so-6-0-0.XL2.DCA6.ALTER.NET (152.63.38.74) Washington, D.C. 15 0.so-7-0-0.GW6.DCA6.ALTER.NET (152.63.41.225) 16 digex-gw.customer.alter.net (157.130.214.102) 17 gigabitethernet1-0.dca2c-fcor-rt2.netsrv.digex.net (164.109.3.10) 18 vlan28.dca2c-fdisc-sw1-msfc1.netsrv.digex.net (164.109.3.166) 19 164.109.92.14 (164.109.92.14) 20 164.109.68.201 (164.109.68.201)

  31. EmergingChallenges • Mobile Devices • Loss of confidential data • Embedded Systems • About8 billionmicrocontrollerssold in 2006 • Usually no oronly marginal securitymechanisms • Ubiquitous (pervasive) Computing • RFID (profiling) • Home Automation • Controllableoverthe Internet

  32. Stuxnetattacks Industrial Control Equipment • Targeted at Siemens Supervisory Control and Data Acquisition systems that control and monitor specific industrial processes. • Stuxnet includes a Programmable Logic Controller (PLC) rootkit. • Designed by a team of 5-10 professionalsand meant to sabotage the Iranianuranium enrichment facility at Natanz.

  33. Internet Security 1 (IntSi1) 1.4 Vulnerabilites

  34. Vulnerabilities and Exposures • A universal vulnerability is a state in a computing system(or set of systems) which either: • allows an attacker to execute commands as another user • allows an attacker to access data that is contrary to the specified access restrictions for that data • allows an attacker to pose as another entity • allows an attacker to conduct a denial of service • An exposure is a state in a computing system (or set of systems) which is not a universal vulnerability, but either: • allows an attacker to conduct information gathering activities • allows an attacker to hide activities • includes a capability that behaves as expected, but can be easily compromised • is a primary point of entry that an attacker may attempt to use togain access to the system or data • is considered a problem according to some reasonable security policy Source: www.cve.mitre.org/about/terminology.html

  35. Common Vulnerabilities and Exposures Database

  36. NIST Statistics on Vulnerabilities with High Severity

  37. Internet Security 1 (IntSi1) 1.5 Security Measures

  38. Security Measures • Organize(Plan)Set up a securitypolicy, buildawareness, analyzeandclassifysecurityrisks, decide on andimplementsecuritymeasures, defineresponsibilities, trainstaffperiodically. • Protect (Do)Encryptstoreddataandtransmittedinformation, useauthentication in order toinsuredataintegrity, installpatches, useandperiodically check databackupmechanisms. • Filter (Do)Limit physicalaccesstosystemsanddatabyusing strong authenticationforusersandhosts. Filter trafficbyusingfirewallsandvirusscanners. • Combine (Do)Combine multiple securitymeasures (multilevel / in-depthsecurity) • Monitor andControl(Act)detectattacks (Intrusion Detection Systems, Honey Pot), runperiodicsecuritychecks (Tiger Teams), reactandcorrect.

  39. 1: Security Policy (Why?) 2: Risk Analysis 3: Define measures 5: Control measures 4: Implement measures Security Life Cycle

More Related