1 / 24

DePaul University Computer Network Security

DePaul University Computer Network Security. Are We Safe?. Telephone System central authority network in control billing records per connection legal issues well understood provisions for law enforcement (wiretapping). Internet no central authority end systems in control

neith
Download Presentation

DePaul University Computer Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DePaul UniversityComputer Network Security Are We Safe? John Kristoff

  2. Telephone System central authority network in control billing records per connection legal issues well understood provisions for law enforcement (wiretapping) Internet no central authority end systems in control no central knowledge of connections no per-packet billing legal issues not well understood anonymity is easy Internet 101 John Kristoff

  3. Internet Security Stinks • Hosts are hard to secure • Bad defaults • Poor software • Fixes rarely applied • Average user/administrator is clueless • An overly secure system is not useful • It’s difficult to coordinate among sites John Kristoff

  4. Exploits Overview • Passwords • hacking and sniffing • System specific • NT, UNIX, NetWare, Linux • Application specific • web browser, ftp, email, finger • Protocol specific • spoofing, TCP hijacking, ICMP redirects, DNS • Denial of Service • PING of death, trinoo, tribe flood John Kristoff

  5. The Process • Reconnaissance • Scanning • Exploit Systems • Keep access with backdoors/trojans • Use system • Often as a springboard • Cover any tracks John Kristoff

  6. The Problem is Real • Just over a year ago... • ResNet/DPO • cgi-bin/phf • Oracle • CTI • Plain text John Kristoff

  7. Recently... • We receive hundreds of probes every day • This weekend a single host sent at least 2000 scans to our address space for port 23 • .kr and .tw are popular sources • DNS scans • @home.com, aol.com are frequent flyers • ResNet students John Kristoff

  8. Gotcha! John Kristoff

  9. Password Hacking • Attackers can watch packets go by • Usually part of the attacker’s plan when compromising a host • One of the most common problems • Encryption for remote access helps • Note: even encrypted password files can be cracked John Kristoff

  10. Denial of Service Attacks • A Very Difficult Problem to Solve! • Real World Example • Everyone dials 911 at the same time • How do you screen and more importantly, stop the bad ones? • Most effective when source address is spoofed John Kristoff

  11. Example Distributed Denial of Service Illustrated John Kristoff

  12. Viruses and Worms • Programs written with the intent to spread • Worms are very common today • Usually email based (e.g. ILOVEYOU) • Viruses infect other programs • Code copied to other programs (e.g. macros) • Requires the code to be executed • Proves users continue to do dumb things • Sometimes software is at fault too John Kristoff

  13. Buffer Overflows and Weak Validation of Input • One of the most popular security issues • Popular exploits with CGI scripts • Regular users can gain root access • Can pass commands to be executed • e.g. Network Solutions easysteps.pl • Sometimes root access can be gained John Kristoff

  14. Network Mapping • PING • DNS mapping (don’t need zone transfer) • dig +pfset=0x2020 -x 10.x.x.x • rpcinfo -p <hostname> • nmap <http://www.insecure.org/nmap/> • very nice! • Microsoft Windows is NOT immune • nbtstat, net commands • Just look around the ‘net! John Kristoff

  15. Firewall Solutions • They help, but not a panacea • A network response to a host problem • Packet by packet examination is tough • Don’t forget internal users • Need well defined borders • Can be a false sense of security John Kristoff

  16. Internal Security • Most often ignored • Most likely the problem • Disgruntled (ex-)end user • Curious, but dangerous end user • Clueless and dangerous end user John Kristoff

  17. Security by Obscurity • Is no security at all. • However • It’s often best not to advertise unnecessarily • It’s often the only layer used (e.g. passwords) • Probably need more security John Kristoff

  18. Layered Defenses • The belt and suspenders approach • Multiple layers make it harder to get through • Multiple layers take longer to get through • Basic statistics and probability apply • If Defense A stops 90% of all attacks and Defense B stops 90% of all attacks, you might be able to stop up to 99% of all attacks • Trade-off in time, money and convenience John Kristoff

  19. Physical Security • Trash bins • Social engineering • It’s much easier to trust a face than a packet • Protect from the whoops • power • spills • the clumsy • software really can kill hardware John Kristoff

  20. If I Were You, I’d... • Keep up on your host patches/fixes • Be very careful with email attachments • Disable unnecessary services • Use encryption (ssh) whenever possible • avoid telnet, ftp, pop-3 email, etc. • Audit often • keep logs, keep backups John Kristoff

  21. A Word About Network Address Translation • It has no place in this talk • It is misunderstood and misapplied • It is fundamentally bad for the Internet • Just say NO to RFC 1918 John Kristoff

  22. Food For Thought • http://networks.depaul.edu/security/ • dpu.security • DePaul FIRST Team • Any further interest in security education and research? John Kristoff

  23. References • bugtraq mailing list • http://www.sans.org • http://www.cert.org • http://www.cerias.perdue.edu • http://www.securityportal.com/lasg/ • http://cale.cs.depaul.edu • http://www.securityfocus.com • http://www.denialinfo.com • http://www.enteract.com/~lspitz/pubs.html • http://www.robertgraham.com/pubs/ • http://cm.bell-labs.com/who/ches/ • http://www.research.att.com/~smb/ • http://packetstorm.securify.com John Kristoff

  24. My Information • Networks Group, DePaul University • http://condor.depaul.edu/~jkristof/ • jtk@depaul.edu • (312) 362-5878 John Kristoff

More Related