1 / 20

Research Roadmap on network security : from practical firewall to anti-spam / spyware

Research Roadmap on network security : from practical firewall to anti-spam / spyware. PhD Candidate: Ming-Wei (Benson) Wu, 吳明蔚 Dept. of Electrical Engineering National Taiwan University benson@ee.ntu.edu.tw http://www.ee.ntu.edu.tw/~benson. Questions to Answer. Changes in Security

raya-walls
Download Presentation

Research Roadmap on network security : from practical firewall to anti-spam / spyware

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Research Roadmap on network security: from practical firewall to anti-spam/spyware PhD Candidate: Ming-Wei (Benson) Wu, 吳明蔚 Dept. of Electrical Engineering National Taiwan University benson@ee.ntu.edu.tw http://www.ee.ntu.edu.tw/~benson Benson Wu, 2005

  2. Questions to Answer • Changes in Security • Perimeter • Depth • Granularity • Case studies • Anti-spyware • Conclusions • What have I done? • Brief background • Research • What does Internet Security look like today? • Changes in Internet users and applications • Changes in Threat • Legacy security measures Benson Wu, 2005

  3. Brief Background 1992~1996 English 馬尼拉美國學校 ISM 2003~2005 Domain knowledge Leadership Implementation 台網資訊中心 台灣新世代網路菁英 TaiWan Internet Next Generation 資訊工業策進會 Information Industry Institution 台大電機分散式網路實驗室 Dependable and Distributed Network Lab 2000~2003 Discipline HSN @NCTU 工研院交大網路測試中心 Network Benchmarking Lab 交大資科高速網路實驗室 High Speed Network Lab 利基網路 L7 Networks Benson Wu, 2005

  4. Research Security Security Gateway Benchmarking XML Firewall Anti-spyware Anti-spam Connectivity P2PGateway Web Services Digital Home Public interests… Open Source Dev. Textbook writing Mag. article writing Benson Wu, 2005

  5. Internet Evolution • Changes in Networking Technologies • Changes in Internet Users and Internet Applications • Changes in Security Accessories Benson Wu, 2005

  6. Changes in Internet Applications: Primitive Web becoming Web Services • Is Primitive Web enough? • When they are still newbie…they want to “join” • ALL Client-to-Server • When they become big enough…they want to “share” • Some Peer-to-Peer (P2P) • Some Server-to-Server (Web Services) Benson Wu, 2005

  7. Changes in Internet Users:from Browsing towards Clicking • Necessary services at one-click: Web Services • e.g. One-stop shopping • Necessary authentications at one-time: Single Sign-On • e.g. One-click cart/basket • Necessary confidentiality with higher-granularity: XML Enc. • e.g. Interleaved workflow Benson Wu, 2005

  8. Such changes are more like a reality… • Some numbers about P2P • 2 millions of Kuro users and 50.2% of teenagers (15~22) have visited either Kuro or EZPeer (創市際市場研究顧問公司, 2003/09) • Some NT$9.6 billions lost due to P2P sharing (資策會網路通訊雜誌, 2003/06) • Some numbers about Web Services… • 79% are evaluating (Accenture) • 52% are using or testing (TechMetrix) • 45.5% consider security to be the biggest obstacle (BusinessWeek) Benson Wu, 2005

  9. The Evolution of P2P: Darwinism Benson Wu, 2005

  10. 2004 P2P Popularity and User Rating Benson Wu, 2005

  11. Extending Client-Server to P2P:Its Problems and Solutions • Connectivity • Internet transparency? • How to connect resources successfully? • Sol: middleman (e.g. gatekeeper in H.323, broker in middleware, renderzvous node in JXTA) • Scalability • size? • How to locate MANY resources? • Sol: smart routing (make use of DHT) • time? • How to locate resources INSTANTLY? • Sol: Distributed hash table or DHT (resilience?) Benson Wu, 2005

  12. Extending Client-Server to Web Services:Its Problems and Solutions • What most XML firewall do? • How to manipulate only parts of a document? • Per-element XML encryption/signing • How to authenticate/authorize between more than two parties • Single-Sign On • How to assure the validity of Web Services’ action? • SOAP Schema validation • SOAP Digital Signature verification Benson Wu, 2005

  13. Changes in Threat:Volume and Impact • Security is tougher than ever • In volume: >600% • 137,529 reported incidents during 2003, which is more than 6 times of 2000 (CERT) • In impact: <10 minutes • SQL slammer (aka. Sapphire) happened to own the Internet in less than 10 minutes in 2003 Benson Wu, 2005

  14. A Remind of Legacy Security Measures • Access security • Firewall • Content Filter • Data security • Virtual Private Network (VPN) • System security • Intrusion Detection System (IDS) • Antivirus Benson Wu, 2005

  15. Technical Analysis: Issues • FW: must leave alone well-known ports, e.g. 80 • IDS: false alarm, new attack, correlation • AV: new virus, signatures, where (desktop or network), polymorphism • CF: false positives, false negatives • VPN: management overhead, interoperability Benson Wu, 2005

  16. Changes in Security: Perimeter, Depth and Granularity • Existing security measures that protect you • TCP/IP firewall: packet-level • Virtual Private Network (VPN): IP-level tunneling • Content filter: application-level • Intrusion Detection System (IDS): application-level • Antivirus: application-level • Situation had changed • Network perimeters have become less defined due to pervasive mobile devices (e.g. WLAN, PDA, etc.) • 80% of all attacks come from external parties, yet 80% of all security-related losses are due to remaining 20% of attacks • Increasing Depth • Stand-alone security measure  Integrated all-in-one approach • Demand for internal security is emerging (plus more applications and more users requiring higher bandwidth) • Finer Granularity • Packet-level  Application-level • Per-flow basis  Per-element basis Benson Wu, 2005

  17. Anti-spyware: What are we dealing? • Spyware • Definition: a generic term referring to a class of software programs that could violate and potentially jeopardize people privacy and security concerns • Examples: Gator, Cydoor, Aureate, Comet Cursor and Web3000 could be found in many free applications (Kazaa, Bearshare, iMesh and Limewire) • Read the EULA (End-user license agreement) • How serious? nearly 70% spyware penetration in campus environment (Saroiu et al., 2004) • Impact: • credit card numbers could be stolen • keystrokes could be captured • browser settings could be modified • users could be profiled • …following spyware often comes with Trojan, virus and worms Benson Wu, 2005

  18. Anti-spyware: Rootkits as an example • Definition: software that comprise tools to • erase traces of the intrusion from audit logs • have "backdoors" that allow easy access • hide the rootkit itself from administrators • Types: • User-mode rootkit • replacing system binaries with trojaned ones • Kernel-mode rootkit (with Linux Kernel Module support) • insert a module that overrides kernel syscalls • Runtime kernel patchings • writing to /dev/kmem (with or without the LKM support) • Tools for Rootkit Detection • Tripwire • AIDE (Advanced Intrusion Detection Environment) • Chkrootkit (~56 rootkits) Benson Wu, 2005

  19. Conclusions • Firewall • Application-aware filtering • Anti-spam • Single-sign on • IDS • IPS • VPN • SSL VPN • Anti-virus • Anti-spyware Benson Wu, 2005

  20. Many thanks for your time :) Benson Wu, 2005

More Related