Documente Academic
Documente Profesional
Documente Cultură
Justin Weisz
jweisz@andrew.cmu.edu
15-441 Networks
O er iew
What is security? Why do we need security? Who is vulnerable? Common security attacks and countermeasures
Firewalls !ntrusion "etection #ystems "enial o$ #ervice %ttacks &C' %ttacks 'acket #ni$$in( #ocial 'roblems 3
15-441 Networks
What is !Security"
"ictionary.com says)
1. Freedom $rom risk or dan(er* sa$ety. +. Freedom $rom doubt, an-iety, or $ear* con$idence. .. #omethin( that (ives or assures sa$ety, as)
/ 1. % (rou0 or de0artment o$ 0rivate (uards) Call buildin( security i$ a visitor acts sus0icious. / +. 1easures ado0ted by a (overnment to 0revent es0iona(e, sabota(e, or attack. / .. 1easures ado0ted, as by a business or homeowner, to 0revent a crime such as bur(lary or assault) #ecurity was la- at the $irm2s smaller 0lant.
What is !Security"
"ictionary.com says)
1. Freedom $rom risk or dan(er* sa$ety. +. Freedom $rom doubt, an-iety, or $ear* con$idence. .. #omethin( that (ives or assures sa$ety, as)
/ 1. % (rou0 or de0artment o$ 0rivate (uards) Call buildin( security i$ a visitor acts sus0icious. / +. 1easures ado0ted by a (overnment to 0revent es0iona(e, sabota(e, or attack. / .. 1easures ado0ted, as by a business or homeowner, to 0revent a crime such as bur(lary or assault) #ecurity was la- at the $irm2s smaller 0lant.
What is !Security"
"ictionary.com says)
1. Freedom $rom risk or dan(er* sa$ety. +. Freedom $rom doubt, an-iety, or $ear* con$idence. .. #omethin( that (ives or assures sa$ety, as)
/ 1. % (rou0 or de0artment o$ 0rivate (uards) Call buildin( security i$ a visitor acts sus0icious. / +. 1easures ado0ted by a (overnment to 0revent es0iona(e, sabota(e, or attack. / .. 1easures ado0ted, as by a business or homeowner, to 0revent a crime such as bur(lary or assault) #ecurity was la- at the $irm2s smaller 0lant.
What is !Security"
"ictionary.com says)
1. Freedom $rom risk or dan(er* sa$ety. +. Freedom $rom doubt, an-iety, or $ear* con$idence. .. #omethin( that (ives or assures sa$ety, as)
/ 1. % (rou0 or de0artment o$ 0rivate (uards) Call buildin( security i$ a visitor acts sus0icious. / +. 1easures ado0ted by a (overnment to 0revent es0iona(e, sabota(e, or attack. / .. 1easures ado0ted, as by a business or homeowner, to 0revent a crime such as bur(lary or assault) #ecurity was la- at the $irm2s smaller 0lant.
'rovide
5uarantee
availability o$ resources
Who is ul#era%le$
Financial
institutions and banks !nternet service 0roviders 'harmaceutical com0anies 5overnment and de$ense a(encies Contractors to various (overnment a(encies 1ultinational cor0orations AN&ON' ON (H' N'(WO)*
15-441 Networks 9
"enial o$ #ervice
!n(ress $ilterin(, !"#
&C' hijackin(
!'#ec
'acket sni$$in(
4ncry0tion 9##<, ##=, <&&'#;
#ocial 0roblems
4ducation
15-441 Networks
10
Firewalls
>asic
0roblem many network a00lications and 0rotocols have security 0roblems that are $i-ed over time
"i$$icult $or users to kee0 u0 with chan(es and kee0 host secure #olution
/ %dministrators limit access to end hosts by usin( a $irewall / Firewall is ke0t u0?to?date by administrators
15-441 Networks
11
Firewalls
%
@nly one 0oint o$ access into the network &his can be (ood or bad
Can
be hardware or so$tware
4-. #ome routers come with $irewall $unctionality i0$w, i0chains, 0$ on Ani- systems, Windows B' and 1ac @# B have built in $irewalls
15-441 Networks
12
Firewalls
!nternet
Firewall 15-441 Networks
"1C
Web server, email server, web proxy, etc
Firewall
!ntranet
13
Firewalls
4-. "ro0 0ackets with destination 0ort o$ +. 9&elnet; Can use any combination o$ !'DA"'D&C' header in$ormation man ipfw on uni-EF $or much more detail
15-441 Networks
Firewalls
<ere
1i(ht
need some o$ these services, or mi(ht not be able to control all the machines on the network
15
15-441 Networks
Firewalls
What
15-441 Networks
16
-#trusio# .etectio#
Ased
@0en
15-441 Networks
17
-#trusio# .etectio#
4-am0le
!J!B vulnerability in webdist&c'i Can make a rule to dro0 0ackets containin( the line
) */c'i-bin/webdist&c'i+distloc,+-cat.20/etc/passwd/
<owever, !"# is only use$ul i$ contin(ency 0lans are in 0lace to curb attacks as they are occurrin(
18
15-441 Networks
/i#or .etour0
#ay
we (ot the DetcD0asswd $ile $rom the !J!B server What can we do with it?
15-441 Networks
19
.ictio#ary Attack
15-441 Networks
20
1ake a network service unusable, usually by overloadin( the server or network 1any di$$erent kinds o$ "o# attacks
#MN $loodin( #1AJF "istributed attacks 1ini Case #tudy) Code?Jed
15-441 Networks
21
#MN $loodin( attack #end #MN 0ackets with bo(us source address
Why?
#erver res0onds with #MN %CO and kee0s state about &C' hal$?o0en connection
4ventually, server memory is e-hausted with this state
15-441 Networks
22
15-441 Networks
23
#ource !' address o$ a broadcast 0in( is $or(ed =ar(e number o$ machines res0ond back to victim, overloadin( it
15-441 Networks
24
!nternet
'er0etrator
Gictim
15-441 Networks
25
15-441 Networks
26
July 17, +QQ1) over .67,QQQ com0uters in$ected with Code?Jed in less than 1E hours Ased a recently known bu$$er e-0loit in 1icroso$t !!# "ama(es estimated in e-cess o$ S+.R billion
15-441 Networks
27
15-441 Networks
28
!n(ress $ilterin(
/ !$ the source !' o$ a 0acket comes in on an inter$ace which does not have a route to that 0acket, then dro0 it / JFC ++RF has more in$ormation about this
(+2 Attacks
Jecall
4nd hosts create !' 0ackets and routers 0rocess them 0urely based on destination address alone
'roblem)
4nd hosts may lie about other $ields which do not a$$ect delivery
#ource address host may trick destination into believin( that the 0acket is $rom a trusted source
/ 4s0ecially a00lications which use !' addresses as a sim0le authentication method / #olution use better authentication methods
15-441 Networks
30
(+2 Attacks
&C'
values?
'ort numbers are sometimes well known to be(in with 9e-. <&&' uses 0ort LQ; #ePuence numbers are sometimes chosen in very 0redictable ways
15-441 Networks 31
(+2 Attacks
!$
an attacker learns the associated &C' state $or the connection, then the connection can be hi3ackedK %ttacker can insert malicious data into the &C' stream, and the reci0ient will believe it came $rom the ori(inal source
4-. !nstead o$ downloadin( and runnin( new 0ro(ram, you download a virus and e-ecute it
15-441 Networks 32
(+2 Attacks
#ay
15-441 Networks
33
(+2 Attacks
%lice
15-441 Networks
34
(+2 Attacks
1r.
>i( 4ars lies on the 0ath between %lice and >ob on the network
<e can interce0t all o$ their 0ackets
15-441 Networks
35
(+2 Attacks
First,
1r. >i( 4ars must dro0 all o$ %lice8s 0ackets since they must not be delivered to >ob 9why?;
15-441 Networks
36
(+2 Attacks
&hen,
1r. >i( 4ars sends his malicious 0acket with the ne-t !#N 9sni$$ed $rom the network;
ISN, SRC=Alice
15-441 Networks
37
(+2 Attacks
What
i$ 1r. >i( 4ars is unable to sni$$ the 0ackets between %lice and >ob?
Can just "o# %lice instead o$ dro00in( her 0ackets Can just send (uesses o$ what the !#N is until it is acce0ted
<ow
(+2 Attacks
Why
Web server
15-441 Networks
Malicious user
39
(+2 Attacks
<ow
15-441 Networks
40
Fi e /i#ute Break
For
15-441 Networks
41
2acket S#iffi#4
Jecall
how 4thernet works 3 When someone wants to send a 0acket to some else 3 &hey 0ut the bits on the wire with the destination 1%C address 3 %nd remember that other hosts are listenin( on the wire to detect $or collisions 3 !t couldn8t (et any easier to $i(ure out what data is bein( transmitted over the networkK
15-441 Networks 42
2acket S#iffi#4
&his
works $or wireless tooK !n $act, it works $or any broadcast?based medium
15-441 Networks
43
2acket S#iffi#4
What
kinds o$ data can we (et? %sked another way, what kind o$ in$ormation would be most use$ul to a malicious user? %nswer) %nythin( in 0lain te-t
'asswords are the most 0o0ular
15-441 Networks
44
2acket S#iffi#4
!'#ec
'rovides network?layer con$identiality
15-441 Networks
45
Social 2ro%le,s
'eo0le
15-441 Networks
46
Social 2ro%le,s
Fun
4-am0le 1)
H<i, !8m your %& & re0, !8m stuck on a 0ole. ! need you to 0unch a bunch o$ buttons $or meI
15-441 Networks
47
Social 2ro%le,s
Fun
4-am0le +)
Social 2ro%le,s
Fun
4-am0le .)
Who saw @$$ice #0ace? !n the movie, the three dis(runtled em0loyees installed a money?stealin( worm onto the com0anies systems &hey did this $rom i#side the com0any, where they had full access to the com0anies systems
/ What security techniPues can we use to 0revent this ty0e o$ access? 15-441 Networks 49
Social 2ro%le,s
#o, the best that can be done is to im0lement a wide variety o$ solutions and more closely monitor who has access to what network resources and in$ormation
>ut, this solution is still not 0er$ect
15-441 Networks
50
+o#clusio#s
&he
!nternet works only because we im0licitly trust one another !t is very easy to e-0loit this trust &he same holds true $or so$tware !t is im0ortant to stay on to0 o$ the latest C4J& security advisories to know how to 0atch any security holes
15-441 Networks
51