Transcript General

November 2nd 1988?
**
 Something interesting happened on this date
 Any ideas?
Network Security (N. Dulay & M.
Huth)
Introduction (1.1)
Internet Worm Launched
**
 Moved relentlessly across network connections from
computer-to-computer
 Within 12 hours, first Berkeley Univ then Purdue Univ
distributed patches to stop spread.
 Computers affected
2,000-3,000
maybe more
 Even those computers not affected had to be tested !
 Cost? Estimated between $1M and $100M. A great deal
of time and resources expended.
Network Security (N. Dulay & M.
Huth)
Introduction (1.2)
Who did it?
**
 Robert T Morris Jr. (Student at Cornell Univ.)
 Claimed it was an experimental program that had a bug :-)
 2yrs later -> 3yr probation, $10K fine, 400 hours
community service.
Network Security (N. Dulay & M.
Huth)
Introduction (1.3)
Net Effect?
**
Birth of a multi-million pound industry
£££££
Network Security (N. Dulay & M.
Huth)
Introduction (1.4)
C430 Network Security
Introduction
Michael Huth
[email protected]
www.doc.ic.ac.uk/~mrh/430/
Network Security (N. Dulay & M.
Huth)
Introduction (1.5)
Cryptography & Network Security (3rd ed)
 William Stallings, Prentice-Hall International, 2002
 Detailed, academic, best overall book for course
Practical Cryptography


Niels Ferguson, Bruce Schneier, Wiley 2003
Superb introduction to cryptographic building blocks.
Network Security (N. Dulay & M.
Huth)
Introduction (1.6)
Applied Cryptography (2nd ed)
 Bruce Schneier, John Wiley, 1996
 Wide-ranging introduction, Parts I and II very readable.
Handbook of Applied Cryptography


Alfred J. Menezes, Paul C. van Oorschot and Scott A.
Vanstone , CRC Press, 1996 (Fifth printing Oct 2001)
Cryptography encyclopaedia. Fabulous resource. All
chapters available for download at
http://www.cacr.math.uwaterloo.ca/hac/
Network Security (N. Dulay & M.
Huth)
Introduction (1.7)
Others
 RSA Lab’s: Cryptography FAQ
http://www.rsasecurity.com/rsalabs/faq/
 Nigel Smart: Cryptography, McGraw-Hill, 2002
 John Viega & Gary McGraw: Building Secure Software, Addison-Wesley
Professional Computing Series, 2002.
 Michael Huth: Secure Communicating Systems, Cambridge Univ. Press,
2001
 Bruce Schneier: Secrets and Lies, John Wiley, 2000.
 Peter Wayner: Disappearing Cryptography, 2nd ed, Morgan Kaufmann,
2002.
 Simon Singh: The Code Book, Fourth Estate 1999
 Sarah Flannery: In Code: A Mathematical Journey, Profile Books, 2000
 Neal Stephenson: Cryptonomicon, Heinemann, 1999
 Cryptogram newsletter:
http://www.counterpane.com/crypto-gram.html
Network Security (N. Dulay & M.
Huth)
Introduction (1.8)
Course Topics





Classical cryptography
Symmetric-key cryptography
Public-key cryptography
Digital signatures
Protocols: Authentication
 Key management
 Access Control
 Wireless & Mobile Security
 Coursework:
Details will be announced within the next two weeks,
probably one assessed coursework
Network Security (N. Dulay & M.
Huth)
Introduction (1.9)
Assets, Threats, Risk, Countermeasures, Aftercare
Assets
Threats
Risks
Policies
Countermeasures
Proactive
Security
Management
Aftercare
Network Security (N. Dulay & M.
Huth)
Introduction (1.10)
Expectancy & Impact of Network
Security
 Expectancy
Impact
HIGH
HIGH
Prevent
HIGH
LOW
Contain & Control
LOW
HIGH
Contingency Plans, Insurance
LOW
LOW
Live with?
Network Security (N. Dulay & M.
Huth)
Introduction (1.11)
Network Security Model - 1
Max
Alice
Msg
Channel
Msg
Bob
Traffic Analysis, Covert Channels
Network Security (N. Dulay & M.
Huth)
Introduction (1.12)
Network Security Model - 2
Distrib Secret Info, Arbitrate
Trusted Third Party
Msg
Secret
Info
Msg
?
Channel
?
Secret
Info
Adversary
Network Security (N. Dulay & M.
Huth)
Introduction (1.13)
Network Access Model
Adversary
Host
Human
Channel
Software
Processor
Memory
I/O
Files
Processes
Internal Net
Security
Controls
Internal Adversaries?
Network Security (N. Dulay & M.
Huth)
Introduction (1.14)
Key Security Properties
 Confidentiality
 Authentication
 Integrity
 Non-repudiation
 Availability
 Access Control
Network Security (N. Dulay & M.
Huth)
Introduction (1.15)
Confidentiality (Secrecy)
 Protect transmitted data
 Protect against traffic analysis
 INTERCEPTION
Unauthorised party gains access
to data
Timeliness
Network Security (N. Dulay & M.
Huth)
Introduction (1.16)
Authentication
 Assurance that message is from
proper source
 FABRICATION
Insertion of “counterfeit”
messages
 Protect from third party
masquerade
Mutual Authentication
Network Security (N. Dulay & M.
Huth)
Introduction (1.17)
Integrity
 Message is received as sent
 Modification
 MODIFICATION
Gain access and “tampers” with
messages
 Also interested in replay, reordering, deletion, delay
Network Security (N. Dulay & M.
Huth)
Introduction (1.18)
Availability
 Complete loss of availability
 Reduction/Degradation in
availability
Network Security (N. Dulay & M.
Huth)
 INTERRUPTION
Loss of communication (cut the
cable)
 DENIAL OF SERVICE
Noisy comms (physical noise,
spurious messages)
Introduction (1.19)
Non-repudiation
 Prevents parties from denying
they sent or received a message;
ie. concerned with protecting
against legitimate protocol
participants, not with protection
from external source
 REPUDIATION ATTEMPT
Party anonymously publishes his
or her message/key(s) and
falsely claims that they were
stolen.
 Receiver can verify and prove
who sent a message
 Sender can verify and prove
who received a message
Network Security (N. Dulay & M.
Huth)
Introduction (1.20)
Access Control
 Limit & control access to host
system/services
 REPLAY
Record a legitimate message e.g.
a login, and replay later
 Limit & control access to
networks
 Authenticate each party so that
access rights can be assigned
 More fine-grained solutions, e.g.
Digital Rights Management
Auditing Service
Network Security (N. Dulay & M.
Huth)
Introduction (1.21)
Passive Attacks
Interception
Message Contents
Traffic Analysis
 Only monitors channel (threat to confidentiality)
 Difficult to Detect -> Incentive to Prevent
 Countermeasures?
Network Security (N. Dulay & M.
Huth)
Introduction (1.22)
Active Attacks
Interruption
Denial of Service
(AVAILABILITY)
Modification
(INTEGRITY)
Fabrication
Masquerade
(AUTHENTICITY)
 Modification of, or creation of a false data stream
 Hard to Prevent -> Incentive to Detect and Recover
 REPLAYS are a very powerful form of active attack where a message is
intercepted (passive attack) and then replayed to gain access or to
break a protocol. E.g. fake interfaces at bank teller machines.
Network Security (N. Dulay & M.
Huth)
Introduction (1.23)
Reading
 Stallings. Chapter 1 - Introduction
Network Security (N. Dulay & M.
Huth)
Introduction (1.24)
The Internet Worm
Michael Huth
[email protected]
www.doc.ic.ac.uk/~mrh/430/
Network Security (N. Dulay & M.
Huth)
Introduction (1.25)
when & how
accounts attacked
 date: 2nd november 1988
 accounts with obvious passwords
________________________
 sendmail (with debug mode enabled)
 fingerd (vaxen only)
 rexec
 accounts with a passwords in a
432 word dictionary
 accounts with passwords in
/usr/dict/words
 accounts with trusted machines (
.rhosts )
 rsh
Network Security (N. Dulay & M.
Huth)
Introduction (1.26)
machines attacked
what it did not do
 certain sun’s and vax’s
 gain privileged access
 machines in /etc/hosts.equiv
 machines in .rhosts
 machines in cracked account’s
.forward files
 machines in cracked account’s
.rhosts files
 machines listed as network gateways
in routing tables
 destroy or attempt to destroy
any data
 leave time bombs behind
 attack specific well-known or
privileged accounts such as root
 machines at guessed LAN addresses
Network Security (N. Dulay & M.
Huth)
Introduction (1.27)
rsh
 tried to connect as current user
 tried 3 locations for rsh:
/usr/ucb/rsh, /usr/bin/rsh,
/bin/rsh
 successful access if attacked host
trusts user and host.
trust defined by /etc/host.equiv or
remote users .rhosts file
rexec
 tried to connect with users and
passwords already “discovered”
on local host
 requested /bin/sh as command
to execute
 if successful transferred worm
bootstrap program
 if successful transferred worm
bootstrap program
Network Security (N. Dulay & M.
Huth)
Introduction (1.28)
sendmail flaw
fingerd bug
 debug mode allowed execution of a
named program as the mail
recipient. program would run with
input coming from attacking host
 fingerd used a library routine (gets)
which allocated a buffer on the
stack. gets performed no bound
checking
 recipient program stripped off mail
headers and passed body to a
command interpreter
 worm overflowed stack buffer, and
setup a fake stack frame
 body was a script which "created" a
worm bootstrap program to pull in
rest of worm from attacking host
 both vax and sun worm binaries were
tried
Network Security (N. Dulay & M.
Huth)
 causing a small new piece of vax
code to run on procedure return
 code exec’ed bourne shell with input
(worm bootstrap program) coming
from attacking host
Introduction (1.29)
worm bootstrap
self protection
 c source program
 erased argument list
 compiled with c compiler on
attacked host
 deleted executing binary
 transferred main worm code
(binaries) from attacking host
 both vax and sun binaries tried
 on execution detached itself
from parent process
Network Security (N. Dulay & M.
Huth)
 used resource limit functions to
prevent a core dump
 used sh for compiled name
 forked every 3 minutes, child
continued, parent exited
 xor’ed all constant strings with
hex 81
Introduction (1.30)
Network Security
Tutorial 1
Michael Huth
[email protected]
www.doc.ic.ac.uk/~mrh/430/
Network Security (N. Dulay & M.
Huth)
Introduction (1.31)
Assets
 Personal Data, Passwords, CC,
Files, Data, Configuration Data,
Medical Data
 Money, Revenue stream
 CPU time, Network bandwidth,
Filespace, Availability of Net
 Access to services
 Hardware ....
 Minimise downtime
Network Security (N. Dulay & M.
Huth)





Intellectual Property
Reputation, Public Image
Privacy
Staff morale
Anonymity
Introduction (1.32)
Assets









Data including archives
Computers, Disks, Tapes
CPU time, Storage, Net capacity
Comms (routers, switches,
firewalls, modems, patch panels,
bandwidth), Phones, Faxes
Air-conditioning systems/alarm
systems, Physical Security
Manuals, guides
Printouts: reports, letters,
emails, contracts
Configuration information
Passwords
Network Security (N. Dulay & M.
Huth)
**








Staff
Safety and health of personnel
Privacy of users
Public image and reputation
Customer/client goodwill
Share price
Intellectual property
Domain name
Introduction (1.33)
Threats
Hardware errors
Terrorists
Theft, Malicious, Microsoft
Industrial espionage, Government
Malicious software
Pirating
Password cracking
Denial of Service
Masquerade
Misuse of resources
Social engineering
Reverse engineering
Network Security (N. Dulay & M.
Huth)





Acts of God, Fire, Earthquakes,
Disaffected employees
Human error
Illness & Injury
Economic downturns
Introduction (1.34)
Threats
 Unreliable software, bugs
 Viruses, worms, trojan horses,
bombs, trap doors, spoofs,
artificial life-forms, password
crackers, Cryptanalysis,
Microsoft
 Disgruntled, blackmailed, bribed,
greedy employees or exemployees
 Hackers
 Government agencies, military
spies, industrial spies, criminals,
terrorists
 ISPs, Backbone Providers
 BIGGEST THREAT?
Network Security (N. Dulay & M.
Huth)
 Illness, flu epidemic, death,
strikes,
 Resignations, badly-trained
staff
 Loss of phone/network services
 Loss of utilities (water,
electricity), Garbage
 Lightning, flood, fire, ...
 Bombs, ransom demands
 Vendor bankruptcy
 Bad press, fringe groups
 Legal action
 Faulty computers/equipment
 Bad practice, mis-configuration
Introduction (1.35)
Countermeasures













Anti-virus software
Backups
Firewalls
CERT
Security Policies
Physical security
Disaster recovery
Intrusion detection Systems
Hardware dongles
Patches
Cryptography
Access control
Increasing bandwidth
Network Security (N. Dulay & M.
Huth)






Good pay, food, computers, gym
Train users
Patents, copyrights, lawyers
Contracts
Background people
Insurance
Introduction (1.36)
Countermeasures
 Protect buildings, equipment and
people from unauthorised access,
natural disasters
 Use fibre optic cabling, Shield
equipment & cabling
 Use reliable H/W & S/W, Shredder
 Keep backups & standby systems
 Use “good” cryptography
 Use firewalls, simulated attacks
 Use good password admin, virus
checkers, intrusion detection s/w,
auditing software, biometrics
 Isolate network
 Counter-intelligence, Ethical
hackers, Security guards, Lawyers
Network Security (N. Dulay & M.
Huth)
 Employ trustworthy staff,
background checks
 Train/educate staff
 Keep staff happy
 Insure
 Good legal backup
 Take security seriously
(planning, administration, risk
assessment, cost/benefit
analysis, paranoia level)
 Splendid Isolation
 EXPECTANCY & IMPACT
Introduction (1.37)
Policies
 Set of well-defined, consistent and implementable rules (security
requirements). Policies should be general and change little over time.
 Consider an online auction company such as E-bay which allows most
users to buy and sell goods online. Sellers can post details of their
goods on E-Bay’s web site and interested buyers can bid for the goods.
 What policies might the users of the system want applied?
 What policies might E-Bay want applied?
Network Security (N. Dulay & M.
Huth)
Introduction (1.38)
Rank the Security functions below
Confidentiality Authentication Integrity
Availability
 Bank
?
?
?
?
 Military
?
?
?
?
?
?
?
?
 University
 1 = Most Important
Network Security (N. Dulay & M.
Huth)
 4 = Least Important
Introduction (1.39)
An access control is violated, what next?
 E.g. a password is broken and web pages for Amazon.com are replaced
Network Security (N. Dulay & M.
Huth)
Introduction (1.40)