Transcript Internet infrastructure and data

Cosc 5/4765
Security:
The Internet structure
and data moving across it
Internet
• a lot of WANs and LANs connected together to
form the global access to computers via TCP/IP.
Connected in a very chaotic manner, no real order.
• At the top of the internet hierarchy are National
Service Providers (NSPs) that form the backbone
of the internet.
– Regional ISPs connect to an NSP.
– Network Access Points (NAPs) are switching centers
between the NSPs. Sometimes referred to as
Metropolitan area exchanges (MAEs).
Connecting to Internet Backbone
SOURCE: HOWSTUFFWORKS.COM
Structure of the Internet
NAP
Europe
Backbone 1
NAP
Backbone 4, 5, N
Japan
Regional A
Backbone 2
NAP
NAP
Backbone 3
Australia
Regional B
MAPS
UUNET MAP
SOURCE: CISCO SYSTEMS
Internet Security
• Protecting the Internet
– It is very large and decentralized
• So the “internet” can’t be attacked or crashed
• Only sections can be “brought down”
– It relies are on redundant pieces to continue
functioning
• Core routers and backbone connections between the
NAPs
• Root DNS servers
Internet Security (2)
• Routers can be attacked
• Router table can be changed
– Redirecting data to somewhere else
• Root DNS (12-16 root servers)
– Attacked and crashed
– More likely a DoS to cause an “outage”
Internet Security (3)
• Securing the Internet backbone is left to
each NSP
– They are responsible to securing their own
routers
• The ICANN is responsible for the Root
DNS servers.
– They are only to top level domain resolution
• Ie .com, .edu, etc…
Example name servers structure
ROOT
.GOV
AMAZON
.COM
MCKINSEY
.MIL
YAHOO
EE
.NET
.EDU
UWYO
SDVC
CS
BIGHORN
.ORG
PITT
GG
MERU
MIT
.IT
DNS servers
• The DNS system is protected by it’s
hierarchy.
– Each level down, must be pointed by the one
above it. They are authorized servers, which
can then delegate to the one below
– DNS: Roots  edu servers  uwyo servers 
cs servers
• Same with IP numbers (reverse DNS looks).
– This prevents DNS spoofing.
DNS Cache Poisoning
• a technique that tricks DNS server into
believing it has received authentic
information when, in reality, it has not.
• Once the DNS server has been poisoned,
the information is generally cached for a
while, spreading the effect of the attack to
the users of the server.
DNS Cache Poisoning (2)
• If the server does not correctly validate DNS responses to
ensure that they have come from an authoritative source,
then server will end up caching the incorrect entries locally
and serve them to users that make the same request.
• This technique can be used to replace arbitrary content for
a set of victims with content of an attacker's choosing. For
example, an attacker poisons the IP address DNS entries
for a target website on a given DNS server, replacing them
with the IP address of a server he controls.
– Redirect the target domain’s name server
– Redirect the NS record for the target domain
Internet Routers
• In some cases, attackers have been able to cause
high level routers to redirect traffic.
– Some times via hacking a router
– Mostly by sending bad Router discovery packets.
• takes advantage of the dynamic nature of the internet.
• If the router accepts them, then it will redirect traffic.
• The administrator “ports” of routers are almost
always on a separate vlan, with only local access
to them, so hacking a router is very difficult.
Lastly
• There is very little that we can do to “secure the
internet”
– We can protect our own routers and network
– Protect our own DNS systems from attacks and
unauthorized changes.
• At higher levels, such as regional ISPs, they
protect their equipment.
– If need be cutting of a “local ISP” causing problems.
Q&A