Transcript Lecture 11
Internet Security
CSC1720 – Introduction to Internet
Essential Materials
Outline
Introduction
Who is knocking at the door?
– Possible Attackers
What is a trusted Network?
– Cryptography, Firewall
– Virtual Private Network (VPN)
– Secure Socket Layer (SSL)
Authentication versus Authorization
Computer Emergency Response Team (CERT)
Summary
CSC1720 – Introduction to Internet
2
All copyrights reserved by C.C. Cheung 2003.
Introduction
What is Security?
– Protect your private data stored in the
disk or transfer between any computer or
any networking device.
Why it is so important?
– In the information age, we will be going
online more and provide more personal
information (email, electronic transfer),
and business transaction (e-commerce).
CSC1720 – Introduction to Internet
3
All copyrights reserved by C.C. Cheung 2003.
No. of Incidents Reported
in USA from 1988 to 2001
CSC1720 – Introduction to Internet
4
All copyrights reserved by C.C. Cheung 2003.
Who is knocking at the
door?
Hacker, Cracker
Denial-of-Service (DoS) Attacks
Smurfing, Trinoo
Spoofing attacks
Network scanning tools
Operating System (OS) attacks
Remote Access
Virus Attacks
CSC1720 – Introduction to Internet
5
All copyrights reserved by C.C. Cheung 2003.
Hacker
Computer Hacker is a typically
knowledgeable person. He/she knows
several different languages, familiar
with UNIX and NT, Networking
protocols.
A hacker will look for internal and
external system holes or bugs to break
into the system, fun and challenging.
CSC1720 – Introduction to Internet
6
All copyrights reserved by C.C. Cheung 2003.
CNN – Hacker news
Reference: CNN
CSC1720 – Introduction to Internet
7
All copyrights reserved by C.C. Cheung 2003.
Cracker
Attempt to break into the system by
guessing or cracking user’s passwords.
Cracker and Hacker are two different terms.
Hacker has generally higher level of
education and intelligence than cracker.
Hackers do not like crackers.
More information on Hackers:
– www.tuxedo.org/~esr/faqs/
CSC1720 – Introduction to Internet
8
All copyrights reserved by C.C. Cheung 2003.
Denial-of-Service (DoS)
Attacks
The most famous attack is “IP Ping of Death” in
1997.
A well-known way to “crash” the remote computer
over the Internet by hackers.
The attack involves sending IP packets of size
larger than 65,535 bytes to the target computer.
Some operating system failed to handle this illegal
packet size would be crashed.
Demo: Windows’ PING command
More information : Ping of death
CSC1720 – Introduction to Internet
9
All copyrights reserved by C.C. Cheung 2003.
How smurf attacks work?
Attacker’s PC
Network server 2
Ping! Ping! Ping! Ping!
From Target ISP
Ping request Packets
Ping!
Ping!
Ping!
Ping!
Ping!
Ping!
Ping!
Ping!
Ping!
Ping!
Target ISP is
flooded with
Unwanted
ping answer
packets
Ping Answer Packets
Network server 1
CSC1720 – Introduction to Internet
10
All copyrights reserved by C.C. Cheung 2003.
Trinoo
A tool to launch DoS attacks
It is installed when the user unknowingly
executes it, becomes active all the time.
The one who has the Trinoo client program
can sneak into your computer without
permission.
Cause Distributed DoS attacks.
More information: CERT
CSC1720 – Introduction to Internet
11
All copyrights reserved by C.C. Cheung 2003.
Trinoo performs DoS attack
CSC1720 – Introduction to Internet
12
All copyrights reserved by C.C. Cheung 2003.
Other DoS attack tools
CSC1720 – Introduction to Internet
13
All copyrights reserved by C.C. Cheung 2003.
Spoofing attacks
CSC1720 – Introduction to Internet
14
Something
masquerading
as something
else: IP
spoofing, web
spoofing,
DNS
spoofing, …
All copyrights reserved by C.C. Cheung 2003.
Network scanning tools
There are thousands of software can
be used to scan a system.
Easily download and search a network
or Operating system, look for
vulnerabilities and report them to the
hackers.
Hackers can use these “Open doors”.
Nmap, Port Scanner, Sam Spade,
Internet Maniac.
CSC1720 – Introduction to Internet
15
All copyrights reserved by C.C. Cheung 2003.
Network Scanning Tools
CSC1720 – Introduction to Internet
16
All copyrights reserved by C.C. Cheung 2003.
Operating System (OS)
Attacks
Checkout the vendor security page on the
Web, learn how to conduct these attacks.
These problems (bugs) are identified, the
software vendor provides the bug fixed.
Not everyone will install the required
patches or updates Open doors
You should regularly visit the software
vendor security pages.
OS attacks: Win Nuke, Windows (Out-ofBound) OOB bug, …
CSC1720 – Introduction to Internet
17
All copyrights reserved by C.C. Cheung 2003.
Win Nuke, Windows OutOf-Band (OOB) Bug
Reference:
Win Nuke
CSC1720 – Introduction to Internet
18
All copyrights reserved by C.C. Cheung 2003.
Remote Access
Many companies allow their employees
to remote login the office PCs.
War Dialer & Password Cracker
War Dialer: a simple database with
automated modem scripts, dial phone
numbers and record successful
attempts into the database.
Password Cracker: Use Brute-force
methods to break the passwords.
CSC1720 – Introduction to Internet
19
All copyrights reserved by C.C. Cheung 2003.
Password Cracker
CSC1720 – Introduction to Internet
20
Brute-force
Password
cracker
Reference
Demo now
All copyrights reserved by C.C. Cheung 2003.
Virus Attacks
Not always harmful, but most of them cause
damage, system overload or system
hanged.
Often transmitted as email attachment, or
via diskette, downloaded files.
Some of them take effects when someone
click and run, others will lie dormant until
certain conditions trigger their code (1 April,
special day, …)
CSC1720 – Introduction to Internet
21
All copyrights reserved by C.C. Cheung 2003.
The Love Bug – Email Bug
From: Your Friend
To: You
Subject: I Love U
Steal your
password or
local files
The virus would
send infected email
to all the friends in
your address book.
CSC1720 – Introduction to Internet
From: Your Friend
To:Your
Another
From:
Friendone
Subject:
To:Your
YouFriendI Love U
From:
Subject: I Love U
To:Your
You
From:
Friend
Subject: I Love U
To: You
Subject: I Love U
22
Local
Files
All copyrights reserved by C.C. Cheung 2003.
How fast can they spread?
At the first beginning – no host is infected by Slammer
CSC1720 – Introduction to Internet
23
All copyrights reserved by C.C. Cheung 2003.
How fast can they spread?
After 30 minutes
CSC1720 – Introduction to Internet
24
All copyrights reserved by C.C. Cheung 2003.
Trojan Horse
In legend, a hollow wooden horse enter the
castle, later open the gate for their army.
A computer program that performs some
actions not described in the specification.
– Performs illegitimate functions.
– E.g. rogue login program that writes the
login/password into a file, later the attacker can
read or mail the file to outsider for attack.
CSC1720 – Introduction to Internet
25
All copyrights reserved by C.C. Cheung 2003.
Other threats
Authorization violation – unauthorized
access to some critical parts of the
system.
Eavesdropping – All message between
the browser and the server can be
intercepted by the eavesdropper.
Any others? Let’s think about it.
CSC1720 – Introduction to Internet
26
All copyrights reserved by C.C. Cheung 2003.
Break Time – 15 minutes
CSC1720 – Introduction to Internet
27
All copyrights reserved by C.C. Cheung 2003.
What is a Trusted
Network?
It is the network for a company to
conduct its internal business.
It is a secure network, which allows
direct interaction between systems
without encryption.
Backend systems, Internal-only Web
server, data processing, messaging.
CSC1720 – Introduction to Internet
28
All copyrights reserved by C.C. Cheung 2003.
Trusted Network Example
Demilitarized Zone (DMZ)
External Router
Internet
Mail
Server
WWW
Server
Firewall
Trusted Network
Internal Router
User Area
CSC1720 – Introduction to Internet
Database Server
29
All copyrights reserved by C.C. Cheung 2003.
How Firewalls work?
Ping packet
mailto: [email protected]
Firewall
Internet
Router
Mail
Server
CSC1720 – Introduction to Internet
30
IMAP
Server
All copyrights reserved by C.C. Cheung 2003.
Firewalls
Hardware ? Software?
http://www.intel.com/network/connectivity/re
sources/demos/index.htm?iid=netsite+inc&#
CSC1720 – Introduction to Internet
31
All copyrights reserved by C.C. Cheung 2003.
Sample Network
Organization
Human
Resource
s
DMZ
Internet
Accountin
g
Sales
CSC1720 – Introduction to Internet
Marketin
g
32
Research
All copyrights reserved by C.C. Cheung 2003.
Connect two Networks
DMZ
Company
One
Network
CSC1720 – Introduction to Internet
Internet
DMZ
33
DMZ
Company
Two
Network
All copyrights reserved by C.C. Cheung 2003.
Intranet ? Extranet ?
Use VPN and
Firewall
technologies
to build
corporate
networks
CSC1720 – Introduction to Internet
34
All copyrights reserved by C.C. Cheung 2003.
Cryptography
Provides techniques to mangle message into
unintelligible form and then recovers it from
the mangled form.
Original message: Plaintext
Mangling step:
Encryption
Mangled message: Ciphertext
Demangling step:
Decryption
The method identified the encryption and
decryption: “Cryptographic Algorithm”.
CSC1720 – Introduction to Internet
35
All copyrights reserved by C.C. Cheung 2003.
Cryptosystems
The earliest application: The famous
Caesar cipher
– Replace letter 3 position later
– E.g. A becomes D, B becomes E, …
– E.g. ROT13 in newsgroup
– Not a very secure algorithm
Plaintext
Encryption
CSC1720 – Introduction to Internet
Ciphertext
36
Decryption
Plaintext
All copyrights reserved by C.C. Cheung 2003.
Virtual Private Network
VPN is a collection of technologies that
create secure connections between a
group of computer via the Internet.
Provide an encrypted channel between
users over a public network.
Accommodate the needs of remote
employees and distant offices.
CSC1720 – Introduction to Internet
37
All copyrights reserved by C.C. Cheung 2003.
VPN Example
Virtual Private Network
Encrypted Channel
Tunneling
Secured
channel
Secured
channel
Home PC
Internet
CSC1720 – Introduction to Internet
38
Office Network
All copyrights reserved by C.C. Cheung 2003.
Real VPN
CSC1720 – Introduction to Internet
39
All copyrights reserved by C.C. Cheung 2003.
http://www.cuhk.edu.hk/itsc/network/vpn/overview.html
CUHK VPN
CSC1720 – Introduction to Internet
40
All copyrights reserved by C.C. Cheung 2003.
Secure Socket Layer
(SSL)
It is a protocol designed by Netscape
Communications.
It provides for the encryption of a session.
It is responsible for the management of a
secure, encrypted communication channel
between a server and client.
It is implemented in major Web browsers –
Netscape and Internet Explorer.
“https://” is used to designate a secure, SSLenabled session.
CSC1720 – Introduction to Internet
41
All copyrights reserved by C.C. Cheung 2003.
SSL Protocol Example
Application Layer
(FTP, SMTP, HTTP, …)
Application Layer
(FTP, SMTP, HTTP, …)
SSL Protocol
Transport Layer (TCP Protocol)
Transport Layer (TCP Protocol)
Internet Layer (IP Protocol)
Internet Layer (IP Protocol)
Network Interface
(Ethernet, Twisted Pair, …)
Network Interface
(Ethernet, Twisted Pair, …)
TCP/IP model
CSC1720 – Introduction to Internet
TCP/IP model with SSL
42
All copyrights reserved by C.C. Cheung 2003.
SSL
Howto
Create the
shared
secret keys
first.
Use the
secret keys
to exchange
private data.
CSC1720 – Introduction to Internet
43
All copyrights reserved by C.C. Cheung 2003.
SSL Example
CSC1720 – Introduction to Internet
44
SSL used
in web
client &
web server
All copyrights reserved by C.C. Cheung 2003.
Secure HTTP (S-HTTP)
It is an extension to HTTP with security
features added.
– Spontaneous Encryption
SSL creates a secure connection between
client and server, any amount of data can be
sent securely.
S-HTTP transmits individual messages
securely over the Internet.
SSL and S-HTTP are complementary
technologies.
CSC1720 – Introduction to Internet
45
All copyrights reserved by C.C. Cheung 2003.
Secure MIME (S/MIME)
Secure Multipurpose Mail Extension
It is a standard for secure email.
Content-Type: multipart/signed
–boundary
Content-Type: text/plain
This is the clear text.
–boundary
Content-Type: application/pkcs7-mime; smime-type=signed-data; name=smime.ps
mQCNAziDqqsAAAEEAJbbaOUM4XXlMTM3f2q92jeFxNylCF8c94Ij7gAAsuF22VyfX
JOIfhPvTltGsjObE72Z7s3XFYafy54lIVyyIqtCNTXRs9xB6pHjtANvXd....
–boundary
CSC1720 – Introduction to Internet
46
All copyrights reserved by C.C. Cheung 2003.
Authentication versus
Authorization
Authentication
– It is a process that allows computer users to
establish a right to an identity via a physical
access (PC, network, remote).
– Username and password must be provided to
login a system.
Authorization
– It is a process of determining whether a user is
allowed to perform certain actions on a resource.
– E.g. I can login the system, but I cannot access
some files of the harddisk.
CSC1720 – Introduction to Internet
47
All copyrights reserved by C.C. Cheung 2003.
Authentication versus
Authorization
Directory
authentication
Access List
Ray = Deny
End User - Ray
authorization
Database
CSC1720 – Introduction to Internet
48
Access List
Ray = OK
All copyrights reserved by C.C. Cheung 2003.
Authentication
User Name / Password
Certificate
Biometric Techniques
Smart Cards
Anonymous
Any others?
CSC1720 – Introduction to Internet
49
All copyrights reserved by C.C. Cheung 2003.
Username / Password
The most widely used mechanism to
authenticate a person.
People tend to choose passwords that
are easy to remember, to guess.
– Eavesdropper learns your password via
network transmission.
– Intruder, attacker and cracker will read,
guess and crack your password.
CSC1720 – Introduction to Internet
50
All copyrights reserved by C.C. Cheung 2003.
Biometrics –
Something You are
Retina pattern
– Use a device to probe the unique pattern of
blood vessels inside someone’s retinal tissues.
Fingerprint
– Verify someone’s identity by using the unique
pattern of his/her fingerprint.
Voice pattern
– Use a device to exploit the unique vocal,
acoustic, phonetic pattern of someone’s voice.
CSC1720 – Introduction to Internet
51
All copyrights reserved by C.C. Cheung 2003.
Biometrics tools
CSC1720 – Introduction to Internet
52
All copyrights reserved by C.C. Cheung 2003.
Incident Handling
Oh! We have been hacked!
We cannot guarantee 100% safe on the
Net.
Setup an incident response team in your
company.
– Reporting team to Security Officer or CEO.
– Analysis team to do the evaluation, notification,
legal, reporting, documentation.
CSC1720 – Introduction to Internet
53
All copyrights reserved by C.C. Cheung 2003.
Incident Handling
CSC1720 – Introduction to Internet
54
http://www.first.org/
All copyrights reserved by C.C. Cheung 2003.
Define the severity levels
Critical
– The site may fail over to a backup site, e.g. flood or fire.
Severe
– The site need to shutdown for repair and restore, e.g.
DDoS attacks, Viruses.
Moderate
– The site may block the traffic from some IP address, or
domain names.
Low impact
– The site need reporting as a minor incident.
CSC1720 – Introduction to Internet
55
All copyrights reserved by C.C. Cheung 2003.
Security Tools
Monitoring Tool
Network Testing
E-mail Scanner
Personal Firewall
Port Listener
Network Reporting Tool
CSC1720 – Introduction to Internet
56
All copyrights reserved by C.C. Cheung 2003.
Security Tools
CSC1720 – Introduction to Internet
57
All copyrights reserved by C.C. Cheung 2003.
Computer Emergency
Response Team (CERT)
A center of Internet Security expertise
which operated by Carnegie Mellon
University (CMU).
Study Internet Security Vulnerabilities,
handle security accidents, announce
the security alerts to the public.
Further Information: CMU
CSC1720 – Introduction to Internet
58
All copyrights reserved by C.C. Cheung 2003.
http://www.cert.org/
CERT homepage
CSC1720 – Introduction to Internet
59
All copyrights reserved by C.C. Cheung 2003.
Summary
People break into our computers in our
workplaces, homes, banks, …
Many techniques have been developed to
tackle these problems
– Firewall, Encryptions, VPN
– SSL, S-HTTP, S/MIME
Discuss the different between
Authentication and Authorization
Discuss how to protect your private data
and handle incidents
CSC1720 – Introduction to Internet
60
All copyrights reserved by C.C. Cheung 2003.
HK Government
CSC1720 – Introduction to Internet
61
All copyrights reserved by C.C. Cheung 2003.
References
The Internet Security Guidebook From
planning to deployment by J. Ellis, T. Speed
“Academic Press”
How does VPN work?
Cryptography
SSL how it works?
The End.
Thank you for your patience!
CSC1720 – Introduction to Internet
62
All copyrights reserved by C.C. Cheung 2003.