Security Attacks - Binus Repository

Download Report

Transcript Security Attacks - Binus Repository

Attacks
NS-H0503-02/1104
1
The Definition
• Security is a state of well-being of information
and infrastructures in which the possibility of
successful yet undetected theft, tampering, and
disruption of information and services is kept low
or tolerable
• Security rests on confidentiality, authenticity,
integrity, and availability
NS-H0503-02/1104
2
Security Goals
Confidentiality
Integrity
NS-H0503-02/1104
Avaliability
3
Security Threats and Attacks
• A threat is a potential violation of security.
– Flaws in design, implementation, and
operation.
• An attack is any action that violates security.
– Active adversary.
• Common threats:
– Snooping/eavesdropping, alteration, spoofing,
repudiation of origin, denial of receipt, delay
and denial of service.
NS-H0503-02/1104
4
Types of Attacks
Passive Threads
Release of
Message Contents
NS-H0503-02/1104
Traffic
Analysis
Active Threads
Masquerade
Replay
Modification of
Message Contents
Denial of
Service
5
Attacks, Services and Mechanisms
• Security Attack:
– Any action that compromises the security of
information.
• Security Mechanism:
– A mechanism that is designed to detect, prevent,
or recover from a security attack.
• Security Service:
– A service that enhances the security of data
processing systems and information transfers. A
security service makes use of one or more security
mechanisms.
NS-H0503-02/1104
6
Security Attacks
• Interruption:
– attack on availability
• Interception:
– attack on confidentiality
• Modfication:
– attack on integtrity
• Fabrication:
– attack on authenticity
NS-H0503-02/1104
7
Security Attacks
NS-H0503-02/1104
8
Eavesdropping - Message Interception
Attack on Confidentiality
• Unauthorized access to information
• Packet sniffers and wiretappers
• Illicit copying of data and programs
S
R
Eavesdropper
NS-H0503-02/1104
9
Tampering With Messages
Integrity Attack
• Stop the flow of the message
• Delay and optionally modify the message
• Release the message again
S
R
Perpetrator
NS-H0503-02/1104
10
Fabrication
Authenticity Attack
• Unauthorized assumption of other’s identity
• Generate and distribute objects under this
identity
S
R
Masquerader: from S
NS-H0503-02/1104
11
Attack on Availability
• Destroy hardware (cutting fiber) or software
• Modify software in a subtle way (alias commands)
• Corrupt packets in transit
S
R
• Blatant denial of service (DoS):
– Crashing the server
– Overwhelm the server (use up its resource)
NS-H0503-02/1104
12
Threat Examples - IP Spoofing
• A common first step to many threats.
• Source IP address cannot be trusted!
SRC: source
DST: destination
IP Header
SRC: 128.59.10.8
DST: 130.207.7.237
NS-H0503-02/1104
IP Payload
Is it really from Columbia
University?
13
Routers Only Care About Destination
128.59.10.xx
src:128.59.10.8
dst:130.207.7.237
Rtr
Columbia
36.190.0.xx
Stanford
NS-H0503-02/1104
Rtr
Rtr
130.207.xx.xx
Georgia Tech
src:128.59.10.8
dst:130.207.7.237
14
Why Should I Care?
• Attack packets with spoofed IP address help hide
the attacking source.
• A smurf attack launched with your host IP address
could bring your host and network to their knees.
• Higher protocol layers (e.g., TCP) help to protect
applications from direct harm, but not enough.
NS-H0503-02/1104
15
Current IPv4 Infrastructure
• No authentication for the source
• Various approaches exist to address the problem:
– Router/firewall filtering
– TCP handshake
NS-H0503-02/1104
16
Router Filtering
• Decide whether this packet, with certain source IP
address, should come from this side of network.
• Not standard - local policy.
Hey, you shouldn’t be here!
36.190.0.xx
Stanford
NS-H0503-02/1104
Rtr
src:128.59.10.8
dst:130.207.7.237
17
Router Filtering
• Very effective for some networks (ISP should
always do that!)
– At least be sure that this packet is from some
particular subnet
• Problems:
– Hard to handle frequent add/delete
hosts/subnets or mobileIP
– Upsets customers should legitimate packets
get discarded
– Need to trust other routers
NS-H0503-02/1104
18
TCP Handshake
server
client
SYN seq=x
SYN seq=y, ACK x+1
ACK y+1
connection
established
NS-H0503-02/1104
19
TCP Handshake
128.59.10.xx
seq=y, ACK x+1
Rtr
Columbia
36.190.0.xx
Rtr
Rtr
x
130.207.xx.xx
Georgia Tech
The handshake prevents the attacker
src:128.59.10.8 from establishing a TCP connection
Stanford dst:130.207.7.237 pretending to be 128.59.10.8
NS-H0503-02/1104
20
TCP Handshake
• Very effective for stopping most such attacks
• Problems:
– The attacker can succeed if “y” can be
predicted
– Other DoS attacks are still possible (e.g., TCP
SYN-flood)
NS-H0503-02/1104
21
IP Spoofing & SYN Flood
X establishes a TCP connection with B assuming A’s IP
address
(4)
SYN(seq=n)ACK(seq=m+1)
A
(2) predict B’s TCP seq.
behavior
B
(3)
X
NS-H0503-02/1104
22
Vulnerability
• A vulnerability (or security flaw) is a specific failure of
the security controls.
• Using the failure to violate the site security: exploiting
the vulnerability; the person who does this: an attacker.
• It can be due to:
– Lapses in design, implementation, and operation
procedures.
– Even security algorithms/systems are not immune!
• We will go over some examples in this course.
NS-H0503-02/1104
23
IP Protocol-related Vulnerabilities
• Authentication based on IP source address
– But no effective mechanisms against IP
spoofing
• Consequences (possible exploits)
– Denial of Service attacks on infrastructures, e.g.
• IP Spoofing and SYN Flood
• Smurf and Fraggle attacks
• OSPF Max Sequence
NS-H0503-02/1104
24
Methods of Defence
• Encryption
• Software Controls (access limitations in a data
base, in operating system protect each user from
other users)
• Hardware Controls (smartcard)
• Policies (frequent changes of passwords)
• Physical Controls
NS-H0503-02/1104
25
Impact of Attacks
• Theft of confidential information
• Unauthorized use of
– Network bandwidth
– Computing resource
• Spread of false information
• Disruption of legitimate services
All attacks can be related and are dangerous!
NS-H0503-02/1104
26
The Security Life Cycle
• The iterations of
– Threats
– Policy
– Specification
– Design
– Implementation
– Operation and maintenance
NS-H0503-02/1104
27