4th Edition: Chapter 1

Download Report

Transcript 4th Edition: Chapter 1 

Deficiencies in Networks
 Anonymity
Lack of Access Control
 Anything can be forged

 Shared medium
 Crowded
 Unpredictable
 Complexity

Difficult to comprehend
 Difficult to do right
Large Network
Implication of Those Deficiencies
 Criminals have found the Internet
 FTC Report 2007
• $1.2 billion in fraud
• 1/3 Identity Theft
• 64% initiated through Net

Border Protection
• $200 Million IP theft

Stealth Worms
•
•
•
•
Outbreaks rare since 2004
Botnets growing to huge size
Increase in spam
DOS to Georgia
Actual Fraud Complaints 05-07
Confiscated IP
Network Security
 The field of network security is about:
 how bad guys can attack computer networks
 how we can defend networks against attacks
 how to design architectures that are immune to
attacks
 Internet not originally designed with
(much) security in mind
original vision: “a group of mutually trusting
users attached to a transparent network” 
 Internet protocol designers playing “catch-up”
 Security considerations in all layers!

Introduction
1-7
Bad guys can put malware into
hosts via Internet
 Malware can get in host from a virus, worm, or
trojan horse.
 Spyware malware can record keystrokes, web
sites visited, upload info to collection site.
 Infected host can be enrolled in a botnet, used
for spam and DDoS attacks.
 Malware is often self-replicating: from an
infected host, seeks entry into other hosts
Introduction
1-8
Bad guys can put malware into
hosts via Internet
 Trojan horse
 Hidden part of some
otherwise useful
software
 Today often on a Web
page (Active-X, plugin)
 Virus
 infection by receiving
object (e.g., e-mail
attachment), actively
executing
 self-replicating:
propagate itself to
other hosts, users
 Worm:
 infection by passively
receiving object that gets
itself executed
 self- replicating: propagates
to other hosts, users
Sapphire Worm: aggregate scans/sec
in first 5 minutes of outbreak (CAIDA, UWisc data)
Introduction
1-9
Viruses
 Executed by user or app
 Inserts into code
 In empty regions of app
 Redirects app start instructions
 Effect
 Mischief
 Spyware
 Spread
 Locally
 As used
Init
Code
Trojans
 Already Exists in Code
 Does not propagate
 Effect
 Mischief
 Spyware
 Anything
Worms
 Self Replicating
 Exploit vulnerabilities
 Effect
 Cause High Net Traffic
 Mischief/Spyware
 Spread
 Over Networks
 Actively
 Polymorphic
Code Red Propagation
Sapphire Worm Propagation
Backdoor
 Adding illicit access to a host

Remotely
• Creating a server
• Adding User with remote access

Locally
• Bury alternative access in code
Hybrid Bugs
Bugs are people too!
What about Anti-virus?
 Can only match known signatures
Fine if there is a match
 Not so fine if there isn’t

• Zero-day attack
– (a bit presumptuous term)
• Unknown attack

Some bugs disable anti-virus
Bad guys can attack servers and
network infrastructure
 Denial of service (DoS): attackers make resources
(server, bandwidth) unavailable to legitimate traffic
by overwhelming resource with bogus traffic
1.
select target
2. break into hosts
around the network
(see botnet)
3. send packets toward
target from
compromised hosts
target
Introduction
1-18
Denial of Service
 Denial of Service
Typically one source
 Utilizes weaknesses in App or Proto to bring
services down

 Distributed Denial of Service
 Many hosts attacking a small network
 Indistinguishable from certain network
phenomena (Flash Crowds).
Syn Flood
Server
SYN
TCP Session
TCP Session
TCP Session
TCP Session
TCP Session
TCP Session
TCP Session
Ping of Death (POD)
Feed the target more than he can handle
Host Chokes
The bad guys can sniff packets
Packet sniffing:
broadcast media (shared Ethernet, wireless)
 promiscuous network interface reads/records all
packets (e.g., including passwords!) passing by

C
A
src:B dest:A

payload
B
Wireshark software used for end-of-chapter
labs is a (free) packet-sniffer
Introduction
1-23
The bad guys can use false source
addresses
 IP spoofing: send packet with false source address
C
A
src:B dest:A
payload
B
Introduction
1-25
The bad guys can record and
playback
 record-and-playback: sniff sensitive info (e.g.,
password), and use later
 password holder is that user from system point of
view
A
C
src:B dest:A
user: B; password: foo
B
Introduction
1-26
Network Security
 more throughout this course
 chapter 8: focus on security
 crypographic techniques: obvious uses and
not so obvious uses
Introduction
1-27
Sources
 Federal Trade Commission, Consumer
Fraud and Identity Theft Complaint Data:
January-December 2007, 2008.
 Department of Justice, Report to the
President and Congress on Coordination of
Intellectual Property Enforcement and
Protection, January 2008