Transcript filect7

Definition : Computer Virus
• A computer program with the
characteristic feature of being able to
generate copies of itself, and thereby
spread.
• Additionally most computer viruses
have a destructive payload that is
activated under certain conditions.
Example: The Chernobyl virus
overwrites the beginning of the hard
disk on certain dates.
Smurf Attack (D-O-S)
• large amount of ICMP echo (ping)
traffic is sent at IP broadcast
addresses(all having a spoofed source address
of a
victim)
• If the routing device delivering
traffic to those broadcast addresses
performs the IP broadcast to layer 2
broadcast function, most hosts on
that IP network will take the ICMP
echo request and reply to it with an
echo reply each
• This will multiply the traffic by the
number of hosts responding.
• On a multi-access broadcast
network, there could potentially
be hundreds of machines to reply
to each packet.
• Example :
– Assume a co-location switched
network with 100 hosts, and the
attacker has a T1.
– The attacker sends, say, a 768kb/s
stream ofICMP echo (ping) packets,
with a spoofed source address of the
victim, to the broadcast address of
the "bounce site".
–These ping packets hit the bounce
site's broadcast network of 100
hosts; each of them takes the
packet and responds to it,
creating 100 ping replies outbound.
–If you multiply the bandwidth,
you'll see that 76.8 Mbps is used
outbound from the "bouncesite"
after the traffic is multiplied.
Firewall
• A firewall is simply a program or hardware
device that filters the information coming
through the Internet connection into your private
network or computer system.
• If an incoming packet of information is flagged
by the filters, it is not allowed through.
• Example:
– Let’s say a company has 500 computers connected to
the Internet using T1 or T3 connection.
– Every computer is ‘visible’ on the Internet.
– A person outside with the right knowledge maybe
able to access these computers using FTP, Telnet or
other security loop holes left by an employee.
– With firewall security rules can be implemented:
example only one computer allowed to receive public FTP
Three types of firewalls:
• Network layer: make their decisions based on the source, destination
addresses and ports in individual IP packets. Network layer firewalls
tend to be very fast and tend to be very transparent to users.
• Application layer: typically are hosts running proxy servers, which
permit no traffic directly between networks, and which perform
elaborate logging and auditing of traffic passing through them.
Application layer firewalls tend to provide more detailed audit reports
and tend to enforce more conservative security models than network
layer firewalls.
• Hybrids: most firewalls fall into the ``hybrid'' category, which do
network filtering as well as some amount of application inspection.
The amount changes depending on the vendor, product, protocol and
version, so some level of digging and/or testing is often necessary.
• Firewalls use one or more of three methods to
control traffic flowing in and out of the network:
– Packet filtering - Packets (small chunks of data) are
analyzed against a set of filters. Packets that make it
through the filters are sent to the requesting system
and all others are discarded.
– Proxy service - Information from the Internet is
retrieved by the firewall and then sent to the requesting
system and vice versa.
– Stateful inspection - A newer method that doesn't
examine the contents of each packet but instead
compares certain key parts of the packet to a database
of trusted information. Information traveling from inside
the firewall to the outside is monitored for specific
defining characteristics, then incoming information is
compared to these characteristics. If the comparison
yields a reasonable match, the information is allowed
through. Otherwise it is discarded.
Cookies
• are pieces of information generated by a
Web server and stored in the user's
computer, ready for future access.
• are embedded in the HTML information
flowing back and forth between the user's
computer and the servers.
– Cookies were implemented to allow user-side
customization of Web information. For
example, cookies are used to personalize Web
search engines, to allow users to participate in
WWW-wide contests (but only once!), and to
store shopping lists of items a user has
selected while browsing through a virtual
shopping mall.
• Essentially, cookies make use of userspecific information transmitted by the Web
server onto the user's computer so that the
information might be available for later
access by itself or other servers.
• In most cases, not only does the storage of
personal information into a cookie go
unnoticed, so does access to it.
• Web servers automatically gain access to
relevant cookies whenever the user
establishes a connection to them, usually in
the form of Web requests.
• Now go to:
http://www.quirksmode.org/js/cookies.html
And try the cookie program!
User-server state: cookies
Many major Web sites
use cookies
Four components:
1) cookie header line of
HTTP response
message
2) cookie header line in
HTTP request message
3) cookie file kept on
user’s host, managed
by user’s browser
Example:
– Susan access Internet
always from same PC
– She visits a specific ecommerce site for first
time
– When initial HTTP
requests arrives at site,
site creates a unique ID
and creates an entry in
backend database for
ID
Cookies: keeping “state” (cont.)
client
Cookie file
server
usual http request msg
usual http response +
ebay: 8734
Cookie file
amazon: 1678
ebay: 8734
Set-cookie: 1678
usual http request msg
cookie: 1678
usual http response msg
one week later:
Cookie file
amazon: 1678
ebay: 8734
usual http request msg
cookie: 1678
usual http response msg
server
creates ID
1678 for user
cookiespecific
action
cookiespectific
action
Cookies (continued)
aside
What cookies can bring:
•
•
•
•
authorization
shopping carts
recommendations
user session state (Web email)
How to keep “state”:
• Protocol endpoints:
maintain state at
sender/receiver over
multiple transactions
• cookies: http messages
carry state
Cookies and privacy:
• cookies permit sites to
learn a lot about you
• you may supply name
and e-mail to sites
Source:
–
–
–
–
–
–
http://www.ibas.com/about/dictionary
http://www.pentics.net/denial-of-service/white-papers/smurf.cgi
http://computer.howstuffworks.com/firewall1.htm
www.v-com.com/support/sup_glossary.html
http://www.cookiecentral.com/c_concept.htm
http://www.quirksmode.org/