Transcript filect7
Definition : Computer Virus • A computer program with the characteristic feature of being able to generate copies of itself, and thereby spread. • Additionally most computer viruses have a destructive payload that is activated under certain conditions. Example: The Chernobyl virus overwrites the beginning of the hard disk on certain dates. Smurf Attack (D-O-S) • large amount of ICMP echo (ping) traffic is sent at IP broadcast addresses(all having a spoofed source address of a victim) • If the routing device delivering traffic to those broadcast addresses performs the IP broadcast to layer 2 broadcast function, most hosts on that IP network will take the ICMP echo request and reply to it with an echo reply each • This will multiply the traffic by the number of hosts responding. • On a multi-access broadcast network, there could potentially be hundreds of machines to reply to each packet. • Example : – Assume a co-location switched network with 100 hosts, and the attacker has a T1. – The attacker sends, say, a 768kb/s stream ofICMP echo (ping) packets, with a spoofed source address of the victim, to the broadcast address of the "bounce site". –These ping packets hit the bounce site's broadcast network of 100 hosts; each of them takes the packet and responds to it, creating 100 ping replies outbound. –If you multiply the bandwidth, you'll see that 76.8 Mbps is used outbound from the "bouncesite" after the traffic is multiplied. Firewall • A firewall is simply a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. • If an incoming packet of information is flagged by the filters, it is not allowed through. • Example: – Let’s say a company has 500 computers connected to the Internet using T1 or T3 connection. – Every computer is ‘visible’ on the Internet. – A person outside with the right knowledge maybe able to access these computers using FTP, Telnet or other security loop holes left by an employee. – With firewall security rules can be implemented: example only one computer allowed to receive public FTP Three types of firewalls: • Network layer: make their decisions based on the source, destination addresses and ports in individual IP packets. Network layer firewalls tend to be very fast and tend to be very transparent to users. • Application layer: typically are hosts running proxy servers, which permit no traffic directly between networks, and which perform elaborate logging and auditing of traffic passing through them. Application layer firewalls tend to provide more detailed audit reports and tend to enforce more conservative security models than network layer firewalls. • Hybrids: most firewalls fall into the ``hybrid'' category, which do network filtering as well as some amount of application inspection. The amount changes depending on the vendor, product, protocol and version, so some level of digging and/or testing is often necessary. • Firewalls use one or more of three methods to control traffic flowing in and out of the network: – Packet filtering - Packets (small chunks of data) are analyzed against a set of filters. Packets that make it through the filters are sent to the requesting system and all others are discarded. – Proxy service - Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa. – Stateful inspection - A newer method that doesn't examine the contents of each packet but instead compares certain key parts of the packet to a database of trusted information. Information traveling from inside the firewall to the outside is monitored for specific defining characteristics, then incoming information is compared to these characteristics. If the comparison yields a reasonable match, the information is allowed through. Otherwise it is discarded. Cookies • are pieces of information generated by a Web server and stored in the user's computer, ready for future access. • are embedded in the HTML information flowing back and forth between the user's computer and the servers. – Cookies were implemented to allow user-side customization of Web information. For example, cookies are used to personalize Web search engines, to allow users to participate in WWW-wide contests (but only once!), and to store shopping lists of items a user has selected while browsing through a virtual shopping mall. • Essentially, cookies make use of userspecific information transmitted by the Web server onto the user's computer so that the information might be available for later access by itself or other servers. • In most cases, not only does the storage of personal information into a cookie go unnoticed, so does access to it. • Web servers automatically gain access to relevant cookies whenever the user establishes a connection to them, usually in the form of Web requests. • Now go to: http://www.quirksmode.org/js/cookies.html And try the cookie program! User-server state: cookies Many major Web sites use cookies Four components: 1) cookie header line of HTTP response message 2) cookie header line in HTTP request message 3) cookie file kept on user’s host, managed by user’s browser Example: – Susan access Internet always from same PC – She visits a specific ecommerce site for first time – When initial HTTP requests arrives at site, site creates a unique ID and creates an entry in backend database for ID Cookies: keeping “state” (cont.) client Cookie file server usual http request msg usual http response + ebay: 8734 Cookie file amazon: 1678 ebay: 8734 Set-cookie: 1678 usual http request msg cookie: 1678 usual http response msg one week later: Cookie file amazon: 1678 ebay: 8734 usual http request msg cookie: 1678 usual http response msg server creates ID 1678 for user cookiespecific action cookiespectific action Cookies (continued) aside What cookies can bring: • • • • authorization shopping carts recommendations user session state (Web email) How to keep “state”: • Protocol endpoints: maintain state at sender/receiver over multiple transactions • cookies: http messages carry state Cookies and privacy: • cookies permit sites to learn a lot about you • you may supply name and e-mail to sites Source: – – – – – – http://www.ibas.com/about/dictionary http://www.pentics.net/denial-of-service/white-papers/smurf.cgi http://computer.howstuffworks.com/firewall1.htm www.v-com.com/support/sup_glossary.html http://www.cookiecentral.com/c_concept.htm http://www.quirksmode.org/