Network Security
By: Sukhdeep Singh IT-IV year (0702913108)
1
�Overview
What is security? Why do we need security? Who is vulnerable? Common security attacks and countermeasures
Firewalls & Intrusion Detection Systems Denial of Service Attacks TCP Attacks Packet Sniffing Social Problems
2
�What is Security
Dictionary.com says:
1. Freedom from risk or danger; safety. 2. Freedom from doubt, anxiety, or fear; confidence. 3. Something that gives or assures safety, as:
1. A group or department of private guards: Call building security if a visitor acts suspicious. 2. Measures adopted by a government to prevent espionage, sabotage, or attack. 3. Measures adopted, as by a business or homeowner, to prevent a crime such as burglary or assault: Security was lax at the firm's smaller plant.
etc.
3
�What is Security
Dictionary.com says:
1. Freedom from risk or danger; safety. 2. Freedom from doubt, anxiety, or fear; confidence. 3. Something that gives or assures safety, as:
1. A group or department of private guards: Call building security if a visitor acts suspicious. 2. Measures adopted by a government to prevent espionage, sabotage, or attack. 3. Measures adopted, as by a business or homeowner, to prevent a crime such as burglary or assault: Security was lax at the firm's smaller plant.
etc.
4
�What is Security
Dictionary.com says:
1. Freedom from risk or danger; safety. 2. Freedom from doubt, anxiety, or fear; confidence. 3. Something that gives or assures safety, as:
1. A group or department of private guards: Call building security if a visitor acts suspicious. 2. Measures adopted by a government to prevent espionage, sabotage, or attack. 3. Measures adopted, as by a business or homeowner, to prevent a crime such as burglary or assault: Security was lax at the firm's smaller plant.
etc.
5
�What is Security
Dictionary.com says:
1. Freedom from risk or danger; safety. 2. Freedom from doubt, anxiety, or fear; confidence. 3. Something that gives or assures safety, as:
1. A group or department of private guards: Call building security if a visitor acts suspicious. 2. Measures adopted by a government to prevent espionage, sabotage, or attack. 3. Measures adopted, as by a business or homeowner, to prevent a crime such as burglary or assault: Security was lax at the firm's smaller plant.
etc.
6
�Why do we need security?
Protect
vital information while still allowing access to those who need it
Trade secrets, medical records, etc.
Provide
authentication and access control for resources
Ex: AFS
Guarantee
availability of resources
7
Ex: 5 9s (99.999% reliability)
�Who is vulnerable?
Financial
institutions and banks Internet service providers Pharmaceutical companies Government and defense agencies Contractors to various government agencies Multinational corporations ANYONE ON THE NETWORK
8
�Common security attacks and their countermeasures
Finding a way into the network
Firewalls
Exploiting software bugs, buffer overflows
Intrusion Detection Systems
Denial of Service
Ingress filtering, IDS
TCP hijacking
IPSec
Packet sniffing
Encryption (SSH, SSL, HTTPS)
Social problems
Education
9
15-441 Networks Fall 2002
�Firewalls
Basic
problem many network applications and protocols have security problems that are fixed over time
Difficult for users to keep up with changes and keep host secure Solution
Administrators limit access to end hosts by using a firewall Firewall is kept up-to-date by administrators
10
�Firewalls
A
firewall is like a castle with a drawbridge
Only one point of access into the network This can be good or bad
Can
be hardware or software
Ex. Some routers come with firewall functionality ipfw, ipchains, pf on Unix systems, Windows XP and Mac OS X have built in firewalls
11
�Firewalls
Internet
Firewall
DMZ
Web server, email server, web proxy, etc
Firewall
Intranet
12
�Intrusion Detection
Used
to monitor for suspicious activity on a network
Can protect against known software exploits, like buffer overflows
Open
Source IDS: Snort, www.snort.org
13
�Dictionary Attack
We can run a dictionary attack on the passwords
The passwords in /etc/passwd are encrypted with the crypt(3) function (one-way hash) Can take a dictionary of words, crypt() them all, and compare with the hashed passwords
This is why your passwords should be meaningless random junk!
For example, sdfo839f is a good password
That is not my andrew password Please dont try it either
14
�Denial of Service
Purpose:
Make a network service unusable, usually by overloading the server or network Many different kinds of DoS attacks
SYN flooding SMURF Distributed attacks
15
�Denial of Service
SYN flooding attack Send SYN packets with bogus source address
Why?
Server responds with SYN ACK and keeps state about TCP half-open connection
Eventually, server memory is exhausted with this state
Solution: use SYN cookies
In response to a SYN, create a special cookie for the connection, and forget everything else Then, can recreate the forgotten information when the ACK comes in from a legitimate connection
16
�TCP Attacks
Recall
how IP works
End hosts create IP packets and routers process them purely based on destination address alone
Problem:
End hosts may lie about other fields which do not affect delivery
Source address host may trick destination into believing that the packet is from a trusted source
Especially applications which use IP addresses as a simple authentication method Solution use better authentication methods
17
�TCP Attacks
TCP
connections have associated state what if an attacker learns these
Starting sequence numbers, port numbers
Problem
values?
Port numbers are sometimes well known to begin with (ex. HTTP uses port 80) Sequence numbers are sometimes chosen in very predictable ways
18
�TCP Attacks
If
an attacker learns the associated TCP state for the connection, then the connection can be hijacked! Attacker can insert malicious data into the TCP stream, and the recipient will believe it came from the original source
Ex. Instead of downloading and running new program, you download a virus and execute it
19
�TCP Attacks
Say
hello to Alice, Bob and Mr. Big Ears
20
�TCP Attacks
Alice
and Bob have an established TCP connection
21
�TCP Attacks
Mr.
Big Ears lies on the path between Alice and Bob on the network
He can intercept all of their packets
22
�TCP Attacks
First,
Mr. Big Ears must drop all of Alices packets since they must not be delivered to Bob (why?)
Packets The Void
23
�TCP Attacks
Then,
Mr. Big Ears sends his malicious packet with the next ISN (sniffed from the network)
ISN, SRC=Alice
24
�TCP Attacks
Why
are these types of TCP attacks so dangerous?
Web server
Trusting web client
Malicious user
25
�TCP Attacks
How
do we prevent this? IPSec
Provides source authentication, so Mr. Big Ears cannot pretend to be Alice Encrypts data before transport, so Mr. Big Ears cannot talk to Bob without knowing what the session key is
26
�Packet Sniffing
Recall
how Ethernet works When someone wants to send a packet to some else They put the bits on the wire with the destination MAC address And remember that other hosts are listening on the wire to detect for collisions It couldnt get any easier to figure out what data is being transmitted over the network!
27
�Social Problems
People
can be just as dangerous as unprotected computer systems
People can be lied to, manipulated, bribed, threatened, harmed, tortured, etc. to give up valuable information Most humans will breakdown once they are at the harmed stage, unless they have been specially trained
Think government here
28
�Conclusions
The
Internet works only because we implicitly trust one another It is very easy to exploit this trust The same holds true for software It is important to stay on top of the latest CERT security advisories to know how to patch any security holes
29
�Thank You
30
