1 / 30

Access Security

Access Security. Outline. Are web systems safe? Authentication Passwords Biometrics Network protection Firewalls, proxy servers Denial of service attacks Viruses. Web Security. Client Side What can the server do to the client? Fool it

abie
Download Presentation

Access Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Access Security

  2. Outline • Are web systems safe? • Authentication • Passwords • Biometrics • Network protection • Firewalls, proxy servers • Denial of service attacks • Viruses

  3. Web Security • Client Side • What can the server do to the client? • Fool it • Install or run unauthorized software, inspect/alter files • Server Side • What can the client do to the server? • Bring it down (denial of service) • Gain access (break-in) • Network • Is anyone listening? (Sniffing) • Is the information genuine? Are the parties genuine?

  4. Internet Sniffing SOURCE: CERT

  5. Methods of User Authentication “1059” • Something you know . . . • Password, PIN, “mother’s maiden name” • Something you have . . . • Physical key, token, magnetic card, smartcard • Something you are . . . • Finger print, voice, retina, iris • Someplace you are • GPS information • Best to use two or more of the above SOURCE: SECURITY DYNAMICS

  6. Biometrics • Use of an unalterable body part or feature to provide identification • History • For 1,000,000 years we couldn’t identify people • France used tattoos; abolished in 1832 • Uniqueness of fingerprints 1890 • Verification v. identification • Weaknesses: • Forgery • Replay attack

  7. LOOP WHORL ARCH DOT LAKE ISLAND BIFURCATION END Fingerprints MAIN SHAPES: MINUTIAE: EACH PERSON HAS A UNIQUE ARRANGEMENT OF MINUTIAE: SOURCE: C3i

  8. Fingerprint Capture ST-Micro TOUCHCHIP (Capacitative) Thompson-CSF FingerChip (Thermal-sensed swipe) DEMO1, DEMO2 American Biometric Company BioMouse (Optical) Biometric Partners Touchless Sensor

  9. Iris Scan • Human iris patterns encode ~3.4 bits per sq. mm • Can be stored in 512 bytes • Patterns do not change after 1 year of life • Patterns of identical twins are uncorrelated • Chance of duplication < 1 in 1078 • Identification speed: 2 sec. per 100,000 people PERSONAL IRIS IMAGER Companies: British Telecom, Iriscan, Sensar SOURCE: IRISCAN

  10. Signature Dynamics • Examines formation of signature, not final appearance • DSV (Dynamic signature verification) • Parameters • Total time • Sign changes in x-y velocities and accelerations • Pen-up time • Total path length • Sampling 100 times/second Companies: CyberSIgn, Quintet, PenOp, SoftPro SignPlus,

  11. Network Security REMOVABLE MEDIA REMOTE LOCATION USER MODEM + TELEPHONE “BACKDOOR” INTERNET CONNECTION RADIO EMISSIONS LOCAL AREA NETWORK ISP INTERNET CONNECTION REMOTEUSER VENDORS AND SUBCONTRACTORS SOURCE: CERT

  12. Sophistication v. Intruder Knowledge SOURCE: CERT

  13. Firewall Architecture SOURCE: CHAPMAN, BUILDING INTERNET FIREWALLS

  14. Network Attacks SOURCE: CERT

  15. Firewall • A device placed between two networks or machines • All traffic in and out must pass through the firewall • Only authorized traffic is allowed to pass • The firewall itself is immune to penetration Company Network Firewall Internet SOURCE: ADAM COLDWELL

  16. Proxy Server SOURCE: CHAPMAN, BUILDING INTERNET FIREWALLS

  17. Distributed Denial of Service Attack INTRUDER SENDS COMMANDS TO HANDLERS INTRUDER VICTIM SOURCE: CERT

  18. DDOS Attack SOURCE: CERT

  19. DDOS Attack SOURCE: CERT

  20. Denial-of-Service Attacks • Attack to disable a machine (server) by making it unable to respond to requests • Use up resources • Bandwidth, swap space, RAM, hard disk • FBI DOS attack (June 1999) 600,000 service requests per second

  21. Internet Ping Flooding Attacking System(s) Victim System SOURCE: PETER SHIPLEY

  22. SYN ACK Server SYN | ACK Client Three-Way Handshake 1: Send SYN seq=x 2: Send SYN seq=y, ACK x+1 3: Send ACK y+1 SOURCE: PETER SHIPLEY

  23. 1 SYN 10,000 SYN/ACKs -- VICTIM IS DEAD SMURF ATTACK ICMP echo (spoofed source address of victim) Sent to IP broadcast address ICMP echo reply ICMP = Internet Control Message Protocol INTERNET PERPETRATOR VICTIM INNOCENTREFLECTOR SITES BANDWIDTH MULTIPLICATION: A T1 (1.54 Mbps) can easily yield 100 MBbps of attack SOURCE: CISCO

  24. Code Attacks • Virus • executable code • that attaches itself to other executable code(infection) • to reproduce itself (spread) replicator+concealer+payload • Rabbit, Worm • program that makes many copies of itself and spreads them. Each copy makes copies, etc. Worm spreads via networks. • Trojan Horse • performs unauthorized activity while pretending to be another program. Example: fake login program

  25. Viral Phenomena • Invented ~1985 • More than 36,500 known viruses (NY Times, 6/10/99) • More than in nature • 10-15 new viruses per day • 35% are destructive (up from 10% in 1993) • Virus attacks per computer doubles every two years • Written mostly by men 14-24 • India, New Zealand, Australia, U.S. • Symantec employs 45 people full-time, spread over 24 hours, to detect and neutralize viruses

  26. PROGRAM CODE PROGRAM CODE BUFFER (255 BYTES) BUFFER (255 BYTES) INPUT IS 500 BYTES LONG 245 BYTES ARE OVERWRITTEN WITH HACKER’S DATA NOW HACKER’S CODE CAN BE EXECUTED Exploiting System Bugs • Buffer overflows • Program allocates 255 bytes for input. • Hacker sends 500 bytes.

  27. Viral Phenomena • Stealth capability • Virus “hides” from detection. Installs memory-resident code. • Intercepts file accesses. If attempt is made to access its disk sector, substitutes “clean” data instead. • Mutation • Accidental. Virus gets changed (corrupted) by system • Deliberate. Creator inserts program modification code.“Self-garbling” - unscrambles itself before use • Result: virus becomes hard to detect • Virus toolkits

  28. Virus Detection • Some virus families have common characteristics • Presence or absence of particular strings • Antiviral software • Only detects what it know how to detect. • Must be upgraded regularly for new viruses. • Symantec encyclopedia • File virus • Compare size with known backup copy. • Presence of strings, like “.EXE” • Retrovirus • Attacks or disables antivirus software

  29. Key Takeaways • Evaluate all risks, even internal ones • People do bizarre things when they think no one will find out • Security is for professionals • Unexplored future in biometrics • Proxies give only thin protection • There is no current defense to DOS attacks • There is no defense to new viruses(except Java for a while)

  30. Q A &

More Related