1 / 26

Attacks, Services, and Mechanisms in Computer Security

This webpage provides information about security attacks, mechanisms, and services in computer security, including privacy, integrity, availability, authentication, and authorization. It also covers topics such as computer emergency response, security standards, viruses, worms, and Trojan horses. The site includes lecture notes, reading assignments, and homework assignments.

doak
Download Presentation

Attacks, Services, and Mechanisms in Computer Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ECE-6612 Spring 2014 http://www.csc.gatech.edu/copeland/jac/6612/ also see http://tsquare.gatech.edu/ Prof. John A. Copeland john.copeland@ece.gatech.edu 404-894-5177 cell 404-786-5804 Office: Klaus 3362 email or call for office visit 1-7-15

  2. The class Web site is: http://www.csc.gatech.edu/copeland/jac/6612/ or http://users.ece.gatech.edu/copeland/jac/6612/ On this site you will find: • Class calendar (test dates, etc.) • Reading assignments (about 20 pages, read before class) • Lecture Notes (ppt files, to print) • Homework assignments (and answers), a Q&A folder Homework assignments will be posted on tsquare.gatech.edu (link). Answers will either be edited into the Web page, or uploaded to T-square as a text or MS Word file. Since these count for your final grade, treat homework assignments like take-home quizzes. Graded versions will be not be returned to you, so you should check your answers against the answers provided on the class Web page. In some cases a grade of 100% may only indicate the homework was received on time and complete. 2

  3. Attacks, Services, and Mechanisms • * Security Attack: Any action that compromises the security of information (e.g., stealing information). • * Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack. (e.g., encryption) • Security Service: A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms (SSL for Web browsers and servers). • Service - prevents Attacks - by using Mechanisms 3

  4. Security Services (PI and 3 A's) • * Privacy (Confidentiality) • * Integrity has not been altered or deleted) • * Availability (accessibility - permanence, non-erasure) • - Denial of Service Attacks • - Virus that deletes files • * Authentication (who created or sent the data - also user login) • - Non-repudiation (the buy-order is final) [attribution] • * Authorization (access control, prevent misuse of resources) Ref: ISO X.800 and IETF RFC 2424 4

  5. Availability Privacy Authentication, Authorization Integrity, Authentication 5 5

  6. Computer Emergency Response Team - see www.us-cert.gov also see www.sans.org 6

  7. Not included above: Theft of Services. Example, a botnet uses your computer to send spam email, or participate in a distributed denial-of-service attack (DDoS) 7

  8. Wiring Closet Rule 1: Without physical security (to critical areas), there is no security. 8

  9. Wiring Trough 9

  10. 10

  11. Authentication Authorization Logging 11

  12. Security Standards Internet - Internet Engineering Task Force (IETF) De Facto (PGP email security system, Kerberos-MIT) ITU (X.509 Certificates) - not in book - National Institute of Standards and Technology (SHA) IEEE (802.3-Ethernet, 802.11 - Wireless LAN) Department of Defense, Nat. Computer Security Center - Tempest (radiation limits) - Orange Book: Class A1, B3, C1, C2, ... - Health, Student, Bank, ... Data protection rules. Export Controls ( U.S. Dept. of Commerce) - High Performance Computers - Systems with “Hard” Encryption 12

  13. IETF - Internet Engineering Task Force RCF - Request for Comments Wireless Security - IEEE 802 Committee See: www.ietf.org 13

  14. Viruses, Worms, and Trojan Horses Virus - code that copies itself into other programs (usually riding on email messages or attached documents (e.g., macro viruses). Payload - harmful things it does, after it has had time to spread. Worm - a program that replicates itself across the network (Sapphire: single UDP packet, MSblast: TCP opened a back-door) Trojan Horse - instructions in an otherwise good program that cause bad things to happen (sending your data or password to an attacker over the net). Logic Bomb - malicious code that activates on an event (e.g., date). Trap Door (or Back Door) - undocumented entry point written into code for debugging that can allow unwanted users. Bot (robot) - a compromised host that is controlled remotely. Bot Net (botnet) - many bots controlled by the same organization. 14

  15. Virus Protection Have a well-known virus protection program, configured to scan disks and downloads automatically for known viruses. Monthly (if not weekly) database updates are necessary. Do not execute programs (or "macro's") from unknown sources (e.g., PS, JPEG, & HTTP files, HyperCard files, MS Office documents, Java, ...), if you can help it. Lately, downloaded image files can compromise your PC. Avoid the most common operating systems and browser programs, if possible (I use MacOS and Chrome). If you use Web Mail (Web-based mail-server programs like Zimbra) then turn off "automatically download objects from Web,”and use safe (e.g., GT) servers. 15

  16. Password Gathering (Physical Security) Look under keyboard, telephone etc. Look in the Rolodex under “X” and “Z” Call up pretending to be from “micro-support,” and ask for it. “Snoop” a network and watch for plaintext passwords that go by. Tap a phone line - but this requires a very special modem. Use a “Trojan Horse” or “Bot” program, with a “key catcher”to record key stokes. SSH password guessing. Social Engineering - phone or email and pretend to be “PC support.” 16

  17. The 5 Stages of a Classical Network Intrusion 1. Scan the network to: • locate which IP addresses are in use, • what operating system is in use, • what TCP or UDP ports are “open” (being listened to by Servers). 2. Run “Exploit” scripts against open ports 3. Get access to Shell program which is “suid” (has “root” privileges). 4. Download from Hacker Web site special versions of systems files that will let Cracker have free access in the future without his cpu time or disk storage space being noticed by auditing programs. 5. Use IRC (Internet Relay Chat) to invite friends to the feast, or “Hoover and Burn” (download information and wipe or crash), or join the host to a botnet. 17

  18. Clicking on the Wrong Button can Compromise your PC <- Example 18

  19. Today: Phishing Email, Web Images, … Today most computer compromises come from email or browsing a compromised Web site. It’s no longer necessary to “click here” on an email, if your email viewer is configured to automatically download objects from Web sites. Malware “droppers” can be imbedded in images (even the favicons), audio files, or almost any Web object. Bot nets spread there automatically. Once infected, the malware can download additional capabilities. Keyboard catchers are common to collect passwords. 19

  20. Many organizations have access to everything on your cell phone: memory contents, location, camera sight and sound. 20

  21. Fire Wall Browser Web Server Application Application Router-Firewall can drop packets based on source or destination, ip address and/or port Layer Layer (HTTP) (HTTP) Port 31337 Port 80 Transport Transport Layer Layer (TCP,UDP) (TCP,UDP) Protocol No. Protocol No. Network Network Layer (IP) Layer (IP) IP Address 130.207.22.5 IP Address 24.88.15.22 Network Network Layer Layer Token Ring E'net Data Token Ring E'net Data Link Layer Link Layer Data-Link Layer Data Link Layer Token Ring Ethernet Token Ring E'net Phys. Phys. Layer Phys. Layer Layer Phys. Layer 21

  22. Uncomplicated Fire Wall (UFW) Configures Linux iptables firewall #!/bin/bash # ufw flush - must delete rules manually; ufw delete 1 "y" ufw allow proto tcp from 130.207.16.17 to any port 22 ufw allow proto tcp from 143.215.52.0/25 ufw allow proto tcp from 130.207.25.13 to any port 22 ufw allow proto tcp from 68.88.0.0/16 to any port 22 ufw allow proto tcp from 30.55.0.0/16 to any port 22 ufw deny from 0.0.0.0/0 # deny connections not above ufw status numbered # examine rules before enabling echo "Now you must type: 'ufw enable’” 2005 - Linux iptables (more detailed, but more complicated) (easy setup - UFW) 2010 - Windows - use OS host-based firewall utility Mac - buy “Little Snitch” - www.obdev.at/products/littlesnitch/index.html 22

  23. PGP (Pretty Good Privacy) -> GPG From "PGP Freeware for MacOS, User's Guide" Version 6.5, Network Associates, Inc., www.pgp.com 23

  24. Access Control Yesterday almost all systems were protected only by a simple password that is typed in, or sent over a network in the clear. Techniques for guessing passwords (as seen on TV): 1. Try default passwords. 2. Try all short words, 1 to 3 characters long. 3. Try all the words in an electronic dictionary(60,000). 4. Collect information about the user’s hobbies, family names, birthday, etc. 5. Try user’s phone number, social security number, street address, etc. 6. Try all license plate numbers (123XYZ). These can be automated and run off-line if the password hash file is obtained. Prevention: Enforce good password selection (e.g., “c0p31an6-liKe5=Alvakad05” or “3Bm1ce-c-htr”) 24

  25. Bot Nets Today many system compromises start by the hacker getting a user to load and run a program* that installs a network backdoor and automated software, which in turn loads additional software, making the computer into a "bot" (robot). These bots join a peer-to-peer network, and can infect other computers directly over the network. They also can be commanded by the "bot master" to setup phony Web sites and send HTML emails that download exploit software into other computers. We'll discuss different attacks that are used to steal password and other identity information, and to misdirect Web browsers to phony Web sites. * or render an image or audio file. 25

  26. Network Security Defensive Technology Secret Key and Public/Private Key CryptographyCryptographic Hashes and Message DigestsAuthentication Systems (Kerberos)Digital signatures and certificates.Kerberos and X.509v3 digital certificates.Security standards - SSL/TLS and SET.PGP and S/MIME for electronic mail security.Firewalls. Intrusion Detection. Current Network Security Publications and Web Sites 26

More Related