1 / 41

CS363

Week 10 - Monday. CS363. Last time. What did we talk about last time? Inference Multilevel databases. Questions?. Project 3. Assignment 4. Security Presentation. Graham Welsh. Network Basics. Packet switched. The Internet is a packet switched system

tyra
Download Presentation

CS363

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Week 10 - Monday CS363

  2. Last time • What did we talk about last time? • Inference • Multilevel databases

  3. Questions?

  4. Project 3

  5. Assignment 4

  6. Security Presentation Graham Welsh

  7. Network Basics

  8. Packet switched • The Internet is a packet switched system • This means that individual pieces of data (called packets) are sent on the network • Each packet knows where it is going • A collection of packets going from point A to point B might not all travel the same route C B 1 A 2 D

  9. Circuit switched • Phone lines are circuit switched • This means that a specific circuit is set up for a specific communication • Operators used to do this by hand • Now it is done automatically • Only one path for data A C B 1

  10. Circuit vs. packet switching • Which one is faster? • Circuit switching • Which one is more predictable? • Circuit switching • So, why is the Internet packet switched? • More adaptable

  11. ARPA • The Advanced Research Projects Agency was created in 1958 to respond to the Russians launching Sputnik • The ARPANET connected its first two major nodes over 10 years later • Packet switched was used so that the network could still communicate after a nuclear strike

  12. Network strength • If a single cut can case a network to go down, that network is vulnerable to a single point of failure • Most important networks like electrical systems have redundancy so that this doesn’t happen to a whole city • Resilience or fault tolerance

  13. Terminology • A computer network is at least two computers connected together • Often one is a server and the other is a client • A computer system in a network is called a node • The processor in a node is called a host • A connection between two hosts is a link

  14. Network characteristics • Anonymity: We don’t know who we’re dealing with • Automation: Communication may be entirely between machines without human supervision • Distance: Communications are not significantly impacted by distance • Opaqueness: It is hard to tell how far away other users are and to be sure that someone claiming to be the same user as before is

  15. Shape and size • The arrangement of a network, in terms of its links, is called its topology • The boundary separates systems that are on a network from those that are not • With the Internet, this line is blurry • It is hard to know who owns hosts in a network • Makes enforcing the law difficult • How is a network controlled? Who does it?

  16. Communication • Analog or digital • A modem converts between the two • Portmanteau of “modulator-demodulator” • Copper wire is the main workhorse • Twisted pair is a pair of insulated copper wires • Limit of about 10 Mbps and about 300 feet without a boost • Coaxial cable has a single wire surrounded by an insulation jacket covered by a grounded braid of wire • Repeatersor amplifiers are needed periodically to prevent signal degradation

  17. Other media • Optical fiber • Carries light instead of electricity • Higher bandwidth and less signal degradation than copper • Replacing aging copper lines • Wireless • Good for short distance • Uses radio signals • Microwave • Strong signals • Requires line of sight • Infrared • Similar to microwave but weaker signals • Satellites • Need geosynchronous orbits • Secure applications need smaller footprints than broadcasts

  18. Protocols • There are many different communication protocols • The OSI reference model is an idealized model of how different parts of communication can be abstracted into 7 layers • Imagine that each layer is talking to another parallel layer called a peer on another computer • Only the physical layer is a real connection between the two

  19. Layers • Protocols and standards define each layer • Not every layer is always used • Sometimes user errors are referred to as Layer 8 problems

  20. TCP/IP • The OSI model is conceptual • Most network communication uses TCP/IP • We can view TCP/IP as four layers:

  21. TCP/IP • Transmission Control Protocol (TCP) • Creates a reliable communication session • Wraps information into packets • Uses port numbers to connect processes to information streams • Internet Protocol (IP) • Allows for unreliable transport • Wraps packets into datagrams • Uses IP addresses for routing • User Datagram Protocol (UDP) • Alternative to TCP that is unreliable but has low overhead

  22. Addressing • A message datagram is sent to a domain name such as google.com • The Domain Name System (DNS) converts google.com into an IP address such as 74.125.226.229 • The server at 74.125.226.229 receives the datagram and unwraps the corresponding packet • The packet has a port number (probably port 80, for HTTP), which is delivered to whatever program is communicating on port 80

  23. Types of Networks • Local area network (LAN) • Small: Often not more than 100 users within 2 miles • Local controlled • Physically protected • Limited scope • Wide area network (WAN) • One organization controls it • Covers a large distance • Physically exposed • Internetworks • A connection of two or more separate networks • The most significant is the Internet • Enormous • Heterogeneous • Physically and logically exposed

  24. Network Threats

  25. Why is a network vulnerable? • Anonymity • Many points of attack (targets and origins) • Sharing • Complexity • Unknown perimeter

  26. Why do people attack networks? Kevin Mitnick Once the most wanted computer criminal in the US • Challenge • Fame • Money • State espionage • Industrial espionage • Organized crime • Stolen credit card numbers • Identity theft • Ideology • Hacktivist groups like Anonymous • Cyberterrorism from al Qaeda and similar groups

  27. Reconnaissance

  28. Reconnaissance • A smart attacker learns everything he or she can about the system before attacking it • Useful methods for reconnaissance of a network include: • Port scans • Social engineering • Dumpster diving • OS and application fingerprinting • Background research

  29. Port scan • Many targeted systems include servers that are always listening on various ports, waiting for communication • A port scanner is a program that tries to connect on many interesting ports to see what kinds of communication is ready to do • If a server is poorly configured, it might be listening on ports even the administrators don’t know about • Common free port scanners: • nmap • netcat

  30. Social engineering • Social engineering means techniques used to get a human being to unknowingly divulge information to an outsider • Often this is done by posing as tech support or some kind of contractor • Attackers can pretend to be someone from another department • Most employees have been trained to be reluctant to give up their passwords • However, they will often reveal their IP address, OS information, and other useful pieces of system information

  31. Gathering more intelligence • Port scans and social engineering can tell a lot • Dumpster diving or going through trash can tell a lot as well • You can learn which pieces of hardware have been bought by their packaging • Phone lists or organization charts could be in the trash • Diagrams, notes, even passwords could be written on scraps of paper • Old hard drives with sensitive information could turn up • For high level attacks, real spying is possible

  32. OS and application fingerprinting • Port scanning gives a lot of information • For example, port 80 is used for HTTP • But you may want to know which OS or application is actually listening at a port • Vulnerabilities are often system-dependent • Some applications will reveal themselves directly • Others will give more information if you ask for a feature that is unavailable or give a bad command • You are being fingerprinted when you visit websites • Your browser identifies which browser it is • You can hide this information, but your web pages might look weird

  33. Documentation and hacking tips • How do you actually do the attack? • Same as everything else: • Google • Once you know the system you are attacking, you can search the Internet and security blogs and boards for vulnerabilities • Because networking is often between different kinds of systems running different kinds of software, features are well-documented • Most big viruses and worms use publicly known vulnerabilities that haven’t been patched

  34. Eavesdropping

  35. Eavesdropping and wiretapping • Eavesdropping means overhearing private information without much effort • Administrators need to periodically monitor network traffic • Wiretapping implies that more effort is being used to overhear information • Passive wiretapping is only listening to information • Active wiretapping means that you may adding or changing information in the stream

  36. Cable wiretapping • If you are on the same LAN, you can use a packet sniffer to analyze packets • Packets are constantly streaming by, and your computer usually only picks up those destined for it • Passwords are often sent in the clear • Wireshark is a free, popular packet sniffer • Cable modems are filters that give you only the data you need • Sophisticated attackers can tap into a cable network • Data is supposed to be encrypted, but many networks don’t turn encryption on • Inductance is a property that can allow you to measure the signals inside of a wire without a direct physical connection • Using inductance or physically connecting to a wire changes its impedance, which can (but usually is not) measured • Signals are often multiplexed, sharing media with other signals, which can increase the sophistication needed to wiretap

  37. Wireless eavesdropping • Wireless networks are easy to disrupt, but attackers usually have little to gain by this • Since they are broadcast, it is not difficult to intercept the signal • Special antennas can receive the signal from a longer distance than usual • Some networks are entirely unencrypted • WEP is almost completely broken • WPA have WPA2 have vulnerabilities that can be exploited in some cases

  38. Other media • Microwave is easy to intercept • Long distance phone can use microwaves • Cell phones can use microwaves • One difficulty with making use of the intercepted signal is that microwave signals are heavily multiplexed, making it hard to untangle individual signals • Satellites are similar (unsecure but heavily multiplexed) • Optical fiber is very difficult to tap • Cutting a single fiber means recalibrating the network • Repeaters and taps that connect the fiber are the best places to attack

  39. Upcoming

  40. Next time… • More on network threats • Network security controls • Cody Kump presents

  41. Reminders • Read Sections 7.2 and 7.3 • Work on Assignment 4 • Due on Friday • Study for Exam 2 • Next Monday

More Related