1 / 12

Network Security (II)

Network Security (II). 授課老師 : 鄭伯炤 Office: Dept. of Communication Rm #112 Tel: X33512 Email: bcheng@ccu.edu.tw. Extranet. Poor Service Configuration: e.g., DNS, Mail, FTP and Web. Intranet. DDoS: Client  Handler  Agent  Victim e.g., Trinoo and Tribe Flood Network.

heavynne-mays
Download Presentation

Network Security (II)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network Security (II) 授課老師: 鄭伯炤 Office: Dept. of Communication Rm #112 Tel: X33512 Email: bcheng@ccu.edu.tw

  2. Extranet Poor Service Configuration: e.g., DNS, Mail, FTP and Web Intranet DDoS: Client  Handler  Agent  Victim e.g., Trinoo and Tribe Flood Network Internal System 33% Application hole Physical Access Host Resource Starvation: e.g., SYN flood 12% 74% Internet Remote Access Bandwidth Consumption: e.g., SMURF and Fraggle Backdoors Protocol Weakness: ARP, ICMP Authentication: Password Crackers Out-of-Bounds Attack: e.g., Ping of Death and IP fragment attack Hackers Beware Author: Eric Cole; ISBN 0735710090 Network Compromise & Denial of Service

  3. Mail spam • Unsolicited Commercial E-mail (UCE) — Junk e-mail • usually annoying but harmless commercial advertising. • But … • Spread a computer virus • Dangerous when it is a fraud. • Illegal when a chain letter involves the U.S. Postal Service • IDC predicts that a growing glut of spam • daily volume of e-mail from 31 billion messages 2002 to 60 billion in 2006. • 寄信者為了不被抓到都會使用假的 E-mail address 及利用其它單位的 mail server 作為 relay 來送信。

  4. History of Spam • Nothing with Hormel product, SPAM (SPiced hAM). • Monty Python's sketch: • A restaurant that serves SPAM with every meal. • A particular customer tries to order a meal without SPAM. • A side table of SPAM-loving Vikings • When they hear the word SPAM they would joyously sing a song about their love for SPAM. • The song quietly started of with the words, " SPAM, SPAM, SPAM, SPAM, SPAM..." The Vikings would sing the song, rising in volume and drowning out other conversations. • During the 2.5 minute sketch, the word SPAM would be used more than 100 times. • The analogy of unwanted messages drowning out normal Internet communications. http://notebook.ifas.ufl.edu/spam/

  5. 各區網中心處理檢舉Spam Mail信箱 React to Mail spam • 當教育部收到國內外的抗議信件時會將信件轉給十二個區域網路中心的管理者或相關人員處理, 並限制該主機連接學術網路骨幹。 • 在得到 mail server 管理者處理並改善的回信後,再行解除限制, ( 依據台灣學術網路技術小組 第五十三次會議記錄 )。 Source: http://140.111.1.22/tanet/spam.html

  6. 毒!毒!毒! http://www.trendmicro.com/tw/about/news/pr/archive/2003/pr030827.htm

  7. 惡性程式(Malicious Code) • 『惡性程式』則泛指所有不懷好意的程式碼,包括電腦病毒(Viruses)、特洛伊木馬程式(Trojan)、電腦蠕蟲(Worm)。 *Analysis by Symantec Security Response using data from Symantec Security Response, IDC, & ICSA; 2002 estimated **Source: CERT

  8. What Is Viruses (電腦病毒 )? • A hidden, self-replicating section of computer software, usually malicious logic, that propagates by infecting--i.e., inserting a copy of itself into and becoming part of--another program (RFC 2828). • A virus cannot run by itself; it requires that its host program be run to make the virus active. • When does it bomb? • 這就和病毒的寫作者如何設計程式有關,並不屬於電腦病毒的特性。 • “PETER-2”:在每年2月27日會提3個問题,答錯則將HD加密。 • “黑色星期五”在逢13日的星期五發作

  9. What Is Trojan Horse (特洛伊木馬程)? • A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program. • 特洛伊木馬程式就不像電腦病毒一樣會感染其他檔案 • 特洛伊木馬程式通常都會以一些特殊管道進入使用者的電腦系統中Back Orifice及SubSeven 便是特洛伊木馬程式案例

  10. What Is Worm (電腦蠕蟲)? • A computer program that can run independently, can propagate a complete working version of itself onto other hosts on a network, and may consume computer resources destructively. • 但『本尊』會複制出很多『分身』,就像西遊記中的孫悟空一樣,拔幾根毛就可以複制出幾個分身,然後像蠕蟲般在電腦網路中爬行,從一台電腦爬到另外一台電腦 • 最常用的方法是透過區域網路(LAN)、網際網路(Internet)或是 E-mail 來散佈自己。著名的電腦蠕蟲『VBS_LOVELETTER』就是一個例子。

  11. Viruses, Worm and Trojan Horse Source: http://www.trendmicro.com/tw/security/general/guide/overview/guide01.htm

  12. http://www.gammassl.co.uk/bs7799/works.html http://www.fisc.com.tw/news/MAZ/30/p4a.asp Security Management • ISO/IEC7799-1:2000 (Part 1) • a standard code of practice and can be regarded as a comprehensive catalogue of good security things to do. • BS7799-2:2002 (Part 2) • a standard specification for an Information Security Management Systems (ISMS). • Senior Management monitor and control their security, minimizing the residual business risk and ensuring that security continues to fulfill corporate, customer and legal requirements. • Scope, ISMS Policy, Risk assessment, Risk management/Risk treatment, Select control objectives and controls, Statement of Applicability (SOA), Risk Treatment Plan

More Related