1 / 0

CS363

Week 10 - Monday. CS363. Last time. What did we talk about last time? Inference Multilevel databases. Questions?. Project 3. Assignment 4. Security Presentation. Graham Welsh. Network Basics. Packet switched. The Internet is a packet switched system

mabli
Download Presentation

CS363

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Week 10 - Monday

    CS363

  2. Last time What did we talk about last time? Inference Multilevel databases
  3. Questions?
  4. Project 3
  5. Assignment 4
  6. Security Presentation Graham Welsh
  7. Network Basics
  8. Packet switched The Internet is a packet switched system This means that individual pieces of data (called packets) are sent on the network Each packet knows where it is going A collection of packets going from point A to point B might not all travel the same route C B 1 A 2 D
  9. Circuit switched Phone lines are circuit switched This means that a specific circuit is set up for a specific communication Operators used to do this by hand Now it is done automatically Only one path for data A C B 1
  10. Circuit vs. packet switching Which one is faster? Circuit switching Which one is more predictable? Circuit switching So, why is the Internet packet switched? More adaptable
  11. ARPA The Advanced Research Projects Agency was created in 1958 to respond to the Russians launching Sputnik The ARPANET connected its first two major nodes over 10 years later Packet switched was used so that the network could still communicate after a nuclear strike
  12. Network strength If a single cut can case a network to go down, that network is vulnerable to a single point of failure Most important networks like electrical systems have redundancy so that this doesn’t happen to a whole city Resilience or fault tolerance
  13. Terminology A computer network is at least two computers connected together Often one is a server and the other is a client A computer system in a network is called a node The processor in a node is called a host A connection between two hosts is a link
  14. Network characteristics Anonymity: We don’t know who we’re dealing with Automation: Communication may be entirely between machines without human supervision Distance: Communications are not significantly impacted by distance Opaqueness: It is hard to tell how far away other users are and to be sure that someone claiming to be the same user as before is
  15. Shape and size The arrangement of a network, in terms of its links, is called its topology The boundary separates systems that are on a network from those that are not With the Internet, this line is blurry It is hard to know who owns hosts in a network Makes enforcing the law difficult How is a network controlled? Who does it?
  16. Communication Analog or digital A modem converts between the two Portmanteau of “modulator-demodulator” Copper wire is the main workhorse Twisted pair is a pair of insulated copper wires Limit of about 10 Mbps and about 300 feet without a boost Coaxial cable has a single wire surrounded by an insulation jacket covered by a grounded braid of wire Repeatersor amplifiers are needed periodically to prevent signal degradation
  17. Other media Optical fiber Carries light instead of electricity Higher bandwidth and less signal degradation than copper Replacing aging copper lines Wireless Good for short distance Uses radio signals Microwave Strong signals Requires line of sight Infrared Similar to microwave but weaker signals Satellites Need geosynchronous orbits Secure applications need smaller footprints than broadcasts
  18. Protocols There are many different communication protocols The OSI reference model is an idealized model of how different parts of communication can be abstracted into 7 layers Imagine that each layer is talking to another parallel layer called a peer on another computer Only the physical layer is a real connection between the two
  19. Layers Protocols and standards define each layer Not every layer is always used Sometimes user errors are referred to as Layer 8 problems
  20. TCP/IP The OSI model is conceptual Most network communication uses TCP/IP We can view TCP/IP as four layers:
  21. TCP/IP Transmission Control Protocol (TCP) Creates a reliable communication session Wraps information into packets Uses port numbers to connect processes to information streams Internet Protocol (IP) Allows for unreliable transport Wraps packets into datagrams Uses IP addresses for routing User Datagram Protocol (UDP) Alternative to TCP that is unreliable but has low overhead
  22. Addressing A message datagram is sent to a domain name such as google.com The Domain Name System (DNS) converts google.com into an IP address such as 74.125.226.229 The server at 74.125.226.229 receives the datagram and unwraps the corresponding packet The packet has a port number (probably port 80, for HTTP), which is delivered to whatever program is communicating on port 80
  23. Types of Networks Local area network (LAN) Small: Often not more than 100 users within 2 miles Local controlled Physically protected Limited scope Wide area network (WAN) One organization controls it Covers a large distance Physically exposed Internetworks A connection of two or more separate networks The most significant is the Internet Enormous Heterogeneous Physically and logically exposed
  24. Network Threats
  25. Why is a network vulnerable? Anonymity Many points of attack (targets and origins) Sharing Complexity Unknown perimeter
  26. Why do people attack networks? Kevin Mitnick Once the most wanted computer criminal in the US Challenge Fame Money State espionage Industrial espionage Organized crime Stolen credit card numbers Identity theft Ideology Hacktivist groups like Anonymous Cyberterrorism from al Qaeda and similar groups
  27. Reconnaissance
  28. Reconnaissance A smart attacker learns everything he or she can about the system before attacking it Useful methods for reconnaissance of a network include: Port scans Social engineering Dumpster diving OS and application fingerprinting Background research
  29. Port scan Many targeted systems include servers that are always listening on various ports, waiting for communication A port scanner is a program that tries to connect on many interesting ports to see what kinds of communication is ready to do If a server is poorly configured, it might be listening on ports even the administrators don’t know about Common free port scanners: nmap netcat
  30. Social engineering Social engineering means techniques used to get a human being to unknowingly divulge information to an outsider Often this is done by posing as tech support or some kind of contractor Attackers can pretend to be someone from another department Most employees have been trained to be reluctant to give up their passwords However, they will often reveal their IP address, OS information, and other useful pieces of system information
  31. Gathering more intelligence Port scans and social engineering can tell a lot Dumpster diving or going through trash can tell a lot as well You can learn which pieces of hardware have been bought by their packaging Phone lists or organization charts could be in the trash Diagrams, notes, even passwords could be written on scraps of paper Old hard drives with sensitive information could turn up For high level attacks, real spying is possible
  32. OS and application fingerprinting Port scanning gives a lot of information For example, port 80 is used for HTTP But you may want to know which OS or application is actually listening at a port Vulnerabilities are often system-dependent Some applications will reveal themselves directly Others will give more information if you ask for a feature that is unavailable or give a bad command You are being fingerprinted when you visit websites Your browser identifies which browser it is You can hide this information, but your web pages might look weird
  33. Documentation and hacking tips How do you actually do the attack? Same as everything else: Google Once you know the system you are attacking, you can search the Internet and security blogs and boards for vulnerabilities Because networking is often between different kinds of systems running different kinds of software, features are well-documented Most big viruses and worms use publicly known vulnerabilities that haven’t been patched
  34. Eavesdropping
  35. Eavesdropping and wiretapping Eavesdropping means overhearing private information without much effort Administrators need to periodically monitor network traffic Wiretapping implies that more effort is being used to overhear information Passive wiretapping is only listening to information Active wiretapping means that you may adding or changing information in the stream
  36. Cable wiretapping If you are on the same LAN, you can use a packet sniffer to analyze packets Packets are constantly streaming by, and your computer usually only picks up those destined for it Passwords are often sent in the clear Wireshark is a free, popular packet sniffer Cable modems are filters that give you only the data you need Sophisticated attackers can tap into a cable network Data is supposed to be encrypted, but many networks don’t turn encryption on Inductance is a property that can allow you to measure the signals inside of a wire without a direct physical connection Using inductance or physically connecting to a wire changes its impedance, which can (but usually is not) measured Signals are often multiplexed, sharing media with other signals, which can increase the sophistication needed to wiretap
  37. Wireless eavesdropping Wireless networks are easy to disrupt, but attackers usually have little to gain by this Since they are broadcast, it is not difficult to intercept the signal Special antennas can receive the signal from a longer distance than usual Some networks are entirely unencrypted WEP is almost completely broken WPA have WPA2 have vulnerabilities that can be exploited in some cases
  38. Other media Microwave is easy to intercept Long distance phone can use microwaves Cell phones can use microwaves One difficulty with making use of the intercepted signal is that microwave signals are heavily multiplexed, making it hard to untangle individual signals Satellites are similar (unsecure but heavily multiplexed) Optical fiber is very difficult to tap Cutting a single fiber means recalibrating the network Repeaters and taps that connect the fiber are the best places to attack
  39. Upcoming
  40. Next time… More on network threats Network security controls Cody Kump presents
  41. Reminders Read Sections 7.2 and 7.3 Work on Assignment 4 Due on Friday Study for Exam 2 Next Monday
More Related