280 likes | 384 Views
Deficiencies in Networks. Anonymity Lack of Access Control Anything can be forged Shared medium Crowded Unpredictable Complexity Difficult to comprehend Difficult to do right. Large Network. Implication of Those Deficiencies. Criminals have found the Internet FTC Report 2007
E N D
Deficiencies in Networks Anonymity Lack of Access Control Anything can be forged Shared medium Crowded Unpredictable Complexity Difficult to comprehend Difficult to do right
Implication of Those Deficiencies Criminals have found the Internet FTC Report 2007 $1.2 billion in fraud 1/3 Identity Theft 64% initiated through Net Border Protection $200 Million IP theft Stealth Worms Outbreaks rare since 2004 Botnets growing to huge size Increase in spam DOS to Georgia
Network Security • The field of network security is about: • how bad guys can attack computer networks • how we can defend networks against attacks • how to design architectures that are immune to attacks • Internet not originally designed with (much) security in mind • original vision: “a group of mutually trusting users attached to a transparent network” • Internet protocol designers playing “catch-up” • Security considerations in all layers! Introduction
Malware can get in host from a virus, worm, or trojan horse. Spyware malware can record keystrokes, web sites visited, upload info to collection site. Infected host can be enrolled in a botnet, used for spam and DDoS attacks. Malware is often self-replicating: from an infected host, seeks entry into other hosts Bad guys can put malware into hosts via Internet Introduction
Trojan horse Hidden part of some otherwise useful software Today often on a Web page (Active-X, plugin) Virus infection by receiving object (e.g., e-mail attachment), actively executing self-replicating: propagate itself to other hosts, users Bad guys can put malware into hosts via Internet • Worm: • infection by passively receiving object that gets itself executed • self- replicating: propagates to other hosts, users Sapphire Worm: aggregate scans/sec in first 5 minutes of outbreak (CAIDA, UWisc data) Introduction
Viruses Executed by user or app Inserts into code In empty regions of app Redirects app start instructions Effect Mischief Spyware Spread Locally As used Init Code
Trojans Already Exists in Code Does not propagate Effect Mischief Spyware Anything
Worms Self Replicating Exploit vulnerabilities Effect Cause High Net Traffic Mischief/Spyware Spread Over Networks Actively Polymorphic
Backdoor Adding illicit access to a host Remotely Creating a server Adding User with remote access Locally Bury alternative access in code
Hybrid Bugs Bugs are people too!
What about Anti-virus? Can only match known signatures Fine if there is a match Not so fine if there isn’t Zero-day attack (a bit presumptuous term) Unknown attack Some bugs disable anti-virus
target Bad guys can attack servers and network infrastructure • Denial of service (DoS): attackers make resources (server, bandwidth) unavailable to legitimate traffic by overwhelming resource with bogus traffic select target break into hosts around the network (see botnet) send packets toward target from compromised hosts Introduction
Denial of Service Denial of Service Typically one source Utilizes weaknesses in App or Proto to bring services down Distributed Denial of Service Many hosts attacking a small network Indistinguishable from certain network phenomena (Flash Crowds).
Syn Flood Server TCP Session SYN TCP Session TCP Session TCP Session TCP Session TCP Session TCP Session
Ping of Death (POD) Feed the target more than he can handle Host Chokes
src:B dest:A payload The bad guys can sniff packets Packet sniffing: • broadcast media (shared Ethernet, wireless) • promiscuous network interface reads/records all packets (e.g., including passwords!) passing by C A B • Wireshark software used for end-of-chapter labs is a (free) packet-sniffer Introduction
src:B dest:A payload The bad guys can use false source addresses • IP spoofing: send packet with false source address C A B Introduction
The bad guys can record and playback • record-and-playback: sniff sensitive info (e.g., password), and use later • password holder is that user from system point of view C A src:B dest:A user: B; password: foo B Introduction
Network Security • more throughout this course • chapter 8: focus on security • crypographic techniques: obvious uses and not so obvious uses Introduction
Sources Federal Trade Commission, Consumer Fraud and Identity Theft Complaint Data: January-December 2007, 2008. Department of Justice, Report to the President and Congress on Coordination of Intellectual Property Enforcement and Protection, January 2008