6$¿* *v#2` *`BK2b M/ AMi2`M2i a2+m`Biv HBM/ K2M M/ i?2 ...siva/talks/ips2016-4up.pdf · j UAAh...
Transcript of 6$¿* *v#2` *`BK2b M/ AMi2`M2i a2+m`Biv HBM/ K2M M/ i?2 ...siva/talks/ips2016-4up.pdf · j UAAh...
Cyber Crimes and Internet Security
िशवकुमार G. Sivakumar சிவகுமா
Computer Science and Engineeringभारतीय ूौोिगकी संान म ुबंई (IIT Bombay)
April 29, 2016
• The Good (Web 3.0, 3rd Platform, Emerging Trends)
• The Bad (Security- sine qua non! Threats, Vulnerabilities)
• The Ugly(Tools for Defence, Offence)
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Blind men and the Elephant - अ-गज ायः
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Takeaways from Talk
• Web 3.0, 3rd platform (SMAC + IoT).• Recent Attacks, Vulnerabilities, Defence Mechanisms.• Different Perspectives
• Researcher (Protocol Security, Formal Methods)• Defender (IITB Case Study: Iptables/Netfiler firewall,
OSSIM)• Attacker (Metasploit Framework)• Investigator (Forensics using Autopsy, Wireshark, SiLK
(netflow))
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
पवू प (Purva Paksha) for Web 3.0
Web 1.0 may have democratized access to information, but it islike drinking water from a fire hose!Search engines provide partial solutions, but cannot combine,categorize and infer!
Web 2.0 may have allowed right to assembly/collaboartion, but
• Proliferated unreliable, contradictory information.
• Facilitated malicious uses including loss of privacy, security.
What do you want from Web 3.0?What you want to see/hear when you wakeup?I have a dream ...AI meets the web!
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Semantic WebThe application layer tapping the hardware (Web 1.0) and OS(Web 2.0)?
RamanaMaharishi author-of
NaanYaar?
Aksharamanamalai
VicharaManiMala
Realityin FortyVerses
contemporaries
KanchiChan-
drasekaraSaraswathi
JidduKrish-
namurti
Place: Tiru-vannamali,Tamil Nadu
Lived30/12/1879
to14/4/1950
Combined, categorized information inferred from various sites,languages. www.dbpedia.org comes close today!
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Revival of AI• Statistical Machine Learning (Unsupervised)• Deep learning (structured learning, hierarchical learning or
deep machine learning) models high-level abstractions indata by using multiple processing layers, with complexstructures or otherwise, composed of multiple non-lineartransformations.
• sens.aiConnects to public, premium and proprietary unstructuredand semi-structured data sets so that non-obviouspatterns related to money laundering and relatedsuspicious activities can be identified, analyzed, andreported.
• Bots (not Botnets)Microsoft’s experimental Mandarin-language bot, Xiaolcehuge hit in China! (Whay Bots do professors use?)
• Algorithmic personality detection.Predict financial risk from your facebook, twitter, ...activity.िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected]
Cyber Crimes and Internet Security
3rd platform: SMAC + IoT
3rd Platform
Social
Mobile
Analytics
Cloud
Internetof Things
• Main Frame (1960s ...)
• Client Server (1990s ...)
• Today (Handheld, PervasiveComputing)
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
3rd platform: SMAC + IoT
3rd Platform
Social
Mobile
Analytics
Cloud
Internetof Things
• What’s App (how manyengineers?)
• Facebook, Twitter,GooglePlus ...
• Web 2.0 (Right toAssembly)
• Crowdsourcing (Wikipedia)
• Crowdfunding (no banks!)
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
3rd platform: SMAC + IoT
3rd Platform
Social
Mobile
Analytics
Cloud
Internetof Things
• Phone (Smart,Not-so-smart!)
• Wearables! (Google glass,Haptic)
• Internet of “Me” (highlypersonalized) Business (nogeneric products!)
• BYOx: Device security,App/content managementnightmare.
• Data Loss Prevention(Fortress Approach -Firewall, IDS/IPS - won’twork!)
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
3rd platform: SMAC + IoT
3rd Platform
Social
Mobile
Analytics
Cloud
Internetof Things
• Big Data
• Volume, Variety, Velocity,Veracity
• ACID properties Databasenot needed
• Hadoop, Map Reduce,NoSql
• Knowledge is Power!
• Collect, Analyse, Infer,Predict
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
3rd platform: SMAC + IoT
3rd Platform
Social
Mobile
Analytics
Cloud
Internetof Things
• Moore’s law
• What could fit in a building.. room ... pocket ... bloodcell!
• Containers Analogy from
Shipping
• VMs separate OS from baremetal (at great cost-Hypervisor, OS image)
• Docker- separates apps fromOS/infra using containers.
• Like IaaS, PaaS, SaaS Haveyou heard of CaaS?
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
3rd platform: SMAC + IoT
3rd Platform
Social
Mobile
Analytics
Cloud
Internetof Things
• Sensors (Location,Temperature, Motion,Sound, Vibration, Pressure,Current, ....)
• Device Eco System (SmartPhones, Communicate withso many servers!)
• Ambient Services (Maps,Messaging, Trafficmodelling and prediction,...)
• Business Use Cases (OlaCabs, Home Depot, PhilipsHealthcare, ...)
• Impact on wirelessbandwdith, storage,analytics (velocity of BIGdata, not size)
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
What are Cyber crimes?CybercrimeActivity in which computers or networks are a tool, a target, or aplace of criminal activity. (Categories not exclusive).
• Against People• Cyber Stalking and Harrassment• (Child) Pornography• Phishing, Identity Theft, Nigerian 419
• Against Property• Cracking, Virus and Spam• Software/Entertainment Piracy• Trade secrets, espionage
• Cyber Terrorism!• Hactivism! (in some countries!)• Information Warfare
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Some ExamplesFood for thought...
• Recent Examples later ...• Vikram Buddhi, Assange, Snowden, Panama papers• Stuxnet
Stuxnet is a computer worm discovered in June 2010 that isbelieved to have been created by the U nited States and Israelto attack Iran’s nuclear facilities. Stuxnet initially spreads viaMic rosoft Windows, and targets Siemens industrial controlsystems. While it is not the first time th at hackers havetargeted industrial systems, it is the first discovered malwarethat spies on and subverts industrial systems, and the first toinclude a programmable logic controller (PLC) rootkit.
• Flame (Iran Oil terminals, 2012)• DarkSeoul
Check out Wikipedia for more.िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
What’s Bad about Computers and Internet?• “Can’t live with them, can’t live without them!”• Know Your Enemy (threats/Vulnerabilities)
Can cyber/internet crimes cause events like the following?
• July 2006 Mumbai rains• 26/11 attack on Mumbai• Gulf of Mexico oil spill• Mangalore air crash• Stop all Mumbai local trains• Damage BARC nuclear reactor• Disrupt all Mumbai mobile phones? (Prof.
Jhunjhunwala’s example)• How to protect Critical National Infrastructure?
• Passive Defence• Counter Intelligence (Technical side)
• Demo from atlas.arbor.net and cert-in.org.inYour questions/suggestions now will be invaluable!
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Operation C-MajorTrend Micro report (Apr 2016) with all details avaialable athttp://documents.trendmicro.com/assets/pdf/Indian-military-personnel-targeted-by-information-theft-campaign-cmajor.pdf
The Trend Micro Forward-Looking Threat Research teamrecently uncovered an information theft campaign in India thathas stolen passport scans, photo IDs, and tax information ofhigh- ranking Indian military officers, non-Indian militaryattaché based in the said country, among others.
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Major Incidents in 2015From www.wired.com/2015/12/the-years-11-biggest-hacks-from-ashley-madison-to-opm
• Office of Personnel Management. (OPM) - 21 million,including fingerprint files of govt. employees.
• Juniper NetScreen Firewalls - hardcoded backdoor password.and hole in Dual-EC encryption. ( Apple/Fbi now)
• Ashley Madison - online partner site. blackmail.payment/transaction data exposed many.
• Gemalto - Dutch Sim cards manufacturer
• Kaspersky Lab -stole research on how to bypass
• Hacking Team - white hats used to “bug” activists inmorocco, uae, syria.
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Major Incidents in 2015 (ctd.)
• CIA Director John Brennan – socially phihsed his personaldetails, hacked AOL email and got sensitive data
• Experian’s T-Mobile Customers - 15 million applicantspersonal info- for credit check..
• LastPass - easy to store passwords with master key= hacked!
• IRS - accessed 1 lakh returns
• Anthem - health care records
Even more recent• Locky (Ransomware),
• Mazar Bot (Android malware),
• Whose side are you on? ... Why?
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Big Bong Theory
• Korean Banking malware• Detailed report at www.arbornetworks.com (ASERT)• Patiently wait for opportunity to strike!
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Security Concerns
Match the following!Problems Attackers
Highly contagious viruses Unintended blundersDefacing web pages Disgruntled employees or customers
Credit card number theft Organized crimeOn-line scams Foreign espionage agents
Intellectual property theft Hackers driven by technical challengeWiping out data Petty criminalsDenial of service Organized terror groups
Spam E-mails Information warfareReading private files ...
Surveillance ...
• Crackers vs. Hackers• Note how much resources available to attackers.
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Atlas.arbor.net
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Atlas.arbor.net
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Atlas.arbor.net
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Atlas.arbor.net
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Real-time Intelligence- atlas.arbor.net
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Who is scanning?
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Who is hosting phising sites?
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Malicious Servers
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
cert-in.org.in
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
cert-in.org.in
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
cert-in.org.in
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
cert-in.org.in
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Vulnerabilities• Application Security
• Buggy code• Buffer Overflows
• Host Security• Server side (multi-user/application)• Client side (virus)
• Transmission Security
A B
C
Network Security
Secrecy
Integrity
Availability
A B
C
A B
C
A B
C
(Modification)(Fabrication)
(Denial of Service attack)
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
What is a Computer Network?
TWO
or MORE
COMPUTERS sharing a LINK!
Point-to-Point
Shared Media (LAN)
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
So, what’s Internet?• A bottom-up collection (interconnection) of networks
• TCP/IP is the only common factor• Bureaucracy-free, reliable, cheap• Decentralized, democratic, chaotic• Internet Society (www.isoc.org)• Internet Engineering Task Force (www.ietf.org)
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Why is Internet Vulnerable?Quick overview of how Internet works.
Connectionless Best-Effort
Datagram Routing through Internet
Analogy with PostCards
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Internet Attacks Toolkits (Youtube)
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Internet Attacks TimelineFrom training material at http://www.cert-in.org.in/
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Internet Attack TrendsFrom training material at http://www.cert-in.org.in/
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Security RequirementsInformal statements (formal is much harder)
• Confidentiality Protection from disclosure to unauthorizedpersons
• Integrity Assurance that information has not been modifiedunauthorizedly.
• Authentication Assurance of identity of originator ofinformation.
• Non-Repudiation Originator cannot deny sending themessage.
• Availability Not able to use system or communicate whendesired.
• Anonymity/Pseudonomity For applications like voting,instructor evaluation.
• Traffic Analysis Should not even know who is communicatingwith whom. Why?
• Emerging Applications Online Voting, Auctions (more later)And all this with postcards (IP datagrams)!
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Security Landscape
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Security Mechanisms
• System Security: “Nothing bad happens to mycomputers and equipment”virus, trojan-horse, logic/time-bombs, ...
• Network Security:• Authentication Mechanisms “you are who you say you
are”• Access Control Firewalls, Proxies “who can do what”
• Data Security: “for your eyes only”• Encryption, Digests, Signatures, ...
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Network Security Mechanism Layers
Application
TCP/Socket
IP
Data Comm.
Application
TCP/Socket
IP
Data Comm.
IPv6, AH, ..
SSL, TLS
PGPS-HTTP, S-MIME
Firewalls
Encryption can be done at any level!
Higher-up: more overhead (for each application)
but better control
Cryptograhphic Protocols underly all security mechanisms.Real Challenge to design good ones for key establishment,mutual authentication etc.
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Cryptography and Data Security
• sine qua non [without this nothing :-]• Historically who used first? (L & M)• Code Language in joint families!
Confidentiality Data Integrity Authentication Non-Repudiation
EncryptionDigital
SignatureMessage
authenticationUser
Identification
CiphersBlockStream
CiphersHashing Signatures
Pubic-Key
MethodsSecret KeyEstablishment
Key Management
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Exchanging Secrets
GoalA and B to agree on a secret number. But, C can listen to alltheir conversation.
Solution?A tells B: I’ll send you 3 numbers. Let’s use their LCM as thekey.
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Exchanging Secrets
GoalA and B to agree on a secret number. But, C can listen to alltheir conversation.
Solution?A tells B: I’ll send you 3 numbers. Let’s use their LCM as thekey.
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Motivation for Session keysCombine Symmetric (fast) and Asymmetric (very slow)Methods using session (ephemeral) keys for the followingadditional reasons.
• Limit available cipher text (under a fixed key) forcryptanalytic attack;
• Limit exposure with respect to both time period and quantityof data, in the event of (session) key compromise;
• Avoid long-term storage of a large number of distinct secretkeys (in the case where one terminal communicates with alarge number of others), by creating keys only when actuallyrequired;
• Create independence across communications sessions orapplications. No replay attacks.
How to establish session keys over insecure medium whereadversary is listening to everything?Can be done even without any public key! Randomization torescue (like in CSMA/CD of Ethernet).िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected]
Cyber Crimes and Internet Security
Diffie-Hellman Key Establishment Protocol
Alice Bob
Choose N Choose N
Send Send
ComputeCompute
8
13 4
gP,
gNa
mod P gNb mod P
a b
45
4 mod 13
5
8
m a mb
Kab
= mb
Namod P m a
Nbmod P = K ba
3 5mod 13 = 9 = 10 8
mod 13
= 3 = 10mod 13
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Man-in-the-middle attackVishwanathan
Anand
Gary
Kasparov
Sivae4
e4
c5 c5
• Authentication was missing!• Can be solved if Kasparov and Anand know each other’s
public key (Needham-Schroeder).• Yes, but different attack possible.
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Why Are Security Protocols Often Wrong?
They are trivial programs built from simple primitives, BUT,they are complicated by
• concurrency• a hostile environment
• a bad user controls the network• Concern: active attacks masquerading, replay,
man-in-middle, etc.• vague specifications
• we have to guess what is wanted• Ill-defined concepts
Protocol flaws rather than cryptosystem weaknessesFormal Methods needed!
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Zero-Knowledge Proofs
GoalA to prove to B that she knows how to solve the cube.Without actually revealing the solution!
Solution?A tells B: Close your eyes, let me solve it...
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Zero-Knowledge Proofs
GoalA to prove to B that she knows how to solve the cube.Without actually revealing the solution!
Solution?A tells B: Close your eyes, let me solve it...
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
IIT Bombay Case Study (Defender’s Perspective)• Campus Network Infrastructure
• Academic Area• Hostels• Residential• Hardware and Network (the easy part!)
• Gigabit L3 switches• 10 Mbps Internet (4 Links)• 5000+ nodes
• Applications (Complex enough)• Mail• Web Browsing/Hosting
• Users and Management (Nightmare begins)• MisUse (mp3, movie, porn, hacking, fake mails, ...)• CCTeam
• We carry your Bytes• Our T-shirt (cows, dogs, leopards!)
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
IIT-B’s WAN Links and Firewall
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Important LAN Issues
Important Considerations• Virus, Spware• Wrong IP addresses• Wireless Access (guest house, conference halls)• Static MAC-IP mapping• Software Piracy• Illegal Content (pornography,...)• ...
Good LAN design can help a lot with this...
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Critical Network Services
• Firewall (Security sine qua non)
• Domain Name Service (DNS) http://cr.yp.to/djbdns/
• Directory Services (LDAP)
• Virus Scanning clamav.elektrapro.com
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Critical Network (WAN) Services
• E-mail (www.qmail.org)
• Newsgroups (inn)
• Web Proxy
• WWW Servers (httpd.apache.org)
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Firewall
• Inside IIT we have 50+ IP subnets.• Over 5000 nodes.• All Private addresses 10.x.y.z• 4 Different WAN subnets
• 128, 64, 32, 32 address only!• iptables (www.iptables.org) to the rescue.• Selective services/machines opened up
• Incoming ssh to different dept. servers.• Outgoing ssh, Yahoo/MSN chat• Outgoing port for SciFinder• Outgoing ftp from select machines
• Making a good policy is the hardest!
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Why Monitor?
िचनीया िह िवपदां आदाववे ूितिबयान कूपखननं यंु ूदी े विना गहृेThe effect of disasters should be thought of beforehand. It isnot appropriate to start digging a well when the house isablaze with fire.Security cannot be an afterthought!There is a tide in the affairs of men, Which taken at the flood,leads on to fortune. Omitted, all the voyage of their life isbound in shallows and in miseries. Shakespeare
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Monitoring Network and Services
How to answer the following questions?1 How much traffic in/out? Anything abnormal?2 How many emails came from outside IIT?3 Who are the top 10 senders/receivers/domains?4 Is anyone trying to spam/relay/DoS/break mail servers?5 How much bandwidth is used for browsing? Top domains?6 What are the biggest size downloads?7 Is anyone attacking academic office from hostels?
Where is all this information? How to find out?Reactive, static reports, pro-active, alerts?
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Network, Services and User ManagementEternal vigilance is the price of liberty!
• How is network doing?
• Are all services up?• How much email in/out? How many viruses?
• Who’s using Web proxy? For what?• Are User’s happy? www.gnu.org/software/gnats
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
IIT Bombay WAN Links
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
IIT Bombay WAN Links
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
IIT Bombay WAN Links
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Nagios
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Nagios (ctd.)
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Mail Usage Statistics
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Mail Usage Statistics
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Mail Server Statistics
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Mail Server Statistics
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Web Proxy Usage
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Web Server Hits
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Web Server Hits
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Log Archival at IIT Bombay
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Squid Logs
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Security Information and Event Management(SIEM)
OSSEC and OSSIM tool suite.ELK (Elastic Search, LogStash, Kibana) Framework
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
SIEM Architecture
Image Reference : Unified Open Source Security- Santiago González Bassett, Alien Vault
www.ossec.net/files/OpenSourceSecurity 2013.pptx
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
SIEM Use Case
Real-time Reactive (Recall atlas.arbor.net)
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Attacking IIT Bombay
Use dnsstuff.com to get some information.
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Mail Servers Information
Use dnsstuff.com
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Mail Servers Information
Use dnsstuff.com
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
TraceRoute
Very sophisticated tools (nmap, nessus, metasploit) availableto attackers.
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
MetaSploit Framework
• Penetration testing• Open source project• Providing exploit code and the infrastructure• Prevents data breaches• Check security control• Ensure security of new application
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Metasploit Libraries
Figure: Databases for the Vulnerability and Exploits
Version Exploit Payload Auxiliaries Encoders3.7.0 684 217 355 274.0.0 716 226 361 274.9.2 1303 335 792 354.11.4 1467 432 840 37
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Certified Forensic InvestigatorScope of Forensics work
• Define and describe computer investigations• Demonstrate correct methods of evidence gathering• Use and evaluate various operating systems and file
systems• Equip a Forensics Lab with appropriate hardware and
software• Install, configure, and use various command-line and
graphical software forensics tools• Describe and compare various hardware devices employed
by computer forensics experts• Retrieve and analyze data from a suspect’s computer,
tablet, mobile phone.• Summarize the evidence and write investigative reports• Utilize the services of expert witnesses• Recover file images, and categorize the data• Examine and trace email messages• Obtain and control digital evidenceिशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected]
Cyber Crimes and Internet Security
forensicswiki.org
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
cftt.nist.gov
Comprehensive test reports on all forensic tools!िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
cfreds.nist.govComputer Forensics Reference Data Sets
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Android Forensics using Autopsy
From: http://www.nist.gov/forensics/upload/6-Mahalik_OSMF.pdfHow to obtain
• Contacts• Messages and Chats• Geolocation Data/Reports• Multimedia files
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
Geolocation Reporting
↓
Network Forensics
From en.wikipedia.org/wiki/NetworkforensicsNetwork forensics is a sub-branch of digital forensics relating to themonitoring and analysis of computer network traffic for thepurposes of information gathering, legal evidence, or intrusiondetection. Unlike other areas of digital forensics, networkinvestigations deal with volatile and dynamic information. Networktraffic is transmitted and then lost, so network forensics is often apro-active investigation.Must have FoSS tools: Wireshark, SiLK. Can analyze packetcaptures, net flows.
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security
ानम प्रमम ्येम ् (Knowledge is Ultimate Goal)
न चोरहाय न च राजहाय न ॅातभृाम न च भारकारीये कृत े वध त एव िनं िवाधनं सव धनूधान ंIt cannot be stolen by thieves, cannot be taken away by theking, cannot be divided among brothers and does not cause aload. If spent, it always multiplies. The wealth of knowledge isthe greatest among all wealths.IIT Bombay’s motto is the title of this slide.Eternal vigilance is the price of liberty!Way Forward: Ramakrishna story!
िशवकुमार G. Sivakumarசிவகுமா Computer Science and Engineering भारतीय ूौोिगकी संान म ुबंई (IIT Bombay) [email protected] Crimes and Internet Security