Deficiencies in Networks
28
Deficiencies in Networks Anonymity Lack of Access Control Anything can be forged Shared medium Crowded Unpredictable Complexity Difficult to comprehend Difficult to do right
description
Deficiencies in Networks. Anonymity Lack of Access Control Anything can be forged Shared medium Crowded Unpredictable Complexity Difficult to comprehend Difficult to do right. Large Network. Implication of Those Deficiencies. Criminals have found the Internet FTC Report 2007 - PowerPoint PPT Presentation
Transcript of Deficiencies in Networks
Deficiencies in Networks Anonymity
Lack of Access Control Anything can be forged
Shared medium Crowded Unpredictable
Complexity Difficult to comprehend
Difficult to do right
Large Network
Implication of Those Deficiencies
Criminals have found the Internet FTC Report 2007
• $1.2 billion in fraud• 1/3 Identity Theft• 64% initiated through Net
Border Protection• $200 Million IP theft
Stealth Worms• Outbreaks rare since 2004• Botnets growing to huge size• Increase in spam• DOS to Georgia
Actual Fraud Complaints 05-07
Confiscated IP
Introduction 1-7
Network Security The field of network security is about:
how bad guys can attack computer networks how we can defend networks against attacks how to design architectures that are immune
to attacks Internet not originally designed with
(much) security in mind original vision: “a group of mutually trusting
users attached to a transparent network” Internet protocol designers playing “catch-
up” Security considerations in all layers!
Introduction 1-8
Bad guys can put malware into hosts via Internet Malware can get in host from a virus, worm, or
trojan horse.
Spyware malware can record keystrokes, web sites visited, upload info to collection site.
Infected host can be enrolled in a botnet, used for spam and DDoS attacks.
Malware is often self-replicating: from an infected host, seeks entry into other hosts
Introduction 1-9
Bad guys can put malware into hosts via Internet Trojan horse
Hidden part of some otherwise useful software
Today often on a Web page (Active-X, plugin)
Virus infection by receiving
object (e.g., e-mail attachment), actively executing
self-replicating: propagate itself to other hosts, users
Worm: infection by passively
receiving object that gets itself executed
self- replicating: propagates to other hosts, usersSapphire Worm: aggregate scans/sec
in first 5 minutes of outbreak (CAIDA, UWisc data)
Viruses
Code
Init
Executed by user or app Inserts into code
In empty regions of app Redirects app start instructions
Effect Mischief Spyware
Spread Locally As used
Trojans
Already Exists in Code Does not propagate Effect
Mischief Spyware Anything
Worms
Self Replicating Exploit vulnerabilities Effect
Cause High Net Traffic Mischief/Spyware
Spread Over Networks Actively
Polymorphic
Code Red Propagation
Sapphire Worm Propagation
Backdoor
Adding illicit access to a host Remotely
• Creating a server• Adding User with remote access
Locally• Bury alternative access in code
Hybrid Bugs
Bugs are people too!
What about Anti-virus?
Can only match known signatures Fine if there is a match Not so fine if there isn’t
• Zero-day attack– (a bit presumptuous term)
• Unknown attack Some bugs disable anti-virus
Introduction 1-18
Bad guys can attack servers and network infrastructure
Denial of service (DoS): attackers make resources (server, bandwidth) unavailable to legitimate traffic by overwhelming resource with bogus traffic
1. select target
2. break into hosts around the network (see botnet)
3. send packets toward target from compromised hosts
target
Denial of Service
Denial of Service Typically one source Utilizes weaknesses in App or Proto to bring
services down Distributed Denial of Service
Many hosts attacking a small network Indistinguishable from certain network
phenomena (Flash Crowds).
Syn Flood
TCP Session
TCP Session
TCP Session
TCP Session
TCP Session
TCP Session
TCP Session
Server
SYN
Ping of Death (POD)
Feed the target more than he can handle
Host Chokes
Introduction 1-23
The bad guys can sniff packetsPacket sniffing:
broadcast media (shared Ethernet, wireless) promiscuous network interface reads/records all packets
(e.g., including passwords!) passing by
A
B
C
src:B dest:A payload
Wireshark software used for end-of-chapter labs is a (free) packet-sniffer
Introduction 1-25
The bad guys can use false source addresses IP spoofing: send packet with false source
addressA
B
C
src:B dest:A payload
Introduction 1-26
The bad guys can record and playback
record-and-playback: sniff sensitive info (e.g., password), and use later password holder is that user from system point of
view
A
B
C
src:B dest:A user: B; password: foo
Introduction 1-27
Network Security more throughout this course chapter 8: focus on security crypographic techniques: obvious uses
and not so obvious uses
Sources
Federal Trade Commission, Consumer Fraud and Identity Theft Complaint Data: January-December 2007, 2008.
Department of Justice, Report to the President and Congress on Coordination of Intellectual Property Enforcement and Protection, January 2008
