Академический Документы
Профессиональный Документы
Культура Документы
Network Security
Review
• Compatibility testing
› If you were responsible for building the reference
implementation for a protocol for VoIP-client-to-
directory-server communications, what would you
build?
• Stakeholder interests and strategies
› Imagine that a small developer is interested in
developing a streaming media client, but does not have
the resources to build and sell a complete system
(including server)
› Would this developer prefer that streaming media
protocols be standardized or not?
2
Learning Objectives
3
Some Sources of Problems
• Accidents
› Software and hardware bugs
› Natural disasters
› Human errors
• Adversaries
› Hackers/Crackers/”Black Hats”
› Hacker has a second meaning as “good programmer”
› Disgruntled employees
› Malicious code: Viruses, Worms, and Trojan Horses
4
Terminology
• Vulnerability
› A weakness in your system that could be exploited by
an adversary
› More generally, something that could go wrong
• Threat
› A scenario of what an adversary would do
› More generally, something that could go wrong that
you’re worried enough to do something about
• Countermeasure
› Something you do to reduce risks from threats
› Often by reducing vulnerabilities
5
Reliability and Security Goals
6
High Availability:
Vulnerabilities
• Off-line upgrade and maintenance
• Software crashes
• Equipment failure
• Denial-of-service (DOS) attack
› Oversized ICMP packets (ping of death)
› Flooding attacks
› Target has to do more work than initiator (so usually
“Distributed” DOS or DDOS attack)
› SYN flood (TCP): Request many new TCP connections
because each one causes recipient to do a lot of work
› Echo floods: Send echo request to some “rebroadcaster,” all
recipients reply to spoofed source address (the target of the
attack)
7
High Availability:
Countermeasures
• On-line upgrade and maintenance
• More application testing, more rapid bug
reports and fixes
• Equipment or application redundancy
• Operational vigilance
› For example, installing latest software patches
• Access controls
• Firewalls
8
Availability Discussion
9
Data Persistence: Vulnerabilities
and Countermeasures
• Hardware failure
› Countermeasure: periodic backup
• Data change
› Countermeasure: integrity checks (how?)
• Hardware obsolescence
› Countermeasure: periodic copy of data to new device
• Data format obsolescence
› Software to process may not be available
› Countermeasures (see F02 midterm)
› Periodic translation of data to new formats
› Continual migration of processing software
› Platform emulators
10
Access: Vulnerability
11
Access:
Countermeasures
• Step 1: Authentication: verify user’s identity
› Somewhere you are (location)
› Something you know
› Something you can do
› Something you have
› Something you are
• Step 2: Authorization: limit what a user can do
› Sometimes also called access control
› Maintain a database of authorizations (access control lists)
› Can organize by person/entity, defining which items each
entity allowed to access
› Or organize by items, defining which entities are allowed to
access each item
12
Vulnerabilities in Location-Based
Authentication/Authorization
• Entity at that network address may not
be who you think it is
› Someone else may have physical access
to the computer
• May not really be at that network
address
› For example, IP spoofing
13
Exploiting Location-Based
Authentication: IP Spoofing
• Suppose A “trusts” B
› No password required if accessing A from B
• Z knocks out B through denial-of-service attack
• TCP Connect from Z to A
› But pretend to be at location B (give B’s IP address)
• A sends ACK to B
› B doesn’t respond (because of DOS attack)
• Z sends commands to A
› Still pretend to be at location B
› Z ACKs A’s response, even though Z didn’t see it
› Have to guess the right amount of data to ACK, and right
amount of delay
14
Malicious Code Threats
• Viruses
› File infection: virus attaches itself to a file
› Boot record infection: virus attaches itself to the boot
instructions stored on a storage medium (e.g., hard drive)
› Macro virus: virus attaches itself to a document associated
with an application that support scripting
• Worms
› Designed to copy itself from one computer to another over a
network without human intervention
• Trojan Horses
› Program that conceals its destructive purpose by pretending
to perform a desirable function
15
Malicious Code Countermeasures
• Prevention
› Know where code comes from before executing
› Check digital signature on the code
› Run code in "sandbox“
› A virtual machine on which unsafe instructions are
not executed
› Events on the virtual machine do not affect the real
machine
• Detection
› Notice changes
› Scan for known bad code fragments
16
Malicious Code and
OS/Application Diversity
• Working in an environment that uses a variety
of OSs and/or applications has several
implications for malicious code:
› More vulnerabilities
› Each OS/app has a different set of weaknesses,
requiring a different set of remedies
› Less damage from a problem
› Malicious code that targets one system doesn’t
affect the others
› Can use unaffected machines to work on fixing the
problems
17
Malicious Code Discussion
18
Firewalls (Packet Filters)
19
Public hosts Global Internet
Firewall
Internal hosts
Protected enclave
20
Firewalls (Packet Filters)
21
What Can Firewalls Filter?
22
Proxy Servers
23
Public hosts Global Internet
Firewall
Firewall
Proxy
Server
Internal hosts
Internal hosts
25
Typical Firewall Configurations
Note: In this context, the direction of the traffic indicates which host is
responsible for opening the connection. Once open, data flows both ways. 26
More Permissive Configuration
27
Vulnerability Assessment Tools
28
Intrusion Detection Tools
• Monitor activity
› Look for known “signatures” of cracking
› Look for “unusual activity”
› Requires some model of normal activity
• What to monitor
› Host-based: logs of activity on individual machines
› Network-based
› “Promiscuous mode” intercepts all packets
› Process them as fast as you can
› Unlike packet filter, can look for patterns in sequences of
packets
• Problem of false alarms
› Each alarm requires human investigation
29
Summary
30