ECE Spring 2008 also see Prof. John A. Copeland fax Office: Klaus 3362

Slides:



Advertisements
Similar presentations
Data Communications and Computer Networks Chapter 1 CS 3830 Lecture 5 Omar Meqdadi Department of Computer Science and Software Engineering University of.
Advertisements

Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.
(4.4) Internet Protocols Layered approach to Internet Software 1.
James Tam Computer Security Concepts covered Malicious computer programs Malicious computer use Security measures.
Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
1 Network Security Derived from original slides by Henric Johnson Blekinge Institute of Technology, Sweden From the book by William Stallings.
1 Network Intruders Masquerader: A person who is not authorized to use a computer, but gains access appearing to be someone with authorization (steals.
1 Computer System Evolution Central Data Processing System: - with directly attached peripherals (card reader, magnetic tapes, line printer). Local Area.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Privacy - not readable Permanent - not alterable (can't edit, delete) Reliable - (changes detectable) But the data must be accessible to persons authorized.
Henric Johnson1 Intruders and Viruses Henric Johnson Blekinge Institute of Technology, Sweden
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
1 Computer Viruses (and other “Malicious Programs) Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
Computer Viruses By Patsy Speer What is a Virus? Malicious programs that cause damage to your computer, files and information They slow down the internet.
SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
CSCE 815 Network Security Lecture 20 Intruders / Intrusion Detection April 3, 2003.
Week 5 IBS 520 Computer and Online Security. Cybercrime Online or Internet- based illegal acts What is a computer security risk? Computer crime Any illegal.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.
Hands-On Microsoft Windows Server 2003 Networking Chapter Three TCP/IP Architecture.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 3: TCP/IP Architecture.
Network Security Fall Dr. Faisal Kakar Office: 01, FICT Building
Lecture#2 on Internet and World Wide Web. Internet Applications Electronic Mail ( ) Electronic Mail ( ) Domain mail server collects incoming mail.
1.1 What is the Internet What is the Internet? The Internet is a shared media (coaxial cable, copper wire, fiber optics, and radio spectrum) communication.
Virus and Antivirus Team members: - Muzaffar Malik - Kiran Karki.
ECE Prof. John A. Copeland fax Office: GCATT.
Chapter 1: The Internet and the WWW CIS 275—Web Application Development for Business I.
1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
INTRODUCTION. The security system is used as in various fields, particularly the internet, communications data storage, identification and authentication.
CHAPTER 7: PRIVACY, CRIME, AND SECURITY. Privacy in Cyberspace  Privacy: an individual’s ability to restrict or eliminate the collection, use and sale.
IT internet security. The Internet The Internet - a physical collection of many networks worldwide which is referred to in two ways: The internet (lowercase.
Chapter 10 Malicious software. Viruses and ” Malicious Programs Computer “ Viruses ” and related programs have the ability to replicate themselves on.
Types of Electronic Infection
NS-H /11041 Intruder. NS-H /11042 Intruders Three classes of intruders (hackers or crackers): –Masquerader –Misfeasor –Clandestine user.
ECE-8843 Fall Prof. John A. Copeland fax Office:
Application Layer Khondaker Abdullah-Al-Mamun Lecturer, CSE Instructor, CNAP AUST.
Topic 5: Basic Security.
1 Chapter 9 Intruders. 2 Outline Intruders –Intrusion Techniques –Password Protection –Password Selection Strategies –Intrusion Detection Statistical.
Malicious Software.
Chapter 9 Intruders.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.
1 Network Security. 2 Security Services Confidentiality: protection of any information from being exposed to unintended entities. –Information content.
Network System Security - Task 2. Russell Johnston.
Security Risks Todays Lesson Security Risks Security Precautions
Unit 3 Section 6.4: Internet Security
or call for office visit, or call Kathy Cheek,
or call for office visit, or call Kathy Cheek,
Chapter 9 Intruders.
or call for office visit, or call Kathy Cheek,
(see also Q1 and Q2 Topics)
Security in Networking
Topic 5: Communication and the Internet
Chap 10 Malicious Software.
Chapter 9 Intruders.
King Saud University- College OF Applied Studies
Lecture 3: Secure Network Architecture
Security.
Chap 10 Malicious Software.
King Saud University- College OF Applied Studies
Network Security 4/21/2019 Raj Rajarajan.
Mobile IP Outline Homework #4 Solutions Intro to mobile IP Operation
Mobile IP Outline Intro to mobile IP Operation Problems with mobility.
Test 3 review FTP & Cybersecurity
Chapter 9 Intruders and Viruses.
Presentation transcript:

also see http://tsquare.gatech.edu/ ECE-6612 Spring 2008 http://www.csc.gatech.edu/copeland/jac/6612/ also see http://tsquare.gatech.edu/ Prof. John A. Copeland john.copeland@ece.gatech.edu 404 894-5177 fax 404 894-0035 Office: Klaus 3362 email or call for office visit, or call Kathy Cheek, 404 894-5696

or http://users.ece.gatech.edu/~copeland/jac/6612/ The class Web site is: http://www.csc.gatech.edu/copeland/jac/6612/ or http://users.ece.gatech.edu/~copeland/jac/6612/ On this site you will find: • Class calendar (test dates, etc.) • Reading assignments (about 20 pages, read before class) • Lecture Notes (ppt files to print) • Homework assignments (and answers), a Q&A folder Homework assignments will be text files, sent to you by email and posted on the Web. Answers will be edited into them, and they will be returned by email to me. Since these count for your final grade, treat homework assignments like take-home quizzes. Graded versions will be returned to you by email. 2

Objectives of Data Security • Privacy - not readable • Permanent - not alterable (can't edit, delete) • Reliable - (changes detectable) • Signed - (non-reputable) • Acknowledged - (know it was received) • Authorization - few have privileges But the data must be accessible to persons authorized to: • Read, edit, add, delete Probably over a network, possibly over the Internet. 3

Attacks, Services, and Mechanisms * Security Attack: Any action that compromises the security of information. * Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack. * Security Service: A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms. 4

Security Services (P + 5 A's) * Confidentiality (Privacy) * Authentication (who created or sent the data) * Integrity (has not been altered) [Alteration (protection)] * Non-repudiation (the buy-order is final) [Attribution] * Access control (prevent misuse of resources) [Authorization] * Availability (permanence, non-erasure) - Denial of Service Attacks - Virus that deletes files 5

Availability Privacy Alteration, Attribution Authentication, Authorization 6 6

7

Wiring Closet 8

Wiring Trough 9

10

11

Security Standards Internet - Internet Engineering Task Force (IETF) De Facto (PGP email security system, Kerberos-MIT) ITU (X.509 Certificates) - not in book - National Institute of Standards and Technology (SHA) IEEE (802.2-Ethernet, 802.11 - Wireless LAN) Department of Defense, Nat. Computer Security Center - Tempest (radiation limits) - Orange Book: Class A1, B3, C1, C2, ... Export Controls - High Performance Computers - Systems with “Hard” Encryption 12

IETF - Internet Engineering Task Force RCF - Request for Comments Wireless Security - IEEE 802 Committee 13

Viruses, Worms, and Trojan Horses Virus - code that copies itself into other programs (usually riding on email messages or attached documents (e.g., macro viruses). Payload - harmful things it does, after it has had time to spread. Worm - a program that replicates itself across the network (Sapphire: single UDP packet, MSblast: TCP opened a back-door) Trojan Horse - instructions in an otherwise good program that cause bad things to happen (sending your data or password to an attacker over the net). Logic Bomb - malicious code that activates on an event (e.g., date). Trap Door (or Back Door) - undocumented entry point written into code for debugging that can allow unwanted users. Bot (robot) - a compromised host that is controlled remotely. Bot Net - many bots controlled by the same organization. 14

Virus Protection Have a well-known virus protection program, configured to scan disks and downloads automatically for known viruses. Monthly (if not weekly) database updates are necessary. Do not execute programs (or "macro's") from unknown sources (e.g., PS files, HyperCard files, MS Office documents, Java, ...), if you can help it. Lately, downloaded image files can compromise your PC. Avoid the most common operating systems and email programs, if possible (I use MacOS and Eudora). Avoid Web Mail, integrated mail and browser programs. 15

Password Gathering Look under keyboard, telephone etc. Look in the Rolodex under “X” and “Z” Call up pretending to from “micro-support,” and ask for it. “Snoop” a network and watch the plaintext passwords go by. Tap a phone line - but this requires a very special modem. Use a “Trojan Horse” program or “key catcher”to record key stokes. 16

The Stages of a Classical Network Intrusion 1. Scan the network to: • locate which IP addresses are in use, • what operating system is in use, • what TCP or UDP ports are “open” (being listened to by Servers). 2. Run “Exploit” scripts against open ports 3. Get access to Shell program which is “suid” (has “root” privileges). 4. Download from Hacker Web site special versions of systems files that will let Cracker have free access in the future without his cpu time or disk storage space being noticed by auditing programs. 5. Use IRC (Internet Relay Chat) to invite friends to the feast. 17

Clicking on the Wrong Button can Compromise your PC

Router-Firewall can drop packets based on source or destination, Web Server Browser Application Application Router-Firewall can drop packets based on source or destination, ip address and/or port Layer Layer (HTTP) (HTTP) Port 80 Port 31337 Transport Transport Layer Layer (TCP,UDP) (TCP,UDP) Protocol No. Protocol No. Network Network Layer (IP) Layer (IP) IP Address 130.207.22.5 Network Network IP Address 24.88.15.22 Layer Layer Token Ring E'net Data Token Ring E'net Data Link Layer Link Layer Data-Link Layer Data Link Layer Ethernet Token Ring E'net Phys. Token Ring Phys. Layer Phys. Layer Layer Phys. Layer 19

IP Zone-Access Control (xinetd) /etc/hosts.deny ALL:ALL /etc/hosts.allow in.telnetd: 199.77.146 24.88.154.17 in.ftpd: 199.77.146.19 199.77.146.102 UNIX and Linux computers allow network contact to be limited to individual hosts or subnets (199.77.146 means 199.77.146.any). Above, telnet connection is available to all on the 199.77.146.0 subnet, and a single off-subnet host, 24.88.154.17 FTP service is available to only to two local hosts, .19 and .102. The format for each line is “daemon:host-list”. 2005 - Use IPtables instead (more detailed, but more complicated) 20

PGP (Pretty Good Privacy) -> GPG From "PGP Freeware for MacOS, User's Guide" Version 6.5, Network Associates, Inc., www.pgp.com 21

Access Control Today almost all systems are protected only by a simple password that is typed in, or sent over a network in the clear.Techniques for guessing passwords: 1. Try default passwords. 2. Try all short words, 1 to 3 characters long. 3. Try all the words in an electronic dictionary(60,000). 4. Collect information about the user’s hobbies, family names, birthday, etc. 5. Try user’s phone number, social security number, street address, etc. 6. Try all license plate numbers (123XYZ). Prevention: Enforce good password selection (e.g., “c0p31an6-liKe5=Alvakad05” or “3Bm1ce-c-htr”) 22

Kerberos 23