Outline Basics of network security Definitions Sample attacks

Slides:



Advertisements
Similar presentations
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Advertisements

NS-H /11041 Attacks. NS-H /11042 The Definition Security is a state of well-being of information and infrastructures in which the possibility.
Are you secured in the network ?: a quick look at the TCP/IP protocols Based on: A look back at “Security Problems in the TCP/IP Protocol Suite” by Steven.
 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.
Security (Continued) V.T. Raja, Ph.D., Oregon State University.
Firewalls and Intrusion Detection Systems
Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.
Slide 1 Attacks on TCP/IP. slide 2 Security Issues in TCP/IP uNetwork packets pass by untrusted hosts Eavesdropping (packet sniffing) uIP addresses are.
SYN Flooding: A Denial of Service Attack Shivani Hashia CS265.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
1 CCNA 2 v3.1 Module Intermediate TCP/IP CCNA 2 Module 10.
Lecture 22 Page 1 Advanced Network Security Other Types of DDoS Attacks Advanced Network Security Peter Reiher August, 2014.
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.
Network security Further protocols and issues. Protocols: recap There are a few main protocols that govern the internet: – Internet Protocol: IP – Transmission.
NETWORK COMPONENTS Assignment #3. Hub A hub is used in a wired network to connect Ethernet cables from a number of devices together. The hub allows each.
Lecture 9 Page 1 CS 136, Fall 2014 Network Security Computer Security Peter Reiher November 4, 2014.
Lecture 1 Page 1 CS 239, Fall 2010 Distributed Denial of Service Attacks and Defenses CS 239 Advanced Topics in Computer Security Peter Reiher September.
Security Issues in Control, Management and Routing Protocols M.Baltatu, A.Lioy, F.Maino, D.Mazzocchi Computer and Network Security Group Politecnico di.
Group 8 Distributed Denial of Service. DoS SYN Flood DDoS Proposed Algorithm Group 8 What is Denial of Service? “Attack in which the primary goal is to.
Denial of Service Sharmistha Roy Adversarial challenges in Web Based Services.
NETWORK ATTACKS Dr. Andy Wu BCIS 4630 Fundamentals of IT Security.
Lecture 20 Page 1 Advanced Network Security Basic Approaches to DDoS Defense Advanced Network Security Peter Reiher August, 2014.
Lecture 11 Page 1 CS 136, Spring 2009 Network Security CS 136 Computer Security Peter Reiher May 7, 2009.
Denial of Service DoS attacks try to deny legimate users access to services, networks, systems or to other resources. There are DoS tools available, thus.
Lecture 17 Page 1 CS 236, Spring 2008 Distributed Denial of Service (DDoS) Attacks Goal: Prevent a network site from doing its normal business Method:
DoS/DDoS attack and defense
Network Security Threats KAMI VANIEA 18 JANUARY KAMI VANIEA 1.
Lecture 16 Page 1 CS 239, Spring 2007 Designing Performance Experiments: An Example CS 239 Experimental Methodologies for System Software Peter Reiher.
Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.
Lecture 17 Page 1 CS 236, Spring 2008 Distributed Denial of Service (DDoS) Attacks Goal: Prevent a network site from doing its normal business Method:
Lecture 17 Page 1 Advanced Network Security Network Denial of Service Attacks Advanced Network Security Peter Reiher August, 2014.
Denial of Service A comparison of DoS schemes Kevin LaMantia COSC 316.
Lecture 9 Page 1 CS 136, Spring 2014 Network Security CS 136 Computer Security Peter Reiher May 6, 2014.
Lecture 9 Page 1 CS 136, Spring 2016 Network Security Computer Security Peter Reiher April 26, 2016.
By: Brett Belin. Used to be only tackled by highly trained professionals As the internet grew, more and more people became familiar with securing a network.
Comparison of Network Attacks COSC 356 Kyler Rhoades.
Lecture 9 Page 1 CS 236 Online Firewalls What is a firewall? A machine to protect a network from malicious external attacks Typically a machine that sits.
1Security for Service Providers – Dave Gladwin – Newport Networks – SIP ’04 – 22-Jan-04 Security for Service Providers Protecting Service Infrastructure.
An Introduction To ARP Spoofing & Other Attacks
Introduction to Information Security
IT443 – Network Security Administration Instructor: Bo Sheng
Network Security Mechanisms
Some Important Network Characteristics for Security
Some Important Network Characteristics for Security
Wireless Network Security
Distributed Denial of Service (DDoS) Attacks
Outline Basics of network security Definitions Sample attacks
Classification of various Attacks.
Error and Control Messages in the Internet Protocol
Virtual Private Networks
Outline Introduction Characteristics of intrusion detection systems
Troubleshooting IP Communications
Virtual LANs.
CSE 4905 Network Security Overview
Network Security: IP Spoofing and Firewall
I. Basic Network Concepts
دیواره ی آتش.
Outline Using cryptography in networks IPSec SSL and TLS.
Outline Network characteristics that affect security
Outline Basics of network security Definitions Sample attacks
Outline The spoofing problem Approaches to handle spoofing
Session 20 INST 346 Technologies, Infrastructure and Architecture
Outline Basics of network security Definitions Sample attacks
Outline Why is DDoS hard to handle?
Distributed Denial of Service (DDoS) Attacks
Outline The concept of perimeter defense and networks Firewalls.
Presentation transcript:

Network Security CS 136 Computer Security Peter Reiher October 25, 2011

Outline Basics of network security Definitions Sample attacks Defense mechanisms

Some Important Network Characteristics for Security Degree of locality Media used Protocols used

Degree of Locality Some networks are very local E.g., an Ethernet Benefits from: Physical locality Small number of users and machines Common goals and interests Other networks are very non-local E.g., the Internet backbone Many users/sites share bandwidth

Network Media Some networks are wires, cables, or over telephone lines Can be physically protected Other networks are satellite links or other radio links Physical protection possibilities more limited

Protocol Types TCP/IP is the most used But it only specifies some common intermediate levels Other protocols exist above and below it In places, other protocols replace TCP/IP And there are lots of supporting protocols Routing protocols, naming and directory protocols, network management protocols And security protocols (IPSec, ssh, ssl)

Implications of Protocol Type The protocol defines a set of rules that will always be followed But usually not quite complete And they assume everyone is at least trying to play by the rules What if they don’t? Specific attacks exist against specific protocols

Why Are Networks Especially Threatened? Many “moving parts” Many different administrative domains Everyone can get some access In some cases, trivial for attacker to get a foothold on the network Networks encourage sharing Networks often allow anonymity

What Can Attackers Attack? The media connecting the nodes Nodes that are connected to them Routers that control the traffic The protocols that set the rules for communications

Wiretapping Passive wiretapping is listening in illicitly on conversations Active wiretapping is injecting traffic illicitly Packet sniffers can listen to all traffic on a broadcast medium Ethernet or 802.11, e.g. Wiretapping on wireless often just a matter of putting up an antenna

Impersonation A packet comes in over the network With some source indicated in its header Often, the action to be taken with the packet depends on the source But attackers may be able to create packets with false sources

Violations of Message Confidentiality Other problems can cause messages to be inappropriately divulged Misdelivery can send a message to the wrong place Clever attackers can make it happen Message can be read at an intermediate gateway or a router Sometimes an intruder can get useful information just by traffic analysis

Message Integrity Even if the attacker can’t create the packets he wants, sometimes he can alter proper packets To change the effect of what they will do Typically requires access to part of the path message takes

Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing tables Or flooding routers Or destroying key packets

How Do Denial of Service Attacks Occur? Basically, the attacker injects some form of traffic Most current networks aren’t built to throttle uncooperative parties very well All-inclusive nature of the Internet makes basic access trivial Universality of IP makes reaching most of the network easy

Example DoS Attack: Smurf Attacks Attack on vulnerability in IP broadcasting Send a ping packet to IP broadcast address With forged “from” header of your target Resulting in a flood of replies from the sources to the target Easy to fix at the intermediary Don’t allow IP broadcasts to originate outside your network No good solutions for victim

Another Example: SYN Flood Based on vulnerability in TCP Attacker uses initial request/response to start TCP session to fill a table at the server Preventing new real TCP sessions SYN cookies and firewalls with massive tables are possible defenses

Table of open TCP connections Normal SYN Behavior SYN SYN/ACK ACK Table of open TCP connections

A SYN Flood Server can’t fill request! Table of open TCP connections SYN/ACK SYN/ACK SYN/ACK SYN/ACK SYN Server can’t fill request! Table of open TCP connections

And no changes to TCP protocol itself KEY POINT: Server doesn’t need to save cookie value! SYN Cookies SYN/ACK number is secret function of various information Client IP address & port, server’s IP address and port, and a timer SYN SYN/ACK + 1 ACK No room in the table, so send back a SYN cookie, instead Server recalculates cookie to determine if proper response

General Network Denial of Service Attacks Need not tickle any particular vulnerability Can achieve success by mere volume of packets If more packets sent than can be handled by target, service is denied A hard problem to solve

Distributed Denial of Service Attacks Goal: Prevent a network site from doing its normal business Method: overwhelm the site with attack traffic Response: ?

The Problem

Why Are These Attacks Made? Generally to annoy Sometimes for extortion If directed at infrastructure, might cripple parts of Internet

Attack Methods Pure flooding Of network connection Or of upstream network Overwhelm some other resource SYN flood CPU resources Memory resources Application level resource Direct or reflection

Why “Distributed”? Targets are often highly provisioned servers A single machine usually cannot overwhelm such a server So harness multiple machines to do so Also makes defenses harder

How to Defend? A vital characteristic: Don’t just stop a flood ENSURE SERVICE TO LEGITIMATE CLIENTS!!! If you deliver a manageable amount of garbage, you haven’t solved the problem

Complicating Factors High availability of compromised machines Millions of zombie machines out there Internet is designed to deliver traffic Regardless of its value IP spoofing allows easy hiding Distributed nature makes legal approaches hard Attacker can choose all aspects of his attack packets Can be a lot like good ones

Basic Defense Approaches Overprovisioning Dynamic increases in provisioning Hiding Tracking attackers Legal approaches Reducing volume of attack None of these are totally effective