Security (Continued) V.T. Raja, Ph.D., Oregon State University.

Slides:



Advertisements
Similar presentations
NETWORK SECURITY ADD ON NOTES MMD © Oct2012. IMPLEMENTATION Enable Passwords On Cisco Routers Via Enable Password And Enable Secret Access Control Lists.
Advertisements

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Cisco 2 - Routers Perrine. J Page 14/30/2015 Chapter 10 TCP/IP Protocol Suite The function of the TCP/IP protocol stack is to transfer information from.
1 Topic 2 – Lesson 4 Packet Filtering Part I. 2 Basic Questions What is packet filtering? What is packet filtering? What elements are inside an IP header?
CISCO NETWORKING ACADEMY PROGRAM (CNAP)
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
1 Reading Log Files. 2 Segment Format
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Services Networking for Home and Small Businesses – Chapter 6.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Network Attacks Mark Shtern.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Network Security V.T. Raja and James Coakley Oregon State University.
Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.
Outline Definition Point-to-point network denial of service
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World
SYN Flooding: A Denial of Service Attack Shivani Hashia CS265.
Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA © Abdou Illia.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.
1 CCNA 2 v3.1 Module Intermediate TCP/IP CCNA 2 Module 10.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
WXES2106 Network Technology Semester /2005 Chapter 8 Intermediate TCP CCNA2: Module 10.
Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,
Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.
Forensic and Investigative Accounting
1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.
CS426Fall 2010/Lecture 331 Computer Security CS 426 Lecture 33 Network Security (1)
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
Sales Kickoff - ARCserve
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Being an Intermediary for Another Attack Prepared By : Muhammad Majali Supervised By : Dr. Lo’ai Tawalbeh New York Institute of Technology (winter 2007)
1 Semester 2 Module 10 Intermediate TCP/IP Yuda college of business James Chen
Denial of Service Bryan Oemler Web Enhanced Information Management March 22 nd, 2011.
Forensic and Investigative Accounting Chapter 14 Internet Forensics Analysis: Profiling the Cybercriminal © 2005, CCH INCORPORATED 4025 W. Peterson Ave.
--Harish Reddy Vemula Distributed Denial of Service.
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Security News Source Courtesy:
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
CS426Network Security1 Computer Security CS 426 Network Security (1)
Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.
CHAPTER 3 Classes of Attack. INTRODUCTION Network attacks come from both inside and outside firewall. Kinds of attacks: 1. Denial-of-service 2. Information.
Lecture 22 Network Security CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Hesham El-Rewini.
CS526Topic 18: Network Security1 Information Security CS 526 Network Security (1)
NETWORK ATTACKS Dr. Andy Wu BCIS 4630 Fundamentals of IT Security.
Denial of Service Datakom Ht08 Jesper Christensen, Patrick Johansson, Robert Kajic A short introduction to DoS.
Denial of Service Attacks
Denial of Service Attack 발표자 : 전지훈. What is Denial of Service Attack?  Denial of Service Attack = DoS Attack  Service attacks on a Web server floods.
________________ CS3235, Nov 2002 (Distributed) Denial of Service Relatively new development. –Feb 2000 saw attacks on Yahoo, buy.com, ebay, Amazon, CNN.
Lesson 7: Network Security and Attacks. Computer Security Operational Model Protection = Prevention+ (Detection + Response) Access Controls Encryption.
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 25 November 16, 2004.
Slide #1 CIT 380: Securing Computer Systems TCP/IP.
DoS/DDoS attack and defense
Network Security Threats KAMI VANIEA 18 JANUARY KAMI VANIEA 1.
Page 12/9/2016 Chapter 10 Intermediate TCP : TCP and UDP segments, Transport Layer Ports CCNA2 Chapter 10.
UDP & TCP Where would we be without them!. UDP User Datagram Protocol.
Computer Network Architecture Lecture 6: OSI Model Layers Examples 1 20/12/2012.
© 2002, Cisco Systems, Inc. All rights reserved..
COSC513 Final Project Firewall in Internet Security Student Name: Jinqi Zhang Student ID: Instructor Name: Dr.Anvari.
Denial of Service A comparison of DoS schemes Kevin LaMantia COSC 316.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Chapter 8.  Upon completion of this chapter, you should be able to:  Understand the purpose of a firewall  Name two types of firewalls  Identify common.
Comparison of Network Attacks COSC 356 Kyler Rhoades.
Port Scanning (based on nmap tool)
Introduction to Networking
Lab 2: TCP IP Attacks ( Indirect)
CCNA 2 v3.1 Module 10 Intermediate TCP/IP
Firewalls (March 2, 2016) © Abdou Illia – Spring 2016.
CS4470 Computer Networking Protocols
Presentation transcript:

Security (Continued) V.T. Raja, Ph.D., Oregon State University

Outline Denial of Service (DoS) Attack –Smurf Attack –Half-open telnet sessions –SYN Flood Attack Distributed DoS Attack Network Address Translation –NAT Proxy Server Demilitarized Zone (DMZ)

Denial of Service (DoS) Attacks Denial of Service attacks –“Ping” attacks –Smurf attack –SYN flood attack –Half-open telnet sessions Distributed Denial of Service attacks

Denial of Service (DoS) Attack Hacker attempts to disrupt the network by flooding the network with messages so that the network cannot process messages from legitimate users Examples: 1. Hacker’s program continuously pings target computer. –Consequence: –Solution: 2. Hacker’s program continuously send “ping” requests to the target that list the target as the sender –Consequence: –Solution: 3. Smurf attack: What is a smurf attack? What is the consequence of a smurf attack? 4. SYN Flood attack: What is a SYN flood attack? What is the consequence of such an attack?

Telnet A protocol used for remote login Does not transfer data in bulk Interactive –Each character typed by Telnet user is sent to remote host –Remote host sends back a copy of each character to Telnet user, which will be displayed on the Telnet user’s screen (echo back) –Echo back is used to ensure that characters seen by Telnet user have already been received and processed at remote site. –Each character thus traverses the network twice between the time the user hits the key and the time the character is displayed on the user’s monitor

ClientServer Half-open Telnet sessions

TCP header: Packet #s (Sequence #s) Assume a file has 500,000 bytes Assume TCP breaks this file into packets, where each packet size is 1000 bytes Each packet is given a packet # The packet # for a packet is the number of the first byte in that packet. –The packet # of first packet would be 1 –The packet # of next packet would be 1001 –The packet # of third packet would be 2001 and so on

TCP: Acknowledgement # Assume A transmits to B B acknowledges receipt of A’s message, by specifying an acknowledgment #. The ACK # sent by B is the packet # of the next packet that B is expecting from A. Example: –After A sends first packet, B sends an acknowledgment to A by specifying ACK# –After A sends second packet, B acknowledges by specifying ACK# 2001.

TCP SYN for a simple Telnet application TCP stands for: Transmission Control Protocol SYN stands for: Synchronize Sequence Numbers Assume Client A initiates a Telnet session with Server B. Assume client A has typed the letter “C.”

ClientServer Half-open TCP SYN

SYN Flood Attack Attacker (client) sends a TCP SYN (Synchronize Sequence/Packet Number) request to server. The server responds by sending a TCP SYN/ACK packet. The attacker does not respond – resulting in half- open session using up server resources. The attacker sends a flood of such TCP SYN requests without responding. Requests from other legitimate clients are unable to reach the server due to multiple half-open sessions

Distributed DoS (DDos) attack In A DDoS attack, a hacker first gains control of hundreds/thousands of computers. Plants software referred to as DDoS agent on each of the slaves (Zombies) Hacker then uses software referred to as DDoS handler (master zombie) to control the agents (slave zombies) Attacker launches attacks from all the slaves so that it is difficult to trace hacker

High Profile Victims of DDoS Yahoo, eBay, Amazon and eTrade websites were rendered inaccessible to legitimate visitors after being flooded with traffic from hundreds of hijacked system sites were flooded with DDoS attack for almost one daywww.msn.comwww.expedia.com DDoS attack high-level DNS servers on the Internet

Network Address Translation Network address translation (NAT) is used to shield a private network from outside interference. An NAT proxy server uses an address table, translating network addresses inside the organization into aliases for use on the Internet. So, internal IP addresses remain hidden. It is common to combine DMZ, firewalls and proxy servers. (See Figure).

Figure: Network design using firewalls, DMZ and NAT Proxy Servers