CSE331: Introduction to Networks and Security Lecture 35 Fall 2002.

Slides:

Advertisements

Similar presentations

Denial of Service Attack History What is a Denial of Service Attack? Modes of Attack Performing a Denial of Service Attack Distributed Denial of Service.

Advertisements

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

CSE331: Introduction to Networks and Security Lecture 34 Fall 2002.

Computer Security and Penetration Testing

Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.

Intrusion Detection and Hackers Exploits IP Spoofing Attack Yousef Yahya & Ahmed Alkhamaisa Prepared for Arab Academy for Banking and Financial Sciences.

Security (Continued) V.T. Raja, Ph.D., Oregon State University.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Computer Security and Penetration Testing

Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.

Outline Definition Point-to-point network denial of service

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Slide 1 Attacks on TCP/IP. slide 2 Security Issues in TCP/IP uNetwork packets pass by untrusted hosts Eavesdropping (packet sniffing) uIP addresses are.

CSE331: Introduction to Networks and Security Lecture 36 Fall 2002.

SYN Flooding: A Denial of Service Attack Shivani Hashia CS265.

Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.

1 CCNA 2 v3.1 Module Intermediate TCP/IP CCNA 2 Module 10.

Web server security Dr Jim Briggs WEBP security1.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.

Lecture 15 Denial of Service Attacks

DENIAL OF SERVICE ATTACK

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Presentation on Osi & TCP/IP MODEL

Chapter 6: Packet Filtering

Network Security Introduction Some of these slides have been modified from slides of Michael I. Shamos COPYRIGHT © 2003 MICHAEL I. SHAMOS.

Firewall and Internet Access Mechanism that control (1)Internet access, (2)Handle the problem of screening a particular network or an organization from.

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

1 Version 3.0 Module 11 TCP Application and Transport.

FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.

Internet and Intranet Fundamentals Class 9 Session A.

OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Denial-of-Service Attacks Justin Steele Definition “A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate.

EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Security News Source Courtesy:

1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.

Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.

Beginning Network Security Monitor and control flow into and out of the LAN Ingress Egress Only let in the good guys Only let out the corp. business.

Lecture 20 Hacking. Over the Internet Over LAN Locally Offline Theft Deception Modes of Hacker Attack.

Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.

CHAPTER 3 Classes of Attack. INTRODUCTION Network attacks come from both inside and outside firewall. Kinds of attacks: 1. Denial-of-service 2. Information.

Lecture 22 Network Security CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Hesham El-Rewini.

Denial of Service Attacks Dr. John R. Durrett ISQS 6342 Spring 2003 Dipen Joshi.

Denial of Service Datakom Ht08 Jesper Christensen, Patrick Johansson, Robert Kajic A short introduction to DoS.

Denial of Service Attack 발표자 : 전지훈. What is Denial of Service Attack?  Denial of Service Attack = DoS Attack  Service attacks on a Web server floods.

Chapter 7 Denial-of-Service Attacks Denial-of-Service (DoS) Attack The NIST Computer Security Incident Handling Guide defines a DoS attack as: “An action.

Networking Basics CCNA 1 Chapter 11.

Security and Firewalls Ref: Keeping Your Site Comfortably Secure: An Introduction to Firewalls John P. Wack and Lisa J. Carnahan NIST Special Publication.

Computer Science and Engineering Computer System Security CSE 5339/7339 Session 25 November 16, 2004.

Page 1 Printing & Terminal Services Lecture 8 Hassan Shuja 11/16/2004.

DoS/DDoS attack and defense

SEMINAR ON IP SPOOFING. IP spoofing is the creation of IP packets using forged (spoofed) source IP address. In the April 1989, AT & T Bell a lab was among.

Page 12/9/2016 Chapter 10 Intermediate TCP : TCP and UDP segments, Transport Layer Ports CCNA2 Chapter 10.

More TCP/IP Protocols Chapter 6. TCP Transmission Control Protocol Connection-oriented Provides flow control Sequencing (putting the segments back in.

DOS Attacks Lyle YapDiangco COEN 150 5/21/04. Background DOS attacks have been around for decades Usually intentional and malicious Can cost a target.

IP packet filtering Breno de Medeiros. Florida State University Fall 2005 Packet filtering Packet filtering is a network security mechanism that works.

Denial of Service A comparison of DoS schemes Kevin LaMantia COSC 316.

By: Brett Belin. Used to be only tackled by highly trained professionals As the internet grew, more and more people became familiar with securing a network.

Comparison of Network Attacks COSC 356 Kyler Rhoades.

Outline Basics of network security Definitions Sample attacks

Port Scanning (based on nmap tool)

Introduction to Networking

The IP, TCP, UDP protocols

Study of A2D2 and explore improvement for Snort

Firewalls Chapter 8.

Outline Basics of network security Definitions Sample attacks

Presentation transcript:

CSE331: Introduction to Networks and Security Lecture 35 Fall 2002

CSE331 Fall Announcements Homework 3 Due Friday Project 4 Deadline Extended –Due: Monday, December 9 th December 9 th Review Session Final Exam Location –Moore 212 –Tues. 17 Dec. –8:30 – 10:30 AM

CSE331 Fall TEMPEST Security Transient Electromagnetic Pulse Emanation Standard –(Or?) Temporary Emanation and Spurious Transmission –Emission security (Van Eck phreaking) –computer monitors and other devices give off electromagnetic radiation –With the right antenna and receiver, these emanations can be intercepted from a remote location, and then be redisplayed (in the case of a monitor screen) or recorded and replayed (such as with a printer or keyboard).

CSE331 Fall TEMPEST Policy is set in National Communications Security Committee Directive 4 Guidelines for preventing EM reception –Shield the device (expensive) –Shield a location (inconvenient?) Not a risk? –Most of the guidelines are classified!

CSE331 Fall Denial of Service A denial-of-service attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. Examples include –attempts to "flood" a network, thereby preventing legitimate network traffic –attempts to disrupt connections between two machines, thereby preventing access to a service –attempts to prevent a particular individual from accessing a service –attempts to disrupt service to a specific system or person

CSE331 Fall Impact Denial-of-service attacks can essentially disable your computer or your network. –this can effectively disable your organization. Some denial-of-service attacks can be executed with limited resources against a large, sophisticated site. – This type of attack is sometimes called an asymmetric attack. – An attacker with an old PC and a slow modem may be able to disable much faster and more sophisticated machines or networks.

CSE331 Fall Modes of Attack Denial-of-service attacks come in a variety of forms and aim at a variety of services. There are three basic types of attack: –consumption of scarce, limited, or non-renewable resources –destruction or alteration of configuration information –physical destruction or alteration of network components

CSE331 Fall Consumption of Scarce Resources Resources: –network bandwidth –memory and disk space –CPU time –data structures –access to other computers and networks –certain environmental resources such as power, cool air, or even water.

CSE331 Fall Network Connectivity Denial-of-service attacks are most frequently executed against network connectivity. The goal is to prevent hosts or networks from communicating on the network. An example of this type of attack is the "SYN flood" attack.

CSE331 Fall TCP: Three-Way Handshake

CSE331 Fall Partially Open TCP Sessions A half-open connection –After the server system has sent an acknowledgment (SYN-ACK) –But before it has received the ACK The server has built a data structure describing all pending connections. The server can only store a fixed number of half-open connections –When the table is full, new requests are dropped –There is a time out, but flooding exhausts resources

CSE331 Fall IP Spoofing The attacking system sends forged SYN messages to the victim server system These appear to be legitimate but actually reference a client unable to respond to the SYN-ACK. The source addresses in the SYN packets are forged. –No way to determine its true source.

CSE331 Fall Asymmetry SYN flood attacks do not depend on the attacker being able to consume your network bandwidth. –The intruder is consuming kernel data structures involved in establishing a network connection. –Can execute this attack from a dial-up connection against a machine on a very fast network. This is a good example of an asymmetric attack.

CSE331 Fall Filtering With the current IP protocol technology, it is impossible to eliminate IP-spoofed packets. LANINTERNETFirewall Make sure outgoing packets have SRC in LAN Make sure incoming packets have SRC not in LAN

CSE331 Fall UDP “Packet Storm” chargen service –Generates a continuous stream of character output in UDP packets –Used for testing network bandwidth echo service –Accepts a UDP packet (i.e. telnet keystroke) and repeats it back to the sender Connect the chargen service to the echo service! –Uses up all network bandwidth between the services

CSE331 Fall Consumption of Other Resources Generate many processes –As in the Internet Worm Consume disk space – bomb/spam flood –Intentionally generate errors that must be logged –Put large files in anonymous FTP directories Prevent login –Some sites “lockout” accounts after a certain number of failed login attempts –Write a script to lockout everyone –Works against root

CSE331 Fall Destroying or Altering Config. Info. If an intruder can change routing tables, things are bad –Completely disable the network If an intruder can modify Windows registry information things are bad –Can disable certain OS functions

CSE331 Fall Physical Destruction of Network Physical security Guard against unauthorized access to: –Computers –Routers –Network wiring closets –Network backbone segments –Power and cooling stations –Any other critical components of your network.

CSE331 Fall Prevention & Response 1 Implement router filters –Lessen exposure to certain denial-of-service attacks. –Aid in preventing internal users from effectively launching denial-of-service attacks. Disable any unused or unneeded network services –Limits the ability of an intruder to take advantage of those services to execute a denial-of-service attack.

CSE331 Fall Prevention & Response 2 Enable quota systems on the operating system –Disk quotas for all accounts –Partition file system to separate critical functions from other data Observe the system performance –Establish baselines for ordinary activity. –Use the baseline to gauge unusual levels of disk activity, CPU usage, or network traffic.

CSE331 Fall Prevention & Response 3 Invest in and maintain "hot spares“ –Machines that can be placed into service quickly in the event that a similar machine is disabled. Invest in redundant and fault-tolerant network configurations. Establish and maintain regular backup schedules –particularly for important configuration information