Looking at Vulnerabilities Dave Dittrich University of Washington cac.washington.edu

Slides:



Advertisements
Similar presentations
Application Security Best Practices At Microsoft Ensuring the lowest possible exposure and vulnerability to attacks Published: January 2003.
Advertisements

DDoS A look back from 2003 Dave Dittrich The Information School / Computing & Communications University of Washington I2 DDoS Workshop - August 6/
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
Network Security Introduction Security technologies protect mission-critical networks from corruption and intrusion. Network security enables new business.
Net security - budi rahardjo Overview of Network Security Budi Rahardjo CISCO seminar 13 March 2002.
Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.
Hacking Linux Based on Hacking Linux Exposed Hatch, Lee, and Kurtz ISBN
Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.
Security Tools CS-480b Dick Steflik. CACLS Windows NT, W2000, XP Displays or modifies access control lists (ACLs) of files.
Network Administration Procedures Tools –Ping –SNMP –Ethereal –Graphs 10 commandments for PC security.
Looking at Vulnerabilities Dave Dittrich The Information School /Computing & Communications University of Washington Microsoft campus 8/25/03.
Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 2 Operating System Security Fundamentals.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
DDos Distributed Denial of Service Attacks by Mark Schuchter.
COEN 252: Computer Forensics Router Investigation.
CHAPTER Introduction to LANs. MODULE Purpose and Use of a Network.
Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.
Internet Relay Chat Chandrea Dungy Derek Garrett #29.
Copyright © Center for Systems Security and Information Assurance
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.
Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.
INTRODUCING MICROSOFT WINDOWS SERVER 2003
Workshop 1: Introduction to TCP/IP
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Computer Security Fundamentals Chuck Easttom Chapter 1 Introduction to to Computer Security.
AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
Demystifying Backdoor Shells and IRC Bots: The Risk … By : Jonathan.
VPN AND SECURITY FLAWS Rajesh Perumal Clemson University.
Computer Science and Engineering 1 Csilla Farkas Associate Professor Center for Information Assurance Engineering Dept. of Computer Science and Engineering.
Switch Concepts and Configuration and Configuration Part II Advanced Computer Networks.
Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.
Security Issues in Unix OS Saubhagya Joshi Suroop Mohan Chandran.
Network Security Introduction Some of these slides have been modified from slides of Michael I. Shamos COPYRIGHT © 2003 MICHAEL I. SHAMOS.
CERN’s Computer Security Challenge
Honeypot and Intrusion Detection System
This courseware is copyrighted © 2015 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
FTP Server and FTP Commands By Nanda Ganesan, Ph.D. © Nanda Ganesan, All Rights Reserved.
CSCE 815 Network Security Lecture 24 Your Jail and HoneyNets April 17, 2003.
Attacks On systems And Networks To understand how we can protect our system and network we need to know about what kind of attacks a hacker/cracker would.
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
Network Security Techniques by Bruce Roy Millard Division of Computing Studies Arizona State University
1 Firewalls G53ACC Chris Greenhalgh. 2 Contents l Attacks l Principles l Simple filters l Full firewall l Books: Comer ch
Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 13 FTP and Telnet.
Operating System Security Fundamentals Dr. Gabriel.
CHAPTER 9 Sniffing.
Cracking Techniques Onno W. Purbo
OV Copyright © 2005 Element K Content LLC. All rights reserved. Hardening Internetwork Devices and Services  Harden Internetwork Connection Devices.
Secure Wired Local Area Network( LAN ) By Sentuya Francis Derrick ID Module code:CT3P50N BSc Computer Networking London Metropolitan University.
Security and Firewalls Ref: Keeping Your Site Comfortably Secure: An Introduction to Firewalls John P. Wack and Lisa J. Carnahan NIST Special Publication.
TCOM Information Assurance Management System Hacking.
Network Infrastructure Microsoft Windows 2003 Network Infrastructure MCSE Study Guide for Exam
17 Establishing Dial-up Connection to the Internet Using Windows 9x 1.Install and configure the modem 2.Configure Dial-Up Adapter 3.Configure Dial-Up Networking.
High Performance Research Network Dept. / Supercomputing Center 1 DDoS Detection and Response System NetWRAP : Running on KREONET Yoonjoo Kwon
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
1  Carnegie Mellon University Overview of the CERT/CC and the Survivable Systems Initiative Andrew P. Moore CERT Coordination Center.
COMP1321 Digital Infrastructure Richard Henson March 2016.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Remote Authentication Dial-In User Service (RADIUS)
Common System Exploits Tom Chothia Computer Security, Lecture 17.
CSCE 548 Student Presentation By Manasa Suthram
Instructor Materials Chapter 7 Network Security
Onno W. Purbo Cracking Techniques Onno W. Purbo
Lesson 16-Windows NT Security Issues
Network+ Guide to Networks, Fourth Edition
Chapter 7 – and 8 pp 155 – 202 of Web security by Lincoln D. Stein
Test 3 review FTP & Cybersecurity
Presentation transcript:

Looking at Vulnerabilities Dave Dittrich University of Washington cac.washington.edu

Overview Background attack concepts Your typical look at Vulnerabilities, Risk vs. Cost A (real!) complex attack scenario A different view of vulnerabilities Trust relationships Attack trees Atypical/uncommon vulnerabilities

Stepping Stones

Internet Relay Chat (IRC)

IRC w/Bots&BNCs

Distributed Denial of Service (DDoS) Networks

Typical DDoS attack

DDoS Attack Traffic (1) One Day Traffic Graph

DDoS Attack Traffic (2) One Week Traffic Graph

DDoS Attack Traffic (3) One Year Traffic Graph

SANS Top 20 Vulnerabilities Windows Top Internet Information Server (IIS) 2. Microsoft Data Access Server (MDAC) 3. SQL Server 4. NETBIOS 5. Anonymous login/null session 6. LAN Manager Authentication (Weak LM hash) 7. General Windows Authentication (Accounts w/o pwd, bad pwd) 8. Internet Explorer 9. Remote Registry Access 10. Windows Scripting Host Unix Top Remote Procedure Call (RPC) services 2. Apache Web Server 3. Secure Shell (SSH) 4. Simple Network Management Protocol (SNMP) 5. File Transfer Protocol (FTP) 6. Berkeley “r” utilities (trust relationships) 7. Line Printer Daemon (LPD) 8. Sendmail 9. BIND/DNS 10. General Unix Authentication (accounts w/o pwd, bad pwd)

High Low password guessing password cracking exploiting known vulnerabilities disabling audits back doors hijacking sessions sniffers packet spoofing GUI automated probes/scans denial of service www attacks Tools Attackers Intruder Knowledge Attack Sophistication “stealth” / advanced scanning techniques burglaries network mgmt. diagnostics distributed attack tools binary encryption Source: CERT/CC (used w/o permission & modified “Can you say ‘fair use?’ Sure, I knew you could.” IHO Fred Rogers ) Attack sophistication vs. Intruder Technical Knowledge

Cost vs. Risk 101

Another view of Cost vs. Risk

UW Medical Center “Kane” Incident Goal: How hard to obtain patient records? Windows 98 desktop w/trojan or no pwd Sniffer Linux server -> Windows NT PDC/F&P server Unix server Windows PDCs, BDCs Windows Terminal Server (>400 users) Access database file (>4000 patient records: Name, SSN, Home number, treatment, date… ) SecurityFocus -> ABC News

Trust relationships Client Server IP based ACLs Shared password/symmetric key Shared network infrastructure Sensitive data in Sensitive files on servers

Attack Trees “Secrets and Lies,” Bruce Schneier, ISBN , chapter 21 Goal is root node: Sub-goals are lower nodes/leaves And/Or relationship between nodes Attributes: Likelihood, equipment required, cost of attack, skill required, legality, etc.

Attack Tree Example 1

Attack Tree Example 2

Attack Tree Example 3 Survivability Compromise: Monitor network traffic OR: 1. Install sniffer on desktop. OR: 1. Use trojan horse. 2. Use remote exploit. 3. Use Windows remote login service. OR: 1. Use passwordless Administrator account. 2. Brute force passwords on all listed accounts. 3. Brute force passwords on common accounts. 2. Install sniffer on Unix/Windows server OR: 1. Use remote exploit. 2. Steal/sniff password to root/Administrator account. 3. Guess password to root/Administrator account. 3. Man-in-the-middle attack on SSL/SSH. …

Attack Tree Example 4 (Nested) Survivability Compromise: Disclosure of Patient Records OR: 1. Attack Med Center network using connections to the Internet OR: 1. Compromise central patient records database (PRDB). AND: 1. Identify central PRDB. OR: 1. Scan to identify PRDB. 2. Monitor network traffic to identify PRDB. 2. Compromise central PRDB. OR: 1. Use Remote Exploit. 2. Monitor network traffic to sniff pwd to account. 3. Guess password to account. 2. Obtain file(s) containing patient records. OR: 1. Monitor network traffic to capture patient records. 2. Compromise file server or terminal server. OR: 1. Use Remote Exploit. 2. Monitor network traffic to sniff Administrator pwd. 3. Guess password to User/Administrator account.

Atypical Vulnerabilities Network Infrastructure Special Devices Non-technical (Social) Issues

Border Routers BGP (route insertion/withdrawal) Address forgery Source routing Denial of Service Remote service exploit & “Root kits” Lack of visibility/access to traffic flows

Internal Routers/Switches OSPF, RIP & other protocols Address forgery ARP spoofing Sniffing (SNMP community string, pwd) Denial of Service Lack of visibility/access to traffic flows

Servers Gateways to legacy apps Web apps Insufficient logging/auditing Hiding in plain sight Control of software configuration

Network Printers Change “Ready” message FTP bounce scan, other scanning File cache SNMP/web admin front ends, back doors Disclosure of print jobs Passive monitoring Redirection of print jobs

Medical “devices”, photocopiers, printers Proprietary or OEM OS (e.g., Solaris, IRIX) Many (non-essential) services turned on Typically behind the curve on patches Remote management (HTTP, SNMP) Heavy use of unencrypted protocols (e.g., FTP, LPR, Berkeley “r” utilities) “What? The hackers are back?”

PBXs, voice services Monitoring Theft of Service Fraud/social engineering Denial of Service Malware Cache (PC based VM)

Social Issues Not recognizing threats Assuming attacks are simple Assuming things are what they seem (e.g., Slammer, Nimda) Assuming attacks/defenses are direct Assuming you have it handled

Summary Vulnerabilities exist in places you might not think Vulnerabilities are additive, interrelated Complex attacks call for complex defenses/response If you’re not learning something new every day, you’re falling behind your adversary Questions?

References UW Medical Center Attack trees Networking

References (cont) Routers us-02-akin-cisco.ppt us-02-akin-cisco.ppt BGP, OSPF df df

References (cont) Switches, ARP, local network attacks Mike-Beekey.ppt Mike-Beekey.ppt Printers PBXs DDoS, “root kits”

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.