Final Introduction ---- Web Security, DDoS, others

Slides:



Advertisements
Similar presentations
Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.
Advertisements

Denial of Service, Firewalls, and Intrusion Detection
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
1 Introduction to Honeypot, Denial-of- Service, and Rootkit Cliff C. Zou CAP6135 Spring, 2010.
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
1 Reading Log Files. 2 Segment Format
Overview of Distributed Denial of Service (DDoS) Wei Zhou.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
System and Network Security Practices COEN 351 E-Commerce Security.
Introduction to Security Computer Networks Computer Networks Term B10.
Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.
Panel: Current Research on Stopping Unwanted Traffic Vern Paxson, Stefan Savage, Helen J. Wang IAB Workshop on Unwanted Traffic March 10, 2006.
Phishing – Read Behind The Lines Veljko Pejović
Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.
Web server security Dr Jim Briggs WEBP security1.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 7: Denial-of-Service Attacks.
Defending Against Flooding Based DoS Attacks : A tutorial - Rocky K.C. Chang, The Hong Kong Polytechnic University Presented by – Ashish Samant.
Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.
Network Attacks. Network Trust Issues – TCP Congestion control – IP Src Spoofing – Wireless transmission Denial of Service Attacks – TCP-SYN – Name Servers.
Lecture 15 Denial of Service Attacks
DENIAL OF SERVICE ATTACK
Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.
An Overview Zhang Fu Outline What is DDoS ? How it can be done? Different types of DDoS attacks. Reactive VS Proactive Defence.
DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.
BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.
Introduction to Honeypot, Botnet, and Security Measurement
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.
Denial of Service Bryan Oemler Web Enhanced Information Management March 22 nd, 2011.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.
--Harish Reddy Vemula Distributed Denial of Service.
DNS Security Pacific IT Pros Nov. 5, Topics DoS Attacks on DNS Servers DoS Attacks by DNS Servers Poisoning DNS Records Monitoring DNS Traffic Leakage.
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Security News Source Courtesy:
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
Denial of Service (DoS) DoS attacks are aggressive attacks on an individual computer or groups of computers with the intent to deny services to intended.
Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.
1 Honeypot, Botnet, Security Measurement, Spam Cliff C. Zou CDA /01/07.
Distributed Denial of Service Attacks
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Group 8 Distributed Denial of Service. DoS SYN Flood DDoS Proposed Algorithm Group 8 What is Denial of Service? “Attack in which the primary goal is to.
Denial of Service Sharmistha Roy Adversarial challenges in Web Based Services.
DoS Suite and Raw Socket Programming Group 16 Thomas Losier Paul Obame Group 16 Thomas Losier Paul Obame.
NETWORK ATTACKS Dr. Andy Wu BCIS 4630 Fundamentals of IT Security.
Denial of Service Datakom Ht08 Jesper Christensen, Patrick Johansson, Robert Kajic A short introduction to DoS.
1 Introduction to Malcode, DoS Attack, Traceback, RFID Security Cliff C. Zou 03/02/06.
Denial of Service Attack 발표자 : 전지훈. What is Denial of Service Attack?  Denial of Service Attack = DoS Attack  Service attacks on a Web server floods.
Chapter 7 Denial-of-Service Attacks Denial-of-Service (DoS) Attack The NIST Computer Security Incident Handling Guide defines a DoS attack as: “An action.
Sid Stamm, Zulfikar Ramzan and Markus Jokobsson Erkang Xu.
Worm Defense Alexander Chang CS239 – Network Security 05/01/2006.
Denial of Service DoS attacks try to deny legimate users access to services, networks, systems or to other resources. There are DoS tools available, thus.
DoS/DDoS attack and defense
Firewalls. Intro to Firewalls Basically a firewall is a barrier to keep destructive forces away from your computer network.
Puppetnets: Misusing Web Browsers as a Distributed Attack Infrastructure Paper By : V.T.Lam, S.Antonatos, P.Akritidis, K.G.Anagnostakis Conference : ACM.
Denial of Convenience Attack to Smartphones Using a Fake Wi-Fi Access Point Erich Dondyk, Cliff C. Zou University of Central Florida.
IT Ess I v.4x Chapter 1 Cisco Discovery Semester 1 Chapter 8 JEOPADY Q&A by SMBender, Template by K. Martin.
Vulnerabilities in Operating Systems Michael Gaydeski COSC December 2008.
Denial of Service A comparison of DoS schemes Kevin LaMantia COSC 316.
Carrie Estes Collin Donaldson.  Zero day attacks  “zero day”  Web application attacks  Signing up for a class  Hardening the web server  Enhancing.
Denail of Service(Dos) Attacks & Distributed Denial of Service(DDos) Attacks Chun-Chung Chen.
Denial-of-Service Attacks
AP Waseem Iqbal.  DoS is an attack on computer or network that reduces, restricts or prevents legitimate of its resources  In a DoS attack, attackers.
Network Security SUBMITTED BY:- HARENDRA KUMAR IT-3 RD YR. 1.
Comparison of Network Attacks COSC 356 Kyler Rhoades.
DDoS Attacks on Financial Institutions Presentation
Defending Against DDoS
DDoS Attack and Its Defense
Presentation transcript:

Final Introduction ---- Web Security, DDoS, others Cliff C. Zou CAP6133 04/07/08

Web-based Security Challenge Trend: all/most applications move to the WWW platform Database, remote configuration, email, data hosting, video/music on demand, e-commerce… Complicated applications require interactive web browsers Browsers support downloadable execute, plug-in. ActiveX, Java script, flash player, … Many users have no idea of the security of downloadable plug-ins.

Web-based Attacks Phishing Spyware Worm Fake website, collect user account info. Usually correlated with Spam, Botnets Spyware Secretly installation in form of plug-in. Come with free software/games. Worm Exploit browser’s vulnerability E.g., Nimda

Crawler-based Security Defense Central idea: Honeypot Use VM with vulnerable browser to connect to suspicious web server Trick malcode to install on VM’s browser Analyze, and then, restart a clean VM for next round Automatic, active crawling Actively find web server and connect Automatically execute simple user interaction For download, install activeX, java script, plug-ins.

Distributed Denial of Service (DDoS) Attack Send large amount of traffic to a server so that the server has no resource to serve normal users Attacking format: Consume target memory/CPU resource SYN flood (backscatter paper presented before) Database query… Congest target Internet connection Many sources attack traffic overwhelm target link Very hard to defend

Why hard to defined DDoS attack? Internet IP protocol has no built-in security No authentication of source IP SYN flood with faked source IP However, IP is true after connection is setup Servers are supposed to accept unsolicited service requests Lack of collaboration ways among Internet community How can you ask an ISP in another country to block certain traffic for you?

DDoS Defenses Increase servers capacity Cluster of machine, Multi-CPUs, larger Internet access Use Internet web caching service E.g., Akamai Defense Methods (many in research stage) SYN cookies (http://en.wikipedia.org/wiki/SYN_cookies) SOS IP traceback

SYN Cookies SYN flood attack Defense Fill up server’s SYN queue Property: attacker does not respond to SYN/ACK from victim. Defense Fact: normal client responds to SYN/ACK Remove initial SYN queue Server encode info in TCP seq. number Use it to reconstruct the initial SYN

DoS spoofed attack defense: IP traceback Suppose a victim can call ISPs upstream to block certain traffic SYN flood: which traffic to block? IP traceback: Find out the real attacking host for SYN flood Based on large amount of attacking packets Need a little help from routers (packet marking)

SOS: Secure Overlay Service Central Idea: Use many TCP connection respondent machines Only setup connections relay to server Identity of server is secrete

Security Patch Issue Fix vulnerability faster by automatic patching  XP Problem: Patches are not reliable Crash, disrupt to running applications Many patches require reboot Not realistic for important servers

Shield Central Idea: Non-disruptive, temporary defense before patch Vulnerability-specific, exploit-generic When known vulnerability, analyze it and develop this shield filter on the vulnerable port E.g., an overflow of strcpy(), filter any input longer than the defined size