DNS as a Gatekeeper: Creating Lightweight Capabilities for Server Defense Curtis Taylor Craig Shue

Slides:



Advertisements
Similar presentations
Flux in Fraud Infrastructures Minaxi Gupta Computer Science Dept. Indiana University, Bloomington.
Advertisements

Saif Bin Ghelaita Director of Technologies & Standards TRA UAE
Review iClickers. Ch 1: The Importance of DNS Security.
SCADA Security, DNS Phishing
Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces Roberto Perdisci, Igino Corona, David Dagon, Wenke Lee ACSAC.
Supplied on \web site. on January 10 th, 2008 Customer Security Management Reducing Internet fraud June 1 st, 2008 eSAC Walk Thru © Copyright Prevx Limited.
 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.
Breaking Trust On The Internet
Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.
Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
How’s My Network (HMN)? A Java approach to Home Network Measurement Alan Ritacco, Craig Wills, and Mark Claypool Computer Science Department Worcester.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Annual Safety & Security Briefing - 9/22/04 Teresa Downey – SLAC Computer Security Group & SCS Applications Group.
DNS: Revising the Current Protocol Matt Gustafson Matt Weaver CS522 Computer Communications University of Colorado, Colorado Springs.
Threat infrastructure: proxies, botnets, fast-flux
INFORMATION SECURITY UPDATE Al Arboleda Chief Information Security Officer.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
Man in the Middle attacks and ARP poisoning explained
CAP6135: Malware and Software Vulnerability Analysis Examples of Term Projects Cliff Zou Spring 2012.
Beyond DDoS: Case Studies on Attack Mitigation for Financial Services Mike Kun and Patrick Laverty, Akamai CSIRT.
Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.
Norman SecureSurf Protect your users when surfing the Internet.
Module 3 DNS Types.
DUKE UNIVERSITY DNSSEC 101 Kevin Miller.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Introduction to Honeypot, Botnet, and Security Measurement
Attacks on Computer Systems
May l Washington, DC l Omni Shoreham The ROI of Messaging Security JF Sullivan VP Marketing, Cloudmark, Inc.
Speaker : YUN–KUAN,CHANG Date : 2009/10/13 Working the botnet: how dynamic DNS is revitalising the zombie army.
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel
 Collection of connected programs communicating with similar programs to perform tasks  Legal  IRC bots to moderate/administer channels  Origin of.
Privacy in P2P based Data Sharing Muhammad Nazmus Sakib CSCE 824 April 17, 2013.
John P., Fang Yu, Yinglian Xie, Martin Abadi, Arvind Krishnamurthy University of California, Santa Cruz USENIX SECURITY SYMPOSIUM, August, 2010 John P.,
ARP Under Abnormal Conditions. Experiment with the browser (1) arp -n # see what it there Open a browser on your personal workstation browse to
Bots Used to Facilitate Spam Matt Ziemniak. Discuss Snort lab improvements Spam as a vehicle behind cyber threats Bots and botnets What can be done.
Vulnerabilities in peer to peer communications Web Security Sravan Kunnuri.
Chapter 1: The Internet and the WWW CIS 275—Web Application Development for Business I.
1 Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces Speaker: Jun-Yi Zheng 2010/03/29.
CHAPTER 11 Spoofing Attack. INTRODUCTION Definition Spoofing is the act of using one machine in the network communication to impersonate another. The.
DNS Security Pacific IT Pros Nov. 5, Topics DoS Attacks on DNS Servers DoS Attacks by DNS Servers Poisoning DNS Records Monitoring DNS Traffic Leakage.
Phishing Pharming Spam. Phishing: Definition  A method of identity theft carried out through the creation of a website that seems to represent a legitimate.
Office of Campus Information Security Incident Response Briefing Jeffrey Savoy, CISSP.
Security+ Guide to Network Security Fundamentals, Fourth Edition
Botnet behavior and detection October RONOG Silviu Sofronie – a Head of Forensics.
1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.
Security. Security Flaws Errors that can be exploited by attackers Constantly exploited.
Firewall Security.
Drew Reinders | GSEC Principal Solutions Engineer Defending Your Castle.
Protecting Browsers from DNS Rebinding Attacks Collin Jackson, Adam Barth, Andrew Bortz ACM CCS Systems Modeling & Simulation Lab. Kim.
What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Integration Framework: QRadar 7.2 MR1.
Topics Network topology Virtual LAN Port scanners and utilities Packet sniffers Weak protocols Practical exercise.
Sid Stamm, Zulfikar Ramzan and Markus Jokobsson Erkang Xu.
Overview of Firewalls. Outline Objective Background Firewalls Software Firewall Hardware Firewall Demilitarized Zone (DMZ) Firewall Types Firewall Configuration.
ACM Conference on Computer and Communications Security 2006 Puppetnet: Misusing web browsers as a distributed attack infrastructure Network Seminar Presenter:
Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.
ONLINE SAFETY AND SECURITY Computer Basics 1.5. INFAMOUS CYBER ATTACKS IN 2014 Sony Pictures: Attackers stole just about everything in the corporate network,
1 NES554: Computer Networks Defense Course Overview.
Speaker: Hom-Jay Hom Date:2009/10/20 Botnet Research Survey Zhaosheng Zhu. et al July 28-August
Cybersecurity Test Review Introduction to Digital Technology.
THE LARGEST NAME SERVICE ACTING AS A PHONE BOOK FOR THE INTERNET The Domain Name System click here to next page 1.
Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski, Richard Kemmerer, Christopher Kruegel, and Giovanni Vigna Proceedings.
The Domain Name System Student : Hi this is my presentation about.
Chapter 11 – Cloud Application Development. Contents Motivation. Connecting clients to instances through firewalls. Cloud Computing: Theory and Practice.
Domain Name System (DNS) The Technology Context – B101 Coursework 2 The Technology Context – B101.
Fast Flux Hosting and DNS ICANN SSAC What is Fast Flux Hosting? An evasion technique Goal of all fast flux variants –Avoid detection and take down of.
BUILD SECURE PRODUCTS AND SERVICES
Network Security: DNS Spoofing, SQL Injection, ARP Poisoning
Test 3 review FTP & Cybersecurity
Presentation transcript:

DNS as a Gatekeeper: Creating Lightweight Capabilities for Server Defense Curtis Taylor Craig Shue

Outline Automated Attacking Costs to Organizations Some Observations Our Approach –Lightweight Capabilities –Fast Flux Defense Future Directions 2

Automated Attacking Attackers use others in attacks –Compromised machines form botnets “Attacks” vary in goal, methodology –Reconnaissance –Footholds –Exfiltration –Exploitation But most attacks are automated –Success rates may be low, but they make up for it in volume 3

Example Attacks SQL Injection Harvesting addresses for spam Phishing –The use of deception in electronic communication to obtain unauthorized access –A symptom of system and network security improvements 4

Organization Costs Decreased credibility Information exposure Financial consequences –Billions lost a year –Identity theft Business failure –Example: HBGary Federal 5

Some Observations Automated clients do not need host names –Mnemonic names for human convenience Automated clients can skip DNS queries –Directly scan IP address space –Cache records beyond what is allowed –Share with other machines in a botnet Humans likely play by the rules –Their browsers are standards compliant –“Illegal” caching does not really help them 6

Associating Clients and Resolvers is Non-Trivial 7 ORNL DNS Server ORNL Web Server ISP DNS Resolver End User System ISP Network DNS Query DNS Reply Web Query

What does this motivate? Some attackers are clearly skipping DNS, but a few still use it Good users are unlikely to skip DNS steps Can we use this knowledge to protect servers? –Make DNS a gatekeeper to the network –Failures to use DNS prevents access But it still looks successful –Allow network providers know there is something awry with malicious clients 8

Fast Flux Defense 9 End User System ISP DNS Resolver DNS Server Real Web Server DNS Query DNS Reply Honey Pot Web Server Web Query

Fast Flux Defense 10 End User System ISP DNS Resolver DNS Server Real Web Server Honey Pot Web Server Web Query

Future Directions We are ready to test –Works with BIND9, Linux’s iptables, and uses libpcap to intercept DNS requests Limited deployment on ORNL’s network 11

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.