©Ian Sommerville 2004Software Engineering Case Studies Slide 1 The Internet Worm Compromising the availability and reliability of systems through security.

Slides:

Advertisements

Similar presentations

Thank you to IT Training at Indiana University Computer Malware.

Advertisements

C risis And A ftermath Eugene H. Spafford 발표자 : 손유민.

Communications of the ACM (CACM), Vol. 32, No. 6, June 1989

Lecture: Malicious Code CIS 3360 Ratan K. Guha. Malicious Code2 Overview and Reading Assignments Defining malicious logic Types Action by Viruses Reading.

CSE331: Introduction to Networks and Security Lecture 32 Fall 2002.

Computer Viruses and Worms* *Referred to slides by Dragan Lojpur, Zhu Fang at Florida State University.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

Lecturer: Fadwa Tlaelan

Unit 18 Data Security 1.

1 Protection Protection = access control Goals of protection Protecting general objects Example: file protection in Linux.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.

1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

The Internet Worm Crisis and Aftermath Miyu Nakagawa Cameron Smithers Ying Han.

Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.

. Introduction to Welcome to . This module will give you the skills you need to send and receive . Also to send and receive attachments.

Computer Viruses. Where the name came from This is a phrase coined from biology to describe a piece of software that behaves very much like a real virus.

Desktop Security: Worms and Viruses Brian Arkills, C&C NDC-Sysmgt.

Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

Video Following is a video of what can happen if you don’t update your security settings! security.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.

Unit 2 - Hardware Computer Security.

Computation for Physics 計算物理概論 Introduction to Linux.

Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.

Network Security Introduction Some of these slides have been modified from slides of Michael I. Shamos COPYRIGHT © 2003 MICHAEL I. SHAMOS.

Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.

Controlling Files Richard Newman based on Smith “Elementary Information Security”

CMSC 414 Computer (and Network) Security Lecture 14 Jonathan Katz.

More Network Security Threats Worm = a stand-alone program that can replicate itself and spread Worms can also contain manipulation routines to perform.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.

Lecture 14 Overview. Program Flaws Taxonomy of flaws: – how (genesis) – when (time) – where (location) the flaw was introduced into the system 2 CS 450/650.

Terminology Worm –A computer program that duplicates itself over computer networks. Virus –A computer program that inspects it’s environment and copies.

MyDoom By: Philippe Bissohong. Background ► MyDoom  Novarg, Mimail.R and Shimgapi ► Computer worm, unlike a virus it attacks a network.

1 Higher Computing Topic 8: Supporting Software Updated

1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.

10/11/2015 Computer virus By Al-janabi Rana J 1. 10/11/2015 A computer virus is a computer program that can copy itself and infect a computer without.

Administrative: Objective: –Tutorial on Risks –Phoenix recovery Outline for today.

Chapter 10 Malicious software. Viruses and ” Malicious Programs Computer “ Viruses ” and related programs have the ability to replicate themselves on.

Types of Electronic Infection

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Computer Viruses and Worms By: Monika Gupta Monika Gupta.

Security CS Introduction to Operating Systems.

Topic 5: Basic Security.

Crisis And Aftermath Eugene H. Spafford 이희범.  Introduction  How the worm operated  Aftermath Contents.

4061 Session 26 (4/19). Today Network security Sockets: building a server.

Malicious Software.

n Just as a human virus is passed from person from person, a computer virus is passed from computer to computer. n A virus can be attached to any file.

A Failure to Learn from the Past Presented by Chad Frommeyer CSC 493/593 Professors Charles E. Frank/James Walden.

Computer Security Threats CLICKTECHSOLUTION.COM. Computer Security Confidentiality –Data confidentiality –Privacy Integrity –Data integrity –System integrity.

The Internet Worm Incident Eugene H. Spafford  Attack Format –Worm vs. Virus  Attack Specifications –Worm operation –Infection and propagaion  Topics.

Types of Computer Malware. The first macro virus was written for Microsoft Word and was discovered in August Today, there are thousands of macro.

INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.

NETWORK SECURITY Definitions and Preventions Toby Wilson.

Computer and Internet Security (How to protect your computer from Threats) By: Steven Siggers Instructor: Dr. Marko Puljic.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

Detected by, M.Nitin kumar ( ) Sagar kumar sahu ( )

PCs ENVIRONMENT and PERIPHERALS Lecture 10. Computer Threats: - Computer threats: - It means anything that has the potential to cause serious harm to.

Chapter 40 Internet Security.

The Internet Worm Compromising the availability and reliability of systems through security failure.

Viruses and Other Malicious Content

SUBMITTED BY: NAIMISHYA ATRI(7TH SEM) IT BRANCH

Chap 10 Malicious Software.

Chapter 7 – and 8 pp 155 – 202 of Web security by Lincoln D. Stein

Chap 10 Malicious Software.

Crisis and Aftermath Morris worm.

Presentation transcript:

©Ian Sommerville 2004Software Engineering Case Studies Slide 1 The Internet Worm Compromising the availability and reliability of systems through security failure

©Ian Sommerville 2004Software Engineering Case Studies Slide 2 What happened l In November 1988, a program was deliberately released that spread itself throughout Digital VAX and Sun workstations across the Internet. It exploited security vulnerabilities in Unix systems. l In itself, the program did no damage but it’s replication and threat of damage caused extensive loss of system service and reduced system responsiveness in thousands of host computers. l This program has become known as the Internet Worm. l This was the first widely distributed Internet security threat.

©Ian Sommerville 2004Software Engineering Case Studies Slide 3 Terminology l A worm This is a program that can autonomously spread itself across a network of computers. l A virus This is a program that can spread itself across a network of computers by attaching itself to some other program or document. l A trapdoor This is a vulnerability in a program that allows normal security controls to be bypassed.

©Ian Sommerville 2004Software Engineering Case Studies Slide 4 Consequences of the worm l Strange files appeared in systems that were infected. l Strange log messages appeared in certain programs. l Each infection caused a number of processes to be generated. As systems were constantly re-infected, the number of processes grew and systems became overloaded. l Some systems (1000s) were shut down because of the problems and because of the unknown threat of damage.

©Ian Sommerville 2004Software Engineering Case Studies Slide 5 Worm description l Program was made up of two parts A main program that looked for other machines that might be infected and that tried to find ways of getting into these machines; A vector program (99 lines of C) that was compiled and run on the infected machine and which then transferred the main program to continue the process of infection. l Security vulnerabilities fingerd - an identity program in Unix that runs in the background; sendmail - the principal mail distribution program; Password cracking; Trusted logins.

©Ian Sommerville 2004Software Engineering Case Studies Slide 6 fingerd l Written in C and runs continuously. l C does NOT have bound checking on arrays. fingerd expects an input string but the writer of the worm noticed that if a longer string than was allowed for was presented, this overwrote part of memory. l By designing a string that included machine instructions and that overwrote a return address, the worm could invoke a remote shell (a Unix facility) that allowed priviledged commands to be executed.

©Ian Sommerville 2004Software Engineering Case Studies Slide 7 sendmail l sendmail routes mail and the worm took advantage of a debug facility that was often left on and which allowed a set of commands to be issued to the sendmail program. l This allowed the worm to specify that information should be transferred to new hosts through the mail system without having to process normal mail messages.

©Ian Sommerville 2004Software Engineering Case Studies Slide 8 Password cracking l Unix passwords are encrypted and, in the encrypted form, are publicly available in /etc/passwd. l The worm encrypted lists of possible passwords and compared them with the password file to discover user passwords. l It used a list of about 400 common words that were known to be used as passwords. l It exploited fast versions of the encryption algorithm that were not envisaged when the Unix scheme was devised.

©Ian Sommerville 2004Software Engineering Case Studies Slide 9 Trusted logins l On Unix, tasks can be executed on remote machines. l To support this, there is the notion of a trusted login so that if a login command is issued to machine Z from user Y in machine X then Z assumes that X has carried out the authentication and that Y is trusted; no password is required. l The worm exploited this by looking for machines that might be trusted. It did this by examining files that listed machines trusted by the current machine and then assumed reciprocal trust.

©Ian Sommerville 2004Software Engineering Case Studies Slide 10 Killing the worm l The main effects of the worm were in the US and system managers worked for several days to devise ways of stopping the worm. l These involved devising modifications to the programs affected so that the worm could not propagate itself, distributing these changes, installing them then rebooting infected machines to remove worm processes. l The process took several days before the net was cleared of infection.

©Ian Sommerville 2004Software Engineering Case Studies Slide 11 What we learned l Security vulnerabilities result from flaws and these will always be with us. Problems can be fixed but new problems can arise with new versions of software. l Diversity is good - we need a heterogeneous not a homogeneous network. l Isolationism is not the answer - those sites that disconnected from the network were amongst the last to resume service.

©Ian Sommerville 2004Software Engineering Case Studies Slide 12 The perpetrator l The perpetrator was a student at Cornell University. l He was discovered fairly quickly and charged. l His sentence was for a period of community service and a $10, 000 fine This was relatively light as the major thrust of his defence was that the program explicitly did not cause deliberate damage and, in fact, he had tried (but failed) to ensure that too many processes would not be generated on host machines.

©Ian Sommerville 2004Software Engineering Case Studies Slide 13 Warning l Students before and since this infection have been curious about security and have written experimental programs. Few of these students are wicked and many of them are very competent programmers. l However, the consequences of experiments that go wrong are now so great that network authorities do not distinguish between stupidity and malice. There are severe penalties for any experiments that compromise system security.

©Ian Sommerville 2004Software Engineering Case Studies Slide 14 Finding out more l Communications of the ACM, 32 (6), June 1989 has a number of articles on the Internet worm. l Computer-related Risks. P. G. Neumann, Addison Wesley A compendium of information about system failures that have compromised safety, security and reliability. l See Intranet web pages for links.