Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Shell & Denial of Service Attacks

Published byTyrone Martin Modified over 5 years ago

Similar presentations

Presentation on theme: "Secure Shell & Denial of Service Attacks"— Presentation transcript:

1 Secure Shell & Denial of Service Attacks
Outline Secure Shell Overview Authentication Practical issues Denial of Service Attacks Definition Examples

2 Secure Shell (SSH) Overview
SSH is a secure remote virtual terminal application Provides encrypted communication between untrusted hosts over an insecure network Assumes eavesdroppers can hear all communications between hosts Provides different methods of authentication Encrypts data exchanged between hosts Intended to replace insecure programs such as rlogin, rsh, etc. Includes capability to securely transfer file SCP Includes ability to forward X11 connections and TCP ports securely Very popular and widely used Not invulnerable!

3 Authentication in SSH1 Three means of authenticating supported by SSH
Simple rhosts User/system names in ~/.rhosts, ~/.shosts Vulnerable to IP/DNS spoofing Requires specific compilation for this mode of operation Host based Use RSA to verify host keys Use ~/.rhosts file for user authentication Host and user based RSA host key verification RSA user key verification If authentication fails, client is prompted for password All communication is encrypted

4 SSH1 Key Exchange Protocol
Server has public/private key pair Client knows server’s public key in advance Must be sent securely in advance Server sends public key and random server key to client Client verifies public key Client sends random session key encrypted with host and server key Rest of session is encrypted with session key

5 SSH2 Key Exchange Protocol
Diffie-Hellman public key exchange algorithm is used Public key exchange algorithm – very cool Two users can exchange a secret key over and insecure link without sharing any prior secrets (!) Digital signature verifies identity of server to client At the end of the key exchange, a secret key is shared Used for encrypting the rest of the session Supports MD5 checksums for data integrity Supports a variety of encryption mechanisms IDEA (default), Blowfish, DES, Triple DES, …

6 SSH in Practice Host public/private key is generated when SSH is installed Public key must be in ~/.ssh/known_hosts on remote systems ssh-keygen command is used to generate users public/private keys Requires user enter a pass phrase Public key copied to ~/.ssh/authorized_keys on remote systems Ssh-agent and ssh-add eliminate the need for repeated typing of pass phrase Password authentication is vulnerable to guessing attacks X11 and port forwarding enable encrypted pipe through the Internet Can be used to securely access insecure application eg. SMTP Can be used to circumvent firewalls

7 SSH in Practice contd. Available as open source software
See OpenSSH Tricky to get working properly Standard with many software distributions

8 Denial of Service (DoS) Attacks
One of the most general forms of attacking inter-networked systems Based on overloading end systems Result is sever reduction in performance or complete shutdown of target systems Focus of attacks can be network components or end hosts We have heard about a number of these in the past year Other most general form of attack is a break-in Port scans Buffer overflows Password cracking…

9 Overloading a System The goal of DoS is to drown legitimate traffic in a sea of garbage traffic Lots of traffic that has not been provisioned for pushes real traffic out of the way Clients experience delays due to congestion Dropped packets lead to exponential backoff in timeouts Routers can become overloaded Servers become overloaded by increased number of connect requests TCP connection setup requires state and response from server Server is required to respond to SYN from clients Clients don’t respond to server’s response

10 IP Spoofing Alter system to insert a different source IP address in TCP and IP headers DoS attackers spoof for two reasons They don’t want to be discovered Spoofing can add additional load If you spoof with a legitimate IP address Reset can be triggered from either attacked host or actual IP host Frees resources immediately on server Careful use of sequence numbers can freeze future connections from actual IP host If you spoof with a random number IP Server response to client SYN will be lost Server will not free resources for 75 seconds (typically)

11 Key Elements of DoS Attack
Expansion in required work Easy for me, harder for you Expansion in IP spoofing Me: generate SYNs as fast as possible (microseconds) You: Timeout a SYN open every 75 seconds Best effort protocols Drop tail queues No source specificity Clients can be starved or slowed to crawl

12 DoS Attack Characteristics
Expansion makes a only a few systems necessary Typical goal is to attack from as many places as possible Enables better utilization of network resources Helps to prevent countermeasures Helps to obscure attackers DoS software is readily available and/or simple to write Most found in IRC chat rooms DoS attacks are frequently preceded by break-ins to install DoS software Enables even more anonymity for attacker

13 Facilitating DoS Attacks
Lots of systems Large networks Naïve users Savvy bad guys Lots of free software Poor operating and management policies Hugely complex software with lots of well publicized holes Lack of means for stopping attacks

14 Dealing with DoS Attacks
Don’t reserve state until receipt of client ACK DOS attackers using spoofing don’t send these Otherwise they would have to keep state Use of crypto to avoid saving state Send one-use key with server response to SYN Response ACK must return key Intrusion detection tools Cut off an attack at a firewall if you recognize it Bro, Snort IP traceback methods There are lots of companies in this space!

15 Code Red Code Red Worm Released and identified on July 19, 2001
Infected over 250k systems in 9 hours Takes advantage of hole in IIS on Win NT or Win 2k And the fact that most people don’t know IIS ON is default Infected systems are completely compromised Code Red installs itself in OS kernel Small and efficient V1 could be eliminated by reboot Spends half its time trying to infect other systems, and half its time DoS’ing the White House and Pentagon

Download ppt "Secure Shell & Denial of Service Attacks"

Similar presentations

Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.

Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
1 Reading Log Files. 2 Segment Format

1 Reading Log Files. 2 Segment Format
Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.

Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.

Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:

CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:
بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.

بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.
Telnet/SSH Tim Jansen, Mike Stanislawski. TELNET is short for Terminal Network Enables the establishment of a connection to a remote system, so that the.

Telnet/SSH Tim Jansen, Mike Stanislawski. TELNET is short for Terminal Network Enables the establishment of a connection to a remote system, so that the.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,

Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,
Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.

Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.
What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.

What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.
Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.

Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau (20086034) Lee Shirly (20095815) Ong Ivy (20095040)

Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
TCP/IP Vulnerabilities. Outline Security Vulnerabilities Denial of Service Worms Countermeasures: Firewalls/IDS.

TCP/IP Vulnerabilities. Outline Security Vulnerabilities Denial of Service Worms Countermeasures: Firewalls/IDS.
Switch Concepts and Configuration and Configuration Part II Advanced Computer Networks.

Switch Concepts and Configuration and Configuration Part II Advanced Computer Networks.
1 Defining Network Security Security is prevention of unwanted information transfer What are the components? –...Physical Security –…Operational Security.

1 Defining Network Security Security is prevention of unwanted information transfer What are the components? –...Physical Security –…Operational Security.
Network security Further protocols and issues. Protocols: recap There are a few main protocols that govern the internet: – Internet Protocol: IP – Transmission.

Network security Further protocols and issues. Protocols: recap There are a few main protocols that govern the internet: – Internet Protocol: IP – Transmission.

Similar presentations

Ads by Google