Internet Security. CSC1720 Introduction to Internet. Essential Materials
Size: px
Start display at page:

Download "Internet Security. CSC1720 Introduction to Internet. Essential Materials"

Transcription

1 Internet Security CSC1720 Introduction to Internet Essential Materials

2 Outline Introduction Who is knocking at the door? Possible Attackers What is a trusted Network? Cryptography, Firewall Virtual Private Network (VPN( VPN) Secure Socket Layer (SSL( SSL) Authentication versus Authorization Computer Emergency Response Team (CERT) Summary CSC1720 Introduction to Internet 2

3 Introduction What is Security? Protect your private data stored in the disk or transfer between any computer or any networking device. Why it is so important? In the information age, we will be going online more and provide more personal information ( , electronic transfer), and business transaction (e-commerce). CSC1720 Introduction to Internet 3

4 No. of Incidents Reported in USA from 1988 to 2001 CSC1720 Introduction to Internet 4

5 Who is knocking at the door? Hacker, Cracker Denial-of of-service (DoS( DoS) ) Attacks Smurfing, Trinoo Spoofing attacks Network scanning tools Operating System (OS) attacks Remote Access Virus Attacks CSC1720 Introduction to Internet 5

6 Hacker Computer Hacker is a typically knowledgeable person. He/she knows several different languages, familiar with UNIX and NT, Networking protocols. A hacker will look for internal and external system holes or bugs to break into the system, fun and challenging. CSC1720 Introduction to Internet 6

7 CNN Hacker news Reference: CNN CSC1720 Introduction to Internet 7

8 Cracker Attempt to break into the system by guessing or cracking user s s passwords. Cracker and Hacker are two different terms. Hacker has generally higher level of education and intelligence than cracker. Hackers do not like crackers. More information on Hackers: esr/faqs/ CSC1720 Introduction to Internet 8

9 Denial-of of-service (DoS( DoS) Attacks The most famous attack is IP Ping of Death in A well-known way to crash the remote computer over the Internet by hackers. The attack involves sending IP packets of size larger than 65,535 bytes to the target computer. Some operating system failed to handle this illegal packet size would be crashed. Demo: Windows PING command More information : Ping of death CSC1720 Introduction to Internet 9

10 How smurf attacks work? Attacker s PC Network server 2 Ping! Ping! Ping! Ping! From Target ISP Ping! Ping! Ping! Ping! Ping! Ping! Ping! Ping! Ping! Ping! Ping request Packets Network server 1 Ping Answer Packets Target ISP is flooded with Unwanted ping answer packets CSC1720 Introduction to Internet 10

11 Trinoo A tool to launch DoS attacks It is installed when the user unknowingly executes it, becomes active all the time. The one who has the Trinoo client program can sneak into your computer without permission. Cause Distributed DoS attacks. More information: CERT CSC1720 Introduction to Internet 11

12 Trinoo performs DoS attack CSC1720 Introduction to Internet 12

13 Other DoS attack tools CSC1720 Introduction to Internet 13

14 Spoofing attacks Something masquerading as something else: IP spoofing, web spoofing, DNS spoofing, CSC1720 Introduction to Internet 14

15 Network scanning tools There are thousands of software can be used to scan a system. Easily download and search a network or Operating system, look for vulnerabilities and report them to the hackers. Hackers can use these Open doors. Nmap, Port Scanner, Sam Spade, Internet Maniac. CSC1720 Introduction to Internet 15

16 Network Scanning Tools CSC1720 Introduction to Internet 16

17 Operating System (OS) Attacks Checkout the vendor security page on the Web, learn how to conduct these attacks. These problems (bugs) are identified, the software vendor provides the bug fixed. Not everyone will install the required patches or updates Open doors You should regularly visit the software vendor security pages. OS attacks: : Win Nuke, Windows (Out-of of- Bound) OOB bug, CSC1720 Introduction to Internet 17

18 Win Nuke, Windows Out- Of-Band (OOB) Bug Reference: Win Nuke CSC1720 Introduction to Internet 18

19 Remote Access Many companies allow their employees to remote login the office PCs. War Dialer & Password Cracker War Dialer: : a simple database with automated modem scripts, dial phone numbers and record successful attempts into the database. Password Cracker: : Use Brute-force methods to break the passwords. CSC1720 Introduction to Internet 19

20 Password Cracker Brute-force Password cracker Reference Demo now CSC1720 Introduction to Internet 20

21 Virus Attacks Not always harmful, but most of them cause damage, system overload or system hanged. Often transmitted as attachment, or via diskette, downloaded files. Some of them take effects when someone click and run, others will lie dormant until certain conditions trigger their code (1 April, special day, ) CSC1720 Introduction to Internet 21

22 The Love Bug Bug From: Your Friend To: You Subject: I Love U Steal your password or local files The virus would send infected to all the friends in your address book. From: Your Friend From: To: Your Another Friendone From: To: Your You Subject: I Love U Friend From: To: Your You Subject: I Love U Friend To: You Subject: I Love U Subject: I Love U Local Files CSC1720 Introduction to Internet 22

23 How fast can they spread? At the first beginning no host is infected by Slammer CSC1720 Introduction to Internet 23

24 How fast can they spread? After 30 minutes CSC1720 Introduction to Internet 24

25 Trojan Horse In legend, a hollow wooden horse enter the castle, later open the gate for their army. A computer program that performs some actions not described in the specification. Performs illegitimate functions. E.g. rogue login program that writes the login/password into a file, later the attacker can read or mail the file to outsider for attack. CSC1720 Introduction to Internet 25

26 Other threats Authorization violation unauthorized access to some critical parts of the system. Eavesdropping All message between the browser and the server can be intercepted by the eavesdropper. Any others? Let s s think about it. CSC1720 Introduction to Internet 26

27 Break Time 15 minutes CSC1720 Introduction to Internet 27

28 What is a Trusted Network? It is the network for a company to conduct its internal business. It is a secure network, which allows direct interaction between systems without encryption. Backend systems, Internal-only Web server, data processing, messaging. CSC1720 Introduction to Internet 28

29 Trusted Network Example Demilitarized Zone (DMZ) External Router Mail Server Internet Firewall WWW Server Trusted Network Internal Router User Area Database Server CSC1720 Introduction to Internet 29

30 How Firewalls work? Ping packet mailto: Firewall Internet Router Mail Server IMAP Server CSC1720 Introduction to Internet 30

31 Firewalls Hardware? Software? sources/demos/index.htm?iid=netsite+inc&# CSC1720 Introduction to Internet 31

32 Sample Network Organization Human Resources DMZ Internet Accounting Sales Marketing Research CSC1720 Introduction to Internet 32

33 Connect two Networks DMZ Internet DMZ Company One Network DMZ Company Two Network CSC1720 Introduction to Internet 33

34 Intranet? Extranet? Use VPN and Firewall technologies to build corporate networks CSC1720 Introduction to Internet 34

35 Cryptography Provides techniques to mangle message into unintelligible form and then recovers it from the mangled form. Original message: Plaintext Mangling step: Encryption Mangled message: Ciphertext Demangling step: Decryption The method identified the encryption and decryption: Cryptographic Algorithm. CSC1720 Introduction to Internet 35

36 Cryptosystems The earliest application: The famous Caesar cipher Replace letter 3 position later E.g. A becomes D, B becomes E, E.g. ROT13 in newsgroup Not a very secure algorithm Plaintext Encryption Ciphertext Decryption Plaintext CSC1720 Introduction to Internet 36

37 Virtual Private Network VPN is a collection of technologies that create secure connections between a group of computer via the Internet. Provide an encrypted channel between users over a public network. Accommodate the needs of remote employees and distant offices. CSC1720 Introduction to Internet 37

38 VPN Example Virtual Private Network Encrypted Channel Tunneling Home PC Secured channel Internet Secured channel Office Network CSC1720 Introduction to Internet 38

39 Real VPN CSC1720 Introduction to Internet 39

40 CUHK VPN CSC1720 Introduction to Internet 40

41 Secure Socket Layer (SSL) It is a protocol designed by Netscape Communications. It provides for the encryption of a session. It is responsible for the management of a secure, encrypted communication channel between a server and client. It is implemented in major Web browsers Netscape and Internet Explorer. is used to designate a secure, SSL-enabled session. CSC1720 Introduction to Internet 41

42 SSL Protocol Example Application Layer (FTP, SMTP, HTTP, ) Transport Layer (TCP Protocol) Internet Layer (IP Protocol) Network Interface (Ethernet, Twisted Pair, ) TCP/IP model Application Layer (FTP, SMTP, HTTP, ) SSL Protocol Transport Layer (TCP Protocol) Internet Layer (IP Protocol) Network Interface (Ethernet, Twisted Pair, ) TCP/IP model with SSL CSC1720 Introduction to Internet 42

43 SSL Howto Create the shared secret keys first. Use the secret keys to exchange private data. CSC1720 Introduction to Internet 43

44 SSL Example SSL used in web client & web server CSC1720 Introduction to Internet 44

45 Secure HTTP (S-HTTP) It is an extension to HTTP with security features added. Spontaneous Encryption SSL creates a secure connection between client and server, any amount of data can be sent securely. S-HTTP transmits individual messages securely over the Internet. SSL and S-HTTP are complementary technologies. CSC1720 Introduction to Internet 45

46 Secure MIME (S/MIME) Secure Multipurpose Mail Extension It is a standard for secure . Content-Type: multipart/signed boundary Content-Type: text/plain This is the clear text. boundary Content-Type: application/pkcs7-mime; smime-type=signed-data; name=smime.ps mqcnazidqqsaaaeeajbbaoum4xxlmtm3f2q92jefxnylcf8c94ij7gaasuf22vyfx JOIfhPvTltGsjObE72Z7s3XFYafy54lIVyyIqtCNTXRs9xB6pHjtANvXd... boundary CSC1720 Introduction to Internet 46

47 Authentication versus Authorization Authentication It is a process that allows computer users to establish a right to an identity via a physical access (PC, network, remote). Username and password must be provided to login a system. Authorization It is a process of determining whether a user is allowed to perform certain actions on a resource. E.g. I can login the system, but I cannot access some files of the harddisk. CSC1720 Introduction to Internet 47

48 Authentication versus Authorization authentication Directory Access List Ray = Deny End User - Ray authorization Database Access List Ray = OK CSC1720 Introduction to Internet 48

49 Authentication User Name / Password Certificate Biometric Techniques Smart Cards Anonymous Any others? CSC1720 Introduction to Internet 49

50 Username / Password The most widely used mechanism to authenticate a person. People tend to choose passwords that are easy to remember, to guess. Eavesdropper learns your password via network transmission. Intruder, attacker and cracker will read, guess and crack your password. CSC1720 Introduction to Internet 50

51 Biometrics Something You are Retina pattern Use a device to probe the unique pattern of blood vessels inside someone s s retinal tissues. Fingerprint Verify someone s s identity by using the unique pattern of his/her fingerprint. Voice pattern Use a device to exploit the unique vocal, acoustic, phonetic pattern of someone s s voice. CSC1720 Introduction to Internet 51

52 Biometrics tools CSC1720 Introduction to Internet 52

53 Incident Handling Oh! We have been hacked! We cannot guarantee 100% safe on the Net. Setup an incident response team in your company. Reporting team to Security Officer or CEO. Analysis team to do the evaluation, notification, legal, reporting, documentation. CSC1720 Introduction to Internet 53

54 Incident Handling CSC1720 Introduction to Internet 54

55 Define the severity levels Critical The site may fail over to a backup site, e.g. flood or fire. Severe The site need to shutdown for repair and restore, e.g. DDoS attacks, Viruses. Moderate The site may block the traffic from some IP address, or domain names. Low impact The site need reporting as a minor incident. CSC1720 Introduction to Internet 55

56 Security Tools Monitoring Tool Network Testing Scanner Personal Firewall Port Listener Network Reporting Tool CSC1720 Introduction to Internet 56

57 Security Tools CSC1720 Introduction to Internet 57

58 Computer Emergency Response Team (CERT) A center of Internet Security expertise which operated by Carnegie Mellon University (CMU). Study Internet Security Vulnerabilities, handle security accidents, announce the security alerts to the public. Further Information: CMU CSC1720 Introduction to Internet 58

59 CERT homepage CSC1720 Introduction to Internet 59

60 Summary People break into our computers in our workplaces, homes, banks, Many techniques have been developed to tackle these problems Firewall, Encryptions, VPN SSL, S-HTTP, S S/MIME Discuss the different between Authentication and Authorization Discuss how to protect your private data and handle incidents CSC1720 Introduction to Internet 60

61 HK Government CSC1720 Introduction to Internet 61

62 References The Internet Security Guidebook From planning to deployment by J. Ellis, T. Speed Academic Press How does VPN work? Cryptography SSL how it works? The End. Thank you for your patience! CSC1720 Introduction to Internet 62

Similar documents
2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback | Do Not Sell My Personal Information