Introduction To Security and Privacy Einführung in die IT-Sicherheit I
|
|
- Matilda Stevens
- 7 years ago
- Views:
Transcription
1 Introduction To Security and Privacy Einführung in die IT-Sicherheit I Prof. Dr. rer. nat. Doğan Kesdoğan Institut für Wirtschaftsinformatik kesdogan@fb5.uni-siegen.de Source: William Stallings and Lawrie Brown 1
2 Overview Malicious software Virus Types Virus countermeasures Effectiveness of Malware Detection Denial of Service Attacks Distributed Denial of Service Attacks Denial of Service Attack Defence 2
3 Malicious Software Programs exploiting system vulnerabilities Known as malicious software or malware program fragments that need a host program e.g. viruses, logic bombs, and backdoors independent self-contained programs e.g. worms, bots replicating or not Sophisticated threat to computer systems 3
4 Malware Terminology A non-strict categorisation (lack of universal definition): Virus Worm Logic bomb Trojan horse Backdoor (trapdoor) Mobile code Auto-rooter Kit (virus generator) Spammer and Flooder programs Keyloggers Rootkit Zombie, bot 4
5 Virus Types 5
6 Viruses Piece of software that infects programs modifying them to include a copy of the virus so it executes secretly when host program is run Specific to operating system and hardware taking advantage of their details and weaknesses Phases of typical virus: Dormant: Propagation: Triggering: Execution: Idle state, eventually waiting for some events to start (e.g. presence of a program, file,.. ) Virus copies itself to other programs Activation of the designed malicious function Execution of intended malicious function 6
7 Virus Structure Components: Infection mechanism: Meant that enables virus spreading and replication Trigger: event that makes payload activate Payload: what it does, malicious or benign (beside spreading) Can be prepended / postpended / embedded to a program When infected program invoked, executes virus code then original program code Avoidance of virus: Block initial infection (difficult/in general impossible) Block propagation (with access controls) 7
8 Virus Structure 8
9 Compression Virus Increased size of infected program easily reveals virus Therefore use compression, such that infected program keeps original size CV is virus P 1 is infected program Invocation of P 1 invokes CV: 1. Each uninfected file P 2 found is compressed to P 2, where P 2 = P 2 - CV 2. Copy virus and append it to P 2 3. Uncompress P 1 4. Execute P 1 9
10 Virus Classification Boot sector Infects a master boot record or boot record and spreads when a system is booted from the disk containing the virus. File infector Infects files that the operating system or shell consider to be executable Macro virus Infects files with macro code that is interpreted by an application Encrypted virus Creates a random encryption key, stored with the virus, and encrypts the remainder of the virus Stealth virus Hides modification by virus, e.g. keep original file size, return original program if scan detected Polymorphic virus mutates with every infection to thwart detection by signature Metamorphic virus May change their behavior as well as their appearance 10
11 Virus Countermeasures 11
12 Virus Countermeasures Prevention - ideal solution but difficult Realistically need: Detection: Once the infection has occurred, determine that it has occurred and locate the virus Identification: Identify the specific virus that has infected a program. Removal: Remove all traces of the virus from the infected program and restore it to its original state If detect but can t identify or remove, must discard and replace infected program 12
13 Anti-Virus Evolution Virus & antivirus tech have both evolved Early viruses simple code, easily removed As become more complex, so must the countermeasures Generations I. Signature scanners II. Heuristics Code fragment associated with virus, e.g. encryption key III. Identify actions IV. Combination packages 13
14 Generic Decryption Runs executable files through generic decryption (GD) scanner: CPU emulator to interpret instructions Virus scanner to check known virus signatures Emulation control module Control interpretation of target code and execution Periodic interruption to apply virus scanner on instructions Example: Virus encrypts its payload Issue is long to interpret and scan Tradeoff chance of detection vs time delay 14
15 Digital Immune System 1. Monitor based on Heuristic/Signature to detect suspicious program 2. Encrypts and forward suspicious program to central analysis 3. Monitor and run suscpicious program in a save environment 4. Send prescription to identify and remove virus to administrative machine and users 7. Send antivirus update to protect from detected virus 15
16 Effectiveness of Malware Detection 16
17 Effectiveness of Intrusion/Malware Detection True negative If detection system (DS) is given a normal traffic/data then it classifies the traffic/data as harmless P(~A ~I): Probability of no alert given there is no attack False-positive DS sends an alert A given there is no attack I P(A ~I): Probability of false-positive, where ~ denotes negation True positive If DS is given an attack then it sends an alert P(A I): Probability of alert given there is an attack False-negative IDS sends no alert given there is an attack P(~A I): Probability of false-negative Issue Low false-positive and false-negative probability is not sufficient for effectiveness of DS, because of base rate fallacy Need additionally: P(I A): Prob. of attack given that there is an alert should be high P(~I ~A): Prob. of no attack given that there is no alert should be high 17
18 Conditional Probability Intuitive understanding: Probability conditioned on some event Effect of condition removes some outcomes from sample space Example: P(sum is 8 one dice even): Prob. of getting sum of 8 on a roll of 2 dice, given that at least one dice is even Reasoning: One dice even other dice must be even, too Successful outcomes: (2,6), (4,4), (6,2) Number of outcomes where one dice is even: 36 (#events, where both faces odd) = 36 3*3 = 27 P(sum is 8 one dice even) = 3/27 = 1/9 18
19 Conditional Probability Bayes theorem: Let Ω be event space, i.e. set of all possible events Let A, B Ω be events P(A B) is prob. of event A given event B (i.e. A conditioned on B) Bayes theorem: P( A B) P( A B) P( B) Review example: A: Event sum of 8 in two dice throw B: Event at least one dice even P(AᴧB): Prob. sum of 8 and at least one dice even P(A B): Prob. sum of 8 given that one dice even (3/ 36) P( A B) (27 / 36)
20 Stochastic Independency Events A, B are stochastic independent if P(AᴧB) = P(A) * P(B) Therefore P(A B) = P(A) and P(B A) = P(B) I.e. the appearance of event A is not effected by the appearance or disappearance of event B Example Probability of throwing a 6 in a dice throw is independent of the result of the throws in the past Probability of winning lotto, is independent of the numbers you picked 20
21 Application of Bayes Theorem Definition Given: Pair wise stochastic independent events E 1, E 2,.., E n Union of events E 1,.., E n covers all possible outcomes, i.e. E 1.. E n = Ω and P(E 1.. E n ) = 1 For any event A: Using Bayes theorem: n i i E i P E A P A P 1 ) ( ) ( ) ( n i i i i i i i i E P E A P E P E A P A P E P E A P A E P 1 ) ( ) ( ) ( ) ( ) ( ) ( ) ( ) ( 21
22 Application of Bayes Theorem Example Transmission of sequences of 1 and 0 What is probability that 1/0 was sent given that 1/0 was received? Events: S 1 : 1 is sent S 0 : 0 is sent R 1 : 1 is received R 0 : 0 is received Probabilities: P(S 1 ) = p P(S 0 ) = 1 p P(R 0 S 1 ) = p a P(R 1 S 0 ) = p b Prob. That 1 is sent given 0 is received P( S 1 R 0 p ) a P( R 0 p p (1 a S 1 P( R ) P( S p p )(1 b 0 1 p) S1) P( S1) ) P( R S 0 0 ) P( S 0 ) R 0 *S 0 R 0 *S 1 22
23 Base Rate Fallacy Example for DS: Assume accuracy of DS is 87%, i.e. P(A I) = 0.87 (prob. of true positive) P(~A ~I) = 0.87 (prob. true negative) Probability of an attack is 1%, i.e. P(I) = 0.01 (base rate) What is the probability that there is no attack, given that there is an alert, i.e. P(~I A)? P(~ I A) P( A ~ I) P(~ I) P( A I) P( I) P( A ~ I) P(~ I) 0.13* * * (effect of Note: P(~I) = 1 P(I) for any event I P(~I A) = 1 - P(I A) for any events I, A low base rate) 23
24 Bots Program taking over other computers to launch hard to trace attacks If coordinated form a botnet Characteristics: Remote control facility via IRC/HTTP etc Spreading mechanism attack software, vulnerability, scanning strategy 24
25 Denial of Service Attacks 25
26 Denial of Service Denial of service (DoS) an action that prevents or impairs the authorized use of networks, systems, or applications by exhausting resources such as central processing units (CPU), memory, bandwidth, and disk space Attack target: Network bandwidth Overload network capacity System resources Crash network handling software Application resources Overload capabilities of server 26
27 Classic Denial of Service Attacks Attack on Network bandwidth: Can use simple flooding ping From higher capacity link to lower Causing loss of traffic Source of flood traffic easily identified 27
28 Classic Denial of Service Attacks 28
29 Source Address Spoofing Use forged source addresses (source address spoofing) Given sufficient privilege to raw sockets Generate large volumes of packets directed at target with different, random, source addresses Advantage Responses are scattered across Internet, instead of being reflected to the attacker Real source is much harder to identify 29
30 SYN Flooding Attack on system resources: Attacks ability of a server to respond to future connection requests (e.g. TCP request) Overflowing tables used to manage them (e.g. TCP table) Thus future connection requests from legitimate users fail 30
31 TCP Connection Handshake Client: Initiate request for TCP by sending SYN package Server: Records details about request in a TCP connection table and respond with SYN-ACK package Client: If SYN-ACK received, then sends ACK to server (connection established) Server: If client s ACK received, then marks the connection as established If connection established then transfer data 31
32 SYN Flooding Attack Attacker: Generate several SYN connection requests with spoofed source addresses Server: Records details for each request and sends SYN-ACK to source addresses Address valid: Client refuse connection by sending RST (reset) Server removes connection details from TCP table Address invalid: Server gets no answer and resend SYN- ACK several time 32
33 SYN Flooding Attack Attacker often uses either random source addresses or that of an overloaded server to block return of (most) reset packets Advantage: Has much lower traffic volume Attacker can be on a much lower capacity link 33
34 Types of Flooding Attacks Classified based on network protocol used ICMP Flood uses ICMP packets, e.g. echo request (used by ping) typically allowed through UDP Flood alternative uses UDP packets to some port TCP SYN Flood use TCP SYN (connection request) packets but for volume attack 34
35 Distributed Denial of Service Attacks 35
36 Distributed Denial of Service Attacks Have limited volume if single source used multiple systems allow much higher traffic volumes to form a Distributed Denial of Service (DDoS) Attack Often compromised PC s / workstations zombies with backdoor programs installed forming a botnet e.g. Tribe Flood Network (TFN), TFN2K 36
37 DDoS Control Hierarchy Attack architecture: Handler controls large number of agents Takes attacker s commands Execute commands and forwards them to agents Infected computers (zombies) notifies itself at handler Reduces communication overhead for attacker 37
38 DDos Attack: Real Example Low Orbit Ion Cannon (LOIC): Establish TCP connections to port 80 of target (alternatively UDP) Sends data strings (e.g. invalid HTTP requests) to target Distributed attack can be coordinated over twitter/irc to synchronise attack time and target 38
39 Reflection Attacks Use normal behavior of network Attacker sends packet with spoofed source address of a target to a server Server response is directed at target If sends many requests to multiple servers, response can flood target Various protocols e.g. UDP or TCP/SYN Ideally want response larger than request Prevention If source of spoofed packets are blocked e.g. ISP knows valid IP ranges of its clients and could block addresses out of the range 39
40 Reflection Attack with Amplification Cause several responses by intermediaries for each packet sent E.g. sent a request to a broadcast address, then all clients in that networks replies to the target Cause intermediaries to response with larger package sizes than the package size of the request E.g. make use that DNS responses can be large 40
41 DNS Amplification Attacks Use DNS requests with spoofed source address being the target Exploit DNS behavior to convert a small request to a much larger response 60 byte request to byte response Attacker sends requests to multiple well connected servers, which flood target Need only moderate flow of request packets DNS servers will also be loaded 41
42 Denial of Service Attack Defence 42
43 DoS Attack Defenses High traffic volumes may be legitimate result of high publicity, e.g. slash-dotted or to a very popular site, e.g. Olympics etc Or legitimate traffic created by an attacker Three lines of defense against (D)DoS: Attack prevention and preemption Attack detection and filtering Attack source traceback and identification 43
44 Attack Prevention Block spoofed source addresses on routers as close to source as possible Rate controls in upstream distribution nets on specific packets types, e.g. some ICMP, some UDP, TCP/SYN Use modified TCP connection handling Use SYN cookies (as sequence number) when table full Server encrypts connection information in SYN-cookie and sends it as server s sequence number y to client, i.e. no need to save information in a table If client sends ACK back then it sends y+1 back, thus server can verify y Timestamp t Max segment size m Enc(server IP/port, client IP/port, t) Or selective or random drop when table full Manage application attacks with puzzles to distinguish legitimate human requests Mirror and replicate servers when high-performance and reliability required 44
Computer Security DD2395
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasakh11/ Fall 2011 Sonja Buchegger buc@kth.se Lecture 7 Malicious Software DD2395 Sonja Buchegger 1 Course Admin Lab 2: - prepare
More informationCS 356 Lecture 16 Denial of Service. Spring 2013
CS 356 Lecture 16 Denial of Service Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter
More informationMalicious Programs. CEN 448 Security and Internet Protocols Chapter 19 Malicious Software
CEN 448 Security and Internet Protocols Chapter 19 Malicious Software Dr. Mostafa Hassan Dahshan Computer Engineering Department College of Computer and Information Sciences King Saud University mdahshan@ccis.ksu.edu.sa
More informationDenial of Service Attacks
2 Denial of Service Attacks : IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 13 August 2013 its335y13s2l06, Steve/Courses/2013/s2/its335/lectures/malicious.tex,
More informationCryptography and Network Security Chapter 21. Malicious Software. Backdoor or Trapdoor. Logic Bomb 4/19/2010. Chapter 21 Malicious Software
Cryptography and Network Security Chapter 21 Fifth Edition by William Stallings Chapter 21 Malicious Software What is the concept of defense: The parrying of a blow. What is its characteristic feature:
More informationMalicious Software. Malicious Software. Overview. Backdoor or Trapdoor. Raj Jain. Washington University in St. Louis
Malicious Software Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More informationMalicious Software. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49. Viruses and Related Threats
Malicious Software Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49 1 Outline Viruses and Related Threats Malicious Programs The Nature of Viruses Antivirus
More informationCSE 3482 Introduction to Computer Security. Denial of Service (DoS) Attacks
CSE 3482 Introduction to Computer Security Denial of Service (DoS) Attacks Instructor: N. Vlajic, Winter 2015 Learning Objectives Upon completion of this material, you should be able to: Explain the basic
More informationIntruders and viruses. 8: Network Security 8-1
Intruders and viruses 8: Network Security 8-1 Intrusion Detection Systems Firewalls allow traffic only to legitimate hosts and services Traffic to the legitimate hosts/services can have attacks CodeReds
More informationSECURING APACHE : DOS & DDOS ATTACKS - II
SECURING APACHE : DOS & DDOS ATTACKS - II How DDoS attacks are performed A DDoS attack has to be carefully prepared by the attackers. They first recruit the zombie army, by looking for vulnerable machines,
More informationMalware. Björn Victor 1 Feb 2013. [Based on Stallings&Brown]
Malware Björn Victor 1 Feb 2013 Ask Sofia if anything is unclear/too difficult with the lab. Coordinate meetings between you? BadStore: demo version New York Times, Wall Street Journal attacks from China,
More informationCS549: Cryptography and Network Security
CS549: Cryptography and Network Security by Xiang-Yang Li Department of Computer Science, IIT Cryptography and Network Security 1 Notice This lecture note (Cryptography and Network Security) is prepared
More informationSeminar Computer Security
Seminar Computer Security DoS/DDoS attacks and botnets Hannes Korte Overview Introduction What is a Denial of Service attack? The distributed version The attacker's motivation Basics Bots and botnets Example
More informationDenial Of Service. Types of attacks
Denial Of Service The goal of a denial of service attack is to deny legitimate users access to a particular resource. An incident is considered an attack if a malicious user intentionally disrupts service
More informationAgenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka
Taxonomy of Botnet Threats Trend Micro Inc. Presented by Tushar Ranka Agenda Summary Background Taxonomy Attacking Behavior Command & Control Rallying Mechanisms Communication Protocols Evasion Techniques
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 2 Systems Threats and Risks
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 2 Systems Threats and Risks Objectives Describe the different types of software-based attacks List types of hardware attacks Define
More informationSY0-201. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.
system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. From a high-level standpoint, attacks on computer systems and networks can be grouped
More informationDos & DDoS Attack Signatures (note supplied by Steve Tonkovich of CAPTUS NETWORKS)
Dos & DDoS Attack Signatures (note supplied by Steve Tonkovich of CAPTUS NETWORKS) Signature based IDS systems use these fingerprints to verify that an attack is taking place. The problem with this method
More informationFirewalls and Intrusion Detection
Firewalls and Intrusion Detection What is a Firewall? A computer system between the internal network and the rest of the Internet A single computer or a set of computers that cooperate to perform the firewall
More informationE-BUSINESS THREATS AND SOLUTIONS
E-BUSINESS THREATS AND SOLUTIONS E-BUSINESS THREATS AND SOLUTIONS E-business has forever revolutionized the way business is done. Retail has now a long way from the days of physical transactions that were
More informationDistributed Denial of Service (DDoS)
Distributed Denial of Service (DDoS) Defending against Flooding-Based DDoS Attacks: A Tutorial Rocky K. C. Chang Presented by Adwait Belsare (adwait@wpi.edu) Suvesh Pratapa (suveshp@wpi.edu) Modified by
More informationDenial of Service (DoS)
Intrusion Detection, Denial of Service (DoS) Prepared By:Murad M. Ali Supervised By: Dr. Lo'ai Tawalbeh New York Institute of Technology (NYIT), Amman s campus-2006 Denial of Service (DoS) What is DoS
More informationHow To Classify A Dnet Attack
Analysis of Computer Network Attacks Nenad Stojanovski 1, Marjan Gusev 2 1 Bul. AVNOJ 88-1/6, 1000 Skopje, Macedonia Nenad.stojanovski@gmail.com 2 Faculty of Natural Sciences and Mathematics, Ss. Cyril
More informationSECURING APACHE : DOS & DDOS ATTACKS - I
SECURING APACHE : DOS & DDOS ATTACKS - I In this part of the series, we focus on DoS/DDoS attacks, which have been among the major threats to Web servers since the beginning of the Web 2.0 era. Denial
More informationDenial of Service Attacks. Notes derived from Michael R. Grimaila s originals
Denial of Service Attacks Notes derived from Michael R. Grimaila s originals Denial Of Service The goal of a denial of service attack is to deny legitimate users access to a particular resource. An incident
More informationAnalysis on Some Defences against SYN-Flood Based Denial-of-Service Attacks
Analysis on Some Defences against SYN-Flood Based Denial-of-Service Attacks Sau Fan LEE (ID: 3484135) Computer Science Department, University of Auckland Email: slee283@ec.auckland.ac.nz Abstract A denial-of-service
More informationSecurity: Attack and Defense
Security: Attack and Defense Aaron Hertz Carnegie Mellon University Outline! Breaking into hosts! DOS Attacks! Firewalls and other tools 15-441 Computer Networks Spring 2003 Breaking Into Hosts! Guessing
More informationCHAPTER 1 DISTRIBUTED DENIAL OF SERVICE
1 CHAPTER 1 DISTRIBUTED DENIAL OF SERVICE 1.1 INTRODUCTION Internet has become the infrastructure of the modern society. The Internet architecture focuses on functionality and not the security. Inexperienced
More informationDDoS Protection Technology White Paper
DDoS Protection Technology White Paper Keywords: DDoS attack, DDoS protection, traffic learning, threshold adjustment, detection and protection Abstract: This white paper describes the classification of
More informationAnnouncements. No question session this week
Announcements No question session this week Stretch break DoS attacks In Feb. 2000, Yahoo s router kept crashing - Engineers had problems with it before, but this was worse - Turned out they were being
More informationCS5008: Internet Computing
CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is
More informationDefending against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial
Defending against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial Rocky K. C. Chang The Hong Kong Polytechnic University Presented by Scott McLaren 1 Overview DDoS overview Types of attacks
More informationTIME SCHEDULE. 1 Introduction to Computer Security & Cryptography 13
COURSE TITLE : INFORMATION SECURITY COURSE CODE : 5136 COURSE CATEGORY : ELECTIVE PERIODS/WEEK : 4 PERIODS/SEMESTER : 52 CREDITS : 4 TIME SCHEDULE MODULE TOPICS PERIODS 1 Introduction to Computer Security
More informationImplementing Secure Converged Wide Area Networks (ISCW)
Implementing Secure Converged Wide Area Networks (ISCW) 1 Mitigating Threats and Attacks with Access Lists Lesson 7 Module 5 Cisco Device Hardening 2 Module Introduction The open nature of the Internet
More informationTECHNICAL NOTE 06/02 RESPONSE TO DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS
TECHNICAL NOTE 06/02 RESPONSE TO DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS 2002 This paper was previously published by the National Infrastructure Security Co-ordination Centre (NISCC) a predecessor
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationDenial of Service Attacks
(DoS) What Can be DoSed? First Internet DoS Attack The TCP State Diagram SYN Flooding Anti-Spoofing Better Data Structures Attacking Compact Data Structures Generic Solution SYN Cookies It s Not Perfect
More informationAbstract. Introduction. Section I. What is Denial of Service Attack?
Abstract In this report, I am describing the main types of DoS attacks and their effect on computer and network environment. This report will form the basis of my forthcoming report which will discuss
More informationACS-3921/4921-050 Computer Security And Privacy. Lecture Note 5 October 7 th 2015 Chapter 5 Database and Cloud Security
ACS-3921/4921-050 Computer Security And Privacy Lecture Note 5 October 7 th 2015 Chapter 5 Database and Cloud Security ACS-3921/4921-050 Slides Used In The Course A note on the use of these slides: These
More informationDoS/DDoS Attacks and Protection on VoIP/UC
DoS/DDoS Attacks and Protection on VoIP/UC Presented by: Sipera Systems Agenda What are DoS and DDoS Attacks? VoIP/UC is different Impact of DoS attacks on VoIP Protection techniques 2 UC Security Requirements
More informationDistributed Denial of Service(DDoS) Attack Techniques and Prevention on Cloud Environment
Distributed Denial of Service(DDoS) Attack Techniques and Prevention on Cloud Environment Keyur Chauhan 1,Vivek Prasad 2 1 Student, Institute of Technology, Nirma University (India) 2 Assistant Professor,
More informationco Characterizing and Tracing Packet Floods Using Cisco R
co Characterizing and Tracing Packet Floods Using Cisco R Table of Contents Characterizing and Tracing Packet Floods Using Cisco Routers...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1
More informationGuide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst
INTEGRATED INTELLIGENCE CENTER Technical White Paper William F. Pelgrin, CIS President and CEO Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst This Center for Internet Security
More informationGaurav Gupta CMSC 681
Gaurav Gupta CMSC 681 Abstract A distributed denial-of-service (DDoS) attack is one in which a multitude of compromised systems attack a single target, thereby causing Denial of Service for users of the
More informationDenial of Service. Tom Chen SMU tchen@engr.smu.edu
Denial of Service Tom Chen SMU tchen@engr.smu.edu Outline Introduction Basics of DoS Distributed DoS (DDoS) Defenses Tracing Attacks TC/BUPT/8704 SMU Engineering p. 2 Introduction What is DoS? 4 types
More informationBotnets. Botnets and Spam. Joining the IRC Channel. Command and Control. Tadayoshi Kohno
CSE 490K Lecture 14 Botnets and Spam Tadayoshi Kohno Some slides based on Vitaly Shmatikov s Botnets! Botnet = network of autonomous programs capable of acting on instructions Typically a large (up to
More informationFirewalls, Tunnels, and Network Intrusion Detection. Firewalls
Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.
More informationWHITE PAPER. FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems
WHITE PAPER FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems Abstract: Denial of Service (DoS) attacks have been a part of the internet landscape for
More informationOverview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP
Overview Securing TCP/IP Chapter 6 TCP/IP Open Systems Interconnection Model Anatomy of a Packet Internet Protocol Security (IPSec) Web Security (HTTP over TLS, Secure-HTTP) Lecturer: Pei-yih Ting 1 2
More informationNetwork Incident Report
To submit copies of this form via facsimile, please FAX to 202-406-9233. Network Incident Report United States Secret Service Financial Crimes Division Electronic Crimes Branch Telephone: 202-406-5850
More informationUsing SYN Flood Protection in SonicOS Enhanced
SonicOS Using SYN Flood Protection in SonicOS Enhanced Introduction This TechNote will describe SYN Flood protection can be activated on SonicWALL security appliance to protect internal networks. It will
More informationCS 356 Lecture 9 Malicious Code. Spring 2013
CS 356 Lecture 9 Malicious Code Spring 2013 Review Chapter 1: Basic Concepts and Terminology Integrity, Confidentiality, Availability, Authentication, and Accountability Types of threats: active vs. passive,
More informationAttack and Defense Techniques
Network Security Attack and Defense Techniques Anna Sperotto, Ramin Sadre Design and Analysis of Communication Networks (DACS) University of Twente The Netherlands Attack Taxonomy Many different kind of
More informationCSCI 4250/6250 Fall 2015 Computer and Networks Security
CSCI 4250/6250 Fall 2015 Computer and Networks Security Network Security Goodrich, Chapter 5-6 Tunnels } The contents of TCP packets are not normally encrypted, so if someone is eavesdropping on a TCP
More informationSurvey on DDoS Attack in Cloud Environment
Available online at www.ijiere.com International Journal of Innovative and Emerging Research in Engineering e-issn: 2394-3343 p-issn: 2394-5494 Survey on DDoS in Cloud Environment Kirtesh Agrawal and Nikita
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Part 1: Firewall as a Technique to create a virtual security wall separating your organization from the wild west of the public internet 2 1 Firewalls
More informationSurvey on DDoS Attack Detection and Prevention in Cloud
Survey on DDoS Detection and Prevention in Cloud Patel Ankita Fenil Khatiwala Computer Department, Uka Tarsadia University, Bardoli, Surat, Gujrat Abstract: Cloud is becoming a dominant computing platform
More informationCS 640 Introduction to Computer Networks. Network security (continued) Key Distribution a first step. Lecture24
Introduction to Computer Networks Lecture24 Network security (continued) Key distribution Secure Shell Overview Authentication Practical issues Firewalls Denial of Service Attacks Definition Examples Key
More informationAcquia Cloud Edge Protect Powered by CloudFlare
Acquia Cloud Edge Protect Powered by CloudFlare Denial-of-service (DoS) Attacks Are on the Rise and Have Evolved into Complex and Overwhelming Security Challenges TECHNICAL GUIDE TABLE OF CONTENTS Introduction....
More informationCloudFlare advanced DDoS protection
CloudFlare advanced DDoS protection Denial-of-service (DoS) attacks are on the rise and have evolved into complex and overwhelming security challenges. 1 888 99 FLARE enterprise@cloudflare.com www.cloudflare.com
More informationDDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest
DDoS Attacks: The Latest Threat to Availability Dr. Bill Highleyman Managing Editor Availability Digest The Anatomy of a DDoS Attack Sombers Associates, Inc. 2013 2 What is a Distributed Denial of Service
More informationModern Denial of Service Protection
Modern Denial of Service Protection What is a Denial of Service Attack? A Denial of Service (DoS) attack is generally defined as a network-based attack that disables one or more resources, such as a network
More informationClient Server Registration Protocol
Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are
More information20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7
20-CS-6053-00X Network Security Spring, 2014 An Introduction To Network Security Week 1 January 7 Attacks Criminal: fraud, scams, destruction; IP, ID, brand theft Privacy: surveillance, databases, traffic
More informationHow To Stop A Ddos Attack On A Website From Being Successful
White paper Combating DoS/DDoS Attacks Using Cyberoam Eliminating the DDoS Threat by Discouraging the Spread of Botnets www.cyberoam.com Introduction Denial of Service (DoS) and Distributed Denial of Service
More informationFIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design Learning Objectives Identify common misconceptions about firewalls Explain why a firewall
More informationStrategies to Protect Against Distributed Denial of Service (DD
Strategies to Protect Against Distributed Denial of Service (DD Table of Contents Strategies to Protect Against Distributed Denial of Service (DDoS) Attacks...1 Introduction...1 Understanding the Basics
More informationBarracuda Intrusion Detection and Prevention System
Providing complete and comprehensive real-time network protection Today s networks are constantly under attack by an ever growing number of emerging exploits and attackers using advanced evasion techniques
More informationStrategies to Protect Against Distributed Denial of Service (DDoS) Attacks
Strategies to Protect Against Distributed Denial of Service (DDoS) Attacks Document ID: 13634 Contents Introduction Understanding the Basics of DDoS Attacks Characteristics of Common Programs Used to Facilitate
More informationHow To Understand A Network Attack
Network Security Attack and Defense Techniques Anna Sperotto (with material from Ramin Sadre) Design and Analysis of Communication Networks (DACS) University of Twente The Netherlands Attacks! Many different
More informationSecurity Engineering Part III Network Security. Intruders, Malware, Firewalls, and IDSs
Security Engineering Part III Network Security Intruders, Malware, Firewalls, and IDSs Juan E. Tapiador jestevez@inf.uc3m.es Department of Computer Science, UC3M Security Engineering 4th year BSc in Computer
More informationVALIDATING DDoS THREAT PROTECTION
VALIDATING DDoS THREAT PROTECTION Ensure your DDoS Solution Works in Real-World Conditions WHITE PAPER Executive Summary This white paper is for security and networking professionals who are looking to
More informationMALICIOUS SOFTWARE CHAPTER 21-1. 21.1 Types Of Malicious Software. Backdoor Logic Bomb Trojan Horses Mobile Code Multiple-Threat Malware. 21.
CHAPTER MALICIOUS SOFTWARE 21.1 Types Of Malicious Software 21.2 Viruses Backdoor Logic Bomb Trojan Horses Mobile Code Multiple-Threat Malware The Nature of Viruses Viruses Classification Virus Kits Macro
More informationTopics. Virus Protection and Intrusion Detection. What is a Virus? Three related ideas
Virus Protection and Intrusion Detection John Mitchell Topics u Trojans, worms, and viruses u Virus protection Virus scanning methods u Detecting system compromise Tripwire u Detecting system and network
More informationA COMPREHENSIVE STUDY OF DDOS ATTACKS AND DEFENSE MECHANISMS
, pp-29-33 Available online at http://www.bioinfo.in/contents.php?id=55 A COMPREHENSIVE STUDY OF DDOS ATTACKS AND DEFENSE MECHANISMS SHUCHI JUYAL 1 AND RADHIKA PRABHAKAR 2 Department of Computer Application,
More information2. From a control perspective, the PRIMARY objective of classifying information assets is to:
MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected
More informationComputer Security Threats
Computer Security Threats Based on the content of Chapter 14 Operating Systems: Internals and Design Principles, 6/E William Stallings Sistemi di Calcolo (II semestre), Roberto Baldoni Sensitive economic
More informationOutline. CSc 466/566. Computer Security. 18 : Network Security Introduction. Network Topology. Network Topology. Christian Collberg
Outline Network Topology CSc 466/566 Computer Security 18 : Network Security Introduction Version: 2012/05/03 13:59:29 Department of Computer Science University of Arizona collberg@gmail.com Copyright
More informationDDos. Distributed Denial of Service Attacks. by Mark Schuchter
DDos Distributed Denial of Service Attacks by Mark Schuchter Overview Introduction Why? Timeline How? Typical attack (UNIX) Typical attack (Windows) Introduction limited and consumable resources (memory,
More informationIntroduction of Intrusion Detection Systems
Introduction of Intrusion Detection Systems Why IDS? Inspects all inbound and outbound network activity and identifies a network or system attack from someone attempting to compromise a system. Detection:
More informationSecure Software Programming and Vulnerability Analysis
Secure Software Programming and Vulnerability Analysis Christopher Kruegel chris@auto.tuwien.ac.at http://www.auto.tuwien.ac.at/~chris Operations and Denial of Service Secure Software Programming 2 Overview
More informationSurviving DNS DDoS Attacks. Introducing self-protecting servers
Introducing self-protecting servers Background The current DNS environment is subject to a variety of distributed denial of service (DDoS) attacks, including reflected floods, amplification attacks, TCP
More informationTaxonomies of Distributed Denial of Service Networks, Attacks, Tools, and Countermeasures
Taxonomies of Distributed Denial of Service Networks, s, Tools, and Countermeasures Stephen Specht Ruby Lee sspecht@princeton.edu rblee@princeton.edu Department of Electrical Engineering Princeton Architecture
More informationDenial of Service Attacks, What They are and How to Combat Them
Denial of Service Attacks, What They are and How to Combat Them John P. Pironti, CISSP Genuity, Inc. Principal Enterprise Solutions Architect Principal Security Consultant Version 1.0 November 12, 2001
More informationComputer Networks & Computer Security
Computer Networks & Computer Security Software Engineering 4C03 Project Report Hackers: Detection and Prevention Prof.: Dr. Kartik Krishnan Due Date: March 29 th, 2004 Modified: April 7 th, 2004 Std Name:
More informationApplication Security Backgrounder
Essential Intrusion Prevention System (IPS) & DoS Protection Knowledge for IT Managers October 2006 North America Radware Inc. 575 Corporate Dr., Lobby 1 Mahwah, NJ 07430 Tel: (888) 234-5763 International
More informationIDS / IPS. James E. Thiel S.W.A.T.
IDS / IPS An introduction to intrusion detection and intrusion prevention systems James E. Thiel January 14, 2005 S.W.A.T. Drexel University Overview Intrusion Detection Purpose Types Detection Methods
More informationA1.1.1.11.1.1.2 1.1.1.3S B
CS Computer 640: Network AdityaAkella Lecture Introduction Networks Security 25 to Security DoS Firewalls and The D-DoS Vulnerabilities Road Ahead Security Attacks Protocol IP ICMP Routing TCP Security
More informationDetecting peer-to-peer botnets
Detecting peer-to-peer botnets Reinier Schoof & Ralph Koning System and Network Engineering University of Amsterdam mail: reinier.schoof@os3.nl, ralph.koning@os3.nl February 4, 2007 1 Introduction Spam,
More informationProject 4: (E)DoS Attacks
Project4 EDoS Instructions 1 Project 4: (E)DoS Attacks Secure Systems and Applications 2009 Ben Smeets (C) Dept. of Electrical and Information Technology, Lund University, Sweden Introduction A particular
More informationDenial of Service attacks: analysis and countermeasures. Marek Ostaszewski
Denial of Service attacks: analysis and countermeasures Marek Ostaszewski DoS - Introduction Denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended
More informationDistributed Denial of Service Attack Tools
Distributed Denial of Service Attack Tools Introduction: Distributed Denial of Service Attack Tools Internet Security Systems (ISS) has identified a number of distributed denial of service tools readily
More informationInternet Firewall CSIS 4222. Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS 4222. net15 1. Routers can implement packet filtering
Internet Firewall CSIS 4222 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 27: Internet Routing Ch 30: Packet filtering & firewalls
More informationChapter 8 Security Pt 2
Chapter 8 Security Pt 2 IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross,
More informationCYBER ATTACKS EXPLAINED: PACKET CRAFTING
CYBER ATTACKS EXPLAINED: PACKET CRAFTING Protect your FOSS-based IT infrastructure from packet crafting by learning more about it. In the previous articles in this series, we explored common infrastructure
More informationCSCE 465 Computer & Network Security
CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Vulnerability Analysis 1 Roadmap Why vulnerability analysis? Example: TCP/IP related vulnerabilities
More informationName: 1. CSE331: Introduction to Networks and Security Fall 2003 Dec. 12, 2003 1 /14 2 /16 3 /16 4 /10 5 /14 6 /5 7 /5 8 /20 9 /35.
Name: 1 CSE331: Introduction to Networks and Security Final Fall 2003 Dec. 12, 2003 1 /14 2 /16 3 /16 4 /10 5 /14 6 /5 7 /5 8 /20 9 /35 Total /135 Do not begin the exam until you are told to do so. You
More informationNetwork Security. Chapter 9. Attack prevention, detection and response. Attack Prevention. Part I: Attack Prevention
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Part I: Attack Prevention Network Security Chapter 9 Attack prevention, detection and response Part Part I:
More informationSecurity Toolsets for ISP Defense
Security Toolsets for ISP Defense Backbone Practices Authored by Timothy A Battles (AT&T IP Network Security) What s our goal? To provide protection against anomalous traffic for our network and it s customers.
More information1. Firewall Configuration
1. Firewall Configuration A firewall is a method of implementing common as well as user defined security policies in an effort to keep intruders out. Firewalls work by analyzing and filtering out IP packets
More information