Special Topic: TCP Session Hijacking
|
|
- Baldwin Walsh
- 7 years ago
- Views:
Transcription
1 Special Topic: TCP Session Hijacking Prof. Yinqian Zhang The Ohio State University Copyright Prof. Zhiyun Qian, UC Riverside
2 2 Outline TCP Attacks Off-path TCP sequence number prediction Off-path TCP sequence number inference Firewall-middlebox-enabled attacks Host-based attacks
3 3 Common Threat Models in Networks (targeting confidentiality and integrity) Eavesdropper Read (and at most Insert) Man-in-the-middle (MITM) On the communication path (compromised router) Arbitrary Read/Write capability (modify, drop, etc.) Off-Path attacker (no read capability)
4 4 Eavesdropper Capability: Read + Insert Examples Open wifi networks, e.g., Coffee shop Walkie-talkie Ethernet hub network
5 5 MITM Capability: Read + Write (Drop, Modify, Insert) Examples Compromising a router Route Hijacking IP redirection (e.g., DNS poisoning)
6 6 Attacks against Applications over TCP Assuming read + write (e.g., insert) capability HTTP Phishing, cookie stealing (impersonation) Telnet Inject commands (like a remote shell) Instant Messenger Social engineering (fake messages)
7 7 TCP Sequence Numbers Sequence number (32 bits) has a dual role: If the SYN flag is set, then this is the initial sequence number. The sequence number of the actual first data byte is this sequence number plus 1. If the SYN flag is clear, then this is the accumulated sequence number of the first data byte of this packet for the current session. Acknowledgment number (32 bits) If the ACK flag is set then this the next sequence number that the receiver is expecting. This acknowledges receipt of all prior bytes (if any).
8 8 TCP Handshake C S SYN (seq=x) Listening Store data SYN ACK (ack=x+1 seq=y) Wait ACK (ack=y+1,seq=x+1) Connected
9 9 TCP sequence prediction attack Predict the sequence number used to identify the packets in a TCP connection, and then counterfeit packets. Naively, success prob. is 1/2 32 (32-bit seq. # s). Most systems allow for a large window of acceptable seq. # s Much higher success probability. Adversary: do not have full control over the network, but can inject packets with fake source IP addresses E.g., control a computer on the local network TCP sequence numbers are used for authenticating packets Initial seq# needs high degree of unpredictability If attacker knows initial seq # and amount of traffic sent, can estimate likely current values Some implementations are vulnerable
10 10 Risks from Session Hijacking Inject data into an unencrypted server-to-server traffic, such as an exchange, DNS zone transfers, etc. Inject data into an unencrypted client-to-server traffic, such as ftp file downloads, http responses. Spoof IP addresses, which are often used for preliminary checks on firewalls or at the service level. Carry out MITM attacks on weak cryptographic protocols. often result in warnings to users that get ignored Denial of service attacks, such as resetting the connection.
11 11 Off-Path Attacker Capability: Insert Advantage: Low requirement Challenge: hard to know the attack timing Let s attack enemy Let s retreat (???)
12 Ini*al TCP sequence number Three-way handshake (challenge-response) SYN Seq=X, Ack = 0 Remembers X SYN-ACK Seq=Y, Ack = X+1 Checks Ack=X+1 Remembers Y ACK Seq=X+1, Ack = Y+1 Checks Ack=Y+1
13 TCP sequence number war *meline Predictable initial seq num Morris Bellovin Still vulnerable Zalewsky Windows attack (hours to finish) klm 99% of TCP connections lasts < 60s [Qian09] Mitnik Real exploit Watson BGP DoS 1. Firewall-enabled 2. Linux/FreeBSD/Mac
14 14 Outline TCP Attacks NEXT Off-path TCP sequence number prediction Off-path TCP sequence number inference Firewall-middlebox-enabled attacks Host-based attacks
15 Ini*al TCP sequence number (ISN) predic*on 15 Predicting server s ISN to setup connections spoofing a trusted host s IP address SYN(ISN x ), SRC=T SYN(ISN s ), ACK(ISN x ) Intruder X ACK(ISN s ), SRC=T ACK(ISN s ), SRC=T Serve r Host T
16 16 How to predict the random ISN? Well, they are not so random in the early days The ISN is incremented by a constant amount for fixed time interval (e.g., second) Later ISN is incremented by a random amount for fixed time interval
17 17 Defense to ISN prediction? Long story short, ISNs today are randomized so it won t be possible to predict it anymore Still not fully randomized due to backwardcompatibility reasons But secure enough to defeat prediction
18 18 Outline TCP Attacks Off-path TCP sequence number prediction NEXT Off-path TCP sequence number inference Firewall-middlebox-enabled attacks Host-based attacks
19 19 Threat model and problem formula*on Seq =? Unprivileged malware + off-path attackers Attack goal Know when a victim app initiates a connection with a server (e.g., facebook) Inferring sequence number of the server so attacker can write into connections owned by other apps (e.g., a phishing facebook login page)
20 20 TCP sequence number inference a?ack Seq =? Required information Target four tuples (srcip, dstip, srcport, dstport) Sequence number How? Unprivileged malware is isolated from other apps
21 21 Req 1 Obtaining target four tuples On-site unprivileged malware netstat (no root required) Four-tuple query netstat -nn Active Internet connections NAT boxes leak active four-tuple info Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp CLOSE_WAIT Initiate fake connections tcp CLOSE_WAIT tcp CLOSE_WAIT tcp LAST_ACK tcp LAST_ACK tcp LAST_ACK tcp LAST_ACK tcp ESTABLISHED
22 22 Req 2 Obtaining feedback of guesses Not correct! Correct! Seq = X Seq = Y Expecting seq Y Intuition: actively guess sequence numbers and observe feedbacks through unexpected channels
23 23 Outline TCP Attacks Off-path TCP sequence number prediction Off-path TCP sequence number inference Firewall-middlebox-enabled attacks Host-based attacks NEXT
24 24 Firewall Middleboxes Common in organizations (e.g., enterprise, universities) Intend to block unwanted/malicious traffic
25 25 TCP sequence- number- checking firewall Purpose: drop blindly injected packets Cut down resource waste Prevent feedback on sequence number guessing 33% of the 179 tested carriers deploy such firewalls Vendors: Checkpoint, Cisco, Juniper Could be used in other networks as well
26 26 Stateful firewall that tracks TCP sequence number Required information Target four tuples Feedback (if packets dropped by the firewall)
27 27 Side- channels Packet counter and IPID Host packet counter (e.g., # of incoming packets) netstat s or procfs Error counters particularly useful IPID from intermediate hops Error counter++ Error Header Error Header Seq Seq
28 28 Side- channels Packet counter and IPID netstat s Tcp: 3466 active connections openings passive connection openings connection resets received segments received segments send out segments retransmited 489 bad segments received resets sent TcpExt: ICMP packets dropped because they were out-of-window 9491 TCP sockets finished time wait in fast timer 1646 packets rejects in established connections because of timestamp
29 How counters leaks sequence number (example) Error counter++ Seq = 0 Seq = 2WIN Seq = 4WIN Seq = 2G Counter++
30 30 Efficient probing to extract sequence number 2G Error counter++ 4G
31 31 Efficient probing to extract sequence number 2G 4G
32 32 Efficient probing to extract sequence number 2G Error counter++ 4G Total # of packets required: 4G/2WIN Typically, WIN = 256K, 512K, 1M # of packets = (~300kbps) Time: 4 9 seconds
33 33 Outline TCP Attacks Off-path TCP sequence number prediction Off-path TCP sequence number inference Firewall-middlebox-enabled attacks Host-based attacks NEXT
34 34 TCP sequence number inference a?ack Without firewall
35 TCP sequence number checking leaks informa*on Packet checking sequence in Linux (and other OS) 35 Error check Error counter ++ Seq # check tcp_send_dupack() Ack # check Drop Additional checks Others Accept
36 Feedback channel: DelayedACKLost counter DelayedACKLost++ when a received packet with sequence number smaller than the expected sequence number if (TCP_SKB_CB(skb)- >end_seq!= TCP_SKB_CB(skb)- >seq && before(tcp_skb_cb(skb)- >seq, tp- >rcv_nxt)) { NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_DELAYEDACKLOST); } Since Linux (in 2002) static inline int before( u32 seq1, u32 seq2) { return ( s32)(seq1- seq2) < 0; } FreeBSD / Mac OS has similar counters
37 37 A new feedback channel 2G counter++ 4G Binary search 1 st iteration
38 38 Efficient probing to extract sequence number 2G 4G Binary search 2 nd iteration Total # of packets and iterations required: 32 Inference time: a few seconds
39 39 Efficient probing to extract sequence number x3 Counter+=1 x1 x2 4-way search 1 st iteration
40 40 Efficient probing to extract sequence number x3 x1 Counter+=3 x2 4-way search 1 st iteration
41 41 Efficient probing to extract sequence number x3 x1 x2 Counter+=2 4-way search 1 st iteration
42 42 Efficient probing to extract sequence number x3 Counter+=1 Counter+=4 x1 x2 Counter+=2 Counter+=5 4-way search 16 iterations (instead of 32) Total inference time: ~1s
TCP/IP Security Problems. History that still teaches
TCP/IP Security Problems History that still teaches 1 remote login without a password rsh and rcp were programs that allowed you to login from a remote site without a password The.rhosts file in your home
More informationCS5008: Internet Computing
CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is
More informationCSCE 465 Computer & Network Security
CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Vulnerability Analysis 1 Roadmap Why vulnerability analysis? Example: TCP/IP related vulnerabilities
More informationLinux Network Security
Linux Network Security Course ID SEC220 Course Description This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Host Security course. Protocols
More informationAttack Lab: Attacks on TCP/IP Protocols
Laboratory for Computer Security Education 1 Attack Lab: Attacks on TCP/IP Protocols Copyright c 2006-2010 Wenliang Du, Syracuse University. The development of this document is funded by the National Science
More informationOutline. CSc 466/566. Computer Security. 18 : Network Security Introduction. Network Topology. Network Topology. Christian Collberg
Outline Network Topology CSc 466/566 Computer Security 18 : Network Security Introduction Version: 2012/05/03 13:59:29 Department of Computer Science University of Arizona collberg@gmail.com Copyright
More informationSession Hijacking Exploiting TCP, UDP and HTTP Sessions
Session Hijacking Exploiting TCP, UDP and HTTP Sessions Shray Kapoor shray.kapoor@gmail.com Preface With the emerging fields in e-commerce, financial and identity information are at a higher risk of being
More informationA1.1.1.11.1.1.2 1.1.1.3S B
CS Computer 640: Network AdityaAkella Lecture Introduction Networks Security 25 to Security DoS Firewalls and The D-DoS Vulnerabilities Road Ahead Security Attacks Protocol IP ICMP Routing TCP Security
More informationFinal exam review, Fall 2005 FSU (CIS-5357) Network Security
Final exam review, Fall 2005 FSU (CIS-5357) Network Security Instructor: Breno de Medeiros 1. What is an insertion attack against a NIDS? Answer: An insertion attack against a network intrusion detection
More informationProject 4: (E)DoS Attacks
Project4 EDoS Instructions 1 Project 4: (E)DoS Attacks Secure Systems and Applications 2009 Ben Smeets (C) Dept. of Electrical and Information Technology, Lund University, Sweden Introduction A particular
More informationGeneral Network Security
4 CHAPTER FOUR General Network Security Objectives This chapter covers the following Cisco-specific objectives for the Identify security threats to a network and describe general methods to mitigate those
More informationCSE 127: Computer Security. Network Security. Kirill Levchenko
CSE 127: Computer Security Network Security Kirill Levchenko December 4, 2014 Network Security Original TCP/IP design: Trusted network and hosts Hosts and networks administered by mutually trusted parties
More informationSecurity: Attack and Defense
Security: Attack and Defense Aaron Hertz Carnegie Mellon University Outline! Breaking into hosts! DOS Attacks! Firewalls and other tools 15-441 Computer Networks Spring 2003 Breaking Into Hosts! Guessing
More informationDNS Cache-Poisoning: New Vulnerabilities and Implications, or: DNSSEC, the time has come!
DNS Cache-Poisoning: New Vulnerabilities and Implications, or: DNSSEC, the time has come! Amir Herzberg and Haya Shulman Dept. of Computer Science Bar Ilan University 8/1/2013 About us Bar Ilan University
More informationNetworks: IP and TCP. Internet Protocol
Networks: IP and TCP 11/1/2010 Networks: IP and TCP 1 Internet Protocol Connectionless Each packet is transported independently from other packets Unreliable Delivery on a best effort basis No acknowledgments
More informationA Very Incomplete Diagram of Network Attacks
A Very Incomplete Diagram of Network Attacks TCP/IP Stack Reconnaissance Spoofing Tamper DoS Internet Transport Application HTTP SMTP DNS TCP UDP IP ICMP Network/Link 1) HTML/JS files 2)Banner Grabbing
More informationChapter 8 Security Pt 2
Chapter 8 Security Pt 2 IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross,
More information20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7
20-CS-6053-00X Network Security Spring, 2014 An Introduction To Network Security Week 1 January 7 Attacks Criminal: fraud, scams, destruction; IP, ID, brand theft Privacy: surveillance, databases, traffic
More informationSecurity vulnerabilities in the Internet and possible solutions
Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in
More informationCS 640 Introduction to Computer Networks. Network security (continued) Key Distribution a first step. Lecture24
Introduction to Computer Networks Lecture24 Network security (continued) Key distribution Secure Shell Overview Authentication Practical issues Firewalls Denial of Service Attacks Definition Examples Key
More informationSY0-201. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.
system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. From a high-level standpoint, attacks on computer systems and networks can be grouped
More informationNetwork Security Fundamentals
APNIC elearning: Network Security Fundamentals 27 November 2013 04:30 pm Brisbane Time (GMT+10) Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security IPv6
More informationAPNIC elearning: Network Security Fundamentals. 20 March 2013 10:30 pm Brisbane Time (GMT+10)
APNIC elearning: Network Security Fundamentals 20 March 2013 10:30 pm Brisbane Time (GMT+10) Introduction Presenter/s Nurul Islam Roman Senior Training Specialist nurul@apnic.net Specialties: Routing &
More informationSolution of Exercise Sheet 5
Foundations of Cybersecurity (Winter 15/16) Prof. Dr. Michael Backes CISPA / Saarland University saarland university computer science Protocols = {????} Client Server IP Address =???? IP Address =????
More informationOff-Path TCP Exploits: Global Rate Limit Considered Dangerous
Off-Path TCP Exploits: Global Rate Limit Considered Dangerous Yue Cao, Zhiyun Qian, Zhongjie Wang, Tuan Dao, Srikanth V. Krishnamurthy, Lisa M. Marvel University of California, Riverside, US Army Research
More informationCMPT 471 Networking II
CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access
More informationNetwork Security. Mobin Javed. October 5, 2011
Network Security Mobin Javed October 5, 2011 In this class, we mainly had discussion on threat models w.r.t the class reading, BGP security and defenses against TCP connection hijacking attacks. 1 Takeaways
More informationDDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest
DDoS Attacks: The Latest Threat to Availability Dr. Bill Highleyman Managing Editor Availability Digest The Anatomy of a DDoS Attack Sombers Associates, Inc. 2013 2 What is a Distributed Denial of Service
More informationNetworking Attacks: Link-, IP-, and TCP-layer attacks. CS 161: Computer Security Prof. David Wagner
Networking Attacks: Link-, IP-, and TCP-layer attacks CS 161: Computer Security Prof. David Wagner February 28, 2013 General Communication Security Goals: CIA! Confidentiality: No one can read our data
More informationNetwork Security. Chapter 3. Cornelius Diekmann. Version: October 21, 2015. Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik
Network Security Chapter 3 Cornelius Diekmann Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik Version: October 21, 2015 IN2101, WS 15/16, Network Security 1 Security Policies and
More informationInternet Firewall CSIS 4222. Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS 4222. net15 1. Routers can implement packet filtering
Internet Firewall CSIS 4222 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 27: Internet Routing Ch 30: Packet filtering & firewalls
More informationFlashback: Internet design goals. Security Part Two: Attacks and Countermeasures. Security Vulnerabilities. Why did they leave it out?
Flashback: Internet design goals Security Part Two: Attacks and Countermeasures 1. Interconnection 2. Failure resilience 3. Multiple types of service 4. Variety of networks 5. Management of resources 6.
More informationTransport Layer Protocols
Transport Layer Protocols Version. Transport layer performs two main tasks for the application layer by using the network layer. It provides end to end communication between two applications, and implements
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationFirewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015)
s (March 4, 2015) Abdou Illia Spring 2015 Test your knowledge Which of the following is true about firewalls? a) A firewall is a hardware device b) A firewall is a software program c) s could be hardware
More informationCourse Content: Session 1. Ethics & Hacking
Course Content: Session 1 Ethics & Hacking Hacking history : How it all begin Why is security needed? What is ethical hacking? Ethical Hacker Vs Malicious hacker Types of Hackers Building an approach for
More informationFirewall Design Principles Firewall Characteristics Types of Firewalls
Firewall Design Principles Firewall Characteristics Types of Firewalls Special Thanks to our friends at The Blekinge Institute of Technology, Sweden for providing the basis for these slides. Fall 2008
More informationCIT 380: Securing Computer Systems
CIT 380: Securing Computer Systems Scanning CIT 380: Securing Computer Systems Slide #1 Topics 1. Port Scanning 2. Stealth Scanning 3. Version Identification 4. OS Fingerprinting 5. Vulnerability Scanning
More informationFirewalls. Basic Firewall Concept. Why firewalls? Firewall goals. Two Separable Topics. Firewall Design & Architecture Issues
CS 155 May 20, 2004 Firewalls Basic Firewall Concept Separate local area net from internet Firewall John Mitchell Credit: some text, illustrations from Simon Cooper Router All packets between LAN and internet
More informationProtocol Rollback and Network Security
CSE 484 / CSE M 584 (Spring 2012) Protocol Rollback and Network Security Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee,
More informationThis sequence diagram was generated with EventStudio System Designer (http://www.eventhelix.com/eventstudio).
This sequence diagram was generated with EventStudio System Designer (http://www.eventhelix.com/eventstudio). Here we explore the sequence of interactions in a typical FTP (File Transfer Protocol) session.
More informationCS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module
CS 665: Computer System Security Network Security Bojan Cukic Lane Department of Computer Science and Electrical Engineering West Virginia University 1 Usage environment Anonymity Automation, minimal human
More information1. Firewall Configuration
1. Firewall Configuration A firewall is a method of implementing common as well as user defined security policies in an effort to keep intruders out. Firewalls work by analyzing and filtering out IP packets
More informationTELE 301 Network Management. Lecture 16: Remote Terminal Services
TELE 301 Network Management Lecture 16: Remote Terminal Services Haibo Zhang Computer Science, University of Otago TELE301 Lecture 16: Remote Terminal Services 1 Today s Focus Remote Terminal Services
More informationUsing SYN Flood Protection in SonicOS Enhanced
SonicOS Using SYN Flood Protection in SonicOS Enhanced Introduction This TechNote will describe SYN Flood protection can be activated on SonicWALL security appliance to protect internal networks. It will
More informationIntroduction to Firewalls Open Source Security Tools for Information Technology Professionals
Introduction to Firewalls Open Source Security Tools for Information Technology Professionals School of Professional Studies (SPS) The City University of New York (CUNY) Aron Trauring Adjunct Professor
More informationWorkshop on Network Traffic Capturing and Analysis IITG, DIT, CERT-In, C-DAC. Host based Analysis. {Himanshu Pareek, himanshup@cdac.
Workshop on Network Traffic Capturing and Analysis IITG, DIT, CERT-In, C-DAC Host based Analysis {Himanshu Pareek, himanshup@cdac.in} {C-DAC Hyderabad, www.cdachyd.in} 1 Reference to previous lecture Bots
More informationPort Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology
Port Scanning and Vulnerability Assessment ECE4893 Internetwork Security Georgia Institute of Technology Agenda Reconnaissance Scanning Network Mapping OS detection Vulnerability assessment Reconnaissance
More informationHost Fingerprinting and Firewalking With hping
Host Fingerprinting and Firewalking With hping Naveed Afzal National University Of Computer and Emerging Sciences, Lahore, Pakistan Email: 1608@nu.edu.pk Naveedafzal gmail.com Abstract: The purpose
More informationOLD VULNERABILITIES IN NEW PROTOCOLS? HEADACHES ABOUT IPV6 FRAGMENTS
OLD VULNERABILITIES IN NEW PROTOCOLS? HEADACHES ABOUT IPV6 FRAGMENTS Eric Vyncke (@evyncke) Cisco Session ID: ARCH W01 Session Classification: Advanced Agenda Status of WorldWide IPv6 Deployment IPv6 refresher:
More informationChapter 8 Phase3: Gaining Access Using Network Attacks
Chapter 8 Phase3: Gaining Access Using Network Attacks Tools used in Network Attacks Sniffing Spoofing Session hijacking Netcat Sniffer Allows attacker to see everything sent across the network, including
More informationAn Untold Story of Middleboxes in Cellular Networks
An Untold Story of Middleboxes in Cellular Networks Zhaoguang Wang 1 Zhiyun Qian 1, Qiang Xu 1, Z. Morley Mao 1, Ming Zhang 2 1 University of Michigan 2 Microsoft Research Background on cellular network
More informationWLAN Attacks. Wireless LAN Attacks and Protection Tools. (Section 3 contd.) Traffic Analysis. Passive Attacks. War Driving. War Driving contd.
Wireless LAN Attacks and Protection Tools (Section 3 contd.) WLAN Attacks Passive Attack unauthorised party gains access to a network and does not modify any resources on the network Active Attack unauthorised
More informationTCP/IP Attack Lab. 1 Lab Overview. 2 Lab Environment. 2.1 Environment Setup. SEED Labs TCP/IP Attack Lab 1
SEED Labs TCP/IP Attack Lab 1 TCP/IP Attack Lab Copyright c 2006-2016 Wenliang Du, Syracuse University. The development of this document was partially funded by the National Science Foundation under Award
More informationFirewalls. Chapter 3
Firewalls Chapter 3 1 Border Firewall Passed Packet (Ingress) Passed Packet (Egress) Attack Packet Hardened Client PC Internet (Not Trusted) Hardened Server Dropped Packet (Ingress) Log File Internet Border
More informationDefending Computer Networks Lecture 6: TCP and Scanning. Stuart Staniford Adjunct Professor of Computer Science
Defending Computer Networks Lecture 6: TCP and Scanning Stuart Staniford Adjunct Professor of Computer Science Logis;cs HW1 due tomorrow First quiz will be Tuesday September 23 rd. Half hour quiz at start
More informationIntroduction to Computer Security
Introduction to Computer Security Network Security Pavel Laskov Wilhelm Schickard Institute for Computer Science Circuit switching vs. packet switching OSI and TCP/IP layered models TCP/IP encapsulation
More informationOverview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP
Overview Securing TCP/IP Chapter 6 TCP/IP Open Systems Interconnection Model Anatomy of a Packet Internet Protocol Security (IPSec) Web Security (HTTP over TLS, Secure-HTTP) Lecturer: Pei-yih Ting 1 2
More informationTopics in Network Security
Topics in Network Security Jem Berkes MASc. ECE, University of Waterloo B.Sc. ECE, University of Manitoba www.berkes.ca February, 2009 Ver. 2 In this presentation Wi-Fi security (802.11) Protecting insecure
More informationDenial of Service Attacks
2 Denial of Service Attacks : IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 13 August 2013 its335y13s2l06, Steve/Courses/2013/s2/its335/lectures/malicious.tex,
More informationCourse Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.
Course Name: TCP/IP Networking Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network. TCP/IP is the globally accepted group of protocols
More informationIntroduction to Computer Security
Introduction to Computer Security Network Security Pavel Laskov Wilhelm Schickard Institute for Computer Science Circuit switching vs. packet switching OSI and TCP/IP layered models TCP/IP encapsulation
More informationGuide to Network Defense and Countermeasures Third Edition. Chapter 2 TCP/IP
Guide to Network Defense and Countermeasures Third Edition Chapter 2 TCP/IP Objectives Explain the fundamentals of TCP/IP networking Describe IPv4 packet structure and explain packet fragmentation Describe
More informationAttacks and Defense. Phase 1: Reconnaissance
Attacks and Defense Phase 1: Reconnaissance Phase 2: Port Scanning Phase 3: Gaining Access Using Application and Operating System Using Networks Phase 1: Reconnaissance Known as information gathering.
More informationChapter 7 Protecting Against Denial of Service Attacks
Chapter 7 Protecting Against Denial of Service Attacks In a Denial of Service (DoS) attack, a Routing Switch is flooded with useless packets, hindering normal operation. HP devices include measures for
More informationNetwork Security. Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT)
Network Security ICMP, TCP, DNS, Scanning Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT) Agenda A couple of examples of network protocols that
More informationHands-on Network Traffic Analysis. 2015 Cyber Defense Boot Camp
Hands-on Network Traffic Analysis 2015 Cyber Defense Boot Camp What is this about? Prerequisite: network packet & packet analyzer: (header, data) Enveloped letters inside another envelope Exercises Basic
More informationCS155: Computer and Network Security
CS155: Computer and Network Security Programming Project 3 Spring 2005 Shayan Guha sguha05@stanford.edu (with many slides borrowed from Matt Rubens) Project Overview 1) Use standard network monitoring
More informationNetwork Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion
Network Security Tampere Seminar 23rd October 2008 1 Copyright 2008 Hirschmann 2008 Hirschmann Automation and and Control GmbH. Contents Overview Switch Security Firewalls Conclusion 2 Copyright 2008 Hirschmann
More informationNetworking Security IP packet security
Networking Security IP packet security Networking Security IP packet security Copyright International Business Machines Corporation 1998,2000. All rights reserved. US Government Users Restricted Rights
More informationContent Distribution Networks (CDN)
229 Content Distribution Networks (CDNs) A content distribution network can be viewed as a global web replication. main idea: each replica is located in a different geographic area, rather then in the
More informationLayer Four Traceroute (and related tools) A modern, flexible path-discovery solution with advanced features for network (reverse) engineers
Layer Four Traceroute (and related tools) A modern, flexible path-discovery solution with advanced features for network (reverse) engineers So, what is path discovery and why is it important? Path discovery
More informationNetwork Concepts. IT 4823 Information Security Concepts and Administration. The Network Environment. Resilience. Network Topology. Transmission Media
IT 4823 Information Security Concepts and Administration March 17 Network Threats Notice: This session is being recorded. Happy 50 th, Vanguard II March 17, 1958 R.I.P. John Backus March 17, 2007 Copyright
More informationNetwork Security in Practice
Network Security in Practice Practices of Network Security ccess control: firewalls ttacks and counter measures Security protocol case studies Kai Shen 12/8/2014 CSC 257/457 - Fall 2014 1 12/8/2014 CSC
More informationFirewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall.
Firewalls 1 Firewalls Idea: separate local network from the Internet Trusted hosts and networks Firewall Intranet Router DMZ Demilitarized Zone: publicly accessible servers and networks 2 1 Castle and
More informationChapter 7 Transport-Level Security
Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell
More informationNetworking Test 4 Study Guide
Networking Test 4 Study Guide True/False Indicate whether the statement is true or false. 1. IPX/SPX is considered the protocol suite of the Internet, and it is the most widely used protocol suite in LANs.
More informationBlack Box Analysis and Attacks of Nortel VoIP Implementations
Black Box Analysis and Attacks of Nortel VoIP Implementations Richard Gowman, CISSP Eldon Sprickerhoff, CISSP CISA www.esentire.com Copyright 2007 esentire, Inc. Who we are... esentire, Inc. Based out
More informationNetwork Security. Chapter 9. Attack prevention, detection and response. Attack Prevention. Part I: Attack Prevention
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Part I: Attack Prevention Network Security Chapter 9 Attack prevention, detection and response Part Part I:
More informationVulnerabili3es and A7acks
IPv6 Security Vulnerabili3es and A7acks Inherent vulnerabili3es Less experience working with IPv6 New protocol stack implementa3ons Security devices such as Firewalls and IDSs have less support for IPv6
More informationThis Lecture. The Internet and Sockets. The Start 1969. If everyone just sends a small packet of data, they can all use the line at the same.
This Lecture The Internet and Sockets Computer Security Tom Chothia How the Internet works. Some History TCP/IP Some useful network tools: Nmap, WireShark Some common attacks: The attacker controls the
More informationN-CAP Users Guide Everything You Need to Know About Using the Internet! How Firewalls Work
N-CAP Users Guide Everything You Need to Know About Using the Internet! How Firewalls Work How Firewalls Work By: Jeff Tyson If you have been using the internet for any length of time, and especially if
More informationNetwork and Services Discovery
A quick theorical introduction to network scanning January 8, 2016 Disclaimer/Intro Disclaimer/Intro Network scanning is not exact science When an information system is able to interact over the network
More informationSecurity Technology White Paper
Security Technology White Paper Issue 01 Date 2012-10-30 HUAWEI TECHNOLOGIES CO., LTD. 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without
More informationFirewall Introduction Several Types of Firewall. Cisco PIX Firewall
Firewall Introduction Several Types of Firewall. Cisco PIX Firewall What is a Firewall? Non-computer industries: a wall that controls the spreading of a fire. Networks: a designed device that controls
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Part 1: Firewall as a Technique to create a virtual security wall separating your organization from the wild west of the public internet 2 1 Firewalls
More informationCYBER ATTACKS EXPLAINED: THE MAN IN THE MIDDLE
CYBER ATTACKS EXPLAINED: THE MAN IN THE MIDDLE Due to the encouraging feedback this series of articles has received, we decided to explore yet another type of cyber intrusionthe Man In The Middle (MITM)
More informationIgnoring the Great Firewall of China
An Overview of Ignoring the Great Firewall of China By: Matt Landau Original Paper: Ignoring the Great Firewall of China Richard Clayton, Steven J. Murdoch, and Robert N. M. Watson University of Cambridge,
More information1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained
home Network Vulnerabilities Detail Report Grouped by Vulnerability Report Generated by: Symantec NetRecon 3.5 Licensed to: X Serial Number: 0182037567 Machine Scanned from: ZEUS (192.168.1.100) Scan Date:
More informationCS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013
CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationRemote Network Analysis
Remote Network Analysis Torsten Hoefler htor@cs.tu-chemnitz.de (DMZ), mostly between two packet filters and application gateways. The different possibilities to connect DMZ-hosts are also shown in Figure
More informationProject Overview and Setup. CS155: Computer and Network Security. Project Overview. Goals of the assignment. Setup (2) Setup
CS155: Computer and Network Security Project Overview and Setup Programming Project 3 Spring 2004 Matt Rubens mrubens@stanford.edu Project Overview 1) Use standard network monitoring tools to examine different
More informationco Characterizing and Tracing Packet Floods Using Cisco R
co Characterizing and Tracing Packet Floods Using Cisco R Table of Contents Characterizing and Tracing Packet Floods Using Cisco Routers...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1
More informationLooking for Trouble: ICMP and IP Statistics to Watch
Looking for Trouble: ICMP and IP Statistics to Watch Laura Chappell, Senior Protocol Analyst Protocol Analysis Institute [lchappell@packet-level.com] www.packet-level.com www.podbooks.com HTCIA Member,
More informationNetwork Security Essentials Chapter 5
Network Security Essentials Chapter 5 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 5 Transport-Level Security Use your mentality Wake up to reality From the song, "I've Got
More informationSecurity of Patched DNS. Bar Ilan University, Department of Computer Science, Network Security Group Technical Report TR12-04
1 Security of Patched DNS Bar Ilan University, Department of Computer Science, Network Security Group Technical Report TR12-04 Amir Herzberg and Haya Shulman Abstract Most caching DNS resolvers still rely
More informationCIT 480: Securing Computer Systems. Firewalls
CIT 480: Securing Computer Systems Firewalls Topics 1. What is a firewall? 2. Types of Firewalls 1. Packet filters (stateless) 2. Stateful firewalls 3. Proxy servers 4. Application layer firewalls 3. Configuring
More informationSting: a TCP-based network measurement tool
Sting: a TCP-based network measurement tool Stefan Savage Department of Computer Science and Engineering University of Washington Simple problem Can we measure one-way packet loss rates to and from unmodified
More informationHow To Set Up An Ip Firewall On Linux With Iptables (For Ubuntu) And Iptable (For Windows)
Security principles Firewalls and NAT These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/) Host vs Network
More informationChapter 17. Transport-Level Security
Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics
More information