Ignoring the Great Firewall of China
|
|
- Ralf Mills
- 8 years ago
- Views:
Transcription
1 An Overview of Ignoring the Great Firewall of China By: Matt Landau
2 Original Paper: Ignoring the Great Firewall of China Richard Clayton, Steven J. Murdoch, and Robert N. M. Watson University of Cambridge, Computer Laboratory
3 Topics Background 3 Types of Content Blocking Systems How the Great Firewall Works The Firewall Design Countermeasures Political Concerns Conclusion
4 Background What is Censorship? What does China Censor? Why do they Censor?
5 What is Censorship? The suppression of ideas and information that certain persons - individuals, groups or government officials - find objectionable or dangerous. - The American Library Association Books won t stay banned. They won t burn. Ideas won t go to jail. In the long run of history, the censor and the inquisitor have always lost. The only weapon against bad ideas is better ideas. - Alfred Whitney Griswold, New York Times
6 What does China Censor? Rival political parties Popular non-government organizations (Falun Gong) Many foreign news sites (BBC, CBS, ABC) Historical Events and Topics (Tiananmen Square, Human Rights)
7 Why do they Censor? To control the meaning of words, concepts, and ideas The word free still existed... but could only be used in such statements as The dog is free from lice or This field is free from weeds. It could not be used in its old sense of politically free or intellectually free, since political and intellectual freedom no longer existed even as concepts, and were therefore of necessity nameless. - George Orwell, 1984
8 Why do they Censor? What does Tiananmen Square make you think of? Tanks? Soldiers? Massacre? Fall of Democracy? End of Freedom?
9
10
11
12 Three Types of Content Blocking Systems Packet Dropping DNS Poisoning Content Inspection - Proxy & IDS
13 Packet Dropping All traffic to a specific IP address is discarded Content hosted on that computer disappears Cheap and easy to implement
14 Packet Dropping Has 2 Problems: A list of IP addresses must be maintained and kept up-to-date Overblocking - Many websites are hosted on the same server and share an IP address For.com,.org, and.net domains 69.8% share an IP address with 50 or more websites.
15 DNS Poisoning Malicious DNS servers are setup to do one of two things when a lookup is performed Do not answer the request Answer with an incorrect IP address Does not suffer from overblocking There is difficulty in only blocking only the website while still allowing on the domain
16 Content Inspection - Proxy All traffic passes through a proxy server that censors content on an item by item basis Extremely precise - block single images or web pages while leaving the rest of the site accessible Expensive to implement because of the speed required to analyze and filter all traffic in real-time
17 Content Inspection - IDS Use an Intrusion Detection System to perform content inspection If content matching key words is found it is discarded...or another action can be chosen to be performed More flexible than proxy-based content inspection Used by the Great Firewall of China
18 How the Great Firewall Works RST Packets Timers
19 RST Packets When keywords are found that the government wished to censor by the IDS it does not drop the packets. Instead if forges TCP RST packets to the client and the server so that they will both drop the connection
20 RST Packets Example of an uncensored page transmission as seen from the client cam(53382) china(http) [SYN] china(http) cam(53382) [SYN, ACK] cam(53382) china(http) [ACK] cam(53382) china(http) GET / HTTP/1.0<cr><lf><cr><lf> china(http) cam(53382) HTTP/ OK (text/html)<cr><lf> etc. china(http) cam(53382)... more of the web page cam(53382) china(http) [ACK]... and so on until the page was complete
21 RST Packets Example of a censored page transmission as seen from the client cam(54190) china(http) [SYN] china(http) cam(54190) [SYN, ACK] TTL=39 cam(54190) china(http) [ACK] cam(54190) china(http) GET /?falun HTTP/1.0<cr><lf><cr><lf> china(http) cam(54190) [RST] TTL=47, seq=1, ack=1 china(http) cam(54190) [RST] TTL=47, seq=1461, ack=1 china(http) cam(54190) [RST] TTL=47, seq=4381, ack=1 china(http) cam(54190) HTTP/ OK (text/html)<cr><lf> etc. cam(54190) china(http) [RST] TTL=64, seq=25, ack zeroed china(http) cam(54190)... more of the web page cam(54190) china(http) [RST] TTL=64, seq=25, ack zeroed china(http) cam(54190) [RST] TTL=47, seq=2921, ack=25
22 RST Packets Notice that the sequence numbers for the 3 RST packets are 1, 1461, and 4381 with identical TTLs This is because the firewall is incrementing the initial GET sequence number by 1460 and then by 1460 x 3 so that even if other packets have already been received hopefully one of the RST s will be within the sequence window This is done because many TCP/IP implementations now verify that RST packets are within the current sequence window to prevent malicious attacks
23 RST Packets Example of an censored page transmission as seen from the server cam(54190) china(http) [SYN] TTL=42 china(http) cam(54190) [SYN, ACK] cam(54190) china(http) [ACK] TTL=42 cam(54190) china(http) GET /?falun HTTP/1.0<cr><lf><cr><lf> china(http) cam(54190) HTTP/ OK (text/html)<cr><lf> etc. china(http) cam(54190)... more of the web page cam(54190) china(http) [RST] TTL=61, seq=25, ack=1 cam(54190) china(http) [RST] TTL=61, seq=1485, ack=1 cam(54190) china(http) [RST] TTL=61, seq=4405, ack=1 cam(54190) china(http) [RST] TTL=61, seq=25, ack=1 cam(54190) china(http) [RST] TTL=61, seq=25, ack=2921 cam(54190) china(http) [RST] TTL=42, seq=25, ack zeroed cam(54190) china(http) [RST] TTL=42, seq=25, ack zeroed
24 RST Packets As can be seen RST packets are sent to the server as well as the client The only data that was received at the client is that which was sent before the server received it s first RST packet They also have identical TTLs
25 Timers After a connection has been reset all traffic between the two computers is blocked for a random period up to 1 hour, the average was 20 minutes This is done by sending a RST packet immediately following the SYN, ACK, SYN-ACK handshake It is not based on current content, only on the fact that recently there was blocked content
26 The Firewall Design Known Hardware Speculation Based on Analysis
27 Firewall Design Uses Cisco s Security Intrusion Detection System Packets arriving at Chinese routers are queued normally while also copied to an IDS device for inspection If the IDS determines the packet is bad 3 RST packets are sent to the client and server
28 Firewall Design Because the IDS is a separate device bad packets are not removed from the router s queue The firewall relies on the TCP/IP stack at both ends to drop the connection and relevant data
29 Countermeasures Ignoring RST packets Splitting Keywords DOS Attacks
30 Ignoring RST Packets Does not require a new TCP/IP stack Can be implemented in Linux using iptables iptables -A INPUT -p tcp --tcp-flags RST RST -j DROP Now all TCP packets with the RST flag set are discarded
31 Ignoring RST Packets cam(55817) china(http) [SYN] china(http) cam(55817) [SYN, ACK] TTL=41 cam(55817) china(http) [ACK] cam(55817) china(http) GET /?falun HTTP/1.0<cr><lf><cr><lf> china(http) cam(55817) [RST] TTL=49, seq=1 china(http) cam(55817) [RST] TTL=49, seq=1 china(http) cam(55817) [RST] TTL=49, seq=1 china(http) cam(55817) HTTP/ OK (text/html)<cr><lf> etc china(http) cam(55817)... more of the web page cam(55817) china(http) [ACK] seq=25, ack=2921 china(http) cam(55817)... more of the web page china(http) cam(55817) [RST] TTL=49, seq=1461 china(http) cam(55817) [RST] TTL=49, seq=2921 china(http) cam(55817) [RST] TTL=49, seq=4381 cam(55817) china(http) [ACK] seq=25, ack=4381 china(http) cam(55817) [RST] TTL=49, seq=2921 china(http) cam(55817)... more of the web page china(http) cam(55817)... more of the web page cam(55817) china(http) [ACK] seq=25, ack=7301 china(http) cam(55817) [RST] TTL=49, seq=5841 china(http) cam(55817) [RST] TTL=49, seq=7301 china(http) cam(55817) [RST] TTL=49, seq=4381 china(http) cam(55817)... more of the web page china(http) cam(55817) [RST] TTL=49, seq= and so on until the page was complete
32 Ignoring RST Packets As can be seen when RST packets are ignored the IDS continues to send more RST packets 3 at a time to both the client and server However, these packets are successfully ignored and the web page loads properly The firewall is completely ineffective
33 Denial of Service A connection between a computer inside and one outside the Great Firewall can be denied by sending spoofed packets containing blocked words. Could prevent traveling diplomats from accessing servers in their Chinese offices Could prevent Chinese government computers from receiving computer security updates
34 Denial of Service The authors found a reasonably effective attack could be maintained by a single user on a dail-up internet connection It is unknown if their are safeguards in place to detect these DOS attacks or allow diplomats to bypass the firewall
35 Political Concerns What if Chinese citizens are caught bypassing the firewall?
36 Political Concerns The firewall may log what the user is doing along with its content filtering This would allow the Chinese government to see that a user s computer is ignoring RST packets Encryption renders the firewall useless, but may be a red flag for investigation just by its use
37 Conclusions
38 Conclusions The Great Firewall of China inspects packets using an IDS to look for specific content When the content is detected spoofed RST packets are sent to both TCP endpoints to terminate the connection If RST packets are ignored at both ends the content flows normally and the firewall continues to send RST packets with no effect
39 The Internet interprets censorship as damage and routes around it. - John Gilmore Electronic Freedom Foundation [The End]
Ignoring the Great Firewall of China
I/S: A JOURNAL OF LAW AND POLICY FOR THE INFORMATION SOCIETY RICHARD CLAYTON, STEVEN J. MURDOCH & ROBERT N. M. WATSON Ignoring the Great Firewall of China Abstract: The so-called Great Firewall of China
More informationIgnoring the Great Firewall of China
Ignoring the Great Firewall of China Richard Clayton, Steven J. Murdoch, and Robert N. M. Watson University of Cambridge, Computer Laboratory, William Gates Building, 15 JJ Thomson Avenue, Cambridge CB3
More information1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding?
Page 1 of 5 1. Introduction The present document explains about common attack scenarios to computer networks and describes with some examples the following features of the MilsGates: Protection against
More informationIntroduction to Firewalls Open Source Security Tools for Information Technology Professionals
Introduction to Firewalls Open Source Security Tools for Information Technology Professionals School of Professional Studies (SPS) The City University of New York (CUNY) Aron Trauring Adjunct Professor
More informationChapter 8 Security Pt 2
Chapter 8 Security Pt 2 IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross,
More informationIntroduction of Intrusion Detection Systems
Introduction of Intrusion Detection Systems Why IDS? Inspects all inbound and outbound network activity and identifies a network or system attack from someone attempting to compromise a system. Detection:
More informationInternet Firewall CSIS 3230. Internet Firewall. Spring 2012 CSIS 4222. net13 1. Firewalls. Stateless Packet Filtering
Internet Firewall CSIS 3230 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 8.8: Packet filtering, firewalls, intrusion detection Ch
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationNetwork Security. Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT)
Network Security ICMP, TCP, DNS, Scanning Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT) Agenda A couple of examples of network protocols that
More informationFIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others
FIREWALLS FIREWALLS Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others FIREWALLS: WHY Prevent denial of service attacks: SYN flooding: attacker
More informationChapter 8 Network Security
[Computer networking, 5 th ed., Kurose] Chapter 8 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity 84Securing 8.4 e-mail 8.5 Securing TCP connections: SSL 8.6 Network
More informationCMS Operational Policy for Firewall Administration
Chief Information Officer Office of Information Services Centers for Medicare & Medicaid Services CMS Operational Policy for Firewall Administration July 16, 2008 Document Number: CMS-CIO-POL-INF11-01
More informationA1.1.1.11.1.1.2 1.1.1.3S B
CS Computer 640: Network AdityaAkella Lecture Introduction Networks Security 25 to Security DoS Firewalls and The D-DoS Vulnerabilities Road Ahead Security Attacks Protocol IP ICMP Routing TCP Security
More informationNetwork Security. Chapter 3. Cornelius Diekmann. Version: October 21, 2015. Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik
Network Security Chapter 3 Cornelius Diekmann Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik Version: October 21, 2015 IN2101, WS 15/16, Network Security 1 Security Policies and
More informationAttack Lab: Attacks on TCP/IP Protocols
Laboratory for Computer Security Education 1 Attack Lab: Attacks on TCP/IP Protocols Copyright c 2006-2010 Wenliang Du, Syracuse University. The development of this document is funded by the National Science
More informationIP Firewalls. an overview of the principles
page 1 of 16 IP Firewalls an overview of the principles 0. Foreword WHY: These notes were born out of some discussions and lectures with technical security personnel. The main topics which we discussed
More informationTCP SYN Flood - Denial of Service Seung Jae Won University of Windsor wons@uwindsor.ca
TCP SYN Flood - Denial of Service Seung Jae Won University of Windsor wons@uwindsor.ca Abstract TCP SYN flooding attack is a kind of denial-of-service attack. This SYN flooding attack is using the weakness
More informationCMPT 471 Networking II
CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Part 1: Firewall as a Technique to create a virtual security wall separating your organization from the wild west of the public internet 2 1 Firewalls
More informationCYBER ATTACKS EXPLAINED: PACKET CRAFTING
CYBER ATTACKS EXPLAINED: PACKET CRAFTING Protect your FOSS-based IT infrastructure from packet crafting by learning more about it. In the previous articles in this series, we explored common infrastructure
More information20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7
20-CS-6053-00X Network Security Spring, 2014 An Introduction To Network Security Week 1 January 7 Attacks Criminal: fraud, scams, destruction; IP, ID, brand theft Privacy: surveillance, databases, traffic
More informationCS5008: Internet Computing
CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is
More informationClassification of Firewalls and Proxies
Classification of Firewalls and Proxies By Dhiraj Bhagchandka Advisor: Mohamed G. Gouda (gouda@cs.utexas.edu) Department of Computer Sciences The University of Texas at Austin Computer Science Research
More informationCSCE 465 Computer & Network Security
CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Vulnerability Analysis 1 Roadmap Why vulnerability analysis? Example: TCP/IP related vulnerabilities
More informationHow to Hack Millions of Routers. Craig Heffner, Seismic LLC
How to Hack Millions of Routers Craig Heffner, Seismic LLC SOHO Router Security? Common Attack Techniques Cross Site Request Forgery No trust relationship between browser and router Can t forge Basic Authentication
More informationTransport Layer Protocols
Transport Layer Protocols Version. Transport layer performs two main tasks for the application layer by using the network layer. It provides end to end communication between two applications, and implements
More informationFinal exam review, Fall 2005 FSU (CIS-5357) Network Security
Final exam review, Fall 2005 FSU (CIS-5357) Network Security Instructor: Breno de Medeiros 1. What is an insertion attack against a NIDS? Answer: An insertion attack against a network intrusion detection
More informationHost Fingerprinting and Firewalking With hping
Host Fingerprinting and Firewalking With hping Naveed Afzal National University Of Computer and Emerging Sciences, Lahore, Pakistan Email: 1608@nu.edu.pk Naveedafzal gmail.com Abstract: The purpose
More informationCS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module
CS 665: Computer System Security Network Security Bojan Cukic Lane Department of Computer Science and Electrical Engineering West Virginia University 1 Usage environment Anonymity Automation, minimal human
More informationCIT 480: Securing Computer Systems. Firewalls
CIT 480: Securing Computer Systems Firewalls Topics 1. What is a firewall? 2. Types of Firewalls 1. Packet filters (stateless) 2. Stateful firewalls 3. Proxy servers 4. Application layer firewalls 3. Configuring
More informationOLD VULNERABILITIES IN NEW PROTOCOLS? HEADACHES ABOUT IPV6 FRAGMENTS
OLD VULNERABILITIES IN NEW PROTOCOLS? HEADACHES ABOUT IPV6 FRAGMENTS Eric Vyncke (@evyncke) Cisco Session ID: ARCH W01 Session Classification: Advanced Agenda Status of WorldWide IPv6 Deployment IPv6 refresher:
More informationFirewall Firewall August, 2003
Firewall August, 2003 1 Firewall and Access Control This product also serves as an Internet firewall, not only does it provide a natural firewall function (Network Address Translation, NAT), but it also
More informationCIT 480: Securing Computer Systems. Firewalls
CIT 480: Securing Computer Systems Firewalls Topics 1. What is a firewall? 2. Types of Firewalls 1. Packet filters (stateless) 2. Stateful firewalls 3. Proxy servers 4. Application layer firewalls 3. Configuring
More informationProject 4: (E)DoS Attacks
Project4 EDoS Instructions 1 Project 4: (E)DoS Attacks Secure Systems and Applications 2009 Ben Smeets (C) Dept. of Electrical and Information Technology, Lund University, Sweden Introduction A particular
More informationOutline. CSc 466/566. Computer Security. 18 : Network Security Introduction. Network Topology. Network Topology. Christian Collberg
Outline Network Topology CSc 466/566 Computer Security 18 : Network Security Introduction Version: 2012/05/03 13:59:29 Department of Computer Science University of Arizona collberg@gmail.com Copyright
More informationPort Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology
Port Scanning and Vulnerability Assessment ECE4893 Internetwork Security Georgia Institute of Technology Agenda Reconnaissance Scanning Network Mapping OS detection Vulnerability assessment Reconnaissance
More informationCS 640 Introduction to Computer Networks. Network security (continued) Key Distribution a first step. Lecture24
Introduction to Computer Networks Lecture24 Network security (continued) Key distribution Secure Shell Overview Authentication Practical issues Firewalls Denial of Service Attacks Definition Examples Key
More informationFirewall Introduction Several Types of Firewall. Cisco PIX Firewall
Firewall Introduction Several Types of Firewall. Cisco PIX Firewall What is a Firewall? Non-computer industries: a wall that controls the spreading of a fire. Networks: a designed device that controls
More informationINTRODUCTION TO FIREWALL SECURITY
INTRODUCTION TO FIREWALL SECURITY SESSION 1 Agenda Introduction to Firewalls Types of Firewalls Modes and Deployments Key Features in a Firewall Emerging Trends 2 Printed in USA. What Is a Firewall DMZ
More informationCSE331: Introduction to Networks and Security. Lecture 12 Fall 2006
CSE331: Introduction to Networks and Security Lecture 12 Fall 2006 Announcements Midterm I will be held Friday, Oct. 6th. True/False Multiple Choice Calculation Short answer Short essay Project 2 is on
More informationUnderstanding and Circumventing The Great Firewall of China
Understanding and Circumventing The Great Firewall of China Lisa Fan Mentor: Ming Chow 12/12/15 Abstract The Great Firewall of China is nowadays almost as famous as the country s original Great Wall. However,
More informationFirewalls, Tunnels, and Network Intrusion Detection. Firewalls
Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.
More informationCS 356 Lecture 16 Denial of Service. Spring 2013
CS 356 Lecture 16 Denial of Service Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter
More informationNetwork Security CS 192
Network Security CS 192 Network Scanning (Idlescan) Department of Computer Science George Washington University Jonathan Stanton 1 Today s topics Discussion of new DNS flaws Network Scanning (Idlescan)
More informationPROFESSIONAL SECURITY SYSTEMS
PROFESSIONAL SECURITY SYSTEMS Security policy, active protection against network attacks and management of IDP Introduction Intrusion Detection and Prevention (IDP ) is a new generation of network security
More informationFirewall Design Principles
Firewall Design Principles Software Engineering 4C03 Dr. Krishnan Stephen Woodall, April 6 th, 2004 Firewall Design Principles Stephen Woodall Introduction A network security domain is a contiguous region
More informationA host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.
A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based
More informationSOFTWARE ENGINEERING 4C03. Computer Networks & Computer Security. Network Firewall
SOFTWARE ENGINEERING 4C03 Computer Networks & Computer Security Network Firewall HAO WANG #0159386 Instructor: Dr. Kartik Krishnan Mar.29, 2004 Software Engineering Department of Computing and Software
More informationUNDERSTANDING FIREWALLS TECHNICAL NOTE 10/04
UNDERSTANDING FIREWALLS TECHNICAL NOTE 10/04 REVISED 23 FEBRUARY 2005 This paper was previously published by the National Infrastructure Security Co-ordination Centre (NISCC) a predecessor organisation
More informationFirewalls Netasq. Security Management by NETASQ
Firewalls Netasq Security Management by NETASQ 1. 0 M a n a g e m e n t o f t h e s e c u r i t y b y N E T A S Q 1 pyright NETASQ 2002 Security Management is handled by the ASQ, a Technology developed
More informationSecurizarea Calculatoarelor și a Rețelelor 13. Implementarea tehnologiei firewall CBAC pentru protejarea rețelei
Platformă de e-learning și curriculă e-content pentru învățământul superior tehnic Securizarea Calculatoarelor și a Rețelelor 13. Implementarea tehnologiei firewall CBAC pentru protejarea rețelei Firewall
More informationLinux Network Security
Linux Network Security Course ID SEC220 Course Description This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Host Security course. Protocols
More informationHands-on Network Traffic Analysis. 2015 Cyber Defense Boot Camp
Hands-on Network Traffic Analysis 2015 Cyber Defense Boot Camp What is this about? Prerequisite: network packet & packet analyzer: (header, data) Enveloped letters inside another envelope Exercises Basic
More informationFIREWALL AND NAT Lecture 7a
FIREWALL AND NAT Lecture 7a COMPSCI 726 Network Defence and Countermeasures Muhammad Rizwan Asghar August 3, 2015 Source of most of slides: University of Twente FIREWALL An integrated collection of security
More informationFirewalls. Pehr Söderman KTH-CSC Pehrs@kth.se
Firewalls Pehr Söderman KTH-CSC Pehrs@kth.se 1 Definition A firewall is a network device that separates two parts of a network, enforcing a policy for all traversing traffic. 2 Fundamental requirements
More informationDenial of Service Attacks
2 Denial of Service Attacks : IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 13 August 2013 its335y13s2l06, Steve/Courses/2013/s2/its335/lectures/malicious.tex,
More informationVirtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN
Virtual private network Network security protocols COMP347 2006 Len Hamey Instead of a dedicated data link Packets securely sent over a shared network Internet VPN Public internet Security protocol encrypts
More informationCIT 380: Securing Computer Systems
CIT 380: Securing Computer Systems Scanning CIT 380: Securing Computer Systems Slide #1 Topics 1. Port Scanning 2. Stealth Scanning 3. Version Identification 4. OS Fingerprinting 5. Vulnerability Scanning
More informationFirewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015)
s (March 4, 2015) Abdou Illia Spring 2015 Test your knowledge Which of the following is true about firewalls? a) A firewall is a hardware device b) A firewall is a software program c) s could be hardware
More informationProtecting Mobile Devices From TCP Flooding Attacks
Protecting Mobile Devices From TCP Flooding Attacks Yogesh Swami % and Hannes Tschofenig* % Nokia Research Center, Palo Alto, CA, USA. * Siemens Corporate Technology, Munich, DE. 1 Motivation Anatomy of
More informationHow To Understand A Firewall
Module II. Internet Security Chapter 6 Firewall Web Security: Theory & Applications School of Software, Sun Yat-sen University Outline 6.1 Introduction to Firewall What Is a Firewall Types of Firewall
More informationVPN Lesson 2: VPN Implementation. Summary
VPN Lesson 2: VPN Implementation Summary 1 Notations VPN client (ok) Firewall Router VPN firewall VPN router VPN server VPN concentrator 2 Basic Questions 1. VPN implementation options for remote users
More informationHow the Great Firewall discovers hidden circumvention servers. Roya Ensafi David Fifield Philipp Winter Nick Weaver Nick Feamster Vern Paxson
How the Great Firewall discovers hidden circumvention servers Roya Ensafi David Fifield Philipp Winter Nick Weaver Nick Feamster Vern Paxson Much already known about GFW Numerous research papers and blog
More informationMONITORING OF TRAFFIC OVER THE VICTIM UNDER TCP SYN FLOOD IN A LAN
MONITORING OF TRAFFIC OVER THE VICTIM UNDER TCP SYN FLOOD IN A LAN Kanika 1, Renuka Goyal 2, Gurmeet Kaur 3 1 M.Tech Scholar, Computer Science and Technology, Central University of Punjab, Punjab, India
More informationWe will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall
Chapter 10 Firewall Firewalls are devices used to protect a local network from network based security threats while at the same time affording access to the wide area network and the internet. Basically,
More informationGeneral Network Security
4 CHAPTER FOUR General Network Security Objectives This chapter covers the following Cisco-specific objectives for the Identify security threats to a network and describe general methods to mitigate those
More informationSecurity Technology White Paper
Security Technology White Paper Issue 01 Date 2012-10-30 HUAWEI TECHNOLOGIES CO., LTD. 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without
More informationDenial Of Service. Types of attacks
Denial Of Service The goal of a denial of service attack is to deny legitimate users access to a particular resource. An incident is considered an attack if a malicious user intentionally disrupts service
More informationFirewalls. Chapter 3
Firewalls Chapter 3 1 Border Firewall Passed Packet (Ingress) Passed Packet (Egress) Attack Packet Hardened Client PC Internet (Not Trusted) Hardened Server Dropped Packet (Ingress) Log File Internet Border
More informationContent Distribution Networks (CDN)
229 Content Distribution Networks (CDNs) A content distribution network can be viewed as a global web replication. main idea: each replica is located in a different geographic area, rather then in the
More informationSolution of Exercise Sheet 5
Foundations of Cybersecurity (Winter 15/16) Prof. Dr. Michael Backes CISPA / Saarland University saarland university computer science Protocols = {????} Client Server IP Address =???? IP Address =????
More informationFirewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall.
Firewalls 1 Firewalls Idea: separate local network from the Internet Trusted hosts and networks Firewall Intranet Router DMZ Demilitarized Zone: publicly accessible servers and networks 2 1 Castle and
More informationEvading Infrastructure Security Mohamed Bedewi Penetration Testing Consultant
Evading Infrastructure Security Mohamed Bedewi Penetration Testing Consultant What infrastructure security really means? Infrastructure Security is Making sure that your system services are always running
More informationIntro to Firewalls. Summary
Topic 3: Lesson 2 Intro to Firewalls Summary Basic questions What is a firewall? What can a firewall do? What is packet filtering? What is proxying? What is stateful packet filtering? Compare network layer
More informationDetecting Forged TCP Reset Packets
Detecting Forged TCP Reset Packets Nicholas Weaver Robin Sommer Vern Paxson Acknowledgements Special thanks to those who ran our detector at their institutions: Angelos Keromytis and Gabriela Cretu at
More informationAcquia Cloud Edge Protect Powered by CloudFlare
Acquia Cloud Edge Protect Powered by CloudFlare Denial-of-service (DoS) Attacks Are on the Rise and Have Evolved into Complex and Overwhelming Security Challenges TECHNICAL GUIDE TABLE OF CONTENTS Introduction....
More informationFortKnox Personal Firewall
FortKnox Personal Firewall User Manual Document version 1.4 EN ( 15. 9. 2009 ) Copyright (c) 2007-2009 NETGATE Technologies s.r.o. All rights reserved. This product uses compression library zlib Copyright
More informationLinux MDS Firewall Supplement
Linux MDS Firewall Supplement Table of Contents Introduction... 1 Two Options for Building a Firewall... 2 Overview of the iptables Command-Line Utility... 2 Overview of the set_fwlevel Command... 2 File
More informationStateful Firewalls. Hank and Foo
Stateful Firewalls Hank and Foo 1 Types of firewalls Packet filter (stateless) Proxy firewalls Stateful inspection Deep packet inspection 2 Packet filter (Access Control Lists) Treats each packet in isolation
More informationProject C (r. 1.0) By Nart Villeneuve
Project C (r. 1.0) By Nart Villeneuve About Project C Project C is a censorship enumeration project that explores the relationship between censorship, technology and resistance through a technical analysis
More informationSession Hijacking Exploiting TCP, UDP and HTTP Sessions
Session Hijacking Exploiting TCP, UDP and HTTP Sessions Shray Kapoor shray.kapoor@gmail.com Preface With the emerging fields in e-commerce, financial and identity information are at a higher risk of being
More informationSE 4C03 Winter 2005 Firewall Design Principles. By: Kirk Crane
SE 4C03 Winter 2005 Firewall Design Principles By: Kirk Crane Firewall Design Principles By: Kirk Crane 9810533 Introduction Every network has a security policy that will specify what traffic is allowed
More informationDenial of Service Attacks. Notes derived from Michael R. Grimaila s originals
Denial of Service Attacks Notes derived from Michael R. Grimaila s originals Denial Of Service The goal of a denial of service attack is to deny legitimate users access to a particular resource. An incident
More informationCloudFlare advanced DDoS protection
CloudFlare advanced DDoS protection Denial-of-service (DoS) attacks are on the rise and have evolved into complex and overwhelming security challenges. 1 888 99 FLARE enterprise@cloudflare.com www.cloudflare.com
More informationELEN 689: Topics in Network Security: Firewalls. Ellen Mitchell Computing and Information Services 20 April 2006
ELEN 689: Topics in Network Security: Firewalls Ellen Mitchell Computing and Information Services 20 April 2006 Firewall Historically: a wall constructed to prevent the spread of fire Firewall Function
More informationFederal Computer Incident Response Center (FedCIRC) Defense Tactics for Distributed Denial of Service Attacks
Threat Paper Federal Computer Incident Response Center (FedCIRC) Defense Tactics for Distributed Denial of Service Attacks Federal Computer Incident Response Center 7 th and D Streets S.W. Room 5060 Washington,
More informationFirewall Tutorial. KAIST Dept. of EECS NC Lab.
Firewall Tutorial KAIST Dept. of EECS NC Lab. Contents What is Firewalls? Why Firewalls? Types of Firewalls Limitations of firewalls and gateways Firewalls in Linux What is Firewalls? firewall isolates
More informationCSE543 - Computer and Network Security Module: Firewalls
CSE543 - Computer and Network Security Module: Firewalls Professor Trent Jaeger Fall 2010 1 Firewalls A firewall... is a physical barrier inside a building or vehicle, designed to limit the spread of fire,
More informationA Study of Technology in Firewall System
2011 IEEE Symposium on Business, Engineering and Industrial Applications (ISBEIA), Langkawi, Malaysia A Study of Technology in Firewall System Firkhan Ali Bin Hamid Ali Faculty of Science Computer & Information
More informationInternet Firewall CSIS 4222. Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS 4222. net15 1. Routers can implement packet filtering
Internet Firewall CSIS 4222 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 27: Internet Routing Ch 30: Packet filtering & firewalls
More informationSecurity vulnerabilities in the Internet and possible solutions
Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in
More informationIntrusion Detection System Based Network Using SNORT Signatures And WINPCAP
Intrusion Detection System Based Network Using SNORT Signatures And WINPCAP Aakanksha Vijay M.tech, Department of Computer Science Suresh Gyan Vihar University Jaipur, India Mrs Savita Shiwani Head Of
More informationFirewalls Overview and Best Practices. White Paper
Firewalls Overview and Best Practices White Paper Copyright Decipher Information Systems, 2005. All rights reserved. The information in this publication is furnished for information use only, does not
More informationFirewalls, NAT and Intrusion Detection and Prevention Systems (IDS)
Firewalls, NAT and Intrusion Detection and Prevention Systems (IDS) Internet (In)Security Exposed Prof. Dr. Bernhard Plattner With some contributions by Stephan Neuhaus Thanks to Thomas Dübendorfer, Stefan
More informationNetwork and Services Discovery
A quick theorical introduction to network scanning January 8, 2016 Disclaimer/Intro Disclaimer/Intro Network scanning is not exact science When an information system is able to interact over the network
More informationDivide and Conquer Real World Distributed Port Scanning
Divide and Conquer Real World Distributed Port Scanning Ofer Maor CTO Hacktics 16 Feb 2006 Hackers & Threats I, 3:25PM (HT1-302) Introduction Divide and Conquer: Real World Distributed Port Scanning reviews
More informationHow to Hack Millions of Routers. Craig Heffner
How to Hack Millions of Routers Craig Heffner Administrivia My overarching objective with this talk is to increase security awareness and serve as a catalyst for positive change I developed this paper
More informationDoS/DDoS Attacks and Protection on VoIP/UC
DoS/DDoS Attacks and Protection on VoIP/UC Presented by: Sipera Systems Agenda What are DoS and DDoS Attacks? VoIP/UC is different Impact of DoS attacks on VoIP Protection techniques 2 UC Security Requirements
More informationNetwork Intrusion Detection Systems. Beyond packet filtering
Network Intrusion Detection Systems Beyond packet filtering Goal of NIDS Detect attacks as they happen: Real-time monitoring of networks Provide information about attacks that have succeeded: Forensic
More informationA Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.
A Brief Overview of VoIP Security By John McCarron Voice of Internet Protocol is the next generation telecommunications method. It allows to phone calls to be route over a data network thus saving money
More information