Introduction to computer and network security. Session 2 : Examples of vulnerabilities and attacks pt1
|
|
- Magdalene Stanley
- 8 years ago
- Views:
Transcription
1 Introduction to computer and network security Session 2 : Examples of vulnerabilities and attacks pt1 Jean Leneutre jean.leneutre@telecom-paristech.fr Tél.: Page 1
2 Outline I- Introduction II- Definitions III- Vulnerabilities and attacks 2. Malicious software Page 2
3 q Usual sources of security problems Introduction of new functionalities Lack of access control Flaw in the design/implementation/configuration of a protocol Incorrect verification of input syntax or length in a code Incorrect handling of controlled invocation and race condition Page 3
4 q Introduction of new functionalities New functionalities introduced to ease the use of a system may be harmful from the security point of view Example: Unix sendmail mail transfer agent One of the vulnerabilities exploited by first Internet worm (Morris Worm, 1988) Need: ease the administration of the system by allowing a remote configuration of a sendmail client on a host Functionality: a debug mode activated on a destination host, allowed to include in a mail shell commands that were executed on this host The worm used this mode to spread itself on new machien Correction: correctly configure sendmail on a machine by removing the debug mode Page 4
5 q Lack of access control Access control mechanisms may be bypassed using some operations that are not controlled (direct access to the memory, covert communication channels ) Example : Unix command at at <time> -f<file>: runs a command at a later tile Effect: copy the file in /usr/spool/atjobs/ Initially read access right to any file in /usr/spool/atjobs/ was set for everybody However the at command does not check whether the user has the read access right on the file before copying it in the spool An attacker was able to read a non executable protected password file «/etc/shadow» by running the at command on this file Correction : declare /usr/spool/atjobs as non readable Page 5
6 q Flaws in the design/implementation/configuration of a protocol Some choices or errors in the design or implementation of a protocol may introduce security problem Example: «Smurf» attack Attacker spoofs victim IP address and sends an ICMP echo request (ping) to one or several broadcast servers; The server broadcast the request to all hosts on the network; All hosts on the network replies to the victim s IP address; è è Cause a significant traffic leading to a Denial of Service (DoS) on the target Solution: Configure routers not to forward packets directed to broadcast addresses. Page 6
7 q Flaws in the design/implementation/configuration of a protocol (2) Example : TCP session hijacking TCP 3-way handshake between a client A and a server B A B : SYN, ISNa B A : SYN,ACK, ISNb, ISNa+1 (connection request) (connection granted) A B : ACK, ISNb+1 (acknowledgement) ISNa and ISNb: Initial sequence numbers, 32 bits long ISNa and ISNb are initially randomly picked RFC793: a sequence number is incremented every 4 micro-seconds However in some implementations: incremented only every 128s Suppose an attacker X cannot block messages to server nor observe any message, he can only spoof the IP address of A Attack: X wants to make B believe that he is A Page 7
8 q Flaws in the design/implementation/configuration of a protocol (3) Example : TCP session hijacking (2) X opens a first session with B and receives ISNb X B : SYN, ISNx B X : SYN,ACK, ISNb, ISNx+1 X B : ACK, ISNb+1 X spoofs the IP adress of A (noted X/A) and starts a new session X/A B : SYN, ISNx B A : SYN, ACK, ISNb, ISNx +1 X does not receive this message X/A B : ACK, ISNb +1 X guesses the value of ISNb using ISSb X also launches a DoS attack on A to prevent him from receiving message 2 X is able to execute commands on server B using A s privileges (but cannot receive the results) Page 8
9 q Others attacks on TCP/IP SYN Flooding The attacker sends a large number of TCP SYN request on a target (a server) but never acknowledge the answer The target reserves resources for each request until the limit of of half-opened conections is reached All new legitimate requests will be discarded DoS attack Attacks on the DNS (Domain Name System) Links domain names with IP addresses DNS «cache poisoning»: data is introduced into a name server's cache database, causing the name server to return an incorrect IP address, diverting traffic to another computer (used for web defacement) Page 9
10 q Attacks on security protocols: exemple SSL/TLS Flaw in the pseudo-random number generator Goldberg and Wagner, Dr. Dobb s Journal, Jan Timing attacks Analyzing the answer time to requests of an OpenSSL server, an attacker in the same LAN segment is able to guess the private key of the server Boneh and Brumley, 12th Usenix Security Symposium. Problem in error reports Analyzing differences in the answer time in case of errors, an attacker is able to guess the clear text of an encrypted message Vaudenay & alii, Crypto php_code/publications/search.php?ref=chvv03 Page 10
11 q Incorrect verification of input syntax Example: SQL code injection Context: a website processes the connexion of a user by executing the following SQL request, SELECT user_id FROM users WHERE user_name= $name AND user_pwd= $pwd Legitimate requests are in the following form SELECT user_id FROM users WHERE user_name= Bob AND user_pwd= a8gt9p Suppose that there are no verification on the syntax of the user_name, how an attacker knowing a login name but no password could connect himself? Page 11
12 q Incorrect verification of input syntax Example: SQL code injection (2) An attacker can enter, name = Bob - and any password, the request becomes, SELECT user_id FROM users WHERE user_name= Bob -- AND user_pwd= whatever That is (-- is interpreted as the start of a comment), SELECT user_id FROM users WHERE user_name= Bob Solution: uses the function get_magic_quotes_gpc adding \ before any reserved characters (-,, ) Exercise: find another attack in the case X does not know any login name Page 12
13 q Incorrect verification of input length Buffer overflow or overrun Anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory Programs written in languages which (for instance C and C++) which do not automatically check that data written to a buffer (array) is within the boundaries of that buffer (and with not built-in protection against accessing or overwriting data in the memory). May be triggered by inputs that are designed to execute code, or alter the way the program operates May result in erratic program behavior, incorrect results, crash, or breach of system security Example: Unix 4BSD finger command (Internet Worm of 1988) Fingerd daemeon: answer to remote finger requests, fingerd uses C function gets, that reads a line of input without performing bound checking With a given message of 356 bits, it was possible to execute a code opening a shell via TCP with the privleges of fingerd Page 13
14 q Buffer overrun Memory configuration Stack (pile) Higher addresses: contain the return address (specifying the next instruction to be executed), the local variables, the function inputs Heap (tas) Datas / Constants Lower adresses: used for dynamic memory allocation Si la valeur affectée à une variable dépasse la taille du buffer allouée : Code peut causer une erreur d exécution peut permettre à de faire exécuter son code en écrasant la mémoire de la pile jusqu à l adresse de retour du processus en cours d exécution Page 14
15 q Stack overflow = buffer overrun on the stack Example: C function foo void foo()!!{!!char a[9];!!printf(" enter your login");!!gets(a); /* no bound checking */!!}! Return address Saved Frame pointer Array a Parent routine s stack Ret sfp a[8] a[7] a[6] a[5] a[4] a[3] a[2] a[1] a[0] Unallocated Stack space Login = leneutre Parent routine s stack Ret sfp /0 e r t u e n e l Unallocated Stack space Stack before Stack after Page 15
16 q Stack overflow = buffer overrun on the stack (2) Attacker X enters as login = AAAAAAAAAAAAadr_a where adr_a is the address corresponding to the array a Parent routine s stack Ret sfp a[8] a[7] a[6] a[5] a[4] a[3] a[2] a[1] a[0] Unallocated Stack space Stack before Login = AAAAAAAAAAAAadr_a Buffer overrun! adr_a Parent routine s stack adr_a A A A A A A A A A A A A Unallocated Stack space Stack after When foo() returns it pops the return address off the stack and starts executing instructions from that address Page 16
17 q Stack overflow = buffer overrun on the stack (3) Attacker X replaces the string AAAAAAAAAAAA with a shellcode (a small code that starts a command shell) Parent routine s stack Ret sfp a[8] a[7] a[6] a[5] a[4] a[3] a[2] a[1] a[0] Unallocated Stack space Stack before Shellcode is executed with the privileges of foo Parent routine s stack adr_a Shellcode Unallocated Stack space Stack after adr_a If foo() is executer with special privileges (superuser), X gains this privilege on the affected machine Page 17
18 q Exercise A small company sell digital photos via internet : Each photo is identified by a number When a client wants to access to a photo using its number he must authenticate himself The access is recorded, and the client will receive a monthly invoice Concretely, when a user has chosen the photo, he executes through his web browser the C-function buy: void buy (const char* login, const char* password, const char* name, const char* number) { } if (authenticate(login, password)==1 { } inform_photo(nom, numero); inform_debit(login); The authenticate function checks whether the password entered by the client is correct Page 18
19 q Exercise (2) The function inform_photo uses the function show_photo to present the photo to the user void inform_photo (const char* name, const char* number) {!!!!char a[100]= "";!!!!strcat (a, "Mr ");!!!!strcat (a, name);!!!!strcat (a, ", here is your photo. \n");!!!!printf (a);!!!!show_photo(number);!!!}! The function inform_debit uses the function debit to charge the correct number of photos!!!void inform_debit (const char* login) {!!!!debit(login);!!!!printf("we debited 10 Euros from your account. \n");!!!}! Page 19
20 q Exercise (3) Show that a malicious user may access to photos without paying for them Propose a solution to avoid this attack by modifying only the function inform_photo! Propose a second solution modifying only the function buy Page 20
21 q Incorrect handling of Controlled Invocations A user wants to execute an operation requiring a secured mode (system mode) The system switches from the normal mode (user mode) to system mode, execute this operation, and switches back to user mode, before giving back the control to the user Potential problem: if a controlled invocation is not correctly handled by the system a user may obtain special privileges Example: Unix login The login window is a system process with superuser privileges When a user logs, the system replaces the current home directory with the user directory Then the system execute the commands in the user configuration files (.cshrc and.login): if the system is still using the superuser privileges then a malicious user could use the previous configuration files as Trojans The uid of the login process must be replaced with the user uid before any execution of a user command Page 21
22 q Race condition (Situation de compétition) Arises in software where separate processes or threads of execution depend on some shared state or resource Operations upon shared states are critical sections that must be mutually exclusive Potential problem: if critical sections are not correctly handled the shared resource may be corrupted, processes may be blocked, or a process may obtain the privileges of the other process. Example: North American Blackout (power outage) of 2003 Software flaw in the energy management system A race condition existed in the alarm subsystem: under some conditions alerts were not raised to the monitoring technicians, delaying their awareness of the problem. Page 22
23 q Race condition (2) Example: CTSS (Compatible Time-Sharing System) operating system Each user has his own unique directory WELCOME WELCOME WELCOME When a user edits a file, a file with fixed name SCRATCH is created Hello! The SCRATCH Hello! system is considered as a SCRATCH Cgd8/oip user (with his own SCRATCH) SCRATCH PWD An upgrade Hello! permitted PWD to several Cgd8/oip administrators PWD to connect Cgd8/oip themselves simultaneously on the system account Cgd8/oip Cgd8/oip Cgd8/oip The following sequence of operation copied the password file inside the WELCOME message: admin1 edits the welcome message: SCRATCH:=WELCOME; admin2 edits the password file: admin1 saves the welcome message: SCRATCH:=PWD; WELCOME:= SCRATCH Page 23
24 q Time-of-check-to-time-of-use (TOCTTOU) A specific case of race condition appearing when there is a change in a system between the checking of a condition (for instance for authentication) and the use of the results of that check Example : Consider a Web application that allows a user to edit pages, and also allows administrators to lock pages to prevent editing. A user requests to edit a page, getting a form by which he can alter its content Before the user submits the form, an administrator locks the page, which should prevent editing However, since the user has already begun editing, when he submits the form, his edits are accepted When the user began editing, his authorization was checked, and he was indeed allowed to edit. The authorization was used later, after he should no longer have been allowed In the early 90's, the mail utility of BSD 4.3 UNIX had an exploitable race condition Page 24
CS5008: Internet Computing
CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is
More informationSY0-201. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.
system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. From a high-level standpoint, attacks on computer systems and networks can be grouped
More informationTCP/IP Security Problems. History that still teaches
TCP/IP Security Problems History that still teaches 1 remote login without a password rsh and rcp were programs that allowed you to login from a remote site without a password The.rhosts file in your home
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationDos & DDoS Attack Signatures (note supplied by Steve Tonkovich of CAPTUS NETWORKS)
Dos & DDoS Attack Signatures (note supplied by Steve Tonkovich of CAPTUS NETWORKS) Signature based IDS systems use these fingerprints to verify that an attack is taking place. The problem with this method
More informationAbstract. Introduction. Section I. What is Denial of Service Attack?
Abstract In this report, I am describing the main types of DoS attacks and their effect on computer and network environment. This report will form the basis of my forthcoming report which will discuss
More informationCSE331: Introduction to Networks and Security. Lecture 15 Fall 2006
CSE331: Introduction to Networks and Security Lecture 15 Fall 2006 Worm Research Sources "Inside the Slammer Worm" Moore, Paxson, Savage, Shannon, Staniford, and Weaver "How to 0wn the Internet in Your
More informationFrequent Denial of Service Attacks
Frequent Denial of Service Attacks Aditya Vutukuri Science Department University of Auckland E-mail:avut001@ec.auckland.ac.nz Abstract Denial of Service is a well known term in network security world as
More informationChapter 8 Security Pt 2
Chapter 8 Security Pt 2 IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross,
More informationCMSC 421, Operating Systems. Fall 2008. Security. URL: http://www.csee.umbc.edu/~kalpakis/courses/421. Dr. Kalpakis
CMSC 421, Operating Systems. Fall 2008 Security Dr. Kalpakis URL: http://www.csee.umbc.edu/~kalpakis/courses/421 Outline The Security Problem Authentication Program Threats System Threats Securing Systems
More informationSecurity: Attack and Defense
Security: Attack and Defense Aaron Hertz Carnegie Mellon University Outline! Breaking into hosts! DOS Attacks! Firewalls and other tools 15-441 Computer Networks Spring 2003 Breaking Into Hosts! Guessing
More informationHow To Classify A Dnet Attack
Analysis of Computer Network Attacks Nenad Stojanovski 1, Marjan Gusev 2 1 Bul. AVNOJ 88-1/6, 1000 Skopje, Macedonia Nenad.stojanovski@gmail.com 2 Faculty of Natural Sciences and Mathematics, Ss. Cyril
More information1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained
home Network Vulnerabilities Detail Report Grouped by Vulnerability Report Generated by: Symantec NetRecon 3.5 Licensed to: X Serial Number: 0182037567 Machine Scanned from: ZEUS (192.168.1.100) Scan Date:
More informationDenial Of Service. Types of attacks
Denial Of Service The goal of a denial of service attack is to deny legitimate users access to a particular resource. An incident is considered an attack if a malicious user intentionally disrupts service
More information20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7
20-CS-6053-00X Network Security Spring, 2014 An Introduction To Network Security Week 1 January 7 Attacks Criminal: fraud, scams, destruction; IP, ID, brand theft Privacy: surveillance, databases, traffic
More informationSeminar Computer Security
Seminar Computer Security DoS/DDoS attacks and botnets Hannes Korte Overview Introduction What is a Denial of Service attack? The distributed version The attacker's motivation Basics Bots and botnets Example
More information1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding?
Page 1 of 5 1. Introduction The present document explains about common attack scenarios to computer networks and describes with some examples the following features of the MilsGates: Protection against
More informationSecure Software Programming and Vulnerability Analysis
Secure Software Programming and Vulnerability Analysis Christopher Kruegel chris@auto.tuwien.ac.at http://www.auto.tuwien.ac.at/~chris Operations and Denial of Service Secure Software Programming 2 Overview
More informationChapter 7 Protecting Against Denial of Service Attacks
Chapter 7 Protecting Against Denial of Service Attacks In a Denial of Service (DoS) attack, a Routing Switch is flooded with useless packets, hindering normal operation. HP devices include measures for
More informationCSCE 465 Computer & Network Security
CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Vulnerability Analysis 1 Roadmap Why vulnerability analysis? Example: TCP/IP related vulnerabilities
More informationOutline. CSc 466/566. Computer Security. 18 : Network Security Introduction. Network Topology. Network Topology. Christian Collberg
Outline Network Topology CSc 466/566 Computer Security 18 : Network Security Introduction Version: 2012/05/03 13:59:29 Department of Computer Science University of Arizona collberg@gmail.com Copyright
More informationAttack Lab: Attacks on TCP/IP Protocols
Laboratory for Computer Security Education 1 Attack Lab: Attacks on TCP/IP Protocols Copyright c 2006-2010 Wenliang Du, Syracuse University. The development of this document is funded by the National Science
More informationSession Hijacking Exploiting TCP, UDP and HTTP Sessions
Session Hijacking Exploiting TCP, UDP and HTTP Sessions Shray Kapoor shray.kapoor@gmail.com Preface With the emerging fields in e-commerce, financial and identity information are at a higher risk of being
More informationA1.1.1.11.1.1.2 1.1.1.3S B
CS Computer 640: Network AdityaAkella Lecture Introduction Networks Security 25 to Security DoS Firewalls and The D-DoS Vulnerabilities Road Ahead Security Attacks Protocol IP ICMP Routing TCP Security
More informationSecurity vulnerabilities in the Internet and possible solutions
Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in
More informationFirewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall.
Firewalls 1 Firewalls Idea: separate local network from the Internet Trusted hosts and networks Firewall Intranet Router DMZ Demilitarized Zone: publicly accessible servers and networks 2 1 Castle and
More informationCS 356 Lecture 16 Denial of Service. Spring 2013
CS 356 Lecture 16 Denial of Service Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter
More informationSummary of the SEED Labs For Authors and Publishers
SEED Document 1 Summary of the SEED Labs For Authors and Publishers Wenliang Du, Syracuse University To help authors reference our SEED labs in their textbooks, we have created this document, which provides
More informationCYBER ATTACKS EXPLAINED: THE MAN IN THE MIDDLE
CYBER ATTACKS EXPLAINED: THE MAN IN THE MIDDLE Due to the encouraging feedback this series of articles has received, we decided to explore yet another type of cyber intrusionthe Man In The Middle (MITM)
More informationSECURING APACHE : DOS & DDOS ATTACKS - I
SECURING APACHE : DOS & DDOS ATTACKS - I In this part of the series, we focus on DoS/DDoS attacks, which have been among the major threats to Web servers since the beginning of the Web 2.0 era. Denial
More informationGeneral Network Security
4 CHAPTER FOUR General Network Security Objectives This chapter covers the following Cisco-specific objectives for the Identify security threats to a network and describe general methods to mitigate those
More information1. Firewall Configuration
1. Firewall Configuration A firewall is a method of implementing common as well as user defined security policies in an effort to keep intruders out. Firewalls work by analyzing and filtering out IP packets
More informationco Characterizing and Tracing Packet Floods Using Cisco R
co Characterizing and Tracing Packet Floods Using Cisco R Table of Contents Characterizing and Tracing Packet Floods Using Cisco Routers...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1
More informationGuide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst
INTEGRATED INTELLIGENCE CENTER Technical White Paper William F. Pelgrin, CIS President and CEO Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst This Center for Internet Security
More informationMalicious Programs. CEN 448 Security and Internet Protocols Chapter 19 Malicious Software
CEN 448 Security and Internet Protocols Chapter 19 Malicious Software Dr. Mostafa Hassan Dahshan Computer Engineering Department College of Computer and Information Sciences King Saud University mdahshan@ccis.ksu.edu.sa
More informationChapter 4 Firewall Protection and Content Filtering
Chapter 4 Firewall Protection and Content Filtering This chapter describes how to use the content filtering features of the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN to protect your network.
More informationThe Trivial Cisco IP Phones Compromise
Security analysis of the implications of deploying Cisco Systems SIP-based IP Phones model 7960 Ofir Arkin Founder The Sys-Security Group ofir@sys-security.com http://www.sys-security.com September 2002
More informationFirewalls and Intrusion Detection
Firewalls and Intrusion Detection What is a Firewall? A computer system between the internal network and the rest of the Internet A single computer or a set of computers that cooperate to perform the firewall
More informationDDos. Distributed Denial of Service Attacks. by Mark Schuchter
DDos Distributed Denial of Service Attacks by Mark Schuchter Overview Introduction Why? Timeline How? Typical attack (UNIX) Typical attack (Windows) Introduction limited and consumable resources (memory,
More informationINTRUSION DETECTION SYSTEM (IDS) by Kilausuria Abdullah (GCIH) Cyberspace Security Lab, MIMOS Berhad
INTRUSION DETECTION SYSTEM (IDS) by Kilausuria Abdullah (GCIH) Cyberspace Security Lab, MIMOS Berhad OUTLINE Security incident Attack scenario Intrusion detection system Issues and challenges Conclusion
More informationNetworks: IP and TCP. Internet Protocol
Networks: IP and TCP 11/1/2010 Networks: IP and TCP 1 Internet Protocol Connectionless Each packet is transported independently from other packets Unreliable Delivery on a best effort basis No acknowledgments
More informationUniversity of Wisconsin Platteville SE411. Senior Seminar. Web System Attacks. Maxwell Friederichs. April 18, 2013
University of Wisconsin Platteville SE411 Senior Seminar Web System Attacks Maxwell Friederichs April 18, 2013 Abstract 1 Data driven web applications are at the cutting edge of technology, and changing
More informationnoway.toonux.com 09 January 2014
noway.toonux.com p3.7 10 noway.toonux.com 88.190.52.71 Debian Linux 0 CRITICAL 0 HIGH 5 MEDIUM 2 LOW Running Services Service Service Name Risk General Linux Kernel Medium 22/TCP OpenSSH 5.5p1 Debian 6+squeeze4
More informationClient Server Registration Protocol
Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are
More informationOverview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP
Overview Securing TCP/IP Chapter 6 TCP/IP Open Systems Interconnection Model Anatomy of a Packet Internet Protocol Security (IPSec) Web Security (HTTP over TLS, Secure-HTTP) Lecturer: Pei-yih Ting 1 2
More informationHow To Protect A Database From Attack
Database Security in Assets of Companies Tianmin Qu Department of Computer Science Helsinki University of Technology tqu@cc.hut.fi The most sensitive data for commercial web sites will usually reside in
More informationWhat is Web Security? Motivation
brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web
More informationDesign of a secure system. Example: trusted OS. Bell-La Pdula Model. Evaluation: the orange book. Buffer Overflow Attacks
Stware Security Holes and Defenses Design a secure system Follows a ring design. Every object has an associated security attribute. Every subject has a security clearance. Least secure Highest security
More informationCSE 127: Computer Security. Network Security. Kirill Levchenko
CSE 127: Computer Security Network Security Kirill Levchenko December 4, 2014 Network Security Original TCP/IP design: Trusted network and hosts Hosts and networks administered by mutually trusted parties
More informationNetwork Security. 1 Pass the course => Pass Written exam week 11 Pass Labs
Network Security Ola Lundh ola.lundh@hh.se Schedule/ time-table: landris.hh.se/ (NetwoSec) Course home-page: hh.se/english/ide/education/student/coursewebp ages/networksecurity cisco.netacad.net Packet
More informationThick Client Application Security
Thick Client Application Security Arindam Mandal (arindam.mandal@paladion.net) (http://www.paladion.net) January 2005 This paper discusses the critical vulnerabilities and corresponding risks in a two
More informationMy FreeScan Vulnerabilities Report
Page 1 of 6 My FreeScan Vulnerabilities Report Print Help For 66.40.6.179 on Feb 07, 008 Thank you for trying FreeScan. Below you'll find the complete results of your scan, including whether or not the
More informationAnalysis on Some Defences against SYN-Flood Based Denial-of-Service Attacks
Analysis on Some Defences against SYN-Flood Based Denial-of-Service Attacks Sau Fan LEE (ID: 3484135) Computer Science Department, University of Auckland Email: slee283@ec.auckland.ac.nz Abstract A denial-of-service
More informationChapter 28 Denial of Service (DoS) Attack Prevention
Chapter 28 Denial of Service (DoS) Attack Prevention Introduction... 28-2 Overview of Denial of Service Attacks... 28-2 IP Options... 28-2 LAND Attack... 28-3 Ping of Death Attack... 28-4 Smurf Attack...
More informationSoftware security. Buffer overflow attacks SQL injections. Lecture 11 EIT060 Computer Security
Software security Buffer overflow attacks SQL injections Lecture 11 EIT060 Computer Security Buffer overflow attacks Buffer overrun is another common term Definition A condition at an interface under which
More informationAcquia Cloud Edge Protect Powered by CloudFlare
Acquia Cloud Edge Protect Powered by CloudFlare Denial-of-service (DoS) Attacks Are on the Rise and Have Evolved into Complex and Overwhelming Security Challenges TECHNICAL GUIDE TABLE OF CONTENTS Introduction....
More informationA43. Modern Hacking Techniques and IP Security. By Shawn Mullen. Las Vegas, NV IBM TRAINING. IBM Corporation 2006
IBM TRAINING A43 Modern Hacking Techniques and IP Security By Shawn Mullen Las Vegas, NV 2005 CSI/FBI US Computer Crime and Computer Security Survey 9 out of 10 experienced computer security incident in
More informationBotnets. Botnets and Spam. Joining the IRC Channel. Command and Control. Tadayoshi Kohno
CSE 490K Lecture 14 Botnets and Spam Tadayoshi Kohno Some slides based on Vitaly Shmatikov s Botnets! Botnet = network of autonomous programs capable of acting on instructions Typically a large (up to
More informationDenial of Service Attacks
2 Denial of Service Attacks : IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 13 August 2013 its335y13s2l06, Steve/Courses/2013/s2/its335/lectures/malicious.tex,
More informationRelease Notes for Epilog for Windows Release Notes for Epilog for Windows v1.7/v1.8
Release Notes for Epilog for Windows v1.7/v1.8 InterSect Alliance International Pty Ltd Page 1 of 22 About this document This document provides release notes for Snare Enterprise Epilog for Windows release
More informationFINAL DoIT 11.03.2015 - v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES
Purpose: The Department of Information Technology (DoIT) is committed to developing secure applications. DoIT s System Development Methodology (SDM) and Application Development requirements ensure that
More informationCloudFlare advanced DDoS protection
CloudFlare advanced DDoS protection Denial-of-service (DoS) attacks are on the rise and have evolved into complex and overwhelming security challenges. 1 888 99 FLARE enterprise@cloudflare.com www.cloudflare.com
More informationIntegrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com
SAINT Integrated Network Vulnerability Scanning and Penetration Testing www.saintcorporation.com Introduction While network vulnerability scanning is an important tool in proactive network security, penetration
More informationNetwork Threats and Vulnerabilities. Ed Crowley
Network Threats and Vulnerabilities Ed Crowley Objectives At the end of this unit, you will be able to describe and explain: Network attack terms Major types of attacks including Denial of Service DoS
More informationCYBER ATTACKS EXPLAINED: PACKET CRAFTING
CYBER ATTACKS EXPLAINED: PACKET CRAFTING Protect your FOSS-based IT infrastructure from packet crafting by learning more about it. In the previous articles in this series, we explored common infrastructure
More informationSafeguards Against Denial of Service Attacks for IP Phones
W H I T E P A P E R Denial of Service (DoS) attacks on computers and infrastructure communications systems have been reported for a number of years, but the accelerated deployment of Voice over IP (VoIP)
More informationProtocol Rollback and Network Security
CSE 484 / CSE M 584 (Spring 2012) Protocol Rollback and Network Security Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee,
More informationDenial of Service. Tom Chen SMU tchen@engr.smu.edu
Denial of Service Tom Chen SMU tchen@engr.smu.edu Outline Introduction Basics of DoS Distributed DoS (DDoS) Defenses Tracing Attacks TC/BUPT/8704 SMU Engineering p. 2 Introduction What is DoS? 4 types
More informationCMS Operational Policy for Firewall Administration
Chief Information Officer Office of Information Services Centers for Medicare & Medicaid Services CMS Operational Policy for Firewall Administration July 16, 2008 Document Number: CMS-CIO-POL-INF11-01
More informationFIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others
FIREWALLS FIREWALLS Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others FIREWALLS: WHY Prevent denial of service attacks: SYN flooding: attacker
More informationStop that Big Hack Attack Protecting Your Network from Hackers. www.lauraknapp.com
Stop that Big Hack Attack Protecting Your Network from Hackers Laura Jeanne Knapp Technical Evangelist 1-919-224-2205 laura@lauraknapp.com www.lauraknapp.com NetSec_ 010 Agenda Components of security threats
More informationFirewalls Netasq. Security Management by NETASQ
Firewalls Netasq Security Management by NETASQ 1. 0 M a n a g e m e n t o f t h e s e c u r i t y b y N E T A S Q 1 pyright NETASQ 2002 Security Management is handled by the ASQ, a Technology developed
More informationLinux Network Security
Linux Network Security Course ID SEC220 Course Description This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Host Security course. Protocols
More informationDistributed Denial of Service(DDoS) Attack Techniques and Prevention on Cloud Environment
Distributed Denial of Service(DDoS) Attack Techniques and Prevention on Cloud Environment Keyur Chauhan 1,Vivek Prasad 2 1 Student, Institute of Technology, Nirma University (India) 2 Assistant Professor,
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Part 1: Firewall as a Technique to create a virtual security wall separating your organization from the wild west of the public internet 2 1 Firewalls
More informationCSE 3482 Introduction to Computer Security. Denial of Service (DoS) Attacks
CSE 3482 Introduction to Computer Security Denial of Service (DoS) Attacks Instructor: N. Vlajic, Winter 2015 Learning Objectives Upon completion of this material, you should be able to: Explain the basic
More information18-731 Midterm. Name: Andrew user id:
18-731 Midterm 6 March 2008 Name: Andrew user id: Scores: Problem 0 (10 points): Problem 1 (10 points): Problem 2 (15 points): Problem 3 (10 points): Problem 4 (20 points): Problem 5 (10 points): Problem
More informationNetwork Concepts. IT 4823 Information Security Concepts and Administration. The Network Environment. Resilience. Network Topology. Transmission Media
IT 4823 Information Security Concepts and Administration March 17 Network Threats Notice: This session is being recorded. Happy 50 th, Vanguard II March 17, 1958 R.I.P. John Backus March 17, 2007 Copyright
More informationSecure Network Access System (SNAS) Indigenous Next Generation Network Security Solutions
Secure Network Access System (SNAS) Indigenous Next Generation Network Security Solutions Gigi Joseph, Computer Division,BARC. Gigi@barc.gov.in Intranet Security Components Network Admission Control (NAC)
More informationSecurity Technology White Paper
Security Technology White Paper Issue 01 Date 2012-10-30 HUAWEI TECHNOLOGIES CO., LTD. 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without
More informationDenial of Service Attacks. Notes derived from Michael R. Grimaila s originals
Denial of Service Attacks Notes derived from Michael R. Grimaila s originals Denial Of Service The goal of a denial of service attack is to deny legitimate users access to a particular resource. An incident
More informationFirewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015)
s (March 4, 2015) Abdou Illia Spring 2015 Test your knowledge Which of the following is true about firewalls? a) A firewall is a hardware device b) A firewall is a software program c) s could be hardware
More informationCS 640 Introduction to Computer Networks. Network security (continued) Key Distribution a first step. Lecture24
Introduction to Computer Networks Lecture24 Network security (continued) Key distribution Secure Shell Overview Authentication Practical issues Firewalls Denial of Service Attacks Definition Examples Key
More informationA Very Incomplete Diagram of Network Attacks
A Very Incomplete Diagram of Network Attacks TCP/IP Stack Reconnaissance Spoofing Tamper DoS Internet Transport Application HTTP SMTP DNS TCP UDP IP ICMP Network/Link 1) HTML/JS files 2)Banner Grabbing
More informationNetwork Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. April 23, 2015
Network Security Dr. Ihsan Ullah Department of Computer Science & IT University of Balochistan, Quetta Pakistan April 23, 2015 1 / 24 Secure networks Before the advent of modern telecommunication network,
More informationLecture 6: Network Attacks II. Course Admin
Lecture 6: Network Attacks II CS 336/536: Computer Network Security Fall 2014 Nitesh Saxena Adopted from previous lectures by Keith Ross, and Gene Tsudik Course Admin HW/Lab 1 We are grading (should return
More informationFirewalls, con t / Denial-of-Service (DoS)
Firewalls, con t / Denial-of-Service (DoS) CS 161: Computer Security Prof. Vern Paxson TAs: Jethro Beekman, Mobin Javed, Antonio Lupher, Paul Pearce & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/
More informationArchitecture Overview
Architecture Overview Design Fundamentals The networks discussed in this paper have some common design fundamentals, including segmentation into modules, which enables network traffic to be isolated and
More informationBarracuda Intrusion Detection and Prevention System
Providing complete and comprehensive real-time network protection Today s networks are constantly under attack by an ever growing number of emerging exploits and attackers using advanced evasion techniques
More informationAC 2012-3856: TEACHING NETWORK SECURITY THROUGH SIGNA- TURE ANALYSIS OF COMPUTER NETWORK ATTACKS
AC 2012-3856: TEACHING NETWORK SECURITY THROUGH SIGNA- TURE ANALYSIS OF COMPUTER NETWORK ATTACKS Dr. Te-Shun Chou, East Carolina University Te-Shun Chou received his bachelor s degree in electronics engineering
More informationExercise 7 Network Forensics
Exercise 7 Network Forensics What Will You Learn? The network forensics exercise is aimed at introducing you to the post-mortem analysis of pcap file dumps and Cisco netflow logs. In particular you will:
More informationWharf T&T Limited DDoS Mitigation Service Customer Portal User Guide
Table of Content I. Note... 1 II. Login... 1 III. Real-time, Daily and Monthly Report... 3 Part A: Real-time Report... 3 Part 1: Traffic Details... 4 Part 2: Protocol Details... 5 Part B: Daily Report...
More informationHow To Secure Network Threads, Network Security, And The Universal Security Model
BUILDING AN UNIVERSAL NETWORK SECURITY MODEL Zahari Todorov Slavov, Valentin Panchev Hristov Department of Computer Systems and Technology, South-West University Neofit Rilski, Blagoevgrad, Bulgaria, e-mail:
More informationPort Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology
Port Scanning and Vulnerability Assessment ECE4893 Internetwork Security Georgia Institute of Technology Agenda Reconnaissance Scanning Network Mapping OS detection Vulnerability assessment Reconnaissance
More informationDDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest
DDoS Attacks: The Latest Threat to Availability Dr. Bill Highleyman Managing Editor Availability Digest The Anatomy of a DDoS Attack Sombers Associates, Inc. 2013 2 What is a Distributed Denial of Service
More informationInternet Security [1] VU 184.216. Engin Kirda engin@infosys.tuwien.ac.at
Internet Security [1] VU 184.216 Engin Kirda engin@infosys.tuwien.ac.at Christopher Kruegel chris@auto.tuwien.ac.at Administration Challenge 2 deadline is tomorrow 177 correct solutions Challenge 4 will
More informationHomeland Security Red Teaming
Homeland Security Red Teaming Directs intergovernmental coordination Specifies Red Teaming Viewing systems from the perspective of a potential adversary Target hardening Looking for weakness in existing
More informationProject 4: (E)DoS Attacks
Project4 EDoS Instructions 1 Project 4: (E)DoS Attacks Secure Systems and Applications 2009 Ben Smeets (C) Dept. of Electrical and Information Technology, Lund University, Sweden Introduction A particular
More information