Topic 1 Lesson 1: Importance of network security 1
Initial list of questions Why is network security so important? Why are today s networks so vulnerable? How does Melissa virus work? How does I love you virus work? What is the effects of denial-of-service attacks? What is a worm? Do you have any personal experiences in suffering from attacks? Why do people need network security? 2
Why is network security so important? CRITICAL to businesses; national security concerns more and more personal info are on the web critical infrastructure is now controlled by networks increasing number of Internet uses, increased risk business need globalization; open your network to more and more eyes and holes from both inside and outside the # of incidents and vulnerability are increasing 3
Why are today s networks so vulnerable? more complexity more holes intranet internet users and sys admin poor understanding on security more users use internet now hacking tools are more accessible than ever security is enforced as an add-on; not part of the initial design business are more concerned about cost, so they are reluctant to invest in security all employees have knowledge of doing bad things users use same password again and again 4
How does Melissa virus work? (step 1) it is launched as an email with a malicious attachment (step 2) the attachment contains a macro program that is executable (step 3) exploit the user s address book to flood emails out take the 50 out of the user s address book (step 4) if the user click/open the attachment, the code will be executed you are infected! If the user does not click the attachment,? --nothing 5
The attachment: list.doc Melissa (cont.) The text Not executable Macro code Executable virus It is not a normal Word document, it contains code! 6
How does I love you virus work? Use email attachment user click on executable break passwords address book to selfpropagate replace certain file names with itself The social engineering aspect: saying I love you make user more prone to click very funny; you got a A; read this paper A visual basic script instead of a macro break passwords and report back usually corrupt files 7
What is the effects of denial-of-service attacks? unavailability of some services such as email take a web site down hard to detect since they look legitimate keep users from necessary resources such as the republication convention web server attack servers instead of clients can cost a company a lot of time and money does not disclose personal info not so harmful can slow down the entire Internet even if you are not a target more brute force attack than taking intelligent attack actions 8
DDoS Attack Master Daemon Daemon Daemon Daemon Daemon Victim Real Attacker 9
What is a worm? self-propagating programs that kill the Internet differences between virus and worm: worms do not need the user to do anything In Melissa, the users need to click Worms are self-propagating but viruses are not Compare DDoS with worm: The target of a DDoS attack is certain servers, but the target of a worm is every vulnerable host in the Internet Worms are self-propagating but DDoS attacks are not DDoS attacks attack servers instead of clients, but worms may attack both worms also collect info, but DDoS do not Both DDoS attack and worms may cause large-scale congestion 10
Do you have any personal experiences in suffering from attacks? () Summer 2003, internship, suffer from worm, attack windows XP/2000, servers and desktops, all servers went down; it took a week to recover based on Microsoft patches 1.5 points () Spring 02, klez virus, my friends hit; I burn a CD on which there is a virus, and both are infected () phishing attacks: identify stealing: (g6) EBAY NEEDS update information (g6) In july 04, citibank (682); US Bank (622), Ebay (255), PayPal (147), AOL (41), () credit card fraud: when you break in a web server, you may be able to grab 1000 credit cards (g6) In restaurant, after your card is skimmed, they can replicate your card (g7) Faked or hacked, yet legal, ATM machines can record your card info (pl) Xxx billions of dollars are lost 11
Why do people need network security? () Peace of mind () prevent identity theft () secure valuable info () protect your digital assets 12
If you are CSO, how do you measure the loss of security breaches? () the amount of lost sales () cost of repairs () negative press hurts my reputation () cost of re-coding due to file deletion () cost of wages to fix the problem () how your boss and his boss feel about this: my feeling is hurt 13
From the business point of view, what are the benefits of deploying security mechanisms? () it makes sense to have my customers trust me maintain customer relation Ethic you have responsibility () the company can be bothered by a lot of law suits () protect your secrets () spend some money now, avoid losing more money in the future () they can do business as usual () real expensive; the investment in security does not even cover the loss Risk: as new ones come out, you current ones become obsolete 14
Relation between security and (profitability, competency) () Lack of security may hurt competency thus hurt profitability; but too much security investment can also hurt 15
Internet is a double-edge sword () Internet not only makes your life easier more enjoyable, but also make the hacker happier 16
3 Colored Hats Hackers are classified not due to their knowledge or skills, but Their ethics Black hat hackers purely malicious criminal hacker; steal money ill intent; bad; bad; Gray hat hackers: use some black hat tactics but may be for good reasons; work for company; try to test weaknesses or warn people of weakness White hat hackers are any info security engineer specializing in defenses of computer networks 17