CS5008: Internet Computing

Similar documents
Chapter 8 Security Pt 2

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

SY system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.

Network Security Fundamentals

APNIC elearning: Network Security Fundamentals. 20 March :30 pm Brisbane Time (GMT+10)

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

Session Hijacking Exploiting TCP, UDP and HTTP Sessions

Firewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015)

Networks: IP and TCP. Internet Protocol

Security: Attack and Defense

20-CS X Network Security Spring, An Introduction To. Network Security. Week 1. January 7

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

Security vulnerabilities in the Internet and possible solutions

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

FIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others

Chapter 8 Network Security

Chapter 7 Transport-Level Security

A S B

Firewalls, Tunnels, and Network Intrusion Detection

Security Technology White Paper

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

Network Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. April 23, 2015

Firewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall.

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

Topics in Network Security

Linux Network Security

Final exam review, Fall 2005 FSU (CIS-5357) Network Security

Presented By: Holes in the Fence. Agenda. IPCCTV Attack. DDos Attack. Why Network Security is Important

General Network Security

CYBER ATTACKS EXPLAINED: THE MAN IN THE MIDDLE

Abstract. Introduction. Section I. What is Denial of Service Attack?

Content Distribution Networks (CDN)

Secure Software Programming and Vulnerability Analysis

Firewall Firewall August, 2003

1. Firewall Configuration

Security Type of attacks Firewalls Protocols Packet filter

CS 356 Lecture 16 Denial of Service. Spring 2013

Network Concepts. IT 4823 Information Security Concepts and Administration. The Network Environment. Resilience. Network Topology. Transmission Media

Cornerstones of Security

Attack Lab: Attacks on TCP/IP Protocols

CSCE 465 Computer & Network Security

A Very Incomplete Diagram of Network Attacks

What is a Firewall? Computer Security. Firewalls. What is a Firewall? What is a Firewall?


Client Server Registration Protocol

Firewalls. configuring a sophisticated GNU/Linux firewall involves understanding

Dos & DDoS Attack Signatures (note supplied by Steve Tonkovich of CAPTUS NETWORKS)

Overview. Packet filter

CYBER ATTACKS EXPLAINED: PACKET CRAFTING

Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst

Seminar Computer Security

1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding?

Denial of Service (DoS)

How To Stop A Ddos Attack On A Website From Being Successful

Firewalls and Intrusion Detection

Stateful Firewalls. Hank and Foo

Insecure network services. Firewalls. Two separable topics. Packet filtering. Example: blocking forgeries. Example: blocking outgoing mail

Network Security in Practice

Solution of Exercise Sheet 5

CSCI 4250/6250 Fall 2015 Computer and Networks Security

Certified Ethical Hacker Exam Version Comparison. Version Comparison

IxLoad-Attack: Network Security Testing

Network Threats and Vulnerabilities. Ed Crowley

Network Security. Computer Security & Forensics. Security in Compu5ng, Chapter 7. l Network Defences. l Firewalls. l Demilitarised Zones

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

Transport Level Security

IDS 4.0 Roadshow. Module 1- IDS Technology Overview. 2003, Cisco Systems, Inc. All rights reserved. IDS Roadshow

Internet Firewall CSIS Internet Firewall. Spring 2012 CSIS net13 1. Firewalls. Stateless Packet Filtering

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

What is a Firewall? A choke point of control and monitoring Interconnects networks with differing trust Imposes restrictions on network services

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Outline. CSc 466/566. Computer Security. 18 : Network Security Introduction. Network Topology. Network Topology. Christian Collberg

Network Security Essentials Chapter 5

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

TECHNICAL NOTE 06/02 RESPONSE TO DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS

CMPT 471 Networking II

Network Security and Firewall 1

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Web Application Security

Firewall. User Manual

Denial Of Service. Types of attacks

Denial of Service attacks: analysis and countermeasures. Marek Ostaszewski

CNT4406/5412 Network Security Introduction

CSE 3482 Introduction to Computer Security. Denial of Service (DoS) Attacks

Acquia Cloud Edge Protect Powered by CloudFlare

COSC4377. Chapter 8 roadmap

COSC 472 Network Security

Cryptography and network security

PROFESSIONAL SECURITY SYSTEMS

Firewalls. Ola Flygt Växjö University, Sweden Firewall Design Principles

CloudFlare advanced DDoS protection

LoadMaster Application Delivery Controller Security Overview

A Layperson s Guide To DoS Attacks

Network Security : Attacks and Defence.

What is Web Security? Motivation

Evading Infrastructure Security Mohamed Bedewi Penetration Testing Consultant

Description: Objective: Attending students will learn:

Basic Vulnerability Issues for SIP Security

Transcription:

CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015

Internet Security When a computer connects to the Internet and begins communicating with others, it is taking a risk network connection gives attackers opportunity to compromise security Internet security is the protection of a computer's internet account and files from intrusion and disruption browser security and network security a secure Internet platform is designed so that agents (users or programs) can only perform actions that have been allowed Technologies used include firewalls, authentication methods and encryption 2

Terminology Asset is a resource of value such as the data in a database Vulnerability is a weakness or gap in security Attack is an assault on system security that derives from an intelligent threat RFC 2828 Passive attack does not affect system resources but intercepts communications, e.g. eavesdropping, stealing Active attack alters system resources or affect their operation, e.g. denial of service attack 3

Attack Types Denial-of-service (DOS) attacks next slides Man-in-the-middle (MITM) attack active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them Spoofing: IP spoofing; ARP poisoning Buffer/heap overflow Exploit applications with (known) security weaknesses (e.g. FTP, Telnet) 4

Denial-of-service attacks Denial-of-service (DoS) attack is an attempt to make a computer resource unavailable to its intended users Distributed denial-of-service (DDoS) attacks are sent by multiple persons, or bots Symptoms of denial-of-service attacks include inability of legitimate users to connect and unusually slow network performance Targets machine with flood of external communications requests, so much so that it cannot respond to legitimate traffic Web connections or email bomb DoS attack may consume and disrupt services and include execution of malware, e.g. MyDoom 5

DoS Attack Examples ICMP flood ping flood: large number of ping packets ping of death: malformed ping packet smurf attack: ICMP messages with spoofed source IP are broadcast to a computer network nuke attack: fragmented ICMP packets Others TCP/IP attacks SYN flood: flood of TCP SYN packets, often with a forged sender address fraggle attack: UDP messages with spoofed source IP are broadcast to a computer network teardrop attack: mangled IP fragments 6

More Network Vulnerabilities Port scanning attacker attempts to connect in sequence to a wide range of services (port numbers) on a single computer portsweep is to scan multiple hosts for a specific listening port Connection hijacking (Man-In-the-Middle Attack) malicious party intercepts a legitimate communication between two hosts to controls the flow of communication and to eliminate or alter the information sent attacker could inject forged packets with the correct sequence numbers 7

Firewalls Prevent intruders (by securing Internet connections) from unauthorized access and denial of service attacks to your network isolate internal network from Internet at large Firewall could be a router, gateway, or special purpose computer examines packets flowing in and out of organization s network; some packets are allowed to pass through, others are blocked placed on every connection that network has to Internet 8

How Firewalls Work Firewall has rules for traffic entering and leaving based on: source and destination IP address source and destination port numbers protocol type in IP header (TCP/UDP/ICMP) TCP flag bits (SYN, SYNACK, ACK, FIN) ICMP message types Main types of firewalls packet-level firewalls (packet filters and stateful-inspection filters) application-level firewalls (application gateways) Organization have single or multiple levels of firewall 9

Packet Filters Firewall is unaware of sessions/applications and what the intruder is trying to do IP spoofing remains a problem done by simply changing the source address of incoming packets from their real address to an address inside the organization s network basic packet filter will pass this packet Stateful inspection determine whether packet is start of a new connection or part of existing connection using TCP flag bits 10

Securing Network Perimeter Securing the network perimeter: controls on access points to prevent or deter unauthorized external access Access points of network Web traffic (port 80) email (port 25) remote login (port 22) Basic elements in restricting access Firewalls Proxies Network Address Translation (NAT) not covered this year 11

Application-Level Firewalls Operates at Application Layer Controls input, output, and/or access from, to, or by an application or service Can be a proxy service Requires more processing power than packet filters which can impact network performance because of the increased complexity of what they do 12

Browser Security The Web browser (client) itself is vulnerable to attack or exploit In particular scripts written in Javascript and insecure plugins may be used in attacks Recommendations include: use the most recent/secure version of Web browser/ plugins tighten the security settings on your browsers block pop-up windows See e.g. https://www.us-cert.gov/ncas/tips/st05-001 also Google s Browser Security Handbook https://code.google.com/p/browsersec/wiki/part1 13

Web application security Web applications can be at risk due to flaws in the design, development, and maintenance of the application Common threats/attacks: input validation, e.g. Buffer overflow and SQL injection parameter manipulation, e.g. Query string manipulation and Form field manipulation authentication, e.g. Brute force attack and Dictionary attacks session management, e.g. Session hijacking cryptography: poor key generation or key management Improving Web Application Security http://msdn.microsoft.com/en-us/library/ms994920.aspx 14

SSL SSL (Secure Sockets Layer) is a communications protocol which works between TCP and HTTP Transport Layer Security (TLS) is an IETF standard similar to SSL Version 3 Provides security between browser and Web server using HTTPS protocol (TCP port 443) RFC 2818 Uses X.509 certificates SSL/TLS uses public-key cryptography to exchange a secret (session) key and then uses symmetric (private-key) encryption encryption not covered this year because symmetric encryption such as AES much more efficient than symmetric encryption such as RSA algorithm also performs message authentication client and server use a handshake protocol 15

Data transmission using SSL/TLS 16

HTTPS and lock 17

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information