Étude de l impact des attaques distribuées et multi-chemins sur les solutions de sécurité réseaux



Similar documents
Large-scale coordinated attacks: Impact on the cloud security

8 Steps for Network Security Protection

8 Steps For Network Security Protection

Port Scanning. Objectives. Introduction: Port Scanning. 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap.

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Firewall

Host-based Intrusion Prevention System (HIPS)

Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals

Analyzing Intrusion Detection System Evasions Through Honeynets

Special Issues for Penetration testing of Firewall

Advancement in Virtualization Based Intrusion Detection System in Cloud Environment

Keep you computer running Keep your documents safe Identity theft Spreading infection Data Integrity (DPA: Data Protection Act)

Banking Security using Honeypot

Virtualization Technologies (ENCS 691K Chapter 3)

Attacks and Defense. Phase 1: Reconnaissance

Chapter 2 Addendum (More on Virtualization)

G/On. Basic Best Practice Reference Guide Version 6. For Public Use. Make Connectivity Easy

Product Overview. Product Family. Product Features. Powerful intrusion detection and monitoring capacity

BlackRidge Technology Transport Access Control: Overview

Bendigo and Adelaide Bank Ltd Security Incident Response Procedure

Software Engineering 4C03 Class Project. Computer Networks and Computer Security COMBATING HACKERS

Divide and Conquer Real World Distributed Port Scanning

Footprinting and Reconnaissance Tools

Cooperating Security Management for Mutually Trusted Secure Networks

Course Title: Penetration Testing: Network & Perimeter Testing

Intrusion Detection Systems and Supporting Tools. Ian Welch NWEN 405 Week 12

REDCENTRIC MANAGED FIREWALL SERVICE DEFINITION

Need for Database Security. Whitepaper

City University of Hong Kong. Information on a Course offered by Department of Electronic Engineering with effect from Semester A in 2012/2013

Module II. Internet Security. Chapter 7. Intrusion Detection. Web Security: Theory & Applications. School of Software, Sun Yat-sen University

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

Development of a Network Intrusion Detection System

How Secure is Your SCADA System?

Vulnerability Audit: Why a Vulnerability Scan Isn t Enough. White Paper

Malicious Network Traffic Analysis

Vulnerability Scanning & Management

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

Distributed Port-Scan Attack in Cloud Environment

OPEN SOURCE SECURITY

INTRUSION DETECTION SYSTEM (IDS) D souza Adam Jerry Joseph I MCA

Agenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka

DSL and Cable Modems: The Dangers of Having a Static IP Address

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

Understanding Security Testing

Description: Course Details:

Intrusion Detection Systems

OfficeScan 10 Enterprise Client Firewall Updated: March 9, 2010

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

DDoS Protection. How Cisco IT Protects Against Distributed Denial of Service Attacks. A Cisco on Cisco Case Study: Inside Cisco IT

System Specification. Author: CMU Team

Demystifying Penetration Testing for the Enterprise. Presented by Pravesh Gaonjur

Hacking Book 1: Attack Phases. Chapter 1: Introduction to Ethical Hacking

Description: Objective: Attending students will learn:

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Barracuda Web Application Firewall vs. Intrusion Prevention Systems (IPS) Whitepaper

TIME TO LIVE ON THE NETWORK

Information Security Services

Cyber Attacks. Protecting National Infrastructure Student Edition. Edward G. Amoroso

McAfee. Firewall Enterprise. Application Note TrustedSource in McAfee. Firewall Enterprise. version and earlier

Security Mgt. Tools and Subsystems

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Intrusion Detection for Mobile Ad Hoc Networks

Intrusion Detection System Based Network Using SNORT Signatures And WINPCAP

Building Secure Networks for the Industrial World

Reducing Application Vulnerabilities by Security Engineering

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Introduction to Cyber Security / Information Security

VIEWABILL. Cloud Security and Operational Architecture. featuring RUBY ON RAILS

Securing Virtual Applications and Servers

Joint ITU-T/IEEE Workshop on Carrier-class Ethernet

IDS Categories. Sensor Types Host-based (HIDS) sensors collect data from hosts for

IBM. Vulnerability scanning and best practices

How To Protect A Network From Attack From A Hacker (Hbss)

CS 640 Introduction to Computer Networks. Network security (continued) Key Distribution a first step. Lecture24

Cyril Onwubiko Networking and Communications Group ncg.kingston.ac.

CS2107 Introduction to Information and System Security (Slid. (Slide set 8)

NETWORK PENETRATION TESTING

packet retransmitting based on dynamic route table technology, as shown in fig. 2 and 3.

VULNERABILITY ASSESSMENT WHITEPAPER INTRODUCTION, IMPLEMENTATION AND TECHNOLOGY DISCUSSION

CHAPTER 1 INTRODUCTION

A Denial of Service Resistant Intrusion Detection Architecture

THE ROLE OF IDS & ADS IN NETWORK SECURITY

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting

Black Box Penetration Testing For GPEN.KM V1.0 Month dd "#$!%&'(#)*)&'+!,!-./0!.-12!1.03!0045!.567!5895!.467!:;83!-/;0!383;!

Multifaceted Approach to Understanding the Botnet Phenomenon

Network/Cyber Security

Network Incident Report

Research on the Essential Network Equipment Risk Assessment Methodology based on Vulnerability Scanning Technology Xiaoqin Song 1

Passive Vulnerability Detection

case study Core Security Technologies Summary Introductory Overview ORGANIZATION: PROJECT NAME:

locuz.com Professional Services Security Audit Services

Introduction of Intrusion Detection Systems

Course: Information Security Management in e-governance. Day 3. Session 1: Information Security Audits

Intrusion Detection Systems

I D C E X E C U T I V E B R I E F


Botnet Detection by Abnormal IRC Traffic Analysis

Network Scanning. What is a Network scanner? Why are scanners needed? How do scanners do? Which scanner does the market provide?

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

Slow Port Scanning Detection

Transcription:

Étude de l impact des attaques distribuées et multi-chemins sur les solutions de sécurité réseaux Damien Riquet Gilles Grimaud Michaël Hauspie Team 2xS Université Lille 1, France 29 Octobre 2012 D. Riquet, G. Grimaud, M. Hauspie Étude de l impact des attaques distribuées... 1/24

Study on security of cloud computing structure Cloud Computing: a popular model to process large data set Several layers according to the needs of customers Store confidential data Growing concern about its security Security could delay cloud adoption "62% of companies decided to wait at least 12 months because of the common mistrust to cloud security" [Spi10] Attacks on the cloud Distributed attacks to evade security solutions [RGH12] Weaknesses of cloud structure D. Riquet, G. Grimaud, M. Hauspie Étude de l impact des attaques distribuées... 2/24

Structure weaknesses of cloud computing D. Riquet, G. Grimaud, M. Hauspie Étude de l impact des attaques distribuées... 3/24

Structure weaknesses of cloud computing D. Riquet, G. Grimaud, M. Hauspie Étude de l impact des attaques distribuées... 3/24

Structure weaknesses of cloud computing D. Riquet, G. Grimaud, M. Hauspie Étude de l impact des attaques distribuées... 3/24

Structure weaknesses of cloud computing D. Riquet, G. Grimaud, M. Hauspie Étude de l impact des attaques distribuées... 3/24

Goals of this paper Study security solutions used by Cloud Computing Show that distributed attacks could be very efficient Multi-path architecture Use-case: distributed portscan D. Riquet, G. Grimaud, M. Hauspie Étude de l impact des attaques distribuées... 4/24

Outline Security of the cloud 1 Security of the cloud 2 3 D. Riquet, G. Grimaud, M. Hauspie Étude de l impact des attaques distribuées... 5/24

Outline Security of the cloud Security solutions commonly used Previous work 1 Security of the cloud Security solutions commonly used Previous work 2 3 D. Riquet, G. Grimaud, M. Hauspie Étude de l impact des attaques distribuées... 6/24

Security solutions commonly used Previous work Cloud security - Security solutions commonly used Firewalls [BC94] At the border of the network Analyze traffic between two networks Security policies Intrusion Detection System (IDS) [Ped05] Network or Host based Passive device: raise alarms Pattern-matching, analyze traffic D. Riquet, G. Grimaud, M. Hauspie Étude de l impact des attaques distribuées... 7/24

Previous work Security of the cloud Security solutions commonly used Previous work Large-scale coordinated attacks : Impact on the cloud security [RGH12] Our first study on the impact of distributed attacks Focuses on one-path architecture Security solutions: Open-source / Industrial Various variables on the distributed portscan use-case Few attackers were enough to remain undetected Goals of this paper Multipath architecture Worst cases of [RGH12] D. Riquet, G. Grimaud, M. Hauspie Étude de l impact des attaques distribuées... 8/24

Outline Security of the cloud Purpose Distributed portscan Structure topology 1 Security of the cloud 2 Purpose Distributed portscan Structure topology 3 D. Riquet, G. Grimaud, M. Hauspie Étude de l impact des attaques distribuées... 9/24

Purpose of experimentations Purpose Distributed portscan Structure topology Study the impact of attacks on large structure [RGH12] Identify weaknesses on such architecture, Know how many hosts are necessary to lead incognito an attack, Elaborate a way to collaboratively detect intrusion. Key variables Distribution methods, Attacks variables (techniques, timing, etc), Multipath structures. D. Riquet, G. Grimaud, M. Hauspie Étude de l impact des attaques distribuées... 10/24

Distributed portscan: a use case Purpose Distributed portscan Structure topology Usage and goals Reconnaissance phase, Discover weaknesses of a network, Used by worms, malicious hackers. Distribution methods Naive distribution, Loop distribution. D. Riquet, G. Grimaud, M. Hauspie Étude de l impact des attaques distribuées... 11/24

Network topology Security of the cloud Purpose Distributed portscan Structure topology Cloud Computing Internet host Cloud host Firewall / IDS D. Riquet, G. Grimaud, M. Hauspie Étude de l impact des attaques distribuées... 12/24

Multipath structures (1/3) Purpose Distributed portscan Structure topology Attackers Targets Attackers Targets D. Riquet, G. Grimaud, M. Hauspie Étude de l impact des attaques distribuées... 13/24

Multipath structures (2/3) Purpose Distributed portscan Structure topology Attackers Targets Attackers Targets D. Riquet, G. Grimaud, M. Hauspie Étude de l impact des attaques distribuées... 14/24

Multipath structures (3/3) Purpose Distributed portscan Structure topology Attackers Targets Attackers Targets D. Riquet, G. Grimaud, M. Hauspie Étude de l impact des attaques distribuées... 15/24

Outline Security of the cloud 1 Security of the cloud 2 3 D. Riquet, G. Grimaud, M. Hauspie Étude de l impact des attaques distribuées... 16/24

Evaluation Security of the cloud Attacker Success Rate n = Number of ports successfully scanned before detection T = Total number of ports to scan ASR = n T Gain p = Number of possible paths ASR x = ASR for an attack on a x-path structure Gain p = ASR p ASR 1 D. Riquet, G. Grimaud, M. Hauspie Étude de l impact des attaques distribuées... 17/24

- 1 path, Connect scanning 30 25 Naive - 50ms Naive - 250ms Naive - 1000ms Loop - 50ms Loop - 250ms Loop - 1000ms ASR (Percentage) 20 15 10 5 0 5 10 15 20 25 30 Number of attackers D. Riquet, G. Grimaud, M. Hauspie Étude de l impact des attaques distribuées... 18/24

- Multipath, Loop distribution, 32 attackers, 250ms 7 6 T1 - SYN T2 - SYN T3 - SYN T1 - Connect T2 - Connect T3 - Connect 5 Gain 4 3 2 1 2 3 4 5 6 7 8 Number of paths D. Riquet, G. Grimaud, M. Hauspie Étude de l impact des attaques distribuées... 19/24

conclusion Keypoints Few scanners could be enough to remain undetected Weakness of a network is proportionnal to number of paths Basic distribution methods D. Riquet, G. Grimaud, M. Hauspie Étude de l impact des attaques distribuées... 20/24

Impact of distributed attacks on multipath architecture Few scanners are enough to remain undetected Effectiveness of the attack proportionnal to the number of paths No network noise, basic distribution methods Future work Collaborative IDS using virtual and physical probes Design of a Language for this security application domain D. Riquet, G. Grimaud, M. Hauspie Étude de l impact des attaques distribuées... 21/24

Questions Security of the cloud Security probes all over the cloud Damien Riquet - damien.riquet@lifl.fr Gilles Grimaud - gilles.grimaud@lifl.fr Michaël Hauspie - michael.hauspie@lifl.fr http://www.lifl.fr/ riquetd/ D. Riquet, G. Grimaud, M. Hauspie Étude de l impact des attaques distribuées... 22/24

References I Security of the cloud S. M Bellovin and W. R Cheswick, Network firewalls, IEEE Communications Magazine 32 (1994), no. 9, 50 57. Naga Raju Peddisetty, State-of-the-art intrusion detection: Technology, challenges, and evaluation, 2005. Damien Riquet, Gilles Grimaud, and Michael Hauspie, Large-scale coordinated attacks : Impact on the cloud security, The Second International Workshop on Mobile Commerce, Cloud Computing, Network and Communication Security 2012 (2012), 558 (Anglais). Spiceworks, New study sees rise in cloud services adoption among small and medium businesses in first half of 2010, 2010. D. Riquet, G. Grimaud, M. Hauspie Étude de l impact des attaques distribuées... 23/24

Collaborative security system DSL Host Hypervisor Virtual probe FPGA Guest OS Guest OS Physical probe Virtual probe D. Riquet, G. Grimaud, M. Hauspie Étude de l impact des attaques distribuées... 24/24

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information