Introduction to Network Security

Similar documents
Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

20-CS X Network Security Spring, An Introduction To. Network Security. Week 1. January 7

CS5008: Internet Computing

E-BUSINESS THREATS AND SOLUTIONS

CS 640 Introduction to Computer Networks. Network security (continued) Key Distribution a first step. Lecture24

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

SY system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.

Denial of Service Attacks

Firewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall.

Chapter 8 Security Pt 2

1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding?

Network Security. 1 Pass the course => Pass Written exam week 11 Pass Labs

Network Security in Practice

Wharf T&T Limited DDoS Mitigation Service Customer Portal User Guide

Solution of Exercise Sheet 5

Cloud-based DDoS Attacks and Defenses

Abstract. Introduction. Section I. What is Denial of Service Attack?

Denial of Service. Tom Chen SMU

CSE 127: Computer Security. Network Security. Kirill Levchenko

WORMS : attacks, defense and models. Presented by: Abhishek Sharma Vijay Erramilli

Voice over IP. Demonstration 1: VoIP Protocols. Network Environment

Seminar Computer Security

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

DoS/DDoS Attacks and Protection on VoIP/UC

Denial Of Service. Types of attacks

CYBER ATTACKS EXPLAINED: PACKET CRAFTING

Outline. CSc 466/566. Computer Security. 18 : Network Security Introduction. Network Topology. Network Topology. Christian Collberg

ACHILLES CERTIFICATION. SIS Module SLS 1508

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies

Presented By: Holes in the Fence. Agenda. IPCCTV Attack. DDos Attack. Why Network Security is Important

Announcements. Lab 2 now on web site

TCP/IP Security Problems. History that still teaches

CS5490/6490: Network Security- Lecture Notes - November 9 th 2015

How To Classify A Dnet Attack

Lecture 23: Firewalls

1. Firewall Configuration

Firewall Tutorial. KAIST Dept. of EECS NC Lab.

Firewalls, Tunnels, and Network Intrusion Detection

Chapter 28 Denial of Service (DoS) Attack Prevention

CSCI 4250/6250 Fall 2015 Computer and Networks Security

SECURING APACHE : DOS & DDOS ATTACKS - I

Port Scanning. Objectives. Introduction: Port Scanning. 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap.

Ethernet. Ethernet. Network Devices

DDos. Distributed Denial of Service Attacks. by Mark Schuchter

Network Threats and Vulnerabilities. Ed Crowley

CMS Operational Policy for Firewall Administration

Chapter 7 Protecting Against Denial of Service Attacks

Security Technology White Paper

Internet Firewall CSIS Internet Firewall. Spring 2012 CSIS net13 1. Firewalls. Stateless Packet Filtering

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

Packet Sniffing on Layer 2 Switched Local Area Networks

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

Chapter 8 Network Security

Introduction.

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

Networks: IP and TCP. Internet Protocol

Network Intrusion Detection Systems. Beyond packet filtering

Denial of Service (DoS) Technical Primer

Real-time Network Monitoring and Security Platform for Securing Next-Generation Network. Assoc. Prof. Dr. Sureswaran Ramadass

Session Hijacking Exploiting TCP, UDP and HTTP Sessions

Malicious Programs. CEN 448 Security and Internet Protocols Chapter 19 Malicious Software

Frequent Denial of Service Attacks

Outline. Outline. Outline

SECURITY FLAWS IN INTERNET VOTING SYSTEM

MONITORING OF TRAFFIC OVER THE VICTIM UNDER TCP SYN FLOOD IN A LAN

CS155: Computer and Network Security

Advanced Higher Computing. Computer Networks. Homework Sheets

Distributed Denial of Service(DDoS) Attack Techniques and Prevention on Cloud Environment

IP Network Layer. Datagram ID FLAG Fragment Offset. IP Datagrams. IP Addresses. IP Addresses. CSCE 515: Computer Network Programming TCP/IP

Internet Firewall CSIS Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS net15 1. Routers can implement packet filtering

CMPT 471 Networking II

How To Set Up An Ip Firewall On Linux With Iptables (For Ubuntu) And Iptable (For Windows)

Configuring Allied Telesyn Equipment to Counter Nimda Attacks

Final exam review, Fall 2005 FSU (CIS-5357) Network Security

The Case Against Jumbo Frames. Richard A Steenbergen <ras@gtt.net> GTT Communications, Inc.

VPN Lesson 2: VPN Implementation. Summary

Safeguards Against Denial of Service Attacks for IP Phones

Firewalls and Intrusion Detection

Project 4: (E)DoS Attacks

Reduce Your Virus Exposure with Active Virus Protection

TELE 301 Network Management. Lecture 16: Remote Terminal Services

Denial of Service Attacks. Notes derived from Michael R. Grimaila s originals

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

A S B

1.0 Introduction. 2.0 Data Gathering

Barracuda Intrusion Detection and Prevention System

Transport Layer Protocols

Firewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015)

Non-intrusive, complete network protocol decoding with plain mnemonics in English

Wireless Encryption Protection

Brocade NetIron Denial of Service Prevention

ΕΠΛ 674: Εργαστήριο 5 Firewalls

TOE2-IP FTP Server Demo Reference Design Manual Rev1.0 9-Jan-15

Security vulnerabilities in the Internet and possible solutions

co Characterizing and Tracing Packet Floods Using Cisco R

Analysis of Network Packets. C DAC Bangalore Electronics City

Firewalls. Network Security. Firewalls Defined. Firewalls

Denial of Service Attack Techniques: Analysis, Implementation and Comparison

Network layer: Overview. Network layer functions IP Routing and forwarding

How To Protect A Dns Authority Server From A Flood Attack

Transcription:

Introduction to Network Security Chapter 4 Taxonomy of Network-Based Vulnerabilities 1

Topics Network Security Model Header attacks Protocol Attacks Authentication Attacks Traffic attacks 2

Network Security Who (authentication) Good guys Bad Guys What to Attack Protocols Network connected Applications Infrastructure 3

User Application TCP IP Physical Network Payload Application Protocol Header Payload TCP Protocol Header Payload IP Protocol Header Payload Physical Network Protocol Header Payload Layered Model of Attack Data Each layer receives data from the layer below and passes data to the layer above it without looking at it An attacker can insert information into the payload in order to send data to a particular layer Internet Header Payload Attacker Generated Packet 4

Threat Model Attacker 1 & 3 can attack any layer on computers connected to the same network Attacker 2 can attack the TCP & Application layers of computers A1 & B1 and the IP layer of any device Attacker 4 has taken over the computer 5

Vulnerabilities, Exploits and Attacks 6

Attack Time Line Time between attacks has decreased and scale of attacks has increased Attacks now have multiple variations that can occur within hours of each other 1980 1990 2000 2006 1980 ARPANET virus (accidental) 1982 First Computer Virus (Apple ][) 1986 First PC virus 1988 Internet worm infects over 6,000 hosts Numerous viruses 1995 First Macro Virus 1999 Melissa worm 2000 Nimda, code Red, Sircam, Numerous others 2003 Sober, Sobig, Blaster, Slammer 2004 Sasser, MyDoom, 7

Risk & Risk Assessment Risk is a measure of how critical something is and is a combination of: Threat (How likely is it that the target will be attacked) Vulnerability (How likely there is a weakness in the target) Impact (What is the effect of losing the target) Risk assessment is the process where you decide how important something is and how hard you are going to work to protect it. 8

Risk Graph High Impact Low Unlikely Less Vulnerability More Threats Likely 9

Network Security Taxonomy Header based Protocol based Authentication based Traffic Based 10

Header Based Creation of invalid packets, different protocols handle bad packets differently Source and destination address manipulation Device can be confused by setting source and destination to the same address Setting bits in the header that should not be set Putting values in the header that are above or below the level specified in the standard 11

Example: Ping of Death IP Reassembly buffer (65535 bytes) IP payload IP Header IP payload offset = 65528 (max value) length = 100 12

Network Protocol Issues Timing / procedural Who talks first, who says what and when Think of a phone call conversations, there is a protocol, the person picking up the phone talks first Attacks usually involve valid packets that are out of order, arrive too fast, or are missing packets 13

Protocols attacks You can shutdown the protocol itself Send packets telling the device to stop talking For connectionless protocols you can answer as the server and tell the client the server is down. 14

Example: Syn Flood TCP 3-way Handshake Client Request to open connection Server Allocate Buffers Acknowledge Connection Request Connection is open Acknowledge Server Acknowledgement Wait for Client Acknowledgement Connection is open 15

Attacking Client Open 1 SYN Flood Server Open 2 Open 3 Open 4 Open 5 Open 6 NAK Connect Ack 1 Connect Ack 2 Connect Ack 3 Connect Ack 4 Connect Ack 5 Allocate Buffers Wait for Client ACK 1 Allocate Buffers Wait for Client ACK 2 Allocate Buffers Wait for Client ACK 3 Allocate Buffers Wait for Client ACK 4 Allocate Buffers Wait for Client ACK 5 No Buffers available 16

Authentication-Based Authentication is the proof of one s identity to another. Often thought of as username & password based In a network addresses are often used to authenticate packets. Like the 4 addresses used to identify a packet in the Internet 17

User User-to-User User User-to-host Authentication Host-to-User Authentication Network Application Layer-to-layer Authentication Application Authentication TCP Layer-to-layer Authentication TCP IP Layer-to-layer Authentication IP Physical Network Layer-to-layer Authentication Physical Network Internet 18

Authentication Four different types of authentication User to host Person proves the identity to computer resource Most prevalent Host to Host Work being done to strengthen this In past usually done by IP address User to User Contracts, secure email Useful for online auctions Host to User Server authenticating to user 19

Too much data To a single: Traffic-Based Application Network device Protocol layer From: Multiple machines Single attackers Traffic Capture (sniffing) 20

Traffic Attacks You can shutdown a service by: flooding it with packets opening a large number of connections You can shutdown network by: flooding it with a large number of packets. Broadcast packets will do the most damage You can shutdown a machine by: flooding a machine with packets on multiple services Broadcast storms 21

Denial of Service Denial of service is when a third party prevents valid network users access to services, machines, or applications Denial of service attacks can be difficult to detect and even harder to defend against. 22

Broadcast Flood Attack Broadcast Packet Target Network Internet Router Multiple Replies Attacker 23

Traffic Capture Packet sniffing can be played out against any layer in the network if the attacker is in a position to see the traffic. 24

Applying the Taxonomy Goal versus method The taxonomy applies to the method Breaking authentication maybe the goal, but the method maybe be header-based Not all attacks will be covered since not all attacks are network based. 25

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information