Defending Computer Networks Lecture 9: Worms/Firewalls. Stuart Staniford Adjunct Professor of Computer Science

Similar documents
Defending Computer Networks Lecture 10: Firewalls. Stuart Staniford Adjunct Professor of Computer Science

Using Tofino to control the spread of Stuxnet Malware

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

New possibilities in latest OfficeScan and OfficeScan plug-in architecture

Chapter 11 Cloud Application Development

INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION

Internet Worms, Firewalls, and Intrusion Detection Systems

G/On. Basic Best Practice Reference Guide Version 6. For Public Use. Make Connectivity Easy

Firewall Design Principles Firewall Characteristics Types of Firewalls

JK0 015 CompTIA E2C Security+ (2008 Edition) Exam

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

The Leading Provider of Endpoint Security Solutions

Network Incident Report

Firewalls, Tunnels, and Network Intrusion Detection

Computer Security Maintenance Information and Self-Check Activities

8. Firewall Design & Implementation

74% 96 Action Items. Compliance

Don t skip these expert tips for making your firewall airtight, bulletproof and fail-safe. 10 Tips to Make Sure Your Firewall is Really Secure

Firewall Firewall August, 2003

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

Chapter 9 Firewalls and Intrusion Prevention Systems

Figure 41-1 IP Filter Rules

How I Learned to Stop Worrying and Love Compliance Ron Gula, CEO Tenable Network Security

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Firewall

INTRUSION DETECTION SYSTEMS and Network Security

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

Security Engineering Part III Network Security. Intruders, Malware, Firewalls, and IDSs

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA

Why Leaks Matter. Leak Detection and Mitigation as a Critical Element of Network Assurance. A publication of Lumeta Corporation

Keep you computer running Keep your documents safe Identity theft Spreading infection Data Integrity (DPA: Data Protection Act)

Application Firewalls

DHS ICSJWG Fall Conference Maintaining Necessary Information Paths Over Unidirectional Gateways

Internet Security Protecting Your Business. Hayden Johnston & Rik Perry WYSCOM

How To Set Up An Ip Firewall On Linux With Iptables (For Ubuntu) And Iptable (For Windows)

CSCI 4250/6250 Fall 2015 Computer and Networks Security

Introduction to Firewalls Open Source Security Tools for Information Technology Professionals

Did you know your security solution can help with PCI compliance too?

Detailed Description about course module wise:

WORMS HALMSTAD UNIVERSITY. Network Security. Network Design and Computer Management. Project Title:

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting

Stuxnet Malware. Official communication presented at CIP Seminar by Thomas Brandstetter. Siemens AG All Rights Reserved.

Section 12 MUST BE COMPLETED BY: 4/22

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

Configuring Allied Telesyn Equipment to Counter Nimda Attacks

1 You will need the following items to get started:

Computer Security DD2395

13 Ways Through A Firewall

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

Firewalls. Steven M. Bellovin Matsuzaki maz Yoshinobu

CYBER SECURITY. Is your Industrial Control System prepared?

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

How To Protect A Network From Attack From A Hacker (Hbss)

Network Security Monitoring and Behavior Analysis Pavel Čeleda, Petr Velan, Tomáš Jirsík

Firewalls Overview and Best Practices. White Paper

Industrial Security for Process Automation

Attacks from the Inside

Phone Fax

Security Testing in Critical Systems

Network Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act

Lab Configuring Access Policies and DMZ Settings

Firewall Security. Presented by: Daminda Perera

Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

Building Secure Networks for the Industrial World

Many network and firewall administrators consider the network firewall at the network edge as their primary defense against all network woes.

Network Security Workshop

1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding?

PART D NETWORK SERVICES

How Secure is Your SCADA System?

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Chapter 3 Security and Firewall Protection

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

Building A Secure Microsoft Exchange Continuity Appliance

DDoS Attacks & Defenses

Small Business Server Part 2

F-Secure Internet Gatekeeper Virtual Appliance

How To Protect Your Network From Attack From Outside From Inside And Outside

Getting started. Creating a Web Server support application

Cryptography and Network Security Chapter 21. Malicious Software. Backdoor or Trapdoor. Logic Bomb 4/19/2010. Chapter 21 Malicious Software

Network Security Topologies. Chapter 11

Emerging Security Technological Threats

Myths, Mistakes and Outright Lies When it comes to network security P U R E S E C U R I T Y

INTERNET ATTACKS AGAINST NUCLEAR POWER PLANTS

Multifaceted Approach to Understanding the Botnet Phenomenon

Configuring a LAN SIParator. Lisa Hallingström Paul Donald Bogdan Musat Adnan Khalid Per Johnsson Rickard Nilsson

Networking for Caribbean Development

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

F-SECURE MESSAGING SECURITY GATEWAY

Proxies. Chapter 4. Network & Security Gildas Avoine

Verizon Firewall. 1 Introduction. 2 Firewall Home Page

Devising a Server Protection Strategy with Trend Micro

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies

CYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect SCADA & MES Schneider-Electric

What is a Firewall? A choke point of control and monitoring Interconnects networks with differing trust Imposes restrictions on network services

OPC & Security Agenda

Network Instruments white paper

Architecture. The DMZ is a portion of a network that separates a purely internal network from an external network.

Transcription:

Defending Computer Networks Lecture 9: Worms/Firewalls Stuart Staniford Adjunct Professor of Computer Science

Quiz Twenty Minutes (10:10-10:30am) No notes/laptops/tablets/phones/etc Write name/net- id at top

New Assigned Reading Bellovin and Cheswick. Network Firewalls. hop://people.scs.carleton.ca/~soma/id/ readings/bellovin- firewalls.pdf

Where We Are in Syllabus

Main Goals for Today Finish up worms Start firewalls.

Refresh on Scanning Worms K = 1.8/hr

Defenses for Scanning Worms Host- level: ASLR/DEP/Canaries/etc Limit outbound conneczons Network level Detect/block scanning Firewalls Packet filtering in routers Intrusion prevenzon systems In- switch security measures

Overall Dynamic Suppose each worm finds r children to infect Total before containment/remediazon. Successive generazons: 1, r, r 2, r 3, 1 + r + r 2 + r 3 + = 1/(1- r) if r<1 Eg if r = 0.9, total is 1/(1-0.9) = 10 If r > 1, series diverges. So must ensure each worm instance finds on average less than 1 child Epidemic peters out Known as epidemic threshold Similar to crizcal mass in nuclear explosions

Email Worms (1999) Mostly scourge of late 90s/early 2000s Melissa Microsoh Word Macro Worm Word document aoachment to email Used a large variety of enzcing subject lines to emails to try to get users to open aoachment. Very first version claimed to have passwords to porn sites. Various social engineering hooks to get you to open it Some say not a worm, depending on whether macro language is a program or not. Stole address book and mailed itself out

I Love You (2000) Subject ILOVEYOU AOachment LOVE- LETTER- FOR- YOU.txt.vbs Scoured address book, so appeared to come from someone you knew. Many people opened. Believed to have affected tens of millions of computers.

Email Worms in General Are topological worms Find their viczms using the natural topology of a protocol communicazon graph In this case email address books Use social engineering Tricking human users into doing something they shouldn t. In theory could use exploit in mail client, but hasn t been seen on a large scale.

Email Worm Defenses AnZ- virus scanning of aoachments AnZ- spam screening of inbound emails User educazon. Including warnings when opening strange aoachments. Email worms appear not to spread as much any more. Defenses must keep below epidemic threshold. Except

Storm Worm (2007) Used subject lines like 230 dead as storm baoers Europe And many, many others Zed to current events Had an executable aoachment. Defeated AV by repacking the exe every 10 minutes. Successfully built a large botnet Probably for Russian organized crime. Millions, maybe tens of millions of infected IPs. So email worm probably not permanently dead.

Stuxnet Worm Discussion today is focussed on spread, not payload. Likely target of worm: industrial controllers for centrifuges in Iranian nuclear plant (goal: damage/destroy them). Need to Get on internal corporate networks of Iranian enzzes Get on air- gapped SCADA networks. Find machines aoached to right controllers Execute real payload. Worm was used as the search strategy to find and cross the boolenecks. Apparently worked: caused extensive delay to Iranians.

Stuxnet Strategies Propagate through any network shares idenzfiable on accounts of infected computer. Zero- day print spooler vulnerability. Target hard- coded password in Siemens WinCC (SQL database) product. Windows server service vulnerability. Ability to infect USB drives. TargeOed a Windows vulnerability when viewing the folder on the drive.

Firewalls

Open Network From the Internet Port IP Address

Scale of the Problem Big network might have O(10 5 )- (10 8 ) machines Most will have some open ports Many, many versions of many, many codebases. Many different departments with differing needs/polizcs. Extremely hard to keep everything patched/ configured correctly But trivial to scan/exploit from the internet.

Establish Central Control Port IP Address

BeOer Yet DMZ Internet Firewall?? Internal

Or Internet DMZ Firewall Firewall Enclave Internal Firewall Enclave Firewall Firewall Enclave Enclave

Cloud Or even Internet Firewall Firewall Enclave Internal Firewall Enclave Firewall Firewall Enclave Enclave

Firewall Basic Concept Rules Rules (This is Netgate M1N1Wall low- cost, low- power open source firewall using FreeBSD/pfSense. Runs on AMD Geode cpu.)

Typical Firewall Rule Block in on LAN from 192.168.1.0/24 port any to 0.0.0.0/0 port 53 Any packets coming from LAN to port 53 will be dropped. Effect of rule in isolazon Could be part of strategy to force clients to use only officially sanczoned DNS servers

Firewall Rulesets Typically a significant number of rules, that together enforce the policy. Some firewalls take last match as disposizve, others take first match. Generally want first/last to be block all to ensure only permioed traffic is allowed. Stateful firewalls apply rules only to first packet of conneczon, then will allow rest of conneczon to proceed Performance benefit: looking up in flow table much faster than applying all of rules to packet.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information