Presentation on theme: "NS-H0503-02/11041 Attacks. NS-H0503-02/11042 The Definition Security is a state of well-being of information and infrastructures in which the possibility."— Presentation transcript:
NS-H0503-02/11042 The Definition Security is a state of well-being of information and infrastructures in which the possibility of successful yet undetected theft, tampering, and disruption of information and services is kept low or tolerable Security rests on confidentiality, authenticity, integrity, and availability
NS-H0503-02/11044 Security Threats and Attacks A threat is a potential violation of security. –Flaws in design, implementation, and operation. An attack is any action that violates security. –Active adversary. Common threats: –Snooping/eavesdropping, alteration, spoofing, repudiation of origin, denial of receipt, delay and denial of service.
NS-H0503-02/11045 Types of Attacks Passive ThreadsActive Threads Release of Message Contents Traffic Analysis MasqueradeReplayModification of Message Contents Denial of Service
NS-H0503-02/11046 Attacks, Services and Mechanisms Security Attack: –Any action that compromises the security of information. Security Mechanism: –A mechanism that is designed to detect, prevent, or recover from a security attack. Security Service: – A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms.
NS-H0503-02/11047 Security Attacks Interruption: –attack on availability Interception: –attack on confidentiality Modfication: –attack on integtrity Fabrication: –attack on authenticity
NS-H0503-02/11049 Eavesdropping - Message Interception Attack on Confidentiality Unauthorized access to information Packet sniffers and wiretappers Illicit copying of data and programs SR Eavesdropper
NS-H0503-02/110410 Tampering With Messages Integrity Attack Stop the flow of the message Delay and optionally modify the message Release the message again SR Perpetrator
NS-H0503-02/110411 Fabrication Authenticity Attack Unauthorized assumption of other’s identity Generate and distribute objects under this identity SR Masquerader: from S
NS-H0503-02/110412 Attack on Availability Destroy hardware (cutting fiber) or software Modify software in a subtle way (alias commands) Corrupt packets in transit Blatant denial of service (DoS): –Crashing the server –Overwhelm the server (use up its resource) SR
NS-H0503-02/110413 Threat Examples - IP Spoofing A common first step to many threats. Source IP address cannot be trusted! IP PayloadIP Header SRC: source DST: destination SRC: 126.96.36.199 DST: 188.8.131.52 Is it really from Columbia University?
NS-H0503-02/110414 Routers Only Care About Destination 128.59.10.xx 130.207.xx.xx Rtr src:184.108.40.206 dst:220.127.116.11 Columbia Georgia Tech 36.190.0.xxRtr src:18.104.22.168 dst:22.214.171.124 Stanford
NS-H0503-02/110415 Why Should I Care? Attack packets with spoofed IP address help hide the attacking source. A smurf attack launched with your host IP address could bring your host and network to their knees. Higher protocol layers (e.g., TCP) help to protect applications from direct harm, but not enough.
NS-H0503-02/110416 Current IPv4 Infrastructure No authentication for the source Various approaches exist to address the problem: –Router/firewall filtering –TCP handshake
NS-H0503-02/110417 Router Filtering 36.190.0.xx Rtr src:126.96.36.199 dst:188.8.131.52 Stanford Hey, you shouldn’t be here! Decide whether this packet, with certain source IP address, should come from this side of network. Not standard - local policy.
NS-H0503-02/110418 Router Filtering Very effective for some networks (ISP should always do that!) –At least be sure that this packet is from some particular subnet Problems: –Hard to handle frequent add/delete hosts/subnets or mobileIP –Upsets customers should legitimate packets get discarded –Need to trust other routers
NS-H0503-02/110419 TCP Handshake client server SYN seq=x SYN seq=y, ACK x+1 ACK y+1 connection established
NS-H0503-02/110420 TCP Handshake 128.59.10.xx 130.207.xx.xx Rtr Columbia Georgia Tech 36.190.0.xxRtr src:184.108.40.206 dst:220.127.116.11 Stanford x seq=y, ACK x+1 The handshake prevents the attacker from establishing a TCP connection pretending to be 18.104.22.168
NS-H0503-02/110421 TCP Handshake Very effective for stopping most such attacks Problems: –The attacker can succeed if “y” can be predicted –Other DoS attacks are still possible (e.g., TCP SYN-flood)
NS-H0503-02/110422 IP Spoofing & SYN Flood X establishes a TCP connection with B assuming A’s IP address A B X (1) SYN Flood (2) predict B’s TCP seq. behavior SYN(seq=m),src=A (3)(4)SYN(seq=n)ACK(seq=m+1) (5) ACK(seq=n+1)
NS-H0503-02/110423 Vulnerability A vulnerability (or security flaw) is a specific failure of the security controls. Using the failure to violate the site security: exploiting the vulnerability; the person who does this: an attacker. It can be due to: –Lapses in design, implementation, and operation procedures. –Even security algorithms/systems are not immune! We will go over some examples in this course.
NS-H0503-02/110424 IP Protocol-related Vulnerabilities Authentication based on IP source address –But no effective mechanisms against IP spoofing Consequences (possible exploits) –Denial of Service attacks on infrastructures, e.g. IP Spoofing and SYN Flood Smurf and Fraggle attacks OSPF Max Sequence
NS-H0503-02/110425 Methods of Defence Encryption Software Controls (access limitations in a data base, in operating system protect each user from other users) Hardware Controls (smartcard) Policies (frequent changes of passwords) Physical Controls
NS-H0503-02/110426 Impact of Attacks Theft of confidential information Unauthorized use of –Network bandwidth –Computing resource Spread of false information Disruption of legitimate services All attacks can be related and are dangerous!
NS-H0503-02/110427 The Security Life Cycle The iterations of –Threats –Policy –Specification –Design –Implementation –Operation and maintenance