Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 of 137Internet Mapping, Columbia. 137 slides Clear and Present Dangers Bill Cheswick Lumeta Corp.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 of 137Internet Mapping, Columbia. 137 slides Clear and Present Dangers Bill Cheswick Lumeta Corp."— Presentation transcript:

1 1 of 137Internet Mapping, Columbia

2 137 slides Clear and Present Dangers Bill Cheswick Lumeta Corp. ches@lumeta.comhes@lumeta.com

3 137 slides Clear and Present Dangers Perimeter Leaks Poor host security

4 137 slides Mapping the Internet and Intranets Bill Cheswick ches@lumeta.com http://www.cheswick.com

5 5 of 137Internet Mapping, Columbia Motivations Intranets are out of control – Always have been Highlands “day after” scenario Panix DOS attacks – a way to trace anonymous packets back! Internet tomography Curiosity about size and growth of the Internet Same tools are useful for understanding any large network, including intranets

6 6 of 137Internet Mapping, Columbia Related Work See Martin Dodge’s cyber geography page MIDS - John Quarterman CAIDA - kc claffy Mercator “ Measuring ISP topologies with rocketfuel ” - 2002 – Spring, Mahajan, WetherallSpringMahajanWetherall Enter “internet map” in your search engine

7 7 of 137Internet Mapping, Columbia The Goals Long term reliable collection of Internet and Lucent connectivity information – without annoying too many people Attempt some simple visualizations of the data – movie of Internet growth! Develop tools to probe intranets Probe the distant corners of the Internet

8 8 of 137Internet Mapping, Columbia Methods - data collection Single reliable host connected at the company perimeter Daily full scan of Lucent Daily partial scan of Internet, monthly full scan One line of text per network scanned – Unix tools

9 9 of 137Internet Mapping, Columbia Methods - network scanning Obtain master network list – network lists from Merit, RIPE, APNIC, etc. – BGP data or routing data from customers – hand-assembled list of Yugoslavia/Bosnia Run a traceroute-style scan towards each network Stop on error, completion, no data – Keep the natives happy

10 10 of 137Internet Mapping, Columbia TTL probes Used by traceroute and other tools Probes toward each target network with increasing TTL Probes are ICMP, UDP, TCP to port 80, 25, 139, etc. Some people block UDP, others ICMP

11 11 of 137Internet Mapping, Columbia TTL probes Application level TCP/UDP IP Hardware Client IP Hardware Router IP Hardware Router IP Hardware Router IP Hardware Router IP Hardware Router Application level TCP/UDP IP Hardware Server Hop 1Hop 2 Hop 3 Hop 4

12 12 of 137Internet Mapping, Columbia Send a packet with a TTL of 1… Application level TCP/UDP IP Hardware Client IP Hardware Router IP Hardware Router IP Hardware Router IP Hardware Router IP Hardware Router Application level TCP/UDP IP Hardware Server Hop 1Hop 2 Hop 3 Hop 4

13 13 of 137Internet Mapping, Columbia …and we get the death notice from the first hop Application level TCP/UDP IP Hardware Client IP Hardware Router IP Hardware Router IP Hardware Router IP Hardware Router IP Hardware Router Application level TCP/UDP IP Hardware Server Hop 1Hop 2 Hop 3 Hop 4

14 14 of 137Internet Mapping, Columbia Send a packet with a TTL of 2… Application level TCP/UDP IP Hardware Client IP Hardware Router IP Hardware Router IP Hardware Router IP Hardware Router IP Hardware Router Application level TCP/UDP IP Hardware Server Hop 1Hop 2 Hop 3 Hop 4

15 15 of 137Internet Mapping, Columbia … and so on … Application level TCP/UDP IP Hardware Client IP Hardware Router IP Hardware Router IP Hardware Router IP Hardware Router IP Hardware Router Application level TCP/UDP IP Hardware Server Hop 1Hop 2 Hop 3 Hop 4

16 16 of 137Internet Mapping, Columbia Advantages We don’t need access (I.e. SNMP) to the routers It’s very fast Standard Internet tool: it doesn’t break things Insignificant load on the routers Not likely to show up on IDS reports We can probe with many packet types

17 17 of 137Internet Mapping, Columbia Limitations Outgoing paths only Level 3 (IP) only – ATM networks appear as a single node – This distorts graphical analysis Not all routers respond Many routers limited to one response per second

18 18 of 137Internet Mapping, Columbia Limitations View is from scanning host only Takes a while to collect alternating paths Gentle mapping means missed endpoints Imputes non-existent links

19 19 of 137Internet Mapping, Columbia The data can go either way A EF D BC

20 20 of 137Internet Mapping, Columbia The data can go either way A EF D BC

21 21 of 137Internet Mapping, Columbia But our test packets only go part of the way A EF D BC

22 22 of 137Internet Mapping, Columbia We record the hop… A EF D BC

23 23 of 137Internet Mapping, Columbia The next probe happens to go the other way A EF D BC

24 24 of 137Internet Mapping, Columbia …and we record the other hop… A EF D BC

25 25 of 137Internet Mapping, Columbia We’ve imputed a link that doesn’t exist A EF D BC

26 26 of 137Internet Mapping, Columbia Data collection complaints Australian parliament was the first to complain List of whiners (25 nets) Military noticed immediately – Steve Northcutt – arrangements/warnings to DISA and CERT These complaints are mostly a thing of the past – Internet background radiation predominates

27 27 of 137Internet Mapping, Columbia Visualization goals make a map – show interesting features – debug our database and collection methods – hard to fold up geography doesn’t matter use colors to show further meaning

28 28 of 137Internet Mapping, Columbia

29 29 of 137Internet Mapping, Columbia

30 30 of 137Internet Mapping, Columbia Infovis state-of-the-art in 1998 800 nodes was a huge graph We had 100,000 nodes Use spring-force simulation with lots of empirical tweaks Each layout needed 20 hours of Pentium time

31 31 of 137Internet Mapping, Columbia

32 137 slides Visualization of the layout algorithm Laying out the Internet graph

33 33 of 137Internet Mapping, Columbia

34 137 slides Visualization of the layout algorithm Laying out an intranet

35 35 of 137Internet Mapping, Columbia

36 36 of 137Internet Mapping, Columbia A simplified map Minimum distance spanning tree uses 80% of the data Much easier visualization Most of the links still valid Redundancy is in the middle

37 37 of 137Internet Mapping, Columbia Colored by AS number

38 38 of 137Internet Mapping, Columbia Map Coloring distance from test host IP address – shows communities Geographical (by TLD) ISPs future – timing, firewalls, LSRR blocks

39 39 of 137Internet Mapping, Columbia Colored by IP address!

40 40 of 137Internet Mapping, Columbia Colored by geography

41 41 of 137Internet Mapping, Columbia Colored by ISP

42 42 of 137Internet Mapping, Columbia Colored by distance from scanning host

43 43 of 137Internet Mapping, Columbia US military reached by ICMP ping

44 44 of 137Internet Mapping, Columbia US military networks reached by UDP

45 45 of 137Internet Mapping, Columbia

46 46 of 137Internet Mapping, Columbia

47 137 slides Yugoslavia An unclassified peek at a new battlefield

48 48 of 137Internet Mapping, Columbia

49 137 slides Un film par Steve “Hollywood” Branigan...

50 50 of 137Internet Mapping, Columbia

51 137 slides fin

52 52 of 137Internet Mapping, Columbia Routers in New York City missing generator fuel

53 137 slides Intranets

54 54 of 137Internet Mapping, Columbia We partition our networks to get out of the game Companies, governments, departments, even families hide in enclaves to limit connectivity to approved services These are called intranets The decentralized, cloud-like nature of internets makes them hard to manage at a central point My company explores the extent of intranets and their interconnections with other networks.

55 137 slides Intranets: the rest of the Internet

56 56 of 137Internet Mapping, Columbia

57 57 of 137Internet Mapping, Columbia

58 58 of 137Internet Mapping, Columbia

59 59 of 137Internet Mapping, Columbia

60 60 of 137Internet Mapping, Columbia

61 61 of 137Internet Mapping, Columbia This was Supposed To be a VPN

62 62 of 137Internet Mapping, Columbia

63 63 of 137Internet Mapping, Columbia

64 137 slides Anything large enough to be called an “intranet” is out of control

65 65 of 137Internet Mapping, Columbia Case studies: corp. networks Some intranet statistics

66 66 of 137Internet Mapping, Columbia Leak Detection Internet intranet Mapping host A Test host B mitt D C A sends packet to B, with spoofed return address of D If B can, it will reply to D with a response, possibly through a different interface

67 67 of 137Internet Mapping, Columbia Leak Detection Internet intranet Mapping host A Test host B mitt D C Packet must be crafted so the response won’t be permitted through the firewall A variety of packet types and responses are used Either inside or outside address may be discovered Packet is labeled so we know where it came from

68 68 of 137Internet Mapping, Columbia Existence proofs of intranet leaks: the slammer worm It’s a pop-quiz on perimeter integrity The best run networks (e.g. spooks’ nets) do not get these plagues – Internal hosts may be susceptible

69 69 of 137Internet Mapping, Columbia Some Lumeta lessons Reporting is the really hard part – Converting data to information “Tell me how we compare to other clients” Offering a service was good practice, for a while The clients want a device We have >70 Fortune-200 companies and government agencies as clients Need-to-have vs. want-to-have

70 70 of 137Internet Mapping, Columbia Honeyd – network emulation Anti-hacking tools by Niels Provos at citi.umich.edu Can respond as one or more hosts I am configuring it to look like an entire client’s network Useful for testing and debugging Product?

71 71 of 137Internet Mapping, Columbia History of the Project Started in August 1998 at Bell Labs April-June 1999: Yugoslavia mapping July 2000: first customer intranet scanned Sept. 2000: spun off Lumeta from Lucent/Bell Labs June 2002: “B” round funding completed 2003: sales >$4MM

72 72 of 137Internet Mapping, Columbia

73 137 slides Mapping the Internet and Intranets Bill Cheswick ches@lumeta.com http://www.cheswick.com

74 137 slides My Dad’s Computer and the Future of Internet Security Bill Cheswick ches@lumeta.com http://www.lumeta.com

75 75 of 137Internet Mapping, Columbia

76 137 slides My Dad’s computer Skinny-dipping with Microsoft

77 77 of 137Internet Mapping, Columbia Case study: My Dad’s computer Windows XP, plenty of horsepower, two screens Applications: – Email (Outlook) – “Bridge:” a fancy stock market monitoring system – AIM

78 78 of 137Internet Mapping, Columbia Case study: My Dad’s computer Cable access dynamic IP address no NAT no firewall outdated virus software no spyware checker

79 79 of 137Internet Mapping, Columbia This computer was a software toxic waste dump It was burning a liter of oil every 500 km The popups seemed darned distracting to me

80 80 of 137Internet Mapping, Columbia My Dad’s computer: what the repair geek found Everything “Viruses I’ve never heard off” Constant popups Frequent blasts of multiple web pages, all obscene Dad: why do I care? I am getting my work done

81 81 of 137Internet Mapping, Columbia Dad’s computer: how did he get in this mess? He doesn’t know what the popup security messages mean Email-born viruses Unsecured network services Executable code in web pages from unworthy sites

82 82 of 137Internet Mapping, Columbia He is getting his work done Didn’t want a system administrator to mess up his user interface settings Truly destructive attacks are rare – They aren’t lucrative or much fun – They are self-limiting

83 83 of 137Internet Mapping, Columbia Recently An alien G-rated screen saver for an X-rated site appeared Changing the screen saver worked! The screen saver software removed in the correct way! Still, this should never have happened

84 137 slides Skinny Dipping on the Internet

85 85 of 137Internet Mapping, Columbia I’ve been skinny dipping on the Internet for years FreeBSD and Linux hosts Very few, very hardened network services Single-user hosts Dangerous services placed in sandboxes No known breakins No angst

86 137 slides “Best block is not be there” -Karate Kid

87 87 of 137Internet Mapping, Columbia Angst and the Morris Worm Did the worm get past my firewall? No. Why? – Partly smart design – Partly luck…removing fingerd Peace of mind comes from staying out of the battle altogether

88 137 slides “You’ve got to get out of the game” -Fred Grampp

89 137 slides Can my Dad (and millions like him) get out of the game?

90 137 slides Arms Races

91 91 of 137Internet Mapping, Columbia Virus arms race Early on, detectors used viral signatures Virus encryption and recompilation (!) has thwarted this Virus detectors now simulate the code, looking for signature actions Virus writers now detect emulation and behave differently Virus emulators are slowing down, even with Moore’s Law.

92 92 of 137Internet Mapping, Columbia Virus arms race I suspect that virus writers are going to win the detection battle, if they haven’t already – Emulation may become too slow – Even though we have the home-field advantage – Will we know if an undetectable virus is released? Best defense is to get out of the game. – Don’t run portable programs, or – Improve our sandbox technology People who really care about this worry about Ken Thompson’s attack – Read and understand “On Trusting Trust”

93 93 of 137Internet Mapping, Columbia Getting out of the virus game Don’t execute roving programs of unknown provenance Trusted Computing can fix the problem, in theory

94 94 of 137Internet Mapping, Columbia Password sniffing and cracking arms race Ethernet has always been sniffable WiFi is the new Ethernet

95 95 of 137Internet Mapping, Columbia Password sniffing and cracking arms race Password cracking works 3% to 60% of the time using offline dictionary attacks – More, if the hashing is misdesigned (c.f. Microsoft) This will never get better, so… We have to get out of the game

96 96 of 137Internet Mapping, Columbia Password sniffing and cracking arms race This battle is mostly won, thanks to SSL, IP/SEC, and VPNs. There are many successful businesses using these techniques nicely.

97 97 of 137Internet Mapping, Columbia Password sniffing is not a problem for Dad SSL fixes most of it AIM is interceptible – Fixable…will it be?

98 98 of 137Internet Mapping, Columbia Authentication/Identification Arms races Password/PIN selection vs. cracking Human-chosen passwords and PINs can be ok if guessing is limited, and obvious choices are suppressed Password cracking is getting better, thanks to Moore’s Law and perhaps even botnets

99 99 of 137Internet Mapping, Columbia We don’t know how to leave the user in charge of security decisions, safely.

100 100 of 137Internet Mapping, Columbia User education vs. user deception We will continue losing this one Even experts sometimes don’t understand the ramifications of choices they are offered

101 101 of 137Internet Mapping, Columbia Authentication arms race: predictions USA needs two factor authentication for social security number. (Something better than MMN or birth date.) I don’t see this improving much, but a global USB dongle would do it Don’t wait for world-wide PKI.

102 102 of 137Internet Mapping, Columbia Arms race (sort of) hardware destruction IBM monochrome monitor Some more recent monitors – Current ones? Hard drives? Beat the heads up? EEPROM write limits – Viral attack on.cn and.kr PC motherboards – Other equipment Anything that requires a hardware on-site service call

103 103 of 137Internet Mapping, Columbia Arms race (sort of) hardware destruction Rendering the firmware useless – This can be fixed (mostly) with a secure trusted computing base.

104 104 of 137Internet Mapping, Columbia Software upgrade race: literally a race Patches are analyzed to determine the weakness Patch-to-exploit time is now down below 10 hours – NB: spammers have incentive to do this work Now the good guys are trying to obfuscate code! Future difficult to say: dark side obscures everything.

105 105 of 137Internet Mapping, Columbia Arms Races: deception Jails – Cliff Stoll and SDInet Honeypots – Honeynet – honeyd The deception toolkit---Fred Cohen

106 137 slides Microsoft client security It has been getting worse: can they skinny-dip safely?

107 107 of 137Internet Mapping, Columbia Windows ME Active Connections - Win ME Proto Local Address Foreign Address State TCP 127.0.0.1:1032 0.0.0.0:0 LISTENING TCP 223.223.223.10:139 0.0.0.0:0 LISTENING UDP 0.0.0.0:1025 *:* UDP 0.0.0.0:1026 *:* UDP 0.0.0.0:31337 *:* UDP 0.0.0.0:162 *:* UDP 223.223.223.10:137 *:* UDP 223.223.223.10:138 *:*

108 108 of 137Internet Mapping, Columbia Windows 2000 Proto Local Address Foreign Address State TCP 0.0.0.0:135 0.0.0.0:0 LISTENING TCP 0.0.0.0:445 0.0.0.0:0 LISTENING TCP 0.0.0.0:1029 0.0.0.0:0 LISTENING TCP 0.0.0.0:1036 0.0.0.0:0 LISTENING TCP 0.0.0.0:1078 0.0.0.0:0 LISTENING TCP 0.0.0.0:1080 0.0.0.0:0 LISTENING TCP 0.0.0.0:1086 0.0.0.0:0 LISTENING TCP 0.0.0.0:6515 0.0.0.0:0 LISTENING TCP 127.0.0.1:139 0.0.0.0:0 LISTENING UDP 0.0.0.0:445 *:* UDP 0.0.0.0:1038 *:* UDP 0.0.0.0:6514 *:* UDP 0.0.0.0:6515 *:* UDP 127.0.0.1:1108 *:* UDP 223.223.223.96:500 *:* UDP 223.223.223.96:4500 *:*

109 109 of 137Internet Mapping, Columbia Windows XP, this laptop Proto Local Address Foreign Address State TCP ches-pc:epmap ches-pc:0 LISTENING TCP ches-pc:microsoft-ds ches-pc:0 LISTENING TCP ches-pc:1025 ches-pc:0 LISTENING TCP ches-pc:1036 ches-pc:0 LISTENING TCP ches-pc:3115 ches-pc:0 LISTENING TCP ches-pc:3118 ches-pc:0 LISTENING TCP ches-pc:3470 ches-pc:0 LISTENING TCP ches-pc:3477 ches-pc:0 LISTENING TCP ches-pc:5000 ches-pc:0 LISTENING TCP ches-pc:6515 ches-pc:0 LISTENING TCP ches-pc:netbios-ssn ches-pc:0 LISTENING TCP ches-pc:3001 ches-pc:0 LISTENING TCP ches-pc:3002 ches-pc:0 LISTENING TCP ches-pc:3003 ches-pc:0 LISTENING TCP ches-pc:5180 ches-pc:0 LISTENING UDP ches-pc:microsoft-ds *:* UDP ches-pc:isakmp *:* UDP ches-pc:1027 *:* UDP ches-pc:3008 *:* UDP ches-pc:3473 *:* UDP ches-pc:6514 *:* UDP ches-pc:6515 *:* UDP ches-pc:netbios-ns *:* UDP ches-pc:netbios-dgm *:* UDP ches-pc:1900 *:* UDP ches-pc:ntp *:* UDP ches-pc:1900 *:* UDP ches-pc:3471 *:*

110 110 of 137Internet Mapping, Columbia FreeBSD partition, this laptop (getting out of the game) Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address tcp4 0 0 *.22 tcp6 0 0 *.22

111 137 slides It is easy to dump on Microsoft, but many others have made the same mistakes before

112 112 of 137Internet Mapping, Columbia ftp stream tcp nowait root /v/gate/ftpd telnet stream tcp nowait root /usr/etc/telnetd shell stream tcp nowait root /usr/etc/rshd login stream tcp nowait root /usr/etc/rlogind exec stream tcp nowait root /usr/etc/rexecd finger stream tcp nowait guest /usr/etc/fingerd bootp dgram udp wait root /usr/etc/bootp tftp dgram udp wait guest /usr/etc/tftpd ntalk dgram udp wait root /usr/etc/talkd tcpmux stream tcp nowait root internal echo stream tcp nowait root internal discard stream tcp nowait root internal chargen stream tcp nowait root internal daytime stream tcp nowait root internal time stream tcp nowait root internal echo dgram udp wait root internal discard dgram udp wait root internal chargen dgram udp wait root internal daytime dgram udp wait root internal time dgram udp wait root internal sgi-dgl stream tcp nowait root/rcv dgld uucp stream tcp nowait root /usr/lib/uucp/uucpd Default services SGI workstation

113 113 of 137Internet Mapping, Columbia More default services mountd/1 stream rpc/tcp wait/lc root rpc.mountd mountd/1 dgram rpc/udp wait/lc root rpc.mountd sgi_mountd/1 stream rpc/tcp wait/lc root rpc.mountd sgi_mountd/1 dgram rpc/udp wait/lc root rpc.mountd rstatd/1-3 dgram rpc/udp wait root rpc.rstatd walld/1 dgram rpc/udp wait root rpc.rwalld rusersd/1 dgram rpc/udp wait root rpc.rusersd rquotad/1 dgram rpc/udp wait root rpc.rquotad sprayd/1 dgram rpc/udp wait root rpc.sprayd bootparam/1 dgram rpc/udp wait root rpc.bootparamd sgi_videod/1 stream rpc/tcp wait root ?videod sgi_fam/1 stream rpc/tcp wait root ?fam sgi_snoopd/1 stream rpc/tcp wait root ?rpc.snoopd sgi_pcsd/1 dgram rpc/udp wait root ?cvpcsd sgi_pod/1 stream rpc/tcp wait root ?podd tcpmux/sgi_scanner stream tcp nowait root ?scan/net/scannerd tcpmux/sgi_printer stream tcp nowait root ?print/printerd 9fs stream tcp nowait root /v/bin/u9fs u9fs webproxy stream tcp nowait root /usr/local/etc/webserv

114 137 slides Firewalls and intranets try to get us out of the network services vulnerability game

115 115 of 137Internet Mapping, Columbia

116 137 slides What my dad (and most of you) really needs

117 137 slides Most of my Dad’s problems are caused by weaknesses in features he never uses or needs.

118 137 slides A proposal: Windows OK

119 119 of 137Internet Mapping, Columbia Windows OK Thin client implemented with Windows It would be fine for maybe half the Windows users – Students, consumers, many corporate and government users It would be reasonable to skinny dip with this client – Without firewall or virus checking software

120 120 of 137Internet Mapping, Columbia Windows OK No network listeners – None of those services are needed, except admin access for centrally-administered hosts Default security settings All security controls in one or two places Security settings can be locked

121 121 of 137Internet Mapping, Columbia Windows OK (cont) There should be nothing you can click on, in email or a web page, that can hurt your computer – No portable programs are executed ever, except… ActiveX from approved parties – MSFT and one or two others. List is lockable

122 122 of 137Internet Mapping, Columbia Windows OK Reduce privileges in servers and all programs Sandbox programs – Belt and suspenders

123 123 of 137Internet Mapping, Columbia Office OK No macros in Word or PowerPoint. No executable code in PowerPoint files The only macros allowed in Excel perform arithmetic. They cannot create files, etc.

124 124 of 137Internet Mapping, Columbia Vulnerabilities in OK Buffer overflows in processing of data (not from the network) Stop adding new features and focus on bug fixes Programmers can clean up bugs, if they don’t have a moving target – It converges, to some extent

125 137 slides XP SP2 Bill Gets It

126 126 of 137Internet Mapping, Columbia Microsoft’s Augean Stables: a task for Hercules 3000 oxen, 30 years, that’s roughly one oxen-day per line of code in Windows It’s been getting worse since Windows 95

127 127 of 137Internet Mapping, Columbia XP SP2: Bill gets it “a feature you don’t use should not be a security problem for you.” “Security by design” – Too late for that, its all retrofitting now “Security by default” – No network services on by default Security control panel – Many things missing from it – Speaker could not find ActiveX security settings There are a lot of details that remain to be seen.

128 128 of 137Internet Mapping, Columbia Microsoft really means it about improving their security Their security commitment appears to be real It is a huge job Opposing forces are unclear to me It’s been a long time coming, and frustrating

129 129 of 137Internet Mapping, Columbia Microsoft secure client arms race We are likely to win, but it is going to be a while

130 130 of 137Internet Mapping, Columbia SP2 isn’t going to be easy to deploy Many people rely on unsafe configurations, even if they don’t realize it Future SPs won’t be easy either, especially if they follow my advice

131 131 of 137Internet Mapping, Columbia Windows XP SP2 Candidate 2 release is available Read the EULA…it is interesting and a bit different

132 132 of 137Internet Mapping, Columbia

133 133 of 137Internet Mapping, Columbia

134 134 of 137Internet Mapping, Columbia SP2 is just a start: more work is needed Security panel and ActiveX permissions – Also, list of trusted signers needed Still too many network services – They may not be reachable from outside the box Clicking may still be dangerous

135 135 of 137Internet Mapping, Columbia Conclusions: we ought to win these battles We control the playing field DOS is the worse they can do, in theory We can replicate our successes We can converge on a secure-enough environment

136 136 of 137Internet Mapping, Columbia Conclusions: problems The business models to achieve these successes seem surprisingly elusive to me Security devices, and stand-alone devices, are close to meeting our needs – Except full-functioned routers General purpose computers are the big problem – Apparently features are more important than security, to the customers – Is this really true?

137 137 slides My Dad’s Computer and the Future of Internet Security Bill Cheswick ches@lumeta.com http://www.lumeta.com

Download ppt "1 of 137Internet Mapping, Columbia. 137 slides Clear and Present Dangers Bill Cheswick Lumeta Corp."

Similar presentations

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
1 of 75Mapping the Internet and Intranets. 75 slides Mapping the Internet and Intranets Bill Cheswick

1 of 75Mapping the Internet and Intranets. 75 slides Mapping the Internet and Intranets Bill Cheswick
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Enabling IPv6 in Corporate Intranet Networks

Enabling IPv6 in Corporate Intranet Networks
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
Upgrading Software CIT 1100 Chapter4.

Upgrading Software CIT 1100 Chapter4.
Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.

Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
How do Networks work – Really The purposes of set of slides is to show networks really work. Most people (including technical people) don’t know Many people.

How do Networks work – Really The purposes of set of slides is to show networks really work. Most people (including technical people) don’t know Many people.
Installing SAS 9.3 Raymond R. Balise Health Research and Policy.

Installing SAS 9.3 Raymond R. Balise Health Research and Policy.
Web Security A how to guide on Keeping your Website Safe. By: Robert Black.

Web Security A how to guide on Keeping your Website Safe. By: Robert Black.
Analysis of 802.11 Privacy Jim McCann & Daniel Kuo EECS 598.

Analysis of Privacy Jim McCann & Daniel Kuo EECS 598.
Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.

Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.
Security Tools CS-480b Dick Steflik. CACLS Windows NT, W2000, XP Displays or modifies access control lists (ACLs) of files.

Security Tools CS-480b Dick Steflik. CACLS Windows NT, W2000, XP Displays or modifies access control lists (ACLs) of files.
(NHA) The Laboratory of Computer Communication and Networking Network Host Analyzer.

(NHA) The Laboratory of Computer Communication and Networking Network Host Analyzer.
Chapter 23: ARP, ICMP, DHCP IS333 Spring 2015.

Chapter 23: ARP, ICMP, DHCP IS333 Spring 2015.
Ch 20 Q and A IS333, Spring 2015 Victor Norman. Universal Service Means every computer can talk “directly” with every other one. A message is not addressed.

Ch 20 Q and A IS333, Spring 2015 Victor Norman. Universal Service Means every computer can talk “directly” with every other one. A message is not addressed.

Similar presentations

Ads by Google