Network Security Introduction Some of these slides have been modified from slides of Michael I. Shamos COPYRIGHT © 2003 MICHAEL I. SHAMOS
Reading list For current lecture: Required: Pfleeger Chapters 7.1, 7.2, 7.3 Recommended:
Internet Connectivity Advantage: private networks able to reach and communicate with the outside word Disadvantage: outside world can also reach and interact with the private network
Advantages of Networks Resource sharing Distributed workload Increased reliability Expandability
Security in Networks Sharing: increased number of users System complexity: heterogeneous operating and control systems Unknown perimeter: shared nodes, new nodes Many points of attack: hosts and communications as a unit Anonymity: location and identity of attacker Unknown routing: delivery path of messages
Security Threat Analysis Local threats Network related threats
Local Threats Local nodes Local communications Local storage Local devices
Network Threats Network gateways Network communications Network control resources Network routers Network resources
Specific Security Threats Interception of data in transit Access to programs or date at remote hosts Modification of programs or data at remote hosts Modification of data in transit Insertion of communications impersonating a user Insertion of a repeat of a previous communication Blocking a selected traffic Running a program on a remote host
Client Side What can the server do to the client? Fool it Install or run unauthorized software, inspect/alter files COPYRIGHT © 2003 MICHAEL I. SHAMOS
Server Side What can the client do to the server? Bring it down (denial of service) Gain access (break-in) COPYRIGHT © 2003 MICHAEL I. SHAMOS
Network Perspective Is anyone listening? (Sniffing) Is the information genuine? Are the parties genuine? COPYRIGHT © 2003 MICHAEL I. SHAMOS
Early 1990’s Internet social engineering attacks Sniffers Packet spoofing Hijacking sessions Automated probes/scans COPYRIGHT © 2003 MICHAEL I. SHAMOS
Middle 1990’s Automated widespread attacks Executable code attacks (against browsers) Widespread denial-of-service attacks Techniques to analyze code for vulnerabilities without the source GUI intruder tools COPYRIGHT © 2003 MICHAEL I. SHAMOS
Late 1990’s Widespread attacks using NNTP to distribute attack “Stealth”/Advanced scanning techniques Widespread attacks on DNS infrastructure Windows-based remote controllable Trojans (back orifice) COPYRIGHT © 2003 MICHAEL I. SHAMOS
Even Later 1990’s propagation of malicious code Increase in wide-scale Trojan horse distribution Distributed attack tools Distributed denial-of-service tools COPYRIGHT © 2003 MICHAEL I. SHAMOS
What is a Firewall? A device placed between two networks or machines All traffic in and out must pass through the firewall Only authorized traffic is allowed to pass The firewall itself is immune to penetration COPYRIGHT © 2003 MICHAEL I. SHAMOS
Denial-of-Service Attacks Attack to disable a machine (server) by making it unable to respond to requests Use up resources Bandwidth, swap space, RAM, hard disk Some attacks yield millions of service requests per second COPYRIGHT © 2003 MICHAEL I. SHAMOS
Rate Limiting Allows network managers to set bandwidth limits for users and by traffic type. Prevents deliberate or accidental flooding of the network SOURCE: CISCO COPYRIGHT © 2003 MICHAEL I. SHAMOS
Code Attacks: Viruses Virus executable code that attaches itself to other executable code (infection) to reproduce itself (spread) replicator + concealer + payload COPYRIGHT © 2003 MICHAEL I. SHAMOS
Code Attacks: Others Rabbit, Worm program that makes many copies of itself and spreads them. Each copy makes copies, etc. Worm spreads via networks. Trojan Horse performs unauthorized activity while pretending to be another program. Example: fake login program COPYRIGHT © 2003 MICHAEL I. SHAMOS
Virus Characteristics Some virus families have common characteristics Presence or absence of particular strings File virus Compare size with known backup copy. Presence of strings, like “.EXE” COPYRIGHT © 2003 MICHAEL I. SHAMOS
Virus Detection Antiviral software Only detects what it know how to detect. Must be upgraded regularly for new viruses. Symantec encyclopedia Retrovirus Attacks or disables antivirus software COPYRIGHT © 2003 MICHAEL I. SHAMOS