Network Programming and Network Security Lane Thames Graduate Research Assistant.

Slides:



Advertisements
Similar presentations
Module X Session Hijacking
Advertisements

NETWORK SECURITY ADD ON NOTES MMD © Oct2012. IMPLEMENTATION Enable Passwords On Cisco Routers Via Enable Password And Enable Secret Access Control Lists.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Communications of the ACM (CACM), Vol. 32, No. 6, June 1989
Lesson 3-Hacker Techniques
Computer Security and Penetration Testing
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
Data Communications and Computer Networks Chapter 1 CS 3830 Lecture 5 Omar Meqdadi Department of Computer Science and Software Engineering University of.
1 Reading Log Files. 2 Segment Format
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Firewalls and Intrusion Detection Systems
Introduction to Security Computer Networks Computer Networks Term B10.
1 Network Security Derived from original slides by Henric Johnson Blekinge Institute of Technology, Sweden From the book by William Stallings.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Web server security Dr Jim Briggs WEBP security1.
Attacks and Malicious Code Chapter 3. Learning Objectives Explain denial-of-service (DoS) attacks Explain and discuss ping-of-death attacks Identify major.
Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.
Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.
Attacks and Malicious Code Chapter 3. Learning Objectives Explain denial-of-service (DoS) attacks Explain and discuss ping-of-death attacks Identify major.
1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.
Week 8-1 Week 8: Denial of Service (DoS) What is Denial of Service Attack? –Any attack that causes a system to be unavailability. This is a violation of.
Using Bayesian Networks for Detecting Network Anomalies Lane Thames ECE 8833 Intelligent Systems.
Network and Internet Security SYSTEM SECURITY. Virus Countermeasures Antivirus approach ◦Ideal solution: Prevention ◦Not allowing the virus to infect.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
Survey “Intrusion Detection: Systems and Models” “A Stateful Intrusion Detection System for World-Wide Web Servers”
ECE4112 Lab 7: Honeypots and Network Monitoring and Forensics Group 13 + Group 14 Allen Brewer Jiayue (Simon) Chen Daniel Chu Chinmay Patel.
This courseware is copyrighted © 2015 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
Intrusion Detection and Prevention. Objectives ● Purpose of IDS's ● Function of IDS's in a secure network design ● Install and use an IDS ● Customize.
Targeted Break-in, DoS, & Malware attacks (II) (February ) © Abdou Illia – Spring 2015.
Network Security Lecture 5 Presented by: Dr. Munam Ali Shah.
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Security News Source Courtesy:
Attacks On systems And Networks To understand how we can protect our system and network we need to know about what kind of attacks a hacker/cracker would.
11 CONFIGURING TCP/IP ADDRESSING AND SECURITY Chapter 11.
CS 3830 Day 5 Introduction 1-1. Announcements  Program 1 due today at 3pm  Program 2 posted by tonight (due next Friday at 3pm)  Quiz 1 at the end.
Computer Defining denial of service, worm, virus and hoax. Examples of negligence or incompetence that leads to crime. CI R M E By: Megan Price.
Lecture 20 Hacking. Over the Internet Over LAN Locally Offline Theft Deception Modes of Hacker Attack.
Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.
DoS Suite and Raw Socket Programming Group 16 Thomas Losier Paul Obame Group 16 Thomas Losier Paul Obame.
Denial of Service Attacks
McLean HIGHER COMPUTER NETWORKING Lesson 13 Denial of Service Attacks Description of the denial of service attack: effect: disruption or denial of.
Quality of Information System (IS) reflecting local correctness and reliability of the operating system; the logical completeness of the hardware and software.
4061 Session 26 (4/19). Today Network security Sockets: building a server.
Hybrid Intelligent Systems for Detecting Network Anomalies Lane Thames ECE 8833 Intelligent Systems.
Malicious Software.
Ingredients of Security
Polytechnic University Introduction1 CS 393/682: Network Security Professor Keith W. Ross.
DoS/DDoS attack and defense
SEMINAR ON IP SPOOFING. IP spoofing is the creation of IP packets using forged (spoofed) source IP address. In the April 1989, AT & T Bell a lab was among.
INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.
Group 9. Exploiting Software The exploitation of software is one of the main ways that a users computer can be broken into. It involves exploiting the.
Joe Budzyn Jeff Goeke-Smith Jeff Utter. Risk Analysis  Match the technologies used with the security need  Spend time and resources covering the most.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Denail of Service(Dos) Attacks & Distributed Denial of Service(DDos) Attacks Chun-Chung Chen.
@Yuan Xue Worm Attack Yuan Xue Fall 2012.
Comparison of Network Attacks COSC 356 Kyler Rhoades.
Security on the Internet Norman White ©2001. Security What is it? Confidentiality – Can my information be stolen? Integrity – Can it be changed? Availability.
Attacks and Malicious Code
NET 311 Information Security
Lecture 3: Secure Network Architecture
Understanding and Preventing Buffer Overflow Attacks in Unix
Session 20 INST 346 Technologies, Infrastructure and Architecture
Presentation transcript:

Network Programming and Network Security Lane Thames Graduate Research Assistant

Outline for Today Discuss Network security and how it relates to network programming After the presentation, we will go to DNAL to tour our data center. Then we are going to hack some computers :>)

Network Programming What is the Goal? Sending data to and from hosts via TCP/IP over a network. Client—ServerSource—Sink A C B

Information Security NETWORK SECURITY  Firewall  IDS  IPSEC (VPN)  Encryption….  Data flowing thru the network COMPUTER SECURITY  Firewall  Virus Protection  Encryption…  Data on a machine

Definitions Virus? Passive malware that is embedded within a program. Will not execute on its on. You have to run the “host” program. After being activated, it attempts to spread to other programs and hosts (usually via )

Definitions Worm? Acitve malware that can spread on its own using a network. Takes advantage of some exploit (usually an anomaly known as buffer overflow)

The Infamous Buffer So, how does a worm take advantage of an exploit? send(sockfd,&buffer,sizeof(buffer),0);recv(sockfd,&buffer,sizeof(buffer),0); What if the receiving buffer keeps getting data added beyond its boundary? OVERFLOW—overwrite data beyond the boundary and causes problems.

Common Types of Computer Attacks Buffer Overflow Attacks—used for local and remote root exploits The ultimate goal is to redirect program control flow which causes the computer to execute carefully injected malicious code (example to follow) The ultimate goal is to redirect program control flow which causes the computer to execute carefully injected malicious code (example to follow) Code can be crafted to elevate the privileges of a user by obtaining super user (root) privileges (demo in the lab afterwards) Code can be crafted to elevate the privileges of a user by obtaining super user (root) privileges (demo in the lab afterwards) Note: These exploits can create a “propagation medium” for worms Note: These exploits can create a “propagation medium” for worms

Common Types of Attacks Denial of Service (DoS) Exhaust a computer’s resources: e.g. TCP SYN flooding attack. (3-way handshake exploit) Exhaust a computer’s resources: e.g. TCP SYN flooding attack. (3-way handshake exploit) Consume a computer’s available networking bandwidth: e.g. ICMP Smurf Attack (IP spoofing and ICMP) Consume a computer’s available networking bandwidth: e.g. ICMP Smurf Attack (IP spoofing and ICMP)

TCP SYN Flooding Attack—what happens?

ICMP Smurf Attack Victim Subnet Slaves Master Spoof IP with the IP of the Victim

Why will this program crash?

Buffer Overflow-Stack Image Overflow buf with *str so that the Return Address (RA) is overwritten If carefully designed, the RA is overwritten with the address of the injected code (contained in the *str input—shell code) buf SFP Return Address * str = buffer Rest of Stack

Buffer Overflow After running the program on XP we get the famous Microsoft alert In Linux you get “Segmentation Fault”

Buffer Overflow—Exception Info

Buffer Overflow—Stack Trace

So, How does the worm work (in a nutshell)? Programmer finds a flaw in a program, i.e. a server using a buffer where length is not checked. Calculate approximate return address for the given machine. Create a buffer that holds copies of the desired address, followed by a NOP (No Operation code) sled, and then followed by the code to be executed, and create the code needed to send the buffer to server’s running the flawed program. The code injected into the buffer is a replica of the original program.

Generic Example buf Return Address buffer data 0xbfffff00 NOP sled 0xbfffff00 Replication code

What are we doing in Network Security? Created a Honynet—a network of computers waiting to be hacked. Network Monitoring—monitor the Honeynet with packet sniffers, traffic monitors, and host-based monitoring software Artificial Intelligence Classifier—make intelligent security decisions based on the data collected by the monitors

The Network Setup

AI Classifier—Hybrid System Architecture AI Classifier—Hybrid System Architecture Init. Train. Data SOM Training Modified Data Struct. Developer Struct. FileProcessed Data Bayesian Trainer Bayesian/SOM Classifier Monitored Data IDS Classification File

Related Grad Classes ECE 6607—Computer Communication Networks (Dr. Abler) ECE 6612—Network Security (Dr. John Copeland) (Real time hacking competition) ECE 8833—Intelligent Systems (Dr. Ashraf Saad)

Questions? Want to go hack a computer and see some of this stuff in action?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.