1. March 2005 1R. Smith - University of St Thomas - Minnesota QMCS 490 - Class Today Attack ExerciseAttack Exercise Attacking serversAttacking servers Firewalls and ServersFirewalls and Servers WiresharkWireshark

2. March 2005 2R. Smith - University of St Thomas - Minnesota Attack Exercise Break into 4 groupsBreak into 4 groups –3 groups take the 3 “diagrams” from the homework –4 th group take the last diagram Replace the ‘wired’ LAN to the client with an unprotected wireless connectionReplace the ‘wired’ LAN to the client with an unprotected wireless connection Each group study the diagramsEach group study the diagrams –Look at the 6 types of “logical” attacks Attacks that don’t require physical interaction or damageAttacks that don’t require physical interaction or damage –Draw your diagrams on the board –Identify any locations where ‘soft’ attacks would work

3. March 2005 3R. Smith - University of St Thomas - Minnesota “Soft” attack types Disclosure – data that should be kept confidential is disclosed.Disclosure – data that should be kept confidential is disclosed. Denial of Service – the system is put in a state where it can not provide services it should.Denial of Service – the system is put in a state where it can not provide services it should. Tampering – data is modified to cause the system to do something unexpected or improper.Tampering – data is modified to cause the system to do something unexpected or improper. Forgery – someone composes a bogus message and sends it to a computer. For example, a bogus order could send merchandise to the wrong recipient.Forgery – someone composes a bogus message and sends it to a computer. For example, a bogus order could send merchandise to the wrong recipient. Masquerade – a person takes on the identity of another when using a computer.Masquerade – a person takes on the identity of another when using a computer.

4. March 2005 4R. Smith - University of St Thomas - Minnesota Summary Where are the weak points?Where are the weak points? Where do we add physical security?Where do we add physical security? What administrative measures do we need?What administrative measures do we need? Roles in an organizationRoles in an organization –Insider vs outsider (both broadly and specifically) –User vs administrator (may be insider or outsider)

5. March 2005 5R. Smith - University of St Thomas - Minnesota Attacking Servers Modern attacks target users (clients)Modern attacks target users (clients) –Poorly protected –Lots available –Profitable Classic attacks targeted serversClassic attacks targeted servers –Lots of resources –Also – often poorly protected Why firewalls?Why firewalls?

6. March 2005 6R. Smith - University of St Thomas - Minnesota Server Defense Entry point “architecture”Entry point “architecture” –DMZ – the first “virtual LAN” concept –Defensive arrangements Inbound vs outbound protectionInbound vs outbound protection

7. March 2005 7R. Smith - University of St Thomas - Minnesota To the Lab with WireShark again What WireShark reportsWhat WireShark reports –“highest level” of a packet’s identity –If it’s application data, it says so –If it’s a fragment or a lower protocol, it says so Accounting for the types of packetsAccounting for the types of packets

8. March 2005 8R. Smith - University of St Thomas - Minnesota That’s it Questions?Questions? Creative Commons License This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/3.0/us/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, California, 94105, USA.