Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Securing the Net: Where the Holes Are Steven M. Bellovin AT&T Labs – Research

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Securing the Net: Where the Holes Are Steven M. Bellovin AT&T Labs – Research"— Presentation transcript:

1 1 Securing the Net: Where the Holes Are Steven M. Bellovin AT&T Labs – Research http://www.research.att.com/~smb

2 2 The New Bad Guys ● The spammers now pay the hackers – Hacked PCs are being used to spread spam – Many recent worms (i.e.. SoBig.F) carry spam engines – A profit motive for hacking! ● Major corporations and universities have done it. ● Politicians are hacking ● Organized crime? – Online extortion is happening today

3 3 "It is a well-known fact that no other section of the population avail themselves more readily and speedily of the latest triumphs of science than the criminal class." Inspector John Bonfield, Chicago police 1888

4 4 Spyware ● Growing problem ● Spread by various means: – Voluntarily downloaded, because of deceptive license agreements – Embedded in desired software – Exploit various security holes – Sometimes spread by worms (see above...)

5 5 Network Attacks ● Distributed denial of service (DDoS) ● Eavesdropping on WiFi traffic at hotspots ● Attacks to come: – Fake hotspots – Fraud against hotspot providers – Are these happening already?

6 6 Phishing ● Rapidly-growing form of identity and credential theft ● Simple technical solutions won't work; there's a human dimension to the problem: – paypal.com versus paypa1.com – login.paypal.com versus login-paypal.com ● Sites can supply cryptographic credentials; users have to verify them properly

7 7 Firewalls ● Firewalls are less useful – lots more connectivity today ● Who uses a company-supplied laptop? ● How many of those laptops will connect to the company network after the conference? ● The August 2001 IETF meeting was during the Code Red worm outbreak. We spotted a dozen infect machines on the conference LAN.

8 8 Why Do We Have Such Problems? ● It's (mostly) not the protocols – We can encrypt most protocols with little effort – Sometimes, crypto is pointless – cryptography can't stop spam ● Some of it is due to the Internet's fundamental architecture – But giving that up would mean giving up many of the benefits of the Internet, such as decentralization ● But what is the cause?

9 9 Buggy Code and Complex Software ● Most security problems are due to buggy code – This is the oldest unsolved problem in computer science – We can make things better; can we make them good? ● Many of the rest are due to user misconfigurations or user misunderstanding – Can we make computers simple to administer? That may be difficult – the basic concepts can be hard.

10 10 What Can We Do? ● Firewalls and intrusion detection systems are not network security devices; they're the network's response to bad software. ● Design our systems to isolate vulnerable components. ● Design our systems to be robust in case of partial penetration. ● Educate users.

Download ppt "1 Securing the Net: Where the Holes Are Steven M. Bellovin AT&T Labs – Research"

Similar presentations

Chapter 1  Introduction 1 Introduction Chapter 1  Introduction 2 The Cast of Characters  Alice and Bob are the good guys  Trudy is the bad guy 

Chapter 1  Introduction 1 Introduction Chapter 1  Introduction 2 The Cast of Characters  Alice and Bob are the good guys  Trudy is the bad guy 
Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”

Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
The development of Internet A cow was lost in Jan 14th 2003. If you know where it is, please contact with me. My QQ number is 87881405. QQ is one of the.

The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.
IT security Are you protected against hackers?. Why are we in danger?  The Internet is worldwide, publicly accessible  More and more companies and institutes.

IT security Are you protected against hackers?. Why are we in danger?  The Internet is worldwide, publicly accessible  More and more companies and institutes.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Security on the Internet: The Problem, Solutions and Perspectives Alain Patrick AINA Copyright, ECA, June 2006.

Security on the Internet: The Problem, Solutions and Perspectives Alain Patrick AINA Copyright, ECA, June 2006.
CS426Fall 2010/Lecture11 Computer Security CS 426 Lecture 1 Overview of the Course.

CS426Fall 2010/Lecture11 Computer Security CS 426 Lecture 1 Overview of the Course.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Reliability and Security. Security How big a problem is security? Perfect security is unattainable Security in the context of a socio- technical system.

Reliability and Security. Security How big a problem is security? Perfect security is unattainable Security in the context of a socio- technical system.
Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”

Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”
1 Security and Software Engineering Steven M. Bellovin AT&T Labs – Research

1 Security and Software Engineering Steven M. Bellovin AT&T Labs – Research
INFORMATION SECURITY AWARENESS PRESENTED BY KAMRON NELSON AND ROYCE WILKERSON.

INFORMATION SECURITY AWARENESS PRESENTED BY KAMRON NELSON AND ROYCE WILKERSON.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Internet Security In the 21st Century Presented by Daniel Mills.

Internet Security In the 21st Century Presented by Daniel Mills.
1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.

1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Similar presentations

Ads by Google