Presentation is loading. Please wait.

Presentation is loading. Please wait.

Final Introduction ---- Web Security, DDoS, others

Published byShanon Pearson Modified over 8 years ago

Similar presentations

Presentation on theme: "Final Introduction ---- Web Security, DDoS, others"— Presentation transcript:

1 Final Introduction ---- Web Security, DDoS, others
Cliff C. Zou CAP6133 04/07/08

2 Web-based Security Challenge
Trend: all/most applications move to the WWW platform Database, remote configuration, , data hosting, video/music on demand, e-commerce… Complicated applications require interactive web browsers Browsers support downloadable execute, plug-in. ActiveX, Java script, flash player, … Many users have no idea of the security of downloadable plug-ins.

3 Web-based Attacks Phishing Spyware Worm
Fake website, collect user account info. Usually correlated with Spam, Botnets Spyware Secretly installation in form of plug-in. Come with free software/games. Worm Exploit browser’s vulnerability E.g., Nimda

4 Crawler-based Security Defense
Central idea: Honeypot Use VM with vulnerable browser to connect to suspicious web server Trick malcode to install on VM’s browser Analyze, and then, restart a clean VM for next round Automatic, active crawling Actively find web server and connect Automatically execute simple user interaction For download, install activeX, java script, plug-ins.

5 Distributed Denial of Service (DDoS) Attack
Send large amount of traffic to a server so that the server has no resource to serve normal users Attacking format: Consume target memory/CPU resource SYN flood (backscatter paper presented before) Database query… Congest target Internet connection Many sources attack traffic overwhelm target link Very hard to defend

6 Why hard to defined DDoS attack?
Internet IP protocol has no built-in security No authentication of source IP SYN flood with faked source IP However, IP is true after connection is setup Servers are supposed to accept unsolicited service requests Lack of collaboration ways among Internet community How can you ask an ISP in another country to block certain traffic for you?

7 DDoS Defenses Increase servers capacity
Cluster of machine, Multi-CPUs, larger Internet access Use Internet web caching service E.g., Akamai Defense Methods (many in research stage) SYN cookies ( SOS IP traceback

8 SYN Cookies SYN flood attack Defense Fill up server’s SYN queue
Property: attacker does not respond to SYN/ACK from victim. Defense Fact: normal client responds to SYN/ACK Remove initial SYN queue Server encode info in TCP seq. number Use it to reconstruct the initial SYN

9 DoS spoofed attack defense: IP traceback
Suppose a victim can call ISPs upstream to block certain traffic SYN flood: which traffic to block? IP traceback: Find out the real attacking host for SYN flood Based on large amount of attacking packets Need a little help from routers (packet marking)

10 SOS: Secure Overlay Service
Central Idea: Use many TCP connection respondent machines Only setup connections relay to server Identity of server is secrete

11 Security Patch Issue Fix vulnerability faster by automatic patching  XP Problem: Patches are not reliable Crash, disrupt to running applications Many patches require reboot Not realistic for important servers

12 Shield Central Idea: Non-disruptive, temporary defense before patch
Vulnerability-specific, exploit-generic When known vulnerability, analyze it and develop this shield filter on the vulnerable port E.g., an overflow of strcpy(), filter any input longer than the defined size

Download ppt "Final Introduction ---- Web Security, DDoS, others"

Similar presentations

Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.

Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.
Denial of Service, Firewalls, and Intrusion Detection

Denial of Service, Firewalls, and Intrusion Detection
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
1 Introduction to Honeypot, Denial-of- Service, and Rootkit Cliff C. Zou CAP6135 Spring, 2010.

1 Introduction to Honeypot, Denial-of- Service, and Rootkit Cliff C. Zou CAP6135 Spring, 2010.
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.

Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.

Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
1 Reading Log Files. 2 Segment Format

1 Reading Log Files. 2 Segment Format
Overview of Distributed Denial of Service (DDoS) Wei Zhou.

Overview of Distributed Denial of Service (DDoS) Wei Zhou.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Introduction to Security Computer Networks Computer Networks Term B10.

Introduction to Security Computer Networks Computer Networks Term B10.
Distributed Denial of Service Attacks CMPT 471 1 Distributed Denial of Service Attacks Darius Law.

Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.
Panel: Current Research on Stopping Unwanted Traffic Vern Paxson, Stefan Savage, Helen J. Wang IAB Workshop on Unwanted Traffic March 10, 2006.

Panel: Current Research on Stopping Unwanted Traffic Vern Paxson, Stefan Savage, Helen J. Wang IAB Workshop on Unwanted Traffic March 10, 2006.
Phishing – Read Behind The Lines Veljko Pejović

Phishing – Read Behind The Lines Veljko Pejović
Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.

Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 7: Denial-of-Service Attacks.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 7: Denial-of-Service Attacks.
Defending Against Flooding Based DoS Attacks : A tutorial - Rocky K.C. Chang, The Hong Kong Polytechnic University Presented by – Ashish Samant.

Defending Against Flooding Based DoS Attacks : A tutorial - Rocky K.C. Chang, The Hong Kong Polytechnic University Presented by – Ashish Samant.

Similar presentations

Ads by Google