Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Programming and Network Security Lane Thames Graduate Research Assistant.

Published byCora Mosley Modified over 8 years ago

Similar presentations

Presentation on theme: "Network Programming and Network Security Lane Thames Graduate Research Assistant."— Presentation transcript:

1 Network Programming and Network Security Lane Thames Graduate Research Assistant

2 Outline for Today Discuss Network security and how it relates to network programming After the presentation, we will go to DNAL to tour our data center. Then we are going to hack some computers :>)

3 Network Programming What is the Goal? Sending data to and from hosts via TCP/IP over a network. Client—ServerSource—Sink A C B

4 Information Security NETWORK SECURITY  Firewall  IDS  IPSEC (VPN)  Encryption….  Data flowing thru the network COMPUTER SECURITY  Firewall  Virus Protection  Encryption…  Data on a machine

5 Definitions Virus? Passive malware that is embedded within a program. Will not execute on its on. You have to run the “host” program. After being activated, it attempts to spread to other programs and hosts (usually via email)

6 Definitions Worm? Acitve malware that can spread on its own using a network. Takes advantage of some exploit (usually an anomaly known as buffer overflow)

7 The Infamous Buffer So, how does a worm take advantage of an exploit? send(sockfd,&buffer,sizeof(buffer),0);recv(sockfd,&buffer,sizeof(buffer),0); What if the receiving buffer keeps getting data added beyond its boundary? OVERFLOW—overwrite data beyond the boundary and causes problems.

8 Common Types of Computer Attacks Buffer Overflow Attacks—used for local and remote root exploits The ultimate goal is to redirect program control flow which causes the computer to execute carefully injected malicious code (example to follow) The ultimate goal is to redirect program control flow which causes the computer to execute carefully injected malicious code (example to follow) Code can be crafted to elevate the privileges of a user by obtaining super user (root) privileges (demo in the lab afterwards) Code can be crafted to elevate the privileges of a user by obtaining super user (root) privileges (demo in the lab afterwards) Note: These exploits can create a “propagation medium” for worms Note: These exploits can create a “propagation medium” for worms

9 Common Types of Attacks Denial of Service (DoS) Exhaust a computer’s resources: e.g. TCP SYN flooding attack. (3-way handshake exploit) Exhaust a computer’s resources: e.g. TCP SYN flooding attack. (3-way handshake exploit) Consume a computer’s available networking bandwidth: e.g. ICMP Smurf Attack (IP spoofing and ICMP) Consume a computer’s available networking bandwidth: e.g. ICMP Smurf Attack (IP spoofing and ICMP)

10 TCP SYN Flooding Attack—what happens?

11 ICMP Smurf Attack Victim Subnet Slaves Master Spoof IP with the IP of the Victim

12 Why will this program crash?

13 Buffer Overflow-Stack Image Overflow buf with *str so that the Return Address (RA) is overwritten If carefully designed, the RA is overwritten with the address of the injected code (contained in the *str input—shell code) buf SFP Return Address * str = buffer Rest of Stack

14 Buffer Overflow After running the program on XP we get the famous Microsoft alert In Linux you get “Segmentation Fault”

15 Buffer Overflow—Exception Info

16 Buffer Overflow—Stack Trace

17 So, How does the worm work (in a nutshell)? Programmer finds a flaw in a program, i.e. a server using a buffer where length is not checked. Calculate approximate return address for the given machine. Create a buffer that holds copies of the desired address, followed by a NOP (No Operation code) sled, and then followed by the code to be executed, and create the code needed to send the buffer to server’s running the flawed program. The code injected into the buffer is a replica of the original program.

18 Generic Example buf Return Address buffer data 0xbfffff00 NOP sled 0xbfffff00 Replication code

19 What are we doing in Network Security? Created a Honynet—a network of computers waiting to be hacked. Network Monitoring—monitor the Honeynet with packet sniffers, traffic monitors, and host-based monitoring software Artificial Intelligence Classifier—make intelligent security decisions based on the data collected by the monitors

20 The Network Setup

21 AI Classifier—Hybrid System Architecture AI Classifier—Hybrid System Architecture Init. Train. Data SOM Training Modified Data Struct. Developer Struct. FileProcessed Data Bayesian Trainer Bayesian/SOM Classifier Monitored Data IDS Classification File

22 Related Grad Classes ECE 6607—Computer Communication Networks (Dr. Abler) ECE 6612—Network Security (Dr. John Copeland) (Real time hacking competition) ECE 8833—Intelligent Systems (Dr. Ashraf Saad)

23 Questions? Want to go hack a computer and see some of this stuff in action?

Download ppt "Network Programming and Network Security Lane Thames Graduate Research Assistant."

Similar presentations

Module X Session Hijacking

Module X Session Hijacking
NETWORK SECURITY ADD ON NOTES MMD © Oct2012. IMPLEMENTATION Enable Passwords On Cisco Routers Via Enable Password And Enable Secret Access Control Lists.

NETWORK SECURITY ADD ON NOTES MMD © Oct2012. IMPLEMENTATION Enable Passwords On Cisco Routers Via Enable Password And Enable Secret Access Control Lists.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Communications of the ACM (CACM), Vol. 32, No. 6, June 1989

Communications of the ACM (CACM), Vol. 32, No. 6, June 1989
Lesson 3-Hacker Techniques

Lesson 3-Hacker Techniques
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.

Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
Data Communications and Computer Networks Chapter 1 CS 3830 Lecture 5 Omar Meqdadi Department of Computer Science and Software Engineering University of.

Data Communications and Computer Networks Chapter 1 CS 3830 Lecture 5 Omar Meqdadi Department of Computer Science and Software Engineering University of.
1 Reading Log Files. 2 Segment Format

1 Reading Log Files. 2 Segment Format
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.

Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Introduction to Security Computer Networks Computer Networks Term B10.

Introduction to Security Computer Networks Computer Networks Term B10.
1 Network Security Derived from original slides by Henric Johnson Blekinge Institute of Technology, Sweden From the book by William Stallings.

1 Network Security Derived from original slides by Henric Johnson Blekinge Institute of Technology, Sweden From the book by William Stallings.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.

Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Similar presentations

Ads by Google