Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Host versus Network Security Steven M. Bellovin

Published byEmmeline Carr Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Host versus Network Security Steven M. Bellovin"— Presentation transcript:

1 1 Host versus Network Security Steven M. Bellovin smb@research.att.com http://www.research.att.com/~smb

2 2 What’s a Network Problem? “Hackers Break Into Microsoft’s Network” (Wall Street Journal, 10/27/00) “In the Wake of Web-Site Hacking, No Easy Answers, or Solutions” (New York Times, 2/9/00)

3 3 Microsoft Break-in A host problem, not a network problem. The network was the vehicle for the attack. “Highway robbery” doesn’t mean that someone stole the pavement...

4 4 Denial of Service Attacks These attacked the network, not Web sites. A real network problem. Can’t be solved by end-systems, firewalls, etc.

5 5 Model of the Internet Smart hosts, dumb network. Network’s concern is packet transport. Host’s concern is packet processing.

6 6 Network Security Issues Availability –Protocol infrastructure (i.e., DNS) –Routing –Link-flooding Theft of Service –Primarily for switched services and shared media

7 7 Availability “How many backhoes are needed?” “How many backbones are needed?”

8 8 Host Security Issues Break-ins Data confidentiality Transmission confidentiality Remote user authentication Buggy software

9 9 Who Does What? ISPs –Provide sufficient redundancy to protect links –Harden infrastructure protocols –Protect their own resources End users –Encryption –Suitable authentication –Firewalls

10 10 Why ISPs Can’t Protect Users They don’t know what users want to do Your “odd behavior” is my new, cutting- edge application Your “allowed service” is my vulnerability But what of ordinary consumers?

Download ppt "1 Host versus Network Security Steven M. Bellovin"

Similar presentations

Securing Network – Wireless – and Connected Infrastructures

Securing Network – Wireless – and Connected Infrastructures
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.

 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.
Mobile IP Security Dominic Maguire Research Essay Presentation Communications Infrastructure Module MSc Communications Software, WIT 1 1 1 0 11 0.

Mobile IP Security Dominic Maguire Research Essay Presentation Communications Infrastructure Module MSc Communications Software, WIT
1 Securing the Net: Where the Holes Are Steven M. Bellovin AT&T Labs – Research

1 Securing the Net: Where the Holes Are Steven M. Bellovin AT&T Labs – Research
Nasca 2007 200 400 600 800 1000 Internet Ch. 5Internet Ch. 8 Networking and Security Ch. 6 Networking and Security Ch. 8.

Nasca Internet Ch. 5Internet Ch. 8 Networking and Security Ch. 6 Networking and Security Ch. 8.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Spring 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Spring 2006.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
Copyright Microsoft Corp. 2006 Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.

Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.
Virtual Private Network prepared by Rachna Agrawal Lixia Hou.

Virtual Private Network prepared by Rachna Agrawal Lixia Hou.
Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.

Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.
Network Address Translation (NAT) CS-480b Dick Steflik.

Network Address Translation (NAT) CS-480b Dick Steflik.
CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.

CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.
AIS, 20141 Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.

Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.

1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
NETWORKING COMPONENTS AN OVERVIEW OF COMMONLY USED HARDWARE Christopher Johnson LTEC 4550.

NETWORKING COMPONENTS AN OVERVIEW OF COMMONLY USED HARDWARE Christopher Johnson LTEC 4550.
System Security Basics. Information System Security The protection of information systems against unauthorized access to or modification of information,

System Security Basics. Information System Security The protection of information systems against unauthorized access to or modification of information,

Similar presentations

Ads by Google