cse 543 computer security fall 2006
play

CSE 543 - Computer Security (Fall 2006) Lecture 16 - Network - PowerPoint PPT Presentation

Dec 10, 2023 •1.12k likes •1.41k views

CSE 543 - Computer Security (Fall 2006) Lecture 16 - Network Security October 31, 2006 URL: http://www.cse.psu.edu/~tjaeger/cse543-f06 CSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger 1 Midterm Grades 85-100 -- A

  1. CSE 543 - Computer Security (Fall 2006) Lecture 16 - Network Security October 31, 2006 URL: http://www.cse.psu.edu/~tjaeger/cse543-f06 CSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger 1

  2. Midterm • Grades • 85-100 -- A (4) • 76-81 -- B+/A- (8) • 66-73 -- B+/B (14) • 59-63 -- B/B- (4) • 53-56 -- C (2) • 45-50 -- D (5) • Impact • 15% of grade (less than presentations and homeworks) • Much less than project; much less than final • Need over 50% on one test to get B- 2 CSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger

  3. Some Questions • First 14: General basic concepts or lookup in slides or papers • Good: 1, 7, 9 • Indexing of key ideas in papers -- wing it • Questions 17 and 19 • Generally well-done • Long answer • 15: Critical assessment necessary (not tamperproof) • 16: Deep assessment of trust • 17: ‘subject’ =/ ‘user’ -- integrity impact was good • 18: ‘reference monitor guarantees’ from 7 3 CSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger

  4. Question 20 • Given a trusted authority, use public key crypto to send a key to another party • Just what X needs to send • X is sender; Y is receiver; M is authority • Y needs X’s public key: X+, X, {H(X+, X)}M- • X needs to ensure authenticity, secrecy, and integrity of key • {K, X, {H(K, X)}X-}Y+ • How about with a secret group key • Need authenticity, secrecy, and integrity • {K, X}Kg, HMAC(Kg, {K, X}) 4 CSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger

  5. Project Meetings • Meet with groups • Discuss experiment • Try to propose experiment • Th, Fr, M • Will send an email to schedule • Project slides are not due until 11/28 5 CSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger

  6. Network Security … • This is a poorly understood engineering discipline. • The following looks at the application of tools … 6 CSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger

  7. Network security: the high bits • The network is … • … a collection of interconnected computers • … with resources that must be protected • … from unwanted inspection or modification • … while maintaining adequate quality of service. • Another way of seeing network security is • Securing the network infrastructure such that the integrity, confidentiality, and availability of the resources is maintained. • Q: How do we do this? 7 CSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger

  8. The network … (perimeter) (edge) Internet LAN (server) (remote hosts/servers) (hosts/desktops) 8 CSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger

  9. The big picture …. • Internet Protocol (IP) • Really refers to a whole collection of protocols making up the vast majority of the Internet • Routing • How these packets move from place to place • Network management • Administrators have to maintain the services and infrastructure supporting everyone’s daily activities 9 CSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger

  10. Network security – the tools … • Filtering • Firewalls • Communication Security and Services • DNSsec, IPsec, SSH, ... • Isolation • VPNs, VLANs • Detection and mitigation • intrusion detection • DDOS tools 10 CSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger

  11. Filtering: the threats • Adversary 1: some external network entity attempting to gain access to internal resources • Adversary 2: some internal, but malicious entity (or software) trying to expose sensitive data • Adversary 3: some internal or external entity that is preventing access to internal resource (DOS) 11 CSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger

  12. Filtering: Firewalls • Filtering traffic based on policy • Policy determines what is acceptable traffic • Access control over traffic • Accept or deny Application • May perform other duties • Logging (forensics, SLA) Network • Flagging (intrusion detection) • QOS (differentiated services) Link 12 CSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger

  13. Firewall Policy • Specifies what traffic is (not) allowed • Maps attributes to address and ports • Example: HTTP should be allowed to any external host, but inbound only to web-server 13 CSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger

  14. xListing • Blacklisting - specifying specific connectivity that is explicitly disallowed • E.g., prevent connections from badguys.com • Whitelisting - specifying specific connectivity that explicitly allowed • E.g., allow connections from goodguys.com • These is useful for IP filtering, SPAM mitigation, … • Q: What access control policies do these represent? 14 CSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger

  15. Stateful, Proxy, and Transparent • Single packet contains insufficient data to make access control decision • State allows historical context consideration • Firewall collects data over time • e.g., TCP packet is part of established session • Firewalls can affect network traffic • Transparent: appear as a single router (network) • Proxy: receives, interprets, and reinitiates communication (application) • Transparent good for speed (routers), proxies good for complex state (applications) 15 CSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger

  16. DMZ (De-militarized Zone) (servers) LAN LAN Internet 16 CSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger

  17. Practical Issues and Limitations • Network layer firewalls are dominant • DMZs allow multi-tiered fire-walling • Tools are widely available and mature • Personal firewalls gaining popularity • Issues • Network perimeters not quite as clear as before • E.g., telecommuters, VPNs, wireless, … • Every access point must be protected • E.g., this is why war-dialing is effective • Hard to debug, maintain consistency and correctness • Often seen by non-security personnel as impediment • E.g., Just open port X so I can use my wonder widget … • SOAP - why is this protocol an issue? 17 CSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger

  18. Wool’s Firewall Study • What is the purpose of this study? 18 CSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger

  19. Interesting tid-bits from the Wool study • 12 error classes • No default policy, automatic broad tools • NetBIOS (the very use of the Win protocol deemed error) • Portmapper protocols • Use of “any wildcards” • Lack of egress rules • Interesting questions: • Is the violation of Wool’s errors really a problem? • “DNS attack” comment? • Why do you think more expensive firewalls had a higher occurrence of errors? • Take away: configurations are bad 19 CSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger

  20. Worms 20 CSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger

  21. Worms • A worm is a self-propagating program. • As relevant to this discussion 1. Exploits some vulnerability on a target host … 2. (often) imbeds itself into a host … 3. Searches for other vulnerable hosts … 4. Goto (1) • Q: Why do we care? 21 CSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger

  22. The Danger • What makes worms so dangerous is that infection grows at an exponential rate • A simple model: • s (search) is the time it takes to find vulnerable host • i (infect) is the time is take to infect a host • Assume that t=0 is the worm outbreak , the number of hosts at t=j is 2 (j/(s+i)) • For example, if (s+i = 1), what is it at time t=32? 22 CSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger

  23. The result 5,000,000,000 4,500,000,000 4,000,000,000 3,500,000,000 3,000,000,000 2,500,000,000 2,000,000,000 1,500,000,000 1,000,000,000 500,000,000 0 23 CSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger

  24. The Morris Worm • Robert Morris, a 23 doctoral student from Cornell • Wrote a small (99 line) program • November 3rd, 1988 • Simply disabled the Internet • How it did it • Reads /etc/password, they tries the obvious choices and dictionary, /usr/dict words • Used local /etc/hosts.equiv, .rhosts, .forward to identify hosts that are related • Tries cracked passwords at related hosts (if necessary) • Uses whatever services are available to compromise other hosts • Scanned local interfaces for network information • Covered its tracks (set is own process name to sh, prevented accurate cores, re-forked itself) 24 CSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger

  25. Other scanning strategies • The doomsday worm: a flash worm • Create a hit list of all vulnerable hosts • Staniford et al. argue this is feasible • Would contain a 48MB list • Do the infect and split approach • Use a zero-day vulnerability • Result: saturate the Internet is less than 30 seconds ! 25 CSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger

Recommend

CSE 543 - Computer Security (Fall 2006) Lecture 18 - Network Security November 7, 2006 URL:

CSE 543 - Computer Security (Fall 2006) Lecture 18 - Network Security November 7, 2006 URL:

CSE 543 - Computer Security (Fall 2006) Lecture 18 - Network Security November 7, 2006 URL: http://www.cse.psu.edu/~tjaeger/cse543-f06/ CSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger 1 Denial of Service Intentional

406 views • 18 slides
CSE 543 - Computer Security (Fall 2006) Lecture 25 - Cellular Network Security Guest Lecturer:

CSE 543 - Computer Security (Fall 2006) Lecture 25 - Cellular Network Security Guest Lecturer:

CSE 543 - Computer Security (Fall 2006) Lecture 25 - Cellular Network Security Guest Lecturer: William Enck November 30, 2006 URL: http://www.cse.psu.edu/~tjaeger/cse543-f06 CSE 543 Computer (and Network) Security - Fall 2006 - Professor

677 views • 21 slides
Introduction Attacks Security Goals Fall 2010 CS 334 Computer Security 1 What is Computer

Introduction Attacks Security Goals Fall 2010 CS 334 Computer Security 1 What is Computer

Introduction Attacks Security Goals Fall 2010 CS 334 Computer Security 1 What is Computer Security? Generally concerned with protection of computer related assets Risk analysis and management! Manage could mean prevention of

537 views • 26 slides
1 Electronic Pearl Harbor Is this just scare-mongering? Slammer worm took down Bank of

1 Electronic Pearl Harbor Is this just scare-mongering? Slammer worm took down Bank of

Website: http://www.richmond.edu/~dszajda/classes/cs334/ Fall_2008/main.html Fall 2008 Fall 2008 CS 334 Computer Security 1 Fall 2008 CS 334 Computer Security 2 Text: Security in Computing by Charles P. Thanks to Anthony Joseph, Doug and

278 views • 6 slides
Chapter 9: Computer Memory Dr. Ming Yu Dept. of ECE FAMU-FSU College of Engineering Fall 2006

Chapter 9: Computer Memory Dr. Ming Yu Dept. of ECE FAMU-FSU College of Engineering Fall 2006

11/16/2006 EEL 4746: Microprocessor-based System Design Chapter 9: Computer Memory Dr. Ming Yu Dept. of ECE FAMU-FSU College of Engineering Fall 2006 11/16/2006 1 Table of Contents 1. Introduction 2. Computer Types and Memory Maps 3.

851 views • 26 slides
Law and Security CS461/ECE422 Computer Security I Fall 2010 Slide #6-1 Overview Law and

Law and Security CS461/ECE422 Computer Security I Fall 2010 Slide #6-1 Overview Law and

Law and Security CS461/ECE422 Computer Security I Fall 2010 Slide #6-1 Overview Law and privacy Cybercrime Laws Affecting Computer Use Slide #6-2 Reading Material Secrets of Computer Espionage: Tactics and Countermeasures

690 views • 33 slides
Related Work CSE545 - Fall 2006 Introduction Computer and Network Security Professor McDaniel

Related Work CSE545 - Fall 2006 Introduction Computer and Network Security Professor McDaniel

76 views • 6 slides
Network Security Architecture CS461/ECE422 Computer Security I Fall 2008 Reading Material

Network Security Architecture CS461/ECE422 Computer Security I Fall 2008 Reading Material

Network Security Architecture CS461/ECE422 Computer Security I Fall 2008 Reading Material Computer Security chapter 26. Firewalls and Internet Security: Repelling the Wily Hacker, Cheswick, Bellovin, and Rubin. New second

1.24k views • 50 slides
Computer Networks fall 2006 1. Introduction, Internet, reference models Hlzatok, 2006

Computer Networks fall 2006 1. Introduction, Internet, reference models Hlzatok, 2006

Computer Networks fall 2006 1. Introduction, Internet, reference models Hlzatok, 2006 Lukovszki Tams 1 Organisation Web page http://people.inf.elte.hu/lukovszki/Courses/NWI/ Lecture Wendesday, 2-4 pm, place: Mogyordi

732 views • 36 slides
Cryptography Well, a gentle intro to cryptography Fall 2014 CS 334: Computer Security 1

Cryptography Well, a gentle intro to cryptography Fall 2014 CS 334: Computer Security 1

Cryptography Well, a gentle intro to cryptography Fall 2014 CS 334: Computer Security 1 Special Thanks: to our friends at the Australian Defense Force Academy for providing the basis for these slides Fall 2014 CS 334: Computer Security 2

730 views • 47 slides
Cryptography Well, a gentle intro to cryptography Fall 2010 CS 334: Computer Security 1

Cryptography Well, a gentle intro to cryptography Fall 2010 CS 334: Computer Security 1

Cryptography Well, a gentle intro to cryptography Fall 2010 CS 334: Computer Security 1 Special Thanks: to our friends at the Australian Defense Force Academy for providing the basis for these slides Fall 2010 CS 334: Computer Security 2

626 views • 43 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J CSCI 6268/TLEN 5831, Fall 2004 Introduction UC Davis PhD in 2000 Cryptography Interested in broader security as well

492 views • 12 slides
Computer Science 161: Computer Security Computer Science 161 Fall 2016 Popa and Weaver

Computer Science 161: Computer Security Computer Science 161 Fall 2016 Popa and Weaver

Computer Science 161: Computer Security Computer Science 161 Fall 2016 Popa and Weaver Prof. Raluca Ada Popa Nicholas Weaver http://inst.eecs.berkeley.edu/~cs161/ 1 And a team of talented TAs Computer Science 161 Fall 2016 Popa and

866 views • 42 slides
Session 1 Introduction to Computer Security Sbastien Combfis Fall 2019 This work is

Session 1 Introduction to Computer Security Sbastien Combfis Fall 2019 This work is

I5020 Computer Security Session 1 Introduction to Computer Security Sbastien Combfis Fall 2019 This work is licensed under a Creative Commons Attribution NonCommercial NoDerivatives 4.0 International License. Objectives Computer

864 views • 61 slides
To Publish or Not to Publish? CSE545 - Fall 2006 Introduction Computer and Network Security

To Publish or Not to Publish? CSE545 - Fall 2006 Introduction Computer and Network Security

447 views • 12 slides
Definitions and Terminology Fall 2014 CS 334 Computer Security 1 Security Goals

Definitions and Terminology Fall 2014 CS 334 Computer Security 1 Security Goals

Definitions and Terminology Fall 2014 CS 334 Computer Security 1 Security Goals Confidentiality : concealment of information or resources. Availability : preserve ability to use information or resource desired. An unavailable

318 views • 19 slides
Computer and Information Security Fall 2019 Endpoint security Tyler Bletsch Duke University

Computer and Information Security Fall 2019 Endpoint security Tyler Bletsch Duke University

ECE590 Computer and Information Security Fall 2019 Endpoint security Tyler Bletsch Duke University Overview How do you configure endpoints for better security? 1. Updates 2. Correct settings 3. Reduce attack surface 4. Limit privilege 5.

477 views • 19 slides
CS 5410 - Computer and Network Security: Cellular Network Security Professor Kevin Butler Fall

CS 5410 - Computer and Network Security: Cellular Network Security Professor Kevin Butler Fall

CS 5410 - Computer and Network Security: Cellular Network Security Professor Kevin Butler Fall 2015 Southeastern Security for Enterprise and Infrastructure (SENSEI) Center Reminders Poster showcase next Monday For final project: turn

533 views • 34 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J Lecture #2 Aug 25 th 2005 CSCI 6268/TLEN 5831, Fall 2005 Economist Survey Please read it Main points Security is a MUCH

600 views • 27 slides
Physical Information Security Fall 2009 CS461/ECE422 Computer Security I Reading Material

Physical Information Security Fall 2009 CS461/ECE422 Computer Security I Reading Material

Physical Information Security Fall 2009 CS461/ECE422 Computer Security I Reading Material Secrets of Computer Espionage Chapter 5 Soft TEMPEST paper http://www.cl.cam.ac.uk/~mgk25/ih98-tempest.pdf Outline Forensics/Spying

771 views • 47 slides
Physical Information Security Fall 2010 CS461/ECE422 Computer Security I Reading Material

Physical Information Security Fall 2010 CS461/ECE422 Computer Security I Reading Material

Physical Information Security Fall 2010 CS461/ECE422 Computer Security I Reading Material Secrets of Computer Espionage Chapter 5 Soft TEMPEST paper http://www.cl.cam.ac.uk/~mgk25/ih98-tempest.pdf Outline Forensics/Spying

595 views • 46 slides
Computer and Information Security Fall 2019 Computer Security Overview Tyler Bletsch Duke

Computer and Information Security Fall 2019 Computer Security Overview Tyler Bletsch Duke

ECE590 Computer and Information Security Fall 2019 Computer Security Overview Tyler Bletsch Duke University Is this circle secure? PROBLEM: The question is under-defined. What does it mean to for a circle to be secure? LESSON:

400 views • 29 slides
ECE590 Computer and Information Security Fall 2018 Computer Security Overview Tyler Bletsch

ECE590 Computer and Information Security Fall 2018 Computer Security Overview Tyler Bletsch

ECE590 Computer and Information Security Fall 2018 Computer Security Overview Tyler Bletsch Duke University Is this circle secure? PROBLEM: The question is under-defined. What does it mean to for a circle to be secure? LESSON:

763 views • 29 slides
ECE560 Computer and Information Security Fall 2020 Computer Security Overview Tyler Bletsch

ECE560 Computer and Information Security Fall 2020 Computer Security Overview Tyler Bletsch

ECE560 Computer and Information Security Fall 2020 Computer Security Overview Tyler Bletsch Duke University Is this circle secure? PROBLEM: The question is under-defined. What does it mean to for a circle to be secure? LESSON:

573 views • 29 slides

More recommend