intro history hacking
play

Intro, history, hacking Network Security Lecture 1 Welcome to - PowerPoint PPT Presentation

Oct 20, 2023 •218 likes •564 views

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able to Skills identify design and Ability to analyze the implementation security of networked vulnerabilities in network systems protocols

  1. Intro, history, hacking Network Security Lecture 1

  2. Welcome to Network Security Should be able to Skills • identify design and • Ability to analyze the implementation security of networked vulnerabilities in network systems protocols and applications • Ability to perform security • exploit such vulnerabilities assessments of a system in practice • Ability to fix vulnerabilities • detect and protect from attacks Eike Ritter Network Security - Lecture 1 1

  3. Module Outline • TCP/IP security • Web security • Browser security • Malicious web • Intrusion detection systems Eike Ritter Network Security - Lecture 1 2

  4. Organization Lectures • – 2/week • Office hours – Tuesdays 4-5pm, and by appointment Homework • – 2 assignments (mix of programming, network analysis, attacks) – Reading assignments, roughly once a week • Examination – 1.5 hours – Covers everything we discuss in class • Grading – 80% examination – 20% homework Check • http://www.cs.bham.ac.uk/~exr/teaching/lectures/networkSecurity/11_1 2 regularly for updates and news Eike Ritter Network Security - Lecture 1 3

  5. What is expected from you • Participate in lectures – Handouts are available (print and online), but they don’t cover everything – Be active: Something is not clear? Ask questions! • Absolutely no plagiarism – Be familiar with School’s plagiarism policy – It’s OK to discuss with others, but everything you submit must be yours • Any problem, doubt, special need; come talk to me Eike Ritter Network Security - Introduction 4

  6. A brief history NETWORK SECURITY Eike Ritter Network Security - Lecture 1 5

  7. ‘60 Advanced Research Projects • Agency (ARPA) funds development of ARPANET • First four nodes in 1969 – UCLA (Vint Cerf, Steve Crocker, Jon Postel, Leonard Kleinrock) – SRI (Doug Engelbart) – UCSB (Glen Culler, Burton Fried) – University of Utah • Uses the Network Control Protocol (NCP) through Information Message Processors (IMP) http://www.computerhistory.org/internet_history/full_size_images/1969 _4-node_map.gif Eike Ritter Network Security - Lecture 1 6

  8. ‘70 • UNIX, C, Email, Telnet, FTP, TCP, Ethernet, USENET • More hosts join the ARPANET http://www.computerhistory.org/internet_history/full_size_images/1975 _net_map.gif Eike Ritter Network Security - Lecture 1 7

  9. ‘80 • Berkeley UNIX includes the TCP/IP suite (sockets) • ARPANET standardizes on TCP/IP (1983) • MILNET detaches from public network (ARPANET) • DNS http://www.computerhistory.org/internet_history/full_size_images/1988 _nsfnet_map.gif Eike Ritter Network Security - Lecture 1 8

  10. … up to now • Even more hosts attach to the Internet • 1991: the Web is born (Tim Berners-Lee at CERN) • The dot-com boom and bust http://opte.org/maps/ Eike Ritter Network Security - Lecture 1 9

  11. Vulnerabilities Source: http://web.nvd.nist.gov/view/vuln/statistics Eike Ritter Network Security - Lecture 1 10

  12. Incidents • Stats from cert.org/stats/ • “Incident reports received - Given the widespread use of automated attack tools, attacks […] have become so commonplace […] provide little information with regard to assessing the scope and impact of attacks. Therefore, we stopped providing this statistic at the end of 2003.” • So, we just gave up… Eike Ritter Network Security - Lecture 1 11

  13. Terminology • Vulnerability – A flaw or weakness in a system's implementation that could be exploited to violate the system's security policy • Exploits – An attack that leverages a vulnerability to violate a system’s security policy Eike Ritter Network Security - Lecture 1 12

  14. HACKING, HACKERS Eike Ritter Network Security - Lecture 1 13

  15. What is a hacker? • The term “hacker” was introduced at MIT in the 60s to describe “computer wizards” – “someone who lives and breathes computers, who knows all about computers, who can get a computer to do anything. Equally important, though, is the hacker's attitude. Computer programming must be a hobby, something done for fun, not out of a sense of duty or for the money.” (Brian Harvey, UC Berkeley, http://www.cs.berkeley.edu/~bh/hacker.html) • It has been eventually used to denote “malicious hackers” or “crackers”, that is, people that perform intrusions and misuse computer systems • More jargon: http://www.eps.mcgill.ca/jargon/jargon.html Eike Ritter Network Security - Lecture 1 14

  16. Phreaking • In 1971, John Draper learns that a toy whistle found in Cap’n Crunch cereal box emits sounds at 2600 Hz frequency • The 2600 frequency was used by AT&T to indicate that a trunk line was ready and available to route new call • Free long-distance calls (blue box)… • John Draper arrested in 1972 for toll fraud Eike Ritter Network Security - Lecture 1 15

  17. Early problems • Bob Metcalfe, “The Stockings Were Hung by the Chimney with Care”, RFC 602, December 1973 • “The ARPA Computer Network is susceptible to security violations for at least the three following reasons” – Sites used to physical limitations of access are not protected against unauthorized access (e.g., passwords which are easy to guess) – “The TIP allows access to the ARPANET to a much wider audience than is thought or intended.” – “There is a lingering affection for the challenge of breaking someone's system” Eike Ritter Network Security - Lecture 1 16

  18. The cuckoo’s egg • Cliff Stoll was a system administrator at LBL in 1986 • While investigating an accounting discrepancy, he discovers an account created without billing address • Further investigation reveals the presence of an intruder • Cliff Stoll decides to monitor the actions of the intruder instead of simply cutting him/her off (honeypot of sorts) Eike Ritter Network Security - Lecture 1 17

  19. The cuckoo’s egg – cont’d The vulnerability • – Emacs provided a utility ( movemail ) to allow users to change spool file ownership and move it – At LBL it was installed setuid root • The exploit – The attacker used movemail to copy his own script over the atrun utility, which is run periodically with system privileges • Consequences – Intruder gained root access – Used the system to probe military systems in the MILNET – Looked for potentially sensitive documents searching for keywords like “SDI” (Strategic Defense Initiative), “nuclear”, “norad” • Investigation – FBI involved – Conenctions traced back to Germany – In 1989 arrest of Markus Hess, who operated for the KGB Eike Ritter Network Security - Lecture 1 18

  20. The Morris Worm • On November 2, 1988, Robert T. Morris releases the Internet worm • A mistake in the propagation procedure leads to the overload of infected machines • Internet had to be “turned off” • RTM was sentenced to three years’ probation, a $10,000 fine, and 400 hours of community service • The Computer Emergency Response Team (CERT) was created Eike Ritter Network Security - Lecture 1 19

  21. The Morris Worm – cont’d • Worm: self-replicating program that spreads across a network of machines • Vulnerabilities & exploits – “Debug” function of sendmail , which enabled to send an email with a program as a recipient • Worm sent a message with body that created a C program which transferred the rest of the modules from the originating host, linked them, and executed them – fingerd stack-based buffer overflow – Weak passwords – Trusted hosts (~/.rhost) Eike Ritter Network Security - Lecture 1 20

  22. Kevin Mitnick • 1981: breaks into Pac Bell phone center. 1year probation. 1982: cracks Pacific • Telephone. 6 months of juvenile prison. 1987: breaks into SCO. 3 years • probation. • 1988: expelled from Pierce for computer misuse 1992: cracks into California • DMV • 1994: breaks into San Diego Supercomputer Center 1995: well-publicized arrest • (Shimomura and New York Time’s John Markoff) Eike Ritter Network Security - Lecture 1 21

  23. Kevin Mitnick – cont’d • Christmas 1994 attack against San Diego Supercomputer Center (SDSC) • Sophisticated TCP spoofing attack, which exploits the trust relationship between two hosts, x-terminal and server – x-terminal: diskless host – server: host providing boot images to x-terminal – x-terminal allows unauthenticated logins and commands from server • Exploit – DoS against server – Attacker spoofs server and injects command # rsh x-terminal "echo + + >>/.rhosts" Eike Ritter Network Security - Lecture 1 22

  24. Other famous incidents • Summer 2001: Code Red – Exploits buffer overflow in IIS – Defaces the vulnerable site to display: HELLO! Welcome to http://www.worm.com! Hacked By Chinese! • August 2003: Blaster worm – Exploits buffer overflow in DCOM RPC service of Windows and binds a command shell to port 4444 of the infected target – Transfers payload on compromised machine via TFTP – SYN floods windowsupdate.com (but not windowsupdate.microsoft.com) – Jeffrey Lee Parson, 18 year old, arrested Eike Ritter Network Security - Lecture 1 23

Recommend

Drone Hacking Basics Intro to UAS Architectures, Attack Vectors and RF Hacking Matt Koskela June

Drone Hacking Basics Intro to UAS Architectures, Attack Vectors and RF Hacking Matt Koskela June

Drone Hacking Basics Intro to UAS Architectures, Attack Vectors and RF Hacking Matt Koskela June 15, 2017 Outline Drone Architectures RF Basics Information Gathering RF Hacking Tools Exploits & Demos Q&A Why? Wrights Law

486 views • 27 slides
ETHICAL HACKING Daniel Cloherty CAN HACKING BE ETHICAL? What makes hacking ethical?

ETHICAL HACKING Daniel Cloherty CAN HACKING BE ETHICAL? What makes hacking ethical?

ETHICAL HACKING Daniel Cloherty CAN HACKING BE ETHICAL? What makes hacking ethical? Legality VS Ethics State Sanctioned hacking BLACK HAT - Stereotypical Hacker -Stealing data for personal gain -Obviously not ethical -Using

1.17k views • 10 slides
Security in Mobile Devices Hacking Mobiles for Fun and Profit Tobias Mueller Universit at

Security in Mobile Devices Hacking Mobiles for Fun and Profit Tobias Mueller Universit at

Intro Hardware Security Platform Security Hacking Q&A Security in Mobile Devices Hacking Mobiles for Fun and Profit Tobias Mueller Universit at Hamburg & Dublin City University 2010-12-16 1 / 54 Intro Hardware Security

974 views • 79 slides
Genome Hacking Yaniv Erlich @erlichya @erlichya 10/26/15 Yaniv Erlich Intro. Methodology The

Genome Hacking Yaniv Erlich @erlichya @erlichya 10/26/15 Yaniv Erlich Intro. Methodology The

Genome Hacking Yaniv Erlich @erlichya @erlichya 10/26/15 Yaniv Erlich Intro. Methodology The Venter case Anonymous datasets Summary We need to share genetic information Hereditary Spastic Joubert syndrome Hemifacial Paraparesis

555 views • 21 slides
Hacking Reinforcement Learning Guillem Duran Ballester Guillemdb @Miau_DB A tale about hacking

Hacking Reinforcement Learning Guillem Duran Ballester Guillemdb @Miau_DB A tale about hacking

Hacking Reinforcement Learning Guillem Duran Ballester Guillemdb @Miau_DB A tale about hacking AI-Corp Hacking RL 1. Information gathering 2. Scanning 3. Exploitation & privilege escalation 4. Maintaining access & covering tracks

960 views • 62 slides
ADD BoF Intro How we got here Old History Traditional DNS uses plaintext to port 53 It

ADD BoF Intro How we got here Old History Traditional DNS uses plaintext to port 53 It

ADD BoF Intro How we got here Old History Traditional DNS uses plaintext to port 53 It was always possible, but uncommon, to subvert that stub-resolver-auth resolution model Snowden revelations led to RFC7258 Encrypting DNS

346 views • 9 slides
Hacking SecondLife Michael Thumann Hacking SecondLife by Michael Thumann 2/24/08 1

Hacking SecondLife Michael Thumann Hacking SecondLife by Michael Thumann 2/24/08 1

Hacking SecondLife Michael Thumann Hacking SecondLife by Michael Thumann 2/24/08 1 Disclaimer Everything you are about to see, hear, read and experience is for educational purposes only. No warranties or guarantees implied or

692 views • 47 slides
Hacking, Hacktivism, and Counterhacking April 22, 2015 Outline Vocabulary Hacking motivated by

Hacking, Hacktivism, and Counterhacking April 22, 2015 Outline Vocabulary Hacking motivated by

Hacking, Hacktivism, and Counterhacking April 22, 2015 Outline Vocabulary Hacking motivated by benign purposes Hacktivism Counterhacking Case Studies Site defacement Network exploration / Port scanning / SQL injection / . . .

522 views • 18 slides
Hacking Copenhagen ITS World Congress, Copenhagen 2018 Hacking Copenhagen Digitalising (life in)

Hacking Copenhagen ITS World Congress, Copenhagen 2018 Hacking Copenhagen Digitalising (life in)

ECF gratefully acknowledges financial support from the European Commission. Hacking Copenhagen ITS World Congress, Copenhagen 2018 Hacking Copenhagen Digitalising (life in) the city of Copenhagen using bicycles. Bicycle-as-a-Sensor 1.

278 views • 11 slides
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 10 Hacking Web Servers

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 10 Hacking Web Servers

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 10 Hacking Web Servers Objectives After reading this chapter and completing the exercises, you will be able to: Describe Web applications Explain Web application

530 views • 9 slides
A Little Bit of History Sanja Fidler CSC420: Intro to Image Understanding 1 / 58 Flying Through

A Little Bit of History Sanja Fidler CSC420: Intro to Image Understanding 1 / 58 Flying Through

Recognition: A Little Bit of History Sanja Fidler CSC420: Intro to Image Understanding 1 / 58 Flying Through the History of Recognition We will do a quick fast-forward through the history of recognition For every type of approach, try to

1.03k views • 67 slides
Pulp Google Hacking The Next Generation Search Engine Hacking Arsenal 3 August 2011 Black Hat

Pulp Google Hacking The Next Generation Search Engine Hacking Arsenal 3 August 2011 Black Hat

Pulp Google Hacking The Next Generation Search Engine Hacking Arsenal 3 August 2011 Black Hat 2011 Las Vegas, NV Presen sented ed b by: Francis Brown Rob Ragan Stach & Liu, LLC www.stachliu.com Agenda O V E R V I E W

1.07k views • 72 slides
ZIGDIGGITY ZIGBEE HACKING TOOLKIT AUGUST 7-11, 2019 http://zigdiggity.c om NEW ZIGBEE HACKING

ZIGDIGGITY ZIGBEE HACKING TOOLKIT AUGUST 7-11, 2019 http://zigdiggity.c om NEW ZIGBEE HACKING

ZIGDIGGITY ZIGBEE HACKING TOOLKIT AUGUST 7-11, 2019 http://zigdiggity.c om NEW ZIGBEE HACKING TOOLKIT FREE, OPEN-SOURCE WHAT IS ZIGDIGGITY??? + = RaspBee radio + Raspberry Pi ZigDiggity - GitHub Code http://zigdiggity.com BISHOPFOX

617 views • 23 slides
INTRO: What is a MOOD BOARD? What is it? INTRO: Why are they Used? INTRO: Things to Consider

INTRO: What is a MOOD BOARD? What is it? INTRO: Why are they Used? INTRO: Things to Consider

INTRO: What is a MOOD BOARD? What is it? INTRO: Why are they Used? INTRO: Things to Consider INTRO: How to make it? What is it: physical or digital What is it: Scrapbooking What is it: collection of ingredients for a meal What is it: A

379 views • 20 slides
Hacking C# CONTACT@ADAMFURMANEK.PL HTTP://BLOG.ADAMFURMANEK.PL FURMANEKADAM 1 19.08.2020

Hacking C# CONTACT@ADAMFURMANEK.PL HTTP://BLOG.ADAMFURMANEK.PL FURMANEKADAM 1 19.08.2020

Hacking C# CONTACT@ADAMFURMANEK.PL HTTP://BLOG.ADAMFURMANEK.PL FURMANEKADAM 1 19.08.2020 HACKING C# - ADAM FURMANEK About me Experienced with backend, frontend, mobile, desktop, ML, databases. Blogger, public speaker. Author of .NET

481 views • 37 slides
Ethical Hacking Finse 2019 Cyber Security Winter school Universitetet i Oslo Laszlo Erddi

Ethical Hacking Finse 2019 Cyber Security Winter school Universitetet i Oslo Laszlo Erddi

Ethical Hacking Finse 2019 Cyber Security Winter school Universitetet i Oslo Laszlo Erddi From Myself Associate Professor at UiO Teaching Ethical Hacking since 2012 Lecturer of the IN5290 Ethical Hacking at UiO Leader

878 views • 66 slides
Innovation through the www.linkedin.com/pulse/climate-change-healthcare-lucien- hacking

Innovation through the www.linkedin.com/pulse/climate-change-healthcare-lucien- hacking

CLIMATE CHANGE IN HELTHCARE : Driving Innovation through the www.linkedin.com/pulse/climate-change-healthcare-lucien- hacking engelen GIB DE MEDEIROS, PH.D. Digital Hospital Transformation Forum at HIC 2017 Brisbane, Australia HACKING

644 views • 27 slides
Earth History & Geobiology O. Jagoutz 12.001 Intro: Earth differs from other rocky planets by

Earth History & Geobiology O. Jagoutz 12.001 Intro: Earth differs from other rocky planets by

Earth History & Geobiology O. Jagoutz 12.001 Intro: Earth differs from other rocky planets by the presence of the hydrosphere, free oxygen and the presence of complex life. It is a major scientific challenge (the million dollar question if

165 views • 5 slides
Hacking Telco equipment The HLR/HSS Laurent Ghigonis Security researcher at P1 Security Hacking

Hacking Telco equipment The HLR/HSS Laurent Ghigonis Security researcher at P1 Security Hacking

Hacking Telco equipment The HLR/HSS Laurent Ghigonis Security researcher at P1 Security Hacking Telco equipment: The HLR/HSS Laurent Ghigonis P1 Security 2014, Hackito Ergo Sum - Security Conference What are we talking about ? A mobile

724 views • 59 slides
Outline Intro to RL and Bayesian Learning History of Bayesian RL Model-based Bayesian

Outline Intro to RL and Bayesian Learning History of Bayesian RL Model-based Bayesian

Outline Intro to RL and Bayesian Learning History of Bayesian RL Model-based Bayesian RL Prior knowledge, policy optimization, discussion, Bayesian approaches for other RL variants Model-free Bayesian RL Gaussian

1.23k views • 63 slides
Hacking the Canon 300D digital camera Lex Augusteijn November 2018 www.lex-augusteijn.nl

Hacking the Canon 300D digital camera Lex Augusteijn November 2018 www.lex-augusteijn.nl

Hacking the Canon 300D digital camera Lex Augusteijn November 2018 www.lex-augusteijn.nl lex.augusteijn@gmail.com History March 2003: Canon 10D was introduced $1500 DSLR 6Mpix CMOS sensor August 2003: Canon 300D was introduced

332 views • 22 slides
600.465 Intro to NLP Assignment 4: Finite-State Programming Prof. J. Eisner Fall 2004

600.465 Intro to NLP Assignment 4: Finite-State Programming Prof. J. Eisner Fall 2004

600.465 Intro to NLP Assignment 4: Finite-State Programming Prof. J. Eisner Fall 2004 Due date: Friday 19 November, 2pm This short assignment exposes you to finite-state hacking. You will build finite-state transducers by hand, using

273 views • 10 slides
PL PLYOM OMETR TRIC IC TRAIN TRAININ ING G Introduction and Fundamentals. INTRO WHAT

PL PLYOM OMETR TRIC IC TRAIN TRAININ ING G Introduction and Fundamentals. INTRO WHAT

PL PLYOM OMETR TRIC IC TRAIN TRAININ ING G Introduction and Fundamentals. INTRO WHAT WHERE HOW WHY CONSIDERATIONS INTRO HISTORY: Developed in the 1950s and 1960s in Russia, (Shock Training). Progressed to

927 views • 20 slides
ROTARY DISTRICT 5440 INTRO TO ROTARY AND YOUTH EXCHANGE HISTORY OF ROTARY Founded in 1905 -

ROTARY DISTRICT 5440 INTRO TO ROTARY AND YOUTH EXCHANGE HISTORY OF ROTARY Founded in 1905 -

ROTARY DISTRICT 5440 INTRO TO ROTARY AND YOUTH EXCHANGE HISTORY OF ROTARY Founded in 1905 - Chicago, Ill Paul Harris Encouragement of friendship, fellowship and mutual assistance Rotary - rotate among various places of

497 views • 11 slides

More recommend