outline
play

Outline Basics of network security Network Security Definitions - PDF document

Outline Basics of network security Network Security Definitions CS 239 Sample attacks Computer Software Defense mechanisms March 1, 2004 Lecture 12 Lecture 12 Page 1 Page 2 CS 239, Winter 2004 CS 239, Winter 2004 Some


  1. Outline • Basics of network security Network Security • Definitions CS 239 • Sample attacks Computer Software • Defense mechanisms March 1, 2004 Lecture 12 Lecture 12 Page 1 Page 2 CS 239, Winter 2004 CS 239, Winter 2004 Some Important Network Degree of Locality Characteristics for Security • Some networks are very local • Degree of locality – E.g., an Ethernet • Media used – Only handles a small number of • Protocols used machines, mostly related ones • Other networks are very non-local – E.g., the Internet backbone – Vast numbers of users/sites share bandwidth Lecture 12 Lecture 12 Page 3 Page 4 CS 239, Winter 2004 CS 239, Winter 2004 Implications of Locality Network Media • Truly local networks may gain from • Some networks are wires or cables physical security • Other networks run over the telephone • Relative trustworthiness of all lines participants may help • Other networks are radio links to • Common interests of all on a local satellites network may be helpful, too • Other networks are broadcast radio • Wide area networks generally harder links Lecture 12 Lecture 12 Page 5 Page 6 CS 239, Winter 2004 CS 239, Winter 2004 1

  2. Implications of Media Type Protocol Types • TCP/IP is probably the most widespread • Wires can sometimes be physically – But it only specifies some common protected intermediate levels • Radio links generally can’t – Other protocols exist above and below it –Though power and technology • In places, other protocols replace TCP/IP requirements for satellite links may • And there are lots of supporting protocols provide some help – Routing protocols, naming and directory –Directional antennae can also help protocols, network management protocols – And security protocols (IPSec, ssh, ssl) Lecture 12 Lecture 12 Page 7 Page 8 CS 239, Winter 2004 CS 239, Winter 2004 Implications of Protocol Type Threats to Network Security • The protocol defines a set of rules that will • Pretty much the usual suspects: always be followed –Wiretapping – But usually not quite complete –Impersonation – And they assume everyone is at least trying to play by the rules –Message confidentiality – What if they don’t? –Message integrity • Specific attacks exist against specific –Denial of service protocols Lecture 12 Lecture 12 Page 9 Page 10 CS 239, Winter 2004 CS 239, Winter 2004 Why Are Networks Especially What Can Attackers Attack? Threatened? • Many “moving parts” • The media connecting the nodes • Many different administrative domains • Nodes that are connected to them • Everyone can get some access • Routers that control the traffic • In some cases, trivial for attacker to get • The protocols that set the rules for a foothold on the network communications • Networks encourage sharing • Networks often allow anonymity Lecture 12 Lecture 12 Page 11 Page 12 CS 239, Winter 2004 CS 239, Winter 2004 2

  3. Wiretapping Wiretapping on Wires • An obvious network vulnerability • Signals can be trapped at many points – But don’t forget, “wiretapping” is a • Actually tapping into some physical wires is general term possible • Not just networks are vulnerable • Other “wires” are broadcast media • Passive wiretapping is listening in illicitly – Packet sniffers can listen to all traffic on conversations • Subverted routers and gateways also offer • Active wiretapping is injecting traffic access illicitly Lecture 12 Lecture 12 Page 13 Page 14 CS 239, Winter 2004 CS 239, Winter 2004 Wiretapping on Wireless Impersonation • Often just a matter of putting an antenna up • A packet comes in over the network – Though position may matter a lot –With some source indicated in its – Generally not even detectable that it’s header happening • Often, the action to be taken with the – Directional antennae and frequency packet depends on the source hopping may add challenges • Active threats are easier to detect • But attackers may be able to create – And, for satellites, technically packets with false sources challenging Lecture 12 Lecture 12 Page 15 Page 16 CS 239, Winter 2004 CS 239, Winter 2004 Methods of Network Authentication to Foil Impersonations Impersonation • Even in standard protocols, often easy • Higher level protocols often require authentication of transmissions to change fields in a header –When created or later • Much care required to ensure proper authentication –E.g., IP allows forging “from” • And not having authentication underneath addresses can cause many problems • Existing networks have little or no • Authentication schemes are rarely perfect built-in authentication Lecture 12 Lecture 12 Page 17 Page 18 CS 239, Winter 2004 CS 239, Winter 2004 3

  4. Violations of Message Message Integrity Confidentiality • Other problems can cause messages to be • Even if the attacker can’t create the inappropriately divulged packets he wants, sometimes he can • Misdelivery can send a message to the alter proper packets wrong place • To change the effect of what they will – Clever attackers can make it happen do • Message can be read at an intermediate gateway or a router • Sometimes an intruder can get useful information just by traffic analysis Lecture 12 Lecture 12 Page 19 Page 20 CS 239, Winter 2004 CS 239, Winter 2004 Methods of Attacks on Message Denial of Service Integrity • Replacing part of a packet • Attacks that prevent legitimate users from doing their work • Changing headers to alter destination of a packet • By flooding the network –Or its source • Or corrupting routing tables • Inserting improper packets into a • Or flooding routers proper packet stream • Or destroying key packets Lecture 12 Lecture 12 Page 21 Page 22 CS 239, Winter 2004 CS 239, Winter 2004 How Do Denial of Service Some Sample Attacks Attacks Occur? • Basically, the attacker injects some form of • Smurf attacks traffic • SYN flood • Most current networks aren’t built to throttle uncooperative parties very well • Ping of Death • All-inclusive nature of the Internet makes basic access trivial • Universality of IP makes reaching most of the network easy Lecture 12 Lecture 12 Page 23 Page 24 CS 239, Winter 2004 CS 239, Winter 2004 4

  5. Smurf Attacks SYN Flood • Based on vulnerability in TCP • Attack on vulnerability in IP broadcasting • Send a ping packet to IP broadcast address • Attacker uses initial request/response – With forged “from” header of your target to start TCP session to fill a table at the server • Resulting in a flood of replies from the sources to the target • Preventing new real TCP sessions • Easy to fix at the intermediary • SYN cookies and firewalls with – Don’t allow IP broadcasts to originate massive tables are possible defenses outside your network • No good solutions for victim Lecture 12 Lecture 12 Page 25 Page 26 CS 239, Winter 2004 CS 239, Winter 2004 Normal SYN Behavior A SYN Flood SYN SYN SYN SYN SYN SYN/ACK SYN/ACK SYN/ACK SYN/ACK SYN/ACK ACK N Y S Server can’t Table of open Table of open fill request! TCP connections TCP connections Lecture 12 Lecture 12 Page 27 Page 28 CS 239, Winter 2004 CS 239, Winter 2004 SYN Cookies The Ping of Death SYN/ACK number is • IP packets are supposed to be no longer function of source than 65,535 bytes long information • Can improperly send longer IP packets • Some OS networking software wasn’t prepared for that N Y S K C A – Resulting in buffer overflows and crashes N / Y S K C A No room in the table, • Can filter out pings, but other IP packets can also cause problem so send back a SYN Recalculate cookie to cookie, instead • OS patches really solve the problem determine if proper response Lecture 12 Lecture 12 Page 29 Page 30 CS 239, Winter 2004 CS 239, Winter 2004 5

  6. Network Security Mechanisms Encryption for Network Security • Again, the usual suspects - • Relies on the kinds of encryption algorithms and protocols discussed –Encryption previously –Authentication • But network security tends to only –Access control worry about the data transport issues –Data integrity mechanisms • Which leads to an important question - –Traffic control Lecture 12 Lecture 12 Page 31 Page 32 CS 239, Winter 2004 CS 239, Winter 2004 Authentication for Network Access Control Security • Various entities need to be • When a node is put on a network, authenticated potentially all its resources become –Hosts to hosts available over the network –Users to hosts • How do we control who can access –Hosts to users resources? • Because of inherent insecurities of • And how? networks, cryptographic methods used Lecture 12 Lecture 12 Page 33 Page 34 CS 239, Winter 2004 CS 239, Winter 2004 Checksums, Secure Hashes, and Data Integrity Mechanisms Digital Signatures • Bad things can happen if attackers can • Checksums can tell us if the data has changed change data values – If the checksum hasn’t been altered –Either while in transit in the net • Secure hashes use cryptographic techniques – If the hash is protected –Or by remotely accessing a machine • Digital signatures provide full protection • How do we keep our data intact? – At full cryptographic costs Lecture 12 Lecture 12 Page 35 Page 36 CS 239, Winter 2004 CS 239, Winter 2004 6

Recommend


More recommend