5/3/2004 Announcements U.S. National Cybersecurity • Axess U.S. National Cybersecurity • Forum Understanding the Understanding the • Bios/Photos Internet Internet • Law School Event William J. Perry Martin Casado • Keith Coleman • Dan Wendlandt MS&E 91SI Spring 2004 Stanford University U.S. National Cybersecurity March 31, 2004 U.S. National Cybersecurity March 31, 2004 The Internet is … Goal: Provide Working Knowledge of the Internet (as it relates to this class!) U.S. National Cybersecurity March 31, 2004 And … At Present: • More than 500 million computers • 287.5 Million English Users • 516.7 Million Non English Users • Over 38 million active domains • So … how does it all work? U.S. National Cybersecurity March 31, 2004 U.S. National Cybersecurity March 31, 2004 1
5/3/2004 First: A Story A Network Is … • Computers • Wires Connecting computers AT&T SPRINT U.S. National Cybersecurity March 31, 2004 U.S. National Cybersecurity March 31, 2004 “Internet” Really a Network of Networks (ISPs) Sprint To Complex for my Brain.. (and not really modular) MCI AT&T MCI U.S. National Cybersecurity March 31, 2004 U.S. National Cybersecurity March 31, 2004 Organized Into Hierarchy by Separated into “Layers” Function Application Transport Network Physical U.S. National Cybersecurity March 31, 2004 U.S. National Cybersecurity March 31, 2004 2
5/3/2004 The Physical Layer Application The Physical Layer Transport Network Physical U.S. National Cybersecurity March 31, 2004 U.S. National Cybersecurity March 31, 2004 Physical Layer Physical Layer The hardware that makes up the Internet • Computers are physically located in some-ones jurisdiction (whose? implications?) • Must be physically protected • Anything you can “touch” (destroyed computers don’t work, nor to clipped wires) • One wire, can carry a lot of data … better to use • The physical computers less? (2 fiber lines across Rockies) • Hard limitation (about 5 ways in and out of US) • The wires connecting computers • Often overlooked, though a serious component in security!!! U.S. National Cybersecurity March 31, 2004 U.S. National Cybersecurity March 31, 2004 Network Layer Application The Network Layer Transport Network Physical U.S. National Cybersecurity March 31, 2004 U.S. National Cybersecurity March 31, 2004 3
5/3/2004 IP Addresses IP Packets Every reachable computer (not really) on Information leaving computers is broken the Internet is given a unique identifier into discrete segments or packets, marked called an IP address with the IP address of the destination and the IP address of the source. IP Packet 171.67.71.18 data source destination U.S. National Cybersecurity March 31, 2004 U.S. National Cybersecurity March 31, 2004 Routing Packet Flow on Internet Computers on the Internet that lie between sending and receiving computers (called “routers”) forward received packets to connecting computers. ? The choice of wire to send a packet out of ? is based solely on the destination of the packet. U.S. National Cybersecurity March 31, 2004 U.S. National Cybersecurity March 31, 2004 Network Layer : (Overview) A Look at ISPs • Computers are identified by globally unique • Carry their customers traffic to anywhere address (32 bits) called and IP address (note: in the globe this is somewhat of a white lie) • Data is broken into small “chunks” called • What kind of power does an ISP have? packets • What factors determine routing decisions? • Packets flow between computers over • How can ISPs trust each other? specialized computers. “routers” • Each router makes its own decision where to • Why would an ISP want to limit attacks on send a packet the network? • Routers ONLY make the decision via the • What is the potential damage of a rogue packets destination ISP? U.S. National Cybersecurity March 31, 2004 U.S. National Cybersecurity March 31, 2004 4
5/3/2004 Domain Name System • When trying to contact a computer (www.google.com) do not use IP addresses … A Quick Digression: Domain Name System • Instead use DNS … converts “names” (can remember) to IP addresses (cannot remember) U.S. National Cybersecurity March 31, 2004 U.S. National Cybersecurity March 31, 2004 Domain Name System • Convert Name (www.foo.com) to 32 bit value (134.114.223.91) • Must ask special machine (name The Transport Layer server) for answer (problems here?) • Has good and bad properties! (as we will see!) U.S. National Cybersecurity March 31, 2004 U.S. National Cybersecurity March 31, 2004 Transport Layer Transport Layer Uses “IP packets” to send information from computer A to computer B Application Transport e.g. TCP Network A Reliable method of sending information to someone Physical “hi there mom “hi there mom” U.S. National Cybersecurity March 31, 2004 U.S. National Cybersecurity March 31, 2004 5
5/3/2004 TCP Transport Layer • 99% of Internet Traffic • ICMP, UDP : Other methods of • Must set up a connection before hand sending information Sure! • Not “seen” by normal users Internet • Nuts and bolts are good for Can I connect to port 80? understanding attacks and • Uses PORTs to differentiate multiple vulnerabilities connections per machine • Once established can be reasonably assured you are talking to a real machine! (http://www.ja.net/CERT/Morris/r.t.morris-TCP.html) U.S. National Cybersecurity March 31, 2004 U.S. National Cybersecurity March 31, 2004 Application Layer Application The Application Layer Transport (finally some familiarity) Network Physical U.S. National Cybersecurity March 31, 2004 U.S. National Cybersecurity March 31, 2004 The Application Layer The Application Layer • Email Applications use transport layers (such as TCP) to communicate • World Wide Web across the Internet • SSH • Telnet • FTP Netscape www.google.com • Applications we love and use every day! TCP Connection U.S. National Cybersecurity March 31, 2004 U.S. National Cybersecurity March 31, 2004 6
5/3/2004 The Application Layer The Application Layer Common application use known • Usually gets the most attention “PORTs” for establishing connections because it is what we see/interact with • However, on top of all other layers Netscape www.google.com (which we don’t normally consider!) TCP Connection port 80 Email Client Email Server TCP Connection port 110 U.S. National Cybersecurity March 31, 2004 U.S. National Cybersecurity March 31, 2004 Real Networking Stack Complete Picture ? Users (not even close) Application Policy Transport Network Physical U.S. National Cybersecurity March 31, 2004 U.S. National Cybersecurity March 31, 2004 Vulnerabilities & Attacks The nature of the network technologies, protocols, and operators are the basis for attacks. Why do we need to know Attacks can (and will) come at vulnerabilities in every layer. this technology ? Big Question: What is it about the Internet architecture that causes these vulnerabilities to exist? Users Application Attacks Transport Network Physical U.S. National Cybersecurity March 31, 2004 U.S. National Cybersecurity March 31, 2004 7
5/3/2004 Definitions Attacks on the Internet In cybersecurity: Why do attacks matter? def. vulnerability (n): Attacks affect the Internet’s ability to any avenue for attack. function as a reliable and secure critical infrastructure. def. attack (n) Any action that without authorization exposes, modifies, utilizes or denies the availability of an Internet related resource. U.S. National Cybersecurity March 31, 2004 U.S. National Cybersecurity March 31, 2004 Scanning & Fingerprinting Exploits What is it? What is it? The use of vulnerabilities in or misconfiguration of software or hardware to gain access to information or resources on Reconnaissance technique to explore a system. Exploits may be manual or networks, classify + analyze connected hosts, and identify potential automated. vulnerabilities. example: Blaster worm exploits RPC bug Example: nmap security scanner U.S. National Cybersecurity March 31, 2004 U.S. National Cybersecurity March 31, 2004 Denial of Service Social Engineering Attack What is it? What is it? Any attempt that employs non-technical means to attack a system. Often the attacker uses information gleaned from outside sources to produce false credentials. Attacks are often The malicious consumption of resources in order to hybrid, relying on human and technical factors. make a system incapable of fulfilling its designed role. Attacks are often “distributed” to increase resource consumption. example: Beagle virus used email domain name to pose as a message from the user’s ISP. example: SYN flood against Yahoo U.S. National Cybersecurity March 31, 2004 U.S. National Cybersecurity March 31, 2004 8
Recommend
More recommend