1 / 40

U.S. National Cybersecurity Understanding Internet Security

U.S. National Cybersecurity Understanding Internet Security. William J. Perry Martin Casado • Keith Coleman • Dan Wendlandt MS&E 91SI Fall 2004 Stanford University. Announcements. Axess + Email lists Coursework Forum Bios/Photos. Goal: Provide Working Knowledge of Internet Security.

sarah
Télécharger la présentation

U.S. National Cybersecurity Understanding Internet Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. U.S. National CybersecurityUnderstanding Internet Security William J. Perry Martin Casado • Keith Coleman• Dan Wendlandt MS&E 91SI Fall 2004 Stanford University U.S. National Cybersecurity

  2. Announcements • Axess + Email lists • Coursework Forum • Bios/Photos U.S. National Cybersecurity

  3. Goal: Provide Working Knowledge of Internet Security

  4. Outline What is Security? Attack Classifications Internet Security Mechanisms Discussion Questions (if time) U.S. National Cybersecurity

  5. What is “Security” ? U.S. National Cybersecurity

  6. The “Big Five” Security is traditionally broken up into: 1) Availability 2) Integrity 3) Confidentiality 4) Authentication 5) Access Control U.S. National Cybersecurity

  7. Security From What? What can disrupt the higher-level services running on the Internet? • Attacks • Accidents • Failures NASA Control Room U.S. National Cybersecurity

  8. Failures on the Internet Why do security failures matter? Security failures affect the Internet’s ability to function as a reliable and secure critical infrastructure. U.S. National Cybersecurity

  9. Vulnerabilities Def. vulnerability (n) “a state with the potential to lead to a failure” Where can vulnerabilities exist in technology? Services (Amazon, SCADA) Applications (Word, IE, Email Client) Service-Level Protocols (http, smtp) Network and Network Protocols (ip, tcp) Operating Systems (Windows, Linux, Cisco IOS) Physical Hardware (cables, routers, CPUs) Basic Infrastructure (electricity) U.S. National Cybersecurity

  10. Attack Classifications(not mutually exclusive) U.S. National Cybersecurity

  11. Vulnerabilities & Attacks Application Transport Network Physical The nature of the network technologies, protocols, and operators are the basis for attacks. Attacks can (and will) come at vulnerabilities in every layer. Big Question: What is it about the Internet architecture that causes these vulnerabilities to exist? Humans Attacks U.S. National Cybersecurity

  12. Scanning & Fingerprinting Reconnaissance technique to explore networks, classify + analyze connected hosts, and identify potential vulnerabilities. Example: nmap security scanner What is it? U.S. National Cybersecurity

  13. Exploits What is it? The use of vulnerabilities in or misconfiguration of software or hardware to gain access to information or resources on a system. Exploits may be manual or automated. worms/viruses are exploits with code to facilitate propagation. example: Blaster worm exploits RPC bug U.S. National Cybersecurity

  14. Trojaned Software What is it? Software/Hardware with hidden functionality that its use allows an attacker an avenue to access a system or its information. This is sometimes also referred to as a “backdoor”. Example: A free copy of MSWord downloaded off of Kazaa may have been modified to include a trojan leading to a compromise. U.S. National Cybersecurity

  15. Denial of Service The malicious consumption of resources in order to make a system incapable of fulfilling its designed role. Attacks are often “distributed” to increase resource consumption (zombies or botnets). example: SYN flood against Yahoo What is it? U.S. National Cybersecurity

  16. Social Engineering Attack What is it? Any attempt that employs non-technical means to attack a system. Often the attacker uses information gleaned from outside sources to produce false credentials (dumpster diving). Attacks are often hybrid, relying on human and technical factors. example: Beagle virus used email domain name to pose as a message from the user’s ISP. U.S. National Cybersecurity

  17. Access Control Failures What is it? Failure to set up adequate access control • Default configurations • Privilege revocation Example: default administrator password for windows U.S. National Cybersecurity

  18. Authentication Failures What is it? Some authentication schemes are better than others: • Passwords • Public Key Crypto Example: phishing schemes that steal passwords break the authentication model. U.S. National Cybersecurity

  19. Infrastructure Attack An attack against the core systems that operate as the Internet infrastructure. Attacks can be either physical or virtual, often focusing on central points of failure. example: Attack on root DNS servers. What is it? U.S. National Cybersecurity

  20. Insider Threats What is it? Attacks that exploit an existing trust relationship to harm the overall security of a system. example: former employee uses knowledge of a company’s network systems and passwords to steal customer information entrusted to the company U.S. National Cybersecurity

  21. Traffic Sniffing/Modification What is it? Using access to a link or infrastructure system to examine or modify the contents of Internet traffic. Similar to a phone tap, with ability to change contents. example: ISP’s potential for information gathering U.S. National Cybersecurity

  22. Don’t Forget Attacks are only one of the reasons systems can fail. There are many other, perhaps less exciting, ways systems are vulnerable. U.S. National Cybersecurity

  23. Internet Security Mechanisms U.S. National Cybersecurity

  24. What is Cryptography A critical TOOL in securing information systems and their communications. • You may have heard of: • SSL • Trusted Computing • Public Key Cryptography • Tripwire U.S. National Cybersecurity

  25. Cryptography Overview Crypto can great hard guarantees (backed by math) in the digital world similar to those we have long relied upon for security in the physical world: - Data Encryption (privacy) “No one else can read my message” - Data Integrity “My message has not been modified” “My message is from who it says it is” Also provides for some improved authentication schemes. U.S. National Cybersecurity

  26. Cryptography Examples How do these mechanisms function? (at 10,000 feet) U.S. National Cybersecurity

  27. Problems with Crypto • Bad Standards • WEP, CSS • Bad Implementation • IE, OpenSSL • Attacks on Authentication • Phishing, password sniffing • Weak back-end • Weak link, insider attacks • Encryption is often slow & cumbersome • PKI has difficulty scaling to large numbers U.S. National Cybersecurity

  28. Ideal vs. Real Internet Security Ideally we can utilize authentication and access control to protect systems and data. In reality this is not practical. E.g. What if everyone needed to be authenticated to talk to you computer? Additionally, authentication schemes are only as secure as those using them. E.g. An uneducated but authenticated user may install a trojan. U.S. National Cybersecurity

  29. Attack Detection/Prevention Firewalls – Software to inspect packets, compare them to rules and drop traffic specified by these rules. Intrusion Detection/Prevention Systems (IDS/IPS) – Software to inspect traffic flows for signatures or other behavior that appears to be malicious. Anti-Virus Software – Inspects files for signs of infectious programs and eliminates them. These mechanisms can either be deployed on individual hosts or on dedicated network servers. U.S. National Cybersecurity

  30. Patching Fix vulnerabilities in software that may lead to exploitation. Patch management is major hidden cost to companies. Important: - Process is still embarrassingly manual (changing?). - Gap between release of patch + first exploit “in the wild” is shrinking (Witty worm and zero-days). - Often patches are not applied to critical systems because updates sometimes have conflicts that can break software running on the systems. Do we patch? Check out: “Security Holes? Who Cares” by Eric Rescorla. : http://www.rtfm.com/upgrade.pdf U.S. National Cybersecurity

  31. Process, Education & Risk Assessment Often forgotten as security mechanisms: - Having well-defined and consistent preparation, response, and recovery plans across an organization. - Attempting to secure humans, often the weakest link. - Determining the danger associated with each potential vulnerability. U.S. National Cybersecurity

  32. Discussion Questions U.S. National Cybersecurity

  33. Attributability For traffic on the Internet, can we determine who a packet come from? Two levels: • Can we tell what computer sent a given packet?(what are the implications of source spoofing?) • Can we attribute a packet to a human? - What does this say about our ability to catch and prosecute perpetrators of online attacks? What about active response? U.S. National Cybersecurity

  34. Determining Intent Can you infer intent from analyzing network traffic? What about at the application level? • What is the different between a denial of service attack and normal overwhelming usage? • What is more important, the intent or the result of Internet traffic? • What about ‘enablement’ versus ‘use’? U.S. National Cybersecurity

  35. Trust Relationships What are key trust relationships relating to cybersecurity? Think about: - designers - developers - distributors - owners - operators - users If security is a “weakest-link” issue, what forces keep one of these trust links from breaking? U.S. National Cybersecurity

  36. The Power of the Core • How much control do we have with determining where traffic flows on the Internet, and what entities have control over it? • What can someone ‘on route’ potentially do? How can you trust the integrity of what you see? • What does it take to have control of the Internet core? U.S. National Cybersecurity

  37. Infrastructure Attacks How vulnerable is the actual Internet infrastructure to attacks? • Could a single group bring down the Internet? What does this mean? What kind of resources would it take? • How reliant is the Internet on a relatively few critical systems? • What happens when you rely on the security of infrastructure that you have absolutely no control over? As a company? As a country? How does this compare to security in the physical world? U.S. National Cybersecurity

  38. Determining Identity How can we trust an Internet entity is who they say they are? • Why is this process more difficult than it is in the “brick & mortar” world? • How important is this for a critical infrastructure? • Do our solutions for providing identity scale to the millions of actions on the Internet? U.S. National Cybersecurity

  39. Overwhelming Complexity What does the extreme complexity of the Internet mean for our ability to secure it? • Are there just too many things that could go wrong to ever possibly be able to completely rely on it? • In what way does the complexity impact our ability to educate average users? Is user education necessary? Is effective user education even possible? • Will the Internet become more or less complex to manage in the future? U.S. National Cybersecurity

  40. Why is this so hard? What are the major barriers to providing security guarantees for an information system on the Internet? • What (or who) are the weak links for security systems? • Can we ever really secure a usable Internet computer system? (e.g. directed attack) • How does software size & complexity relate to our ability to secure a system? What is zero-day? U.S. National Cybersecurity

More Related