1 / 113

Computer Network Security

Computer Network Security. Identify the challenges for computer and network security. Ten-fifteen years ago Firewalls , IDS, anti-virus software , OS update were rare Now Virus attacks : every day E-mail : scanned for suspicious attachments Network admins : work overtime to

tuvya
Télécharger la présentation

Computer Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer Network Security

  2. Identify the challenges for computer and network security • Ten-fifteen years ago • Firewalls, IDS, anti-virus software, OS update were rare • Now • Virus attacks : every day • E-mail : scanned for suspicious attachments • Network admins : work overtime to • Build the latest security defenses • Keep the defenses up-to-date • Computer attacks via the Internet • Making computer security one of the prime concerns

  3. Identify the challenges for computer and network security • Why security is becoming increasingly difficult • Speed of attacks • Widely available of modern tools • Used to scan systems • To find weaknesses • Launch attacks • Most tools are automated • Easy to attack target systems

  4. Identify the challenges for computer and network security Speed of attacks: (examples) In 2003 : the Slammer worm infected 75,000 computers in the first 11 minutes after it was released and infected double every 8.5 seconds. As its peak, Slammer was scanning 55 million computers per second looking for a computer to infect. Later that year, Blaster worm infected 138,000 computers in its first four hours and eventually infected over 1.4 million computers.** ** From M. Ciampa, Security + Guide to Network Security Fundamentals, 2nd edition, Thompson, 2005

  5. Identify the challenges for computer and network security (cont.) • Why security is becoming increasingly difficult • Sophistication of attacks • Security attacks are becoming more complex • Difficult to detect • Faster detection of weaknesses • Newly discovered system vulnerabilities double annually • More difficult for software developers to update their products

  6. Identify the challenges for computer and network security (cont.) • Why security is becoming increasingly difficult • Distributed attacks • Multiple systems can be used to attack against a single computer or network • (many against one) approach • Impossible to stop an attack by identifying and blocking the source • Difficulties in patching • So, users do not apply patches

  7. Identify the challenges for computer and network security (cont.)

  8. Security Terminology

  9. Vulnerabilities and Exploits • Vulnerabilities • Security weaknesses that open a program to attack • An exploit takes advantage of a vulnerability • Vendors develop fixes • Zero-day exploits: exploits that occur before fixes are released • Exploits often follow the vendor release of fixes within days or even hours • Companies must apply fixes quickly

  10. Vulnerabilities and Exploits • Compromise • The successful exploitation of a target by an attacker • Fixes • Work-arounds • Manual actions to be taken • Labor-intensive so expensive and error-prone • Patches: • Small programs that fix vulnerabilities • Usually easy to download and install • Service packs (groups of fixes in Windows) • Version upgrades

  11. Applying Patching • Problems with Patching • Must find operating system patches • Windows Server does this automatically • LINUX versions often use rpm • … • Companies get overwhelmed by number of patches • Use many programs; vendors release many patches per product • Especially a problem for a firm’s many application programs

  12. Applying Patching • Problems with Patching • Cost of patch installation • Each patch takes some time and labor costs • Usually lack the resources to apply all • Prioritization • Prioritize patches by criticality • May not apply all patches, if risk analysis does not justify them

  13. Applying Patching • Problems with Patching • Risks of patch installation • Reduced functionality • Freeze machines, do other damage—sometimes with no uninstall possible • Should test on a test system before deployment on servers

  14. Threats • Threat • An adversary (devil/satan) who is capable and motivated to exploit a vulnerability • (exploit = utilize, especially for profit) • Aperson, thing, event • whichposessomedangertoanassetintermsofthatasset’sconfidentiality, integrity, availability • Accidentthreats • Delibratethreats : PassiveandActive

  15. Threats • Examples of threat • Hacker/cracker • Script kiddies • Spies and Malware • Denial-of-service (DoS) attack • Zombies • Insecure/poorly designed applications • Virus • Worms

  16. Script kiddies • Script kiddies • Want to break into computers like crackers, but • unskilled users • download software from web sites, use to break into computers

  17. Spies • Spies • A person who • Has been hired to break into a computer and steal information • Do not randomly search for unsecured computers to attack • Malware • A group of destructive programs such as viruses, worms, Trojan horse, logic bombs, and spyware

  18. Virus • Virus : a computer programthat • cancopyitselfandinfect a computerwithoutpermissionorknowledgeoftheuser • spreads from one computer to another when its host (such as an infected file) is taken to that computer • viruses always infect or corrupt files on a targeted computer

  19. Worm • Worm : a computer program that • is a self-replicatingcode • Resides in active memory (the program is executed) • Propagates itself • uses a networktosendcopiesofitselftoothernode • can spread itself to other computers without needing to be transferred as part of an infected file • always harm the network

  20. Trojan horse • Trojan horse : a program that • installs malicious software while under the guise of doing something else • differs from a virus in that • a Trojan horse does not insert its code into other computer files • appears harmless until executed

  21. Logic Bomb • Logic Bomb : a program that • inactive until it is triggered by a specific event, e.g. • a certain date being reached • once triggered, the program can perform many malicious activities • is difficult to defend against

  22. Spyware • Spyware: a computer programthat • installedsurreptitiouslyon a personal computer • tointerceptortakepartialcontrolovertheuser's interactionwiththecomputer, withouttheuser's awareness • installingadditionalsoftware • redirectingweb browser activity • secretlymonitorstheuser's behavior • collectsvarioustypesofpersonal information,

  23. Mobile Code • Mobile Code (more spyware) • Executable code on a webpage • Code is executed automatically when the webpage is downloaded • Javascript, Microsoft Active-X controls, etc. • Can do damage if computer has vulnerability

  24. Social Engineering in Malware • Social Engineering in Malware • Social engineering is attempting to trick users into doing something that goes against security policies • Several types of malware use social engineering • Spam • Phishing • Spear phishing (aimed at individuals or specific groups) • Hoaxes

  25. Denial-of-service (DoS) attack • Denial-of-service (DoS) attack : a threat that • Prevents legitimate traffic from being able to access the protected resource • Common DoS • Crashes a targeted service or server • Normally done by • Exploiting program buffer overflow problem • Sending too many packets to a host  causing the host to crash

  26. Zombies • Zombies : systems that • Have been infected with software (e.g. Trojan or back doors) • Under control of attackers • Be used to launch an attack against other targets • Insecure/poorly designed applications • One of the most difficult threats to be detected

  27. Cyberterrorists • Cyberterrorists • Terrorists that attack the network and computer infrastructure to • Deface electronic information (such as web sites) • Deny service to legitimate computer users • Commit unauthorised intrusions into systems and networks that result in infrastructure outages and corruption of vital data

  28. Security Terminology • Security attack • Any action that compromises security information, or • The use or exploitation of a vulnerability. • Security mechanism • A mechanism that designed to detect, prevent, or recover from a security attack • Security service • A service that enhances the security of data processing systems and information transfers. • Makes use of one or more security mechanisms

  29. Risk • Risk • A qualitative assessment describing the likelihood of an attacker/threat using an exploit to • successfully bypass a defender • Attack a vulnerability • Compromise a system • Riskanalysis: • Providesaquantitativemeansofdeterminingwhetheranexpenditureonsafeguardsiswarranted

  30. Definitionofcomputerandnetworksecurity • Security • In a general-use environment, the system will not be openly vulnerable to • Attacks, • Data loss, • Privacy loss • Security is about the protection of assets* • Protective measures • Prevention • Detection • Reaction/Response *From:GollmannD.,ComputerSecurity,JohnWiley&Sons,1999

  31. Definitionofcomputerandnetworksecurity • Information security • The tasks of guarding digital information • Information : • Typically processed by a computer • Stored on a some devices • Transmitted over a network • Ensures that protective measures are properly implemented • A protection method

  32. Definitionofcomputerandnetworksecurity • Computer Security • Computer security deals with the prevention and detection of unauthorized actions by users of computer system* • The goal is to protect data and resources • Only an issue on shared systems • Like a network or a time-sharing OS • No “global” solution *From:GollmannD.,ComputerSecurity,JohnWiley&Sons,1999

  33. Definitionofcomputerandnetworksecurity • Computer security • No absolute “secure” system • Security mechanisms protect against specific classes of attacks

  34. Definitionofcomputerandnetworksecurity • Network security • Security of data in transit • Over network link • Over store-and-forward node • Security of data at the end point • Files • Email • Hardcopies

  35. Network security differences from computer security Attacks can come from anywhere, anytime Highly automated (script) Physical security measures are inadequate Wide variety of applications, services, protocols Complexity Different constraints, assumptions, goals No single “authority”/administrators Definition of computer and networksecurity

  36. Protective measures • Prevention • Take measures that prevent assets from being damaged • Addresses the steps to deter an attack or lessen a system compromise • The measures, e.g. • Physical network architecture • Firewall elements • Antivirus systems • System hardening • User education

  37. Protective measures • Detection • Take measures that be able to detect when an asset has been damaged • Knowing when a system is under attack • Provides an important step toward responding to threats • Examples of measures • Intrusion Detection System (IDS) • SNORT

  38. Protective measures • Reaction/Response • Take measures that be able to recover from a damage • Common mitigation (lessen) options • Intrusion Prevention System (IPS) • (an IDS that remove access control) • Backup devices • Response procedure

  39. Protective measures • Example of response procedure (POLICIES) • Turn off the compromised systems : may be desirable to • Power off and individual workstation • Shutting off a server • (could cause a significant impact for many mission-critical environment) • Inform law enforcement • Which organization?

  40. Protective measures • Example of response procedure (POLICIES) • Reset the system, investigate the cause • Some attacks • Restore the system should be sufficient • Complicated attacks • Blindly resetting a system may not lessen the problem • Should analyze the attack methods • Reset the environment to a state that led to the initial compromise !! • For sensitive information • How much information was compromised> • How long was the attacker accessing the system? • Knowing this • Directly leads to damage control

  41. Protective measures • Example of response procedure (POLICIES) • An individual/team in charge of leading the response • Have one  can save valuable time

  42. Threat Models

  43. Threat Models : Internal versus External • Internal attacker motivation • Corporate spies • Disgruntled employees • Personal issues, e.g. • Disagreement with boss or coworker • General frustration • Unfair disadvantage • Greed • May see value in selling insider access to an interested external party • Curiosity • Ignorance • May not be aware that specific information should be confidential

  44. Threat Models : Internal versus External • External attacker motivation • Political • Status  demonstrate his/her skill • Power  show his/her technical superiority

  45. Internal v.s External Attacker/ing Probe and Exploit Attack Packets

  46. Internal v.s External Attacker/ing Source IP Address Spoofing

  47. Internal v.s External Attacker/ing Chain of Attack Computers For probes whose replies must be received, attacker sends probes through a chain of attack computers. Victim only knows the identity of the last compromised host (123.125.33.101) Not that of the attacker

  48. Internal v.s External Attacker/ing • Traditional External Attackers: Hackers • Social Engineering • Social engineering is often used in hacking • Call and ask for passwords and other confidential information • E-mail attack messages with attractive subjects • Piggybacking • Shoulder surfing • Pretexting • Etc. • Often successful because it focuses on human weaknesses instead of technological weaknesses

  49. Security Goals (Objectives)

  50. Security Goals • Confidentiality • Authenticaion • Authorizatoin • Integrity • Repudiation • Availability (most common : CIA confidentiality, integrity, availability)

More Related