DOC PREVIEW
Berkeley ELENG 122 - Lecture Notes

This preview shows page 1-2-17-18-19-36-37 out of 37 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 37 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 37 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 37 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 37 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 37 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 37 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 37 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 37 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

  EECS 122University of CaliforniaBerkeleyEECS122 - Contents – Index - Examples of AttackPrinciplesThreatsCryptographySecurity SystemsSECURITYEECS122 - Contents – Index -Buffer OverflowDenial of Service AttackEmail virusARP attackSECURITY - AttacksEECS122 - Contents – Index - Basic Mechanism:Attacker overwrites program stack to force execution of her code Examples:VirusCorrupt filesSECURITY – Attacks – Buffer Overflow EECS122 - Contents – Index - !     !" !"#$%&'( '( )&*$%&')%&')+$!),')( )&* -)'.&/)*)$0)%1SECURITY – Attacks – Buffer Overflow "EECS122 - Contents – Index - ! #$Protect memory by preventing overwrite of stack[either through OS or through language]Check validity of requestSECURITY – Attacks  Buffer Overflow%EECS122 - Contents – Index -& ' ()*Basic Mechanism Flood a host with a rapid sequence of SYNsEffect Host sets aside some space to store state of new TCP connection If rapid sequence, then host runs out of space and crashesRemediesCheck for “valid” SYNs, i.e., SYNs followed by requests; discard invalid SYNs to clear memoryUse smart firewall that forwards only valid SYNs to hostsStore “state” in cookie that comes back with requestSECURITY – Attacks – DOS – SYN+EECS122 - Contents – Index -& ' && Distributed Denial of Service AttackBasic Mechanism Saturate a link to a host by sending requests from many nodes across the InternetEffect Host is incapacitatedRemediesVerify that source IP exists (i.e., is not spoofed)Block packets that DDOS tools use (some ICMPs)Limit rate of ICMP flowsLimit rate of SYNsTrace back from last router upstream to block packets toward that linkSECURITY – Attacks – DOS – DDOS,EECS122 - Contents – Index -$Basic Mechanism Attachment that contains virusEffect Some email programs execute code in virus without authorizationRemediesFirewall to check attachments and remove specific onesAvoid automatic execution of attachmentsSECURITY – Attacks – Email-EECS122 - Contents – Index -#.Basic Mechanism Intruder replies to ARP request and performs denial of service on hostA [ARP: Who is IP B]C [ARP: I am IP B]; DoS BEffectC impersonates B for ARemediesCheck source of ARPAvoid DoSSECURITY  Attacks – ARPEECS122 - Contents – Index -./You would somehow like to have your data (or that of others) be secure. This often means you want to: know who really sent it know nobody else read itMore specifically, protect from: eavesdropping, masquerading, replay, traffic analysis, exploit-based attacks, denial-of-serviceSECURITY – Principles EECS122 - Contents – Index -./ These attacks are often classified asActive:somebody actually generates or modifies network trafficeasier to detect, harder to preventPassive:somebody just collects and analyses network trafficharder to detect, easier to preventSECURITY  PrinciplesEECS122 - Contents – Index -01Message authentication codeEncryption IntegrityConfidentiality Documents Signature, password, watermarkEncryption, relay IdentityPrivacy Users Physical security (lock)Virus detectionFirewall, passport control PhysicalInfectionIntrusion ComputersProtectionTypeAgainst SECURITY – ThreatsEECS122 - Contents – Index -/2/1SECURITY – CryptographyBasic MechanismMain IssuesSecret KeyPublic KeyHashing EECS122 - Contents – Index -31$2"345#2"2"645#2"!/*.3*7/)*$&*/)*7.*43*7%.567/)*$&*/)*SECURITY – Cryptography – Basic Mechanism "EECS122 - Contents – Index -31$ 345#  645# Two flavors: Secret Key: E(.) and D(.) are known only to Bob and Alice Public Key: Alice advertises E(.) that should be used to encrypt messages to her8)9 **! !/SECURITY – Cryptography – Basic Mechanism %EECS122 - Contents – Index -31$2"345#2"2"645#2"645/'/*+')$345345')&!%90)*2,7$&*/)*1: 3'7)) &: %)/*+2 ;))/*(345/')&!%9%)(2 ;))/*( *7345</')&!%9%)$/(&)&$&*/)*645<)2 *),/*( *7/'4<3455</')&!%9%)$/(&)&$&*/)*645SECURITY – Cryptography  Basic Mechanism+EECS122 - Contents – Index -3 For the cryptographer, the main issues:choice of the transformation (D and E)is the underlying mathematical basis efficient for decoding and encoding with keys and hard without them?do you publish the algorithm or not?generation and distribution of keysmight like to use random numbers, but computers aren’t exactly random deviceshow do you get a secret from one person to another if you don’t already have keys!?SECURITY –


View Full Document

Berkeley ELENG 122 - Lecture Notes

Documents in this Course
Lecture 6

Lecture 6

22 pages

Wireless

Wireless

16 pages

Links

Links

21 pages

Ethernet

Ethernet

10 pages

routing

routing

11 pages

Links

Links

7 pages

Switches

Switches

30 pages

Multicast

Multicast

36 pages

Switches

Switches

18 pages

Security

Security

16 pages

Switches

Switches

18 pages

Lecture 1

Lecture 1

56 pages

OPNET

OPNET

5 pages

Lecture 4

Lecture 4

16 pages

Ethernet

Ethernet

65 pages

Models

Models

30 pages

TCP

TCP

16 pages

Wireless

Wireless

48 pages

Load more
Download Lecture Notes
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Lecture Notes and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Lecture Notes 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?