DOC PREVIEW
Berkeley ELENG 122 - Lecture Notes

This preview shows page 1-2-22-23 out of 23 pages.

Save
View full document
Premium Document
Do you want full access? Go Premium and unlock all 23 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

EE 122 Network Security Kevin Lai December 2 2002 Motivation Internet currently used for important services financial transactions medical records Could be used in the future for critical services 911 surgical operations energy system control transportation system control Networks more open than ever before global ubiquitous Internet wireless Malicious Users selfish users want more network resources than you malicious users would hurt you even if it doesn t get them more network resources laik cs berkeley edu 2 Network Security Problems Host Compromise attacker gains control of a host Denial of Service attacker prevents legitimate users from gaining service Attack can be both e g host compromise that provides resources for denial of service Other forms of attack less common today because these two are so easy laik cs berkeley edu 3 Other Forms of Security Prevent malicious users from reading transmitted data privacy pretending to be someone else authentication doing something without permission authorization modifying transmitted data integrity claiming they did not send a message nonrepudiation Detect a compromise by a malicious user intrusion detection laik cs berkeley edu 4 Host Compromise One of earliest major Internet security incidents Internet Worm 1988 compromised almost every BSDderived machine on Internet Today estimated that a single worm could compromise 10M hosts in 15 min Attacker gains control of a host reads data erases data compromises another host launches denial of service attack on another host laik cs berkeley edu 5 Definitions Trojan relies on user interaction to activate usually relies on user exploitation Worm replicates itself usually relies on stack smash attack Virus worm that attaches itself to another program laik cs berkeley edu 6 Host Compromise Stack Smash typical code has many bugs because those bugs are not triggered by common input network code is vulnerable because it accepts input from the network network code that runs with high privileges i e as root is especially dangerous e g web server laik cs berkeley edu 7 Example what is wrong here Copy a variable length user name from a packet define MAXNAMELEN 64 char username MAXNAMELEN int offset OFFSET USERNAME int name len name len packet offset memcpy username packet offset 1 name len laik cs berkeley edu 8 Effect of Stack Smash Write into part of the stack or heap write arbitrary code to part of memory cause program execution to jump to arbitrary code Stack Smashing Worm probes host for vulnerable software sends bogus input attacker can do anything that the privileges of the buggy program allows launches copy of itself on compromised host rinse repeat at exponential rate 10M hosts in 15 minutes laik cs berkeley edu 9 Hall of Shame Software that have had many stack smash bugs BIND most popular DNS server RPC Remote Procedure Call used for NFS NFS Network File System widely used at UCB sendmail most popular UNIX mail delivery software IIS Windows web server SNMP Simple Network Management Protocol used to manage routers and other network devices laik cs berkeley edu 10 Solution Don t write buggy software it s not like people try to write buggy software Type safe Languages unrestricted memory access of C C contributes to problem use Java Perl or Python instead OS architecture compartmentalize programs better so one compromise doesn t compromise the entire system e g DNS server doesn t need total system access e g web server probably doesn t need to complete write access Firewalls laik cs berkeley edu 11 Firewalls Gateway machine that blocks out certain data e g any external packets not for port 80 any external packets with an internal IP address ingress filtering any email with an attachment Properties easier to deploy firewall than secure all internal hosts doesn t prevent user exploitation tradeoff between availability of services firewall passes more ports on more machines and security if firewall is too restrictive users will find way around it thus compromising security e g have all services use port 80 laik cs berkeley edu 12 Host Compromise User Exploitation Some security architectures rely on the user to decide if a potentially dangerous action should be taken e g run code downloaded from the Internet Do you accept content from Microsoft run code attached to email subject You ve got to see this allow a macro in a data file to be run Here is the latest version of the document laik cs berkeley edu 13 User Exploitation Users are not good at making this decision Which of the following is the real name Microsoft uses when you download code from them Microsoft Microsoft Inc Microsoft Corporation Typical email attack Attacker sends email to some initial victims Reading the email running its attachment viewing its attachment opens the hole Worm trojan virus mails itself to everyone in address book laik cs berkeley edu 14 Solutions OS architecture Don t ask the users questions which they don t know how to answer anyway Separate code and data viewing data should not launch attack Be very careful about installing new software laik cs berkeley edu 15 Denial of Service Huge problem in current Internet Yahoo Amazon eBay CNN Microsoft attacked in 2001 12 000 attacks on 2 000 organizations in 3 weeks some more that 600 000 packets second more than 192Mb s almost all attacks launched from compromised hosts General Form prevent legitimate users from gaining service by overloading or crashing a server e g spam SYN attack laik cs berkeley edu 16 SYN Attack Compromised hosts send TCP SYN packets to target sent at max rate with random spoofed source address spoofing use a different source IP address than own random spoofing allows one host to pretend to be many Victim receives many SYN packets sends SYN ACK back to spoofed IP addresses holds some memory until 3 way handshake completes usually never so victim times out after long period e g 2 minutes laik cs berkeley edu 17 Affect on Victim buggy implementations allow unfinished connections to eat all memory leading to crash better implementations limit the number of unfinished connections once limit reached new SYNs are dropped victim s network connection also saturated affect on victim s users users can t access the targeted service on the victim because the unfinished connection queue is full users can t access the other services in victim s network because connection is saturated laik cs berkeley edu 18 Other Denial of Service Attacks SYN attack is simple


View Full Document

Berkeley ELENG 122 - Lecture Notes

Documents in this Course
Lecture 6

Lecture 6

22 pages

Wireless

Wireless

16 pages

Links

Links

21 pages

Ethernet

Ethernet

10 pages

routing

routing

11 pages

Links

Links

7 pages

Switches

Switches

30 pages

Multicast

Multicast

36 pages

Switches

Switches

18 pages

Security

Security

16 pages

Switches

Switches

18 pages

Lecture 1

Lecture 1

56 pages

OPNET

OPNET

5 pages

Lecture 4

Lecture 4

16 pages

Ethernet

Ethernet

65 pages

Models

Models

30 pages

TCP

TCP

16 pages

Wireless

Wireless

48 pages

Load more
Download Lecture Notes
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Lecture Notes and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Lecture Notes and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?