DOC PREVIEW
WUSTL CSE 571S - Network Security Concepts

This preview shows page 1-2-14-15-29-30 out of 30 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 30 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 30 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 30 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 30 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 30 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 30 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 30 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

2-1©2007 Raj JainCSE571SWashington University in St. LouisNetwork Security Network Security ConceptsConceptsRaj Jain Washington University in Saint LouisSaint Louis, MO [email protected] slides are available on-line at:http://www.cse.wustl.edu/~jain/cse571-07/2-2©2007 Raj JainCSE571SWashington University in St. LouisOverviewOverview1. Security Components and Threats2. Security Policy and Issues3. Types of Malware and Attacks4. Security Mechanisms5. Network Security Audit6. The Orange Book7. Legal Issues2-3©2007 Raj JainCSE571SWashington University in St. LouisSecurity ComponentsSecurity Components! Confidentiality: Need access control, Cryptography, Existence of data! Integrity: No change, content, source, prevention mechanisms, detection mechanisms! Availability: Denial of service attacks,! Confidentiality, Integrity and Availability (CIA)2-4©2007 Raj JainCSE571SWashington University in St. LouisThreatsThreats! Disclosure, alteration, and denial (DAD)! Disclosure or unauthorized access: snooping, passive wiretapping,! Deception or acceptance of false data: active wiretapping (data modified), man-in-the-middle attack, Masquerading or spoofing (impersonation), repudiation of origin (denying sending), denial of receipt! Disruption or prevention of correct operation! Usurpation or unauthorized control of some part of a system: Delay, Infinite delay ⇒ Denial of service2-5©2007 Raj JainCSE571SWashington University in St. LouisSecurity PolicySecurity Policy! Statement of what is and what is not allowed ! Security Mechanism: Method, tool or procedure for enforcing a security policy2-6©2007 Raj JainCSE571SWashington University in St. LouisElements of Network Security PolicyElements of Network Security Policy1. Purchasing guidelines: Required security features2. Privacy Policy: files, emails, keystrokes3. Access Policy: Connecting to external systems, installing new software4. Accountability Policy: Responsibilities of users/staff/management. Audit capability.5. Authentication Policy: password policy6. Availability statement: redundancy and recovery issues7. Maintenance Policy: Remote maintenance? How?8. Violations Reporting Policy: What and to whom?9. Supporting Information: Contact information, handling outside queries, laws,...Ref: RFC 21962-7©2007 Raj JainCSE571SWashington University in St. LouisSecurity IssuesSecurity Issues! Goals: Prevention, Detection, Recovery ! Assurance: Assurance requires detailed specs of desired/ undesired behavior, analysis of design of hardware/software, andarguments or proofs that the implementation, operating procedures, and maintenance procedures work.! Operational Issues: Benefits of protection vs. cost of designing/implementing/using the mechanisms! Risk Analysis: Likelihood of potential threats! Laws: No export of cryptography from USA until 2000. Sys Admins can't read user's file without permission.! Customs: DNA samples for authentication, SSN as passwords! Organizational Priorities: Security not important until an incident! People Problems: Insider attacks2-8©2007 Raj JainCSE571SWashington University in St. LouisSteps in Cracking a NetworkSteps in Cracking a Network! Information Gathering: Public sources/tools.! Port Scanning: Find open TCP ports.! Network Enumeration: Map the network. Servers and workstations. Routers, switches, firewalls.! Gaining Access: Keeping root/administrator access! Modifying: Using access and modifying information! Leaving a backdoor: To return at a later date.! Covering tracks2-9©2007 Raj JainCSE571SWashington University in St. LouisHacker CategoriesHacker Categories! Hacker - Cleaver programmer! Cracker - Illegal hacker! Script Kiddies - Starting hacker. May not target a specific system. Rely on tools written by others.! White Hat Hackers - Good guys. Very knowledgeable. Hired to find a vulnerability in a network. Write own software.! Black Hat Hackers - Bad guys. Desire to cause harm to a specific system. Write own software.! Cyber terrorists - Motivated by political, religious, or philosophical agenda.2-10©2007 Raj JainCSE571SWashington University in St. LouisTypes of MalwareTypes of Malware! Viruses: Code that attaches itself to programs, disks, or memory to propagate itself.! Worms: Installs copies of itself on other machines on a network, e.g., by finding user names and passwords! Trojan horses: Pretend to be a utility. Convince users to install on PC.! Spyware: Collect personal information! Hoax: Use emotion to propagate, e.g., child's last wish.! Trap Door: Undocumented entry point for debugging purposes! Logic Bomb: Instructions that trigger on some event in the future! Zombie: Malicious instructions that can be triggered remotely. The attacks seem to come from other victims.2-11©2007 Raj JainCSE571SWashington University in St. LouisHistory of Security AttacksHistory of Security Attacks2-12©2007 Raj JainCSE571SWashington University in St. LouisBrief History of MalwareBrief History of Malware2-13©2007 Raj JainCSE571SWashington University in St. LouisTypes of VirusTypes of Virus! Boot sector virus! Macro virus! Email malware! Web site malware (JavaScripts)2-14©2007 Raj JainCSE571SWashington University in St. LouisTypes of AttacksTypes of Attacks! Denial of Service (DoS): Flooding with traffic/requests! Buffer Overflows: Error in system programs. Allows hacker to insert his code in to a program.! Malware! Brute Force: Try all passwords. ! Port Scanning:⇒ Disable unnecessary services and close ports! Network Mapping2-15©2007 Raj JainCSE571SWashington University in St. LouisRoot KitsRoot Kits! Hide by placing themselves between calls to system routines and lower layers of operating system.! When a program makes a system call, the root kit intercepts the call and either passes it to the system, handles the call itself, or drops the call.! Allow hacker to enter a system at any time! See rootkit.com2-16©2007 Raj JainCSE571SWashington University in St. LouisBuffer OverflowsBuffer Overflows! Return address are saved on the top of stack.! Parameters are then saved on the stack.! Writing data on stack causes stack overflow.! Return the program control to a code segment written by the hacker.2-17©2007 Raj JainCSE571SWashington University in St. LouisDistributed DoS AttacksDistributed DoS Attacks! Tribe Flood Network (TFN) clients are installed on compromised hosts.! All clients start a simultaneous DoS attack on a victim on a trigger from the attacker.! Trinoo attack works similarly. Use


View Full Document

WUSTL CSE 571S - Network Security Concepts

Documents in this Course
IP sec

IP sec

28 pages

Load more
Download Network Security Concepts
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Network Security Concepts and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Network Security Concepts 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?