Network Programming and Network Security - PowerPoint PPT Presentation

1 / 23
About This Presentation
Title:

Network Programming and Network Security

Description:

After the presentation, we will go to DNAL to tour our data center. ... The Infamous Buffer. So, how does a worm take advantage of an exploit? ... – PowerPoint PPT presentation

Number of Views:36
Avg rating:3.0/5.0
Slides: 24
Provided by: lanet8
Category:

less

Transcript and Presenter's Notes

Title: Network Programming and Network Security


1
Network Programming and Network Security
  • Lane Thames
  • Graduate Research Assistant

2
Outline for Today
  • Discuss Network security and how it relates to
    network programming
  • After the presentation, we will go to DNAL to
    tour our data center. Then we are going to hack
    some computers gt)

3
Network Programming
  • What is the Goal?
  • Sending data to and from hosts via TCP/IP over a
    network.
  • ClientServer
  • SourceSink

A
B
C
4
Information Security
  • NETWORK SECURITY
  • Firewall
  • IDS
  • IPSEC (VPN)
  • Encryption.
  • Data flowing thru the network
  • COMPUTER SECURITY
  • Firewall
  • Virus Protection
  • Encryption
  • Data on a machine

5
Definitions
  • Virus?
  • Passive malware that is embedded within a
    program. Will not execute on its on. You have to
    run the host program. After being activated,
    it attempts to spread to other programs and hosts
    (usually via email)

6
Definitions
  • Worm?
  • Acitve malware that can spread on its own using a
    network. Takes advantage of some exploit
    (usually an anomaly known as buffer overflow)

7
The Infamous Buffer
  • So, how does a worm take advantage of an exploit?
  • send(sockfd,buffer,sizeof(buffer),0)
  • recv(sockfd,buffer,sizeof(buffer),0)
  • What if the receiving buffer keeps getting data
    added beyond its boundary?
  • OVERFLOWoverwrite data beyond the boundary and
    causes problems.

8
Common Types of Computer Attacks
  • Buffer Overflow Attacksused for local and remote
    root exploits
  • The ultimate goal is to redirect program control
    flow which causes the computer to execute
    carefully injected malicious code (example to
    follow)
  • Code can be crafted to elevate the privileges of
    a user by obtaining super user (root) privileges
    (demo in the lab afterwards)
  • Note These exploits can create a propagation
    medium for worms

9
Common Types of Attacks
  • Denial of Service (DoS)
  • Exhaust a computers resources e.g. TCP SYN
    flooding attack. (3-way handshake exploit)
  • Consume a computers available networking
    bandwidth e.g. ICMP Smurf Attack (IP spoofing
    and ICMP)

10
TCP SYN Flooding Attackwhat happens?
11
ICMP Smurf Attack
Victim
Subnet Slaves
Master
Spoof IP with the IP of the Victim
12
Why will this program crash?
13
Buffer Overflow-Stack Image
  • Overflow buf with str so that the Return Address
    (RA) is overwritten
  • If carefully designed, the RA is overwritten with
    the address of the injected code (contained in
    the str inputshell code)

buf
SFP
Return Address
str buffer
Rest of Stack
14
Buffer Overflow
  • After running the program on XP we get the famous
    Microsoft alert
  • In Linux you get Segmentation Fault

15
Buffer OverflowException Info
16
Buffer OverflowStack Trace
17
So, How does the worm work (in a nutshell)?
  • Programmer finds a flaw in a program, i.e. a
    server using a buffer where length is not
    checked.
  • Calculate approximate return address for the
    given machine.
  • Create a buffer that holds copies of the desired
    address, followed by a NOP (No Operation code)
    sled, and then followed by the code to be
    executed, and create the code needed to send the
    buffer to servers running the flawed program.
  • The code injected into the buffer is a replica of
    the original program.

18
Generic Example
buf
0xbfffff00
Return Address
0xbfffff00
buffer
0xbfffff00
data
NOP sled
data
Replication code
19
What are we doing in Network Security?
  • Created a Honyneta network of computers waiting
    to be hacked.
  • Network Monitoringmonitor the Honeynet with
    packet sniffers, traffic monitors, and host-based
    monitoring software
  • Artificial Intelligence Classifiermake
    intelligent security decisions based on the data
    collected by the monitors

20
The Network Setup
21
AI ClassifierHybrid System Architecture
Init. Train. Data
Bayesian/SOM Classifier
Monitored Data
SOM Training
Modified Data
IDS
Classification File
Struct. Developer
Struct. File
Processed Data
Bayesian Trainer
22
Related Grad Classes
  • ECE 6607Computer Communication Networks (Dr.
    Abler)
  • ECE 6612Network Security (Dr. John Copeland)
    (Real time hacking competition)
  • ECE 8833Intelligent Systems (Dr. Ashraf Saad)

23
Questions?
  • Want to go hack a computer and see some of this
    stuff in action?
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Network Programming and Network Security" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!