Title: U.S. National Cybersecurity Understanding Internet Security
1U.S. National CybersecurityUnderstanding
Internet Security
- William J. Perry
- Martin Casado Keith Coleman Dan Wendlandt
- MSE 91SI
- Fall 2004
- Stanford University
2Announcements
- Axess Email lists
- Coursework Forum
- Bios/Photos
3Goal Provide Working Knowledge of Internet
Security
4Outline
- What is Security?
- Attack Classifications
- Internet Security Mechanisms
- Discussion Questions (if time)
5What is Security ?
6The Big Five
- Security is traditionally broken up into
- 1) Availability
- 2) Integrity
- 3) Confidentiality
- 4) Authentication
- 5) Access Control
7Security From What?
- What can disrupt the higher-level services
running on the Internet? - Attacks
- Accidents
- Failures
NASA Control Room
8Failures on the Internet
- Why do security failures matter?
- Security failures affect the Internets ability
to function as a reliable and secure critical
infrastructure.
9Vulnerabilities
- Def. vulnerability (n)
- a state with the potential to lead to a failure
- Where can vulnerabilities exist in technology?
Services (Amazon, SCADA) Applications (Word, IE,
Email Client) Service-Level Protocols (http,
smtp) Network and Network Protocols (ip,
tcp) Operating Systems (Windows, Linux, Cisco
IOS) Physical Hardware (cables, routers,
CPUs) Basic Infrastructure (electricity)
10Attack Classifications(not mutually exclusive)
11Vulnerabilities Attacks
- The nature of the network technologies,
protocols, and operators are the basis for
attacks. - Attacks can (and will) come at vulnerabilities in
every layer. - Big Question What is it about the Internet
architecture that causes these vulnerabilities to
exist?
Humans
Attacks
12Scanning Fingerprinting
What is it?
- Reconnaissance technique to explore networks,
classify analyze connected hosts, and identify
potential vulnerabilities. - Example nmap security scanner
13Exploits
- What is it?
- The use of vulnerabilities in or
misconfiguration of software or hardware to gain
access to information or resources on a system. - Exploits may be manual or automated.
- worms/viruses are exploits with code to
facilitate propagation. - example Blaster worm exploits RPC bug
14Trojaned Software
What is it? Software/Hardware with hidden
functionality that its use allows an attacker an
avenue to access a system or its
information. This is sometimes also referred to
as a backdoor.
Example A free copy of MSWord downloaded off of
Kazaa may have been modified to include a trojan
leading to a compromise.
15Denial of Service
What is it?
- The malicious consumption of resources in order
to make a system incapable of fulfilling its
designed role. - Attacks are often distributed to increase
resource consumption (zombies or botnets). - example SYN flood against Yahoo
16Social Engineering Attack
- What is it?
- Any attempt that employs non-technical means to
attack a system. Often the attacker uses
information gleaned from outside sources to
produce false credentials (dumpster diving). - Attacks are often hybrid, relying on human and
technical factors. - example Beagle virus used email domain name to
pose as a message from the users ISP.
17Access Control Failures
- What is it?
- Failure to set up adequate access control
- Default configurations
- Privilege revocation
- Example default administrator password for
windows
18Authentication Failures
- What is it?
- Some authentication schemes are better than
others - Passwords
- Public Key Crypto
- Example phishing schemes that steal passwords
break the authentication model.
19Infrastructure Attack
What is it?
- An attack against the core systems that operate
as the Internet infrastructure. Attacks can be
either physical or virtual, often focusing on
central points of failure. - example Attack on root DNS servers.
20Insider Threats
- What is it?
- Attacks that exploit an existing trust
relationship to harm the overall security of a
system. - example former employee uses knowledge of a
companys network systems and passwords to steal
customer information entrusted to the company
21Traffic Sniffing/Modification
- What is it?
- Using access to a link or infrastructure system
to examine or modify the contents of Internet
traffic. Similar to a phone tap, with ability to
change contents. - example ISPs potential for information
gathering
22Dont Forget
-
- Attacks are only one of the reasons systems can
fail. There are many other, perhaps less
exciting, ways systems are vulnerable.
23Internet Security Mechanisms
24What is Cryptography
- A critical TOOL in securing information systems
and their communications. - You may have heard of
- SSL
- Trusted Computing
- Public Key Cryptography
- Tripwire
25Cryptography Overview
- Crypto can great hard guarantees (backed by
math) in the digital world similar to those we
have long relied upon for security in the
physical world - - Data Encryption (privacy)
- No one else can read my message
- - Data Integrity
- My message has not been modified
- My message is from who it says it is
-
- Also provides for some improved authentication
schemes.
26Cryptography Examples
- How do these mechanisms function?
- (at 10,000 feet)
27Problems with Crypto
- Bad Standards
- WEP, CSS
- Bad Implementation
- IE, OpenSSL
- Attacks on Authentication
- Phishing, password sniffing
- Weak back-end
- Weak link, insider attacks
- Encryption is often slow cumbersome
- PKI has difficulty scaling to large numbers
28Ideal vs. Real Internet Security
- Ideally we can utilize authentication and access
control to protect systems and data. - In reality this is not practical.
- E.g. What if everyone needed to be authenticated
to talk to you computer? - Additionally, authentication schemes are only as
secure as those using them. - E.g. An uneducated but authenticated user may
install a trojan.
29Attack Detection/Prevention
-
- Firewalls Software to inspect packets, compare
them to rules and drop traffic specified by these
rules. - Intrusion Detection/Prevention Systems (IDS/IPS)
Software to inspect traffic flows for
signatures or other behavior that appears to be
malicious. - Anti-Virus Software Inspects files for signs of
infectious programs and eliminates them. - These mechanisms can either be deployed on
individual hosts or on dedicated network servers.
30Patching
- Fix vulnerabilities in software that may lead to
exploitation. Patch management is major hidden
cost to companies. - Important
- - Process is still embarrassingly manual
(changing?). - - Gap between release of patch first exploit
in the wild is shrinking (Witty worm and
zero-days). - - Often patches are not applied to critical
systems because updates sometimes have conflicts
that can break software running on the systems. -
- Do we patch?
- Check out Security Holes? Who Cares by Eric
Rescorla. http//www.rtfm.com/upgrade.pdf
31Process, Education Risk Assessment
- Often forgotten as security mechanisms
- - Having well-defined and consistent
preparation, response, and recovery plans across
an organization. -
- - Attempting to secure humans, often the weakest
link. - - Determining the danger associated with each
potential vulnerability.
32Discussion Questions
33Attributability
- For traffic on the Internet, can we determine who
a packet come from? - Two levels
- Can we tell what computer sent a given
packet?(what are the implications of source
spoofing?) - Can we attribute a packet to a human?
-
- - What does this say about our ability to catch
and prosecute perpetrators of online attacks?
What about active response?
34Determining Intent
- Can you infer intent from analyzing network
traffic? What about at the application level? - What is the different between a denial of service
attack and normal overwhelming usage? - What is more important, the intent or the result
of Internet traffic? - What about enablement versus use?
35Trust Relationships
- What are key trust relationships relating to
cybersecurity? Think about -
- - designers
- - developers
- - distributors
- - owners
- - operators
- - users
-
- If security is a weakest-link issue, what
forces keep one of these trust links from
breaking?
36The Power of the Core
-
- How much control do we have with determining
where traffic flows on the Internet, and what
entities have control over it? - What can someone on route potentially do? How
can you trust the integrity of what you see? - What does it take to have control of the Internet
core?
37Infrastructure Attacks
- How vulnerable is the actual Internet
infrastructure to attacks? - Could a single group bring down the Internet?
What does this mean? What kind of resources
would it take? - How reliant is the Internet on a relatively few
critical systems? - What happens when you rely on the security of
infrastructure that you have absolutely no
control over? As a company? As a country? How
does this compare to security in the physical
world?
38Determining Identity
- How can we trust an Internet entity is who they
say they are? - Why is this process more difficult than it is in
the brick mortar world? - How important is this for a critical
infrastructure? - Do our solutions for providing identity scale to
the millions of actions on the Internet?
39Overwhelming Complexity
- What does the extreme complexity of the Internet
mean for our ability to secure it? - Are there just too many things that could go
wrong to ever possibly be able to completely rely
on it? - In what way does the complexity impact our
ability to educate average users? Is user
education necessary? Is effective user education
even possible? - Will the Internet become more or less complex to
manage in the future?
40Why is this so hard?
- What are the major barriers to providing
security guarantees for an information system on
the Internet? - What (or who) are the weak links for security
systems? - Can we ever really secure a usable Internet
computer system? (e.g. directed attack) - How does software size complexity relate to our
ability to secure a system? What is zero-day?