Security - PowerPoint PPT Presentation

About This Presentation
Title:

Security

Description:

Security Security Threats Impersonation Pretend to be someone else to gain access to information or services Lack of secrecy Eavesdrop on data over network Corruption ... – PowerPoint PPT presentation

Number of Views:62
Avg rating:3.0/5.0
Slides: 28
Provided by: Arv596
Category:
Tags: security | threats

less

Transcript and Presenter's Notes

Title: Security


1
Security
2
Security Threats
  • Impersonation
  • Pretend to be someone else to gain access to
    information or services
  • Lack of secrecy
  • Eavesdrop on data over network
  • Corruption
  • Modify data over network
  • Break-ins
  • Take advantage of implementation bugs
  • Denial of Service
  • Flood resource to deny use from legitimate users

3
Security Vulnerabilities
  • Security Problems in the TCP/IP Protocol Suite
    Steve Bellovin - 89
  • Attacks on Different Layers
  • IP Attacks
  • ICMP Attacks
  • Routing Attacks
  • TCP Attacks
  • Application Layer Attacks
  • These are, today, the most common
  • But today well be (mostly) focusing on
    vulnerabilities that are inherent to the network,
    not just enabled by it

4
Three Levels of Defense
  • Firewalls
  • Filtering dangerous traffic at a middle point
    in the network
  • Network level security (e.g. IPsec)
  • Host-to-host encryption and authentication
  • Can provide security without application
    knowledge
  • Application level security
  • True end-to-end security
  • Requires extra effort per application
  • Libraries help, like SSL/TLS

5
Who is the enemy?
  • The Troubled Genius
  • Has a deep understanding of systems
  • Capable of finding obscure vulnerabilities in
    OSs, apps, and protocols, and exploiting them
  • Extremely skilled at evading countermeasures
  • Can dynamically adapt to new environments
  • The Idiot
  • Little or no true understanding of systems
  • Blindly downloads runs code written by T.G.
  • Can usually be stopped by calling his mother

Who do you think causes more damage?
6
Application Vulnerabilities
  • Getting a network service to do something the
    designers didnt want
  • The network isnt the fundamental weakness
  • Buffer overflows (unchecked input length)
  • Expecting 100 bytes, send lots more
  • SQL injection attacks
  • Open FTP servers that execute code
  • Many, many more

7
buffer overflowson the stack
8
buffer overflowson the stack
Attacker is supplying input to buf so buf gets a
very carefully constructed string containing
assembly code, and overwriting func 2s address
with bufs address. When func3 returns, it will
branch to buf instead of func2.
9
SQL Injection
  • Imagine a web site that takes your name, looks up
    info about you in a database
  • You might write code that says something like
    select from table where nameNAME
  • What if NAME is Joe update table set
    BankAccount1000000 --

10
XKCD 327
11
Security Flaws in IP
  • The IP addresses are filled in by the originating
    host
  • Address spoofing
  • Using source address for authentication
  • r-utilities (rlogin, rsh, rhosts etc..)
  • Can A claim it is B to the server S?
  • ARP Spoofing
  • Can C claim it is B to the server S?
  • Source Routing

C
2.1.1.1
Internet
S
1.1.1.3
A
1.1.1.1
1.1.1.2
B
12
Firewalls
  • Originally, fairly basic intent was to do
    per-packet inspection to block unused ports, for
    example
  • Make sure we know exactly whats getting into the
    network and carefully think about their security
  • Problem a bug in your HTTP server (or its
    configuration) wont be caught by a basic
    firewall!
  • Later firewalls became smarter theyd
    reconstruct the flow. Keep per-flow state
    (previously impossible)
  • Deny, for example, a HTTP request that contains
    bobby tables.

13
Reconstructing Flows
  • Lets say you want to search for the text USER
    root. Is it enough to just search the data
    portion of TCP segments you see?

USER root
(Uh oh we have to reassemble frags and
resequence segs)
14
Fun with Fragments
Imagine an attacker sends
1.
2.
3. 1,000,000 unrelated fragments
4.
5.
Think of the entire campus as being a massively
parallel computer. That supercomputer is solving
the flow-reconstruction problem. Now were asking
a single host to try to solve that same problem.
15
More Fragment Fun
Imagine an attacker sends
Seq.
1.
Time
2.
3a.
3b.
4.
  • Should we consider 3a part of the data stream
    USER root?
  • Or is 3b part of the data stream? USER foot!
  • If the OS makes a different decision than the
    monitor Bad.
  • Even worse Different OSs have different
    protocol interpretations,
  • so its impossible for a firewall to agree with
    all of them

16
Trickery
  • Non-standard parts of standards
  • IP fragment overlap behavior
  • TCP sequence number overlap behavior
  • Invalid combinations of TCP options
  • Other ways to force a disparity between the
    monitor and the end-station
  • TTL
  • Checksum
  • Overflowing monitor buffers

See http//www.secnet.com/papers/ids-html/ for
detailed examples
17
Security Flaws in IP
  • Source IP address can be forged
  • Leads to the Smurf Attack
  • Protocols that require no handshake (UDP) can be
    tricked if they do IP-based authentication
  • IP fragmentation attack
  • End hosts need to keep the fragments till all the
    fragments arrive
  • Denial of service

18
Ping Flood The Smurf Attack
victim
Typically evil has slow link (modem)
victim has fast link (T1) big has very
fast link (T3)
evil
big
ICMP_ECHO_RPL Source big Dest victim
ICMP_ECHO_REQ Source victim Dest big (broadcast
addr)
19
ICMP Attacks
  • No authentication
  • ICMP redirect message
  • Can cause the host to switch gateways
  • Benefit of doing this?
  • Man in the middle attack, sniffing
  • ICMP destination unreachable
  • Can cause the host to drop connection
  • ICMP echo request/reply
  • Many more
  • http//www.sans.org/rr/whitepapers/threats/477.php

20
TCP Attacks
21
TCP Layer Attacks
  • TCP SYN Flooding
  • Exploit state allocated at server after initial
    SYN packet
  • Send a SYN and dont reply with ACK
  • Server will wait for 511 seconds for ACK
  • Finite queue size for incomplete connections
    (1024)
  • Once the queue is full it doesnt accept requests
  • Solution Syn Cookies
  • Construct a special sequence number that has
    connection info encrypted
  • Client sends it back with the ACK re-encrypt and
    make sure it matches

22
TCP Layer Attacks
  • TCP Session Hijack
  • When is a TCP packet valid?
  • Address/Port/Sequence Number in window
  • How to get sequence number?
  • Sniff traffic
  • Guess it
  • Many earlier systems had predictable initial
    sequence number
  • Inject arbitrary data to the connection

23
TCP Layer Attacks
  • TCP Session Poisoning
  • Send RST packet
  • Will tear down connection
  • Do you have to guess the exact sequence number?
  • Anywhere in window is fine
  • For 64k window it takes 64k packets to reset
  • About 15 seconds for a T1
  • Can reset BGP connections

24
DNS Attacks
  • Cache poisoning
  • Ask for EVILHOST.COM (say, because of spam)
  • EvilHost.coms DNS server complies, but also
    just happens to tell you the IP of
    BankOfAmerica.com
  • DNS client puts it in cache. Fun!
  • Once this bug was found, DNS clients stopped
    accepting info they didnt request

25
Routing Attacks
  • Distance Vector Routing
  • Announce 0 distance to all other nodes
  • Blackhole traffic
  • Eavesdrop
  • Link State Routing
  • Can claim direct link to any other routers
  • A bit harder to attack than DV
  • BGP
  • ASes can announce arbitrary prefix
  • ASes can alter path
  • Today, these are generally just solved through
    reputation dont accept updates from people you
    havent arranged for in advance.

26
Denial of Service
  • Objective ? make a service unusable by
    overloading
  • Consume host resources
  • TCP SYN floods
  • ICMP ECHO (ping) floods
  • Consume bandwidth
  • UDP floods
  • ICMP floods
  • Crashing the victim
  • Ping-of-Death
  • TCP options (unused, or used incorrectly)
  • Forcing more computation on routers
  • Taking long path in processing of packets

27
Summary
  • The Internet is dangerous
  • Many of the original trust assumptions no longer
    hold
  • Network security needs to be addressed at
    different levels
  • Better protocols, better routers, better
    application level features, etc.
  • The root cause of security problems? Classes
    like this one. Security should be integral to
    everything, not tacked on at the end.
Write a Comment
User Comments (0)
About PowerShow.com