DePaul University Computer Network Security - PowerPoint PPT Presentation

About This Presentation
Title:

DePaul University Computer Network Security

Description:

DePaul University Computer Network Security Are We Safe? Internet 101 Telephone System central authority network in control billing records per connection legal ... – PowerPoint PPT presentation

Number of Views:134
Avg rating:3.0/5.0
Slides: 25
Provided by: JohnKr96
Category:

less

Transcript and Presenter's Notes

Title: DePaul University Computer Network Security


1
DePaul UniversityComputer Network Security
  • Are We Safe?

2
Internet 101
  • Telephone System
  • central authority
  • network in control
  • billing records per connection
  • legal issues well understood
  • provisions for law enforcement (wiretapping)
  • Internet
  • no central authority
  • end systems in control
  • no central knowledge of connections
  • no per-packet billing
  • legal issues not well understood
  • anonymity is easy

3
Internet Security Stinks
  • Hosts are hard to secure
  • Bad defaults
  • Poor software
  • Fixes rarely applied
  • Average user/administrator is clueless
  • An overly secure system is not useful
  • Its difficult to coordinate among sites

4
Exploits Overview
  • Passwords
  • hacking and sniffing
  • System specific
  • NT, UNIX, NetWare, Linux
  • Application specific
  • web browser, ftp, email, finger
  • Protocol specific
  • spoofing, TCP hijacking, ICMP redirects, DNS
  • Denial of Service
  • PING of death, trinoo, tribe flood

5
The Process
  • Reconnaissance
  • Scanning
  • Exploit Systems
  • Keep access with backdoors/trojans
  • Use system
  • Often as a springboard
  • Cover any tracks

6
The Problem is Real
  • Just over a year ago...
  • ResNet/DPO
  • cgi-bin/phf
  • Oracle
  • CTI
  • Plain text

7
Recently...
  • We receive hundreds of probes every day
  • This weekend a single host sent at least 2000
    scans to our address space for port 23
  • .kr and .tw are popular sources
  • DNS scans
  • _at_home.com, aol.com are frequent flyers
  • ResNet students

8
Gotcha!
9
Password Hacking
  • Attackers can watch packets go by
  • Usually part of the attackers plan when
    compromising a host
  • One of the most common problems
  • Encryption for remote access helps
  • Note even encrypted password files can be cracked

10
Denial of Service Attacks
  • A Very Difficult Problem to Solve!
  • Real World Example
  • Everyone dials 911 at the same time
  • How do you screen and more importantly, stop the
    bad ones?
  • Most effective when source address is spoofed

11
Example Distributed Denial of Service Illustrated
12
Viruses and Worms
  • Programs written with the intent to spread
  • Worms are very common today
  • Usually email based (e.g. ILOVEYOU)
  • Viruses infect other programs
  • Code copied to other programs (e.g. macros)
  • Requires the code to be executed
  • Proves users continue to do dumb things
  • Sometimes software is at fault too

13
Buffer Overflows and Weak Validation of Input
  • One of the most popular security issues
  • Popular exploits with CGI scripts
  • Regular users can gain root access
  • Can pass commands to be executed
  • e.g. Network Solutions easysteps.pl
  • Sometimes root access can be gained

14
Network Mapping
  • PING
  • DNS mapping (dont need zone transfer)
  • dig pfset0x2020 -x 10.x.x.x
  • rpcinfo -p lthostnamegt
  • nmap lthttp//www.insecure.org/nmap/gt
  • very nice!
  • Microsoft Windows is NOT immune
  • nbtstat, net commands
  • Just look around the net!

15
Firewall Solutions
  • They help, but not a panacea
  • A network response to a host problem
  • Packet by packet examination is tough
  • Dont forget internal users
  • Need well defined borders
  • Can be a false sense of security

16
Internal Security
  • Most often ignored
  • Most likely the problem
  • Disgruntled (ex-)end user
  • Curious, but dangerous end user
  • Clueless and dangerous end user

17
Security by Obscurity
  • Is no security at all.
  • However
  • Its often best not to advertise unnecessarily
  • Its often the only layer used (e.g. passwords)
  • Probably need more security

18
Layered Defenses
  • The belt and suspenders approach
  • Multiple layers make it harder to get through
  • Multiple layers take longer to get through
  • Basic statistics and probability apply
  • If Defense A stops 90 of all attacks and Defense
    B stops 90 of all attacks, you might be able to
    stop up to 99 of all attacks
  • Trade-off in time, money and convenience

19
Physical Security
  • Trash bins
  • Social engineering
  • Its much easier to trust a face than a packet
  • Protect from the whoops
  • power
  • spills
  • the clumsy
  • software really can kill hardware

20
If I Were You, Id...
  • Keep up on your host patches/fixes
  • Be very careful with email attachments
  • Disable unnecessary services
  • Use encryption (ssh) whenever possible
  • avoid telnet, ftp, pop-3 email, etc.
  • Audit often
  • keep logs, keep backups

21
A Word About Network Address Translation
  • It has no place in this talk
  • It is misunderstood and misapplied
  • It is fundamentally bad for the Internet
  • Just say NO to RFC 1918

22
Food For Thought
  • http//networks.depaul.edu/security/
  • dpu.security
  • DePaul FIRST Team
  • Any further interest in security education and
    research?

23
References
  • bugtraq mailing list
  • http//www.sans.org
  • http//www.cert.org
  • http//www.cerias.perdue.edu
  • http//www.securityportal.com/lasg/
  • http//cale.cs.depaul.edu
  • http//www.securityfocus.com
  • http//www.denialinfo.com
  • http//www.enteract.com/lspitz/pubs.html
  • http//www.robertgraham.com/pubs/
  • http//cm.bell-labs.com/who/ches/
  • http//www.research.att.com/smb/
  • http//packetstorm.securify.com

24
My Information
  • Networks Group, DePaul University
  • http//condor.depaul.edu/jkristof/
  • jtk_at_depaul.edu
  • (312) 362-5878
Write a Comment
User Comments (0)
About PowerShow.com