Upcoming SlideShare
Loading in...5







Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

PowerPoint PowerPoint Presentation Transcript

  • DePaul University Computer Network Security Are We Safe?
  • Internet 101
    • Telephone System
      • central authority
      • network in control
      • billing records per connection
      • legal issues well understood
      • provisions for law enforcement (wiretapping)
    • Internet
      • no central authority
      • end systems in control
      • no central knowledge of connections
      • no per-packet billing
      • legal issues not well understood
      • anonymity is easy
  • Internet Security Stinks
    • Hosts are hard to secure
    • Bad defaults
    • Poor software
    • Fixes rarely applied
    • Average user/administrator is clueless
    • An overly secure system is not useful
    • It’s difficult to coordinate among sites
  • Exploits Overview
    • Passwords
      • hacking and sniffing
    • System specific
      • NT, UNIX, NetWare, Linux
    • Application specific
      • web browser, ftp, email, finger
    • Protocol specific
      • spoofing, TCP hijacking, ICMP redirects, DNS
    • Denial of Service
      • PING of death, trinoo, tribe flood
  • The Process
    • Reconnaissance
    • Scanning
    • Exploit Systems
    • Keep access with backdoors/trojans
    • Use system
      • Often as a springboard
    • Cover any tracks
  • The Problem is Real
    • Just over a year ago...
    • ResNet/DPO
    • cgi-bin/phf
    • Oracle
    • CTI
    • Plain text
  • Recently...
    • We receive hundreds of probes every day
      • This weekend a single host sent at least 2000 scans to our address space for port 23
    • .kr and .tw are popular sources
    • DNS scans
    • @home.com, aol.com are frequent flyers
    • ResNet students
  • Gotcha!
  • Password Hacking
    • Attackers can watch packets go by
    • Usually part of the attacker’s plan when compromising a host
    • One of the most common problems
    • Encryption for remote access helps
    • Note: even encrypted password files can be cracked
  • Denial of Service Attacks
    • A Very Difficult Problem to Solve!
    • Real World Example
      • Everyone dials 911 at the same time
      • How do you screen and more importantly, stop the bad ones?
    • Most effective when source address is spoofed
  • Example Distributed Denial of Service Illustrated
  • Viruses and Worms
    • Programs written with the intent to spread
    • Worms are very common today
      • Usually email based (e.g. ILOVEYOU)
    • Viruses infect other programs
      • Code copied to other programs (e.g. macros)
    • Requires the code to be executed
      • Proves users continue to do dumb things
      • Sometimes software is at fault too
  • Buffer Overflows and Weak Validation of Input
    • One of the most popular security issues
    • Popular exploits with CGI scripts
    • Regular users can gain root access
    • Can pass commands to be executed
      • e.g. Network Solutions easysteps.pl
    • Sometimes root access can be gained
  • Network Mapping
    • PING
    • DNS mapping (don’t need zone transfer)
      • dig +pfset=0x2020 -x 10.x.x.x
    • rpcinfo -p <hostname>
    • nmap <http://www.insecure.org/nmap/>
      • very nice!
    • Microsoft Windows is NOT immune
      • nbtstat, net commands
    • Just look around the ‘net!
  • Firewall Solutions
    • They help, but not a panacea
    • A network response to a host problem
      • Packet by packet examination is tough
    • Don’t forget internal users
    • Need well defined borders
    • Can be a false sense of security
  • Internal Security
    • Most often ignored
    • Most likely the problem
    • Disgruntled (ex-)end user
    • Curious, but dangerous end user
    • Clueless and dangerous end user
  • Security by Obscurity
    • Is no security at all.
    • However
      • It’s often best not to advertise unnecessarily
      • It’s often the only layer used (e.g. passwords)
    • Probably need more security
  • Layered Defenses
    • The belt and suspenders approach
    • Multiple layers make it harder to get through
    • Multiple layers take longer to get through
    • Basic statistics and probability apply
      • If Defense A stops 90% of all attacks and Defense B stops 90% of all attacks, you might be able to stop up to 99% of all attacks
    • Trade-off in time, money and convenience
  • Physical Security
    • Trash bins
    • Social engineering
    • It’s much easier to trust a face than a packet
    • Protect from the whoops
      • power
      • spills
      • the clumsy
      • software really can kill hardware
  • If I Were You, I’d...
    • Keep up on your host patches/fixes
    • Be very careful with email attachments
    • Disable unnecessary services
    • Use encryption (ssh) whenever possible
      • avoid telnet, ftp, pop-3 email, etc.
    • Audit often
      • keep logs, keep backups
  • A Word About Network Address Translation
    • It has no place in this talk
    • It is misunderstood and misapplied
    • It is fundamentally bad for the Internet
    • Just say NO to RFC 1918
  • Food For Thought
    • http://networks.depaul.edu/security/
    • dpu.security
    • DePaul FIRST Team
    • Any further interest in security education and research?
  • References
    • bugtraq mailing list
    • http://www.sans.org
    • http://www.cert.org
    • http://www.cerias.perdue.edu
    • http://www.securityportal.com/lasg/
    • http://cale.cs.depaul.edu
    • http://www.securityfocus.com
    • http://www.denialinfo.com
    • http://www.enteract.com/~lspitz/pubs.html
    • http://www.robertgraham.com/pubs/
    • http://cm.bell-labs.com/who/ches/
    • http://www.research.att.com/~smb/
    • http://packetstorm.securify.com
  • My Information
    • Networks Group, DePaul University
    • http://condor.depaul.edu/~jkristof/
    • [email_address]
    • (312) 362-5878