2. Today’s Agenda What is Network Security? Why should you care? What is a network security attack? What is a buffer overflow attack? Where can you learn more? All in 30 minutes …
3. What is Network Security? Computer Security The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications) February 2004 http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf Network Security Essentials, 4/E William Stallings Prentice Hall, 2011
4. Why study Network Security? Multi-disciplinary Computer science, mathematics, psychology, sociology, politics, ethics, economics, forensics, … New way of thinking: security mind set Preventing undesirable behavior vs. enabling desirable behavior Personal relevance Keeping your personal data & devices safe Professional relevance
5. TCSS 431: Network Security Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, 2/E Ed Skoudis Tom Liston Prentice Hall, 2006 Network Security:Private Communication in a Public World, 2/E Charlie Kaufman Radia Perlman Mike Speciner Prentice Hall, 2002
6. Today’s Agenda 1. Introduction 2. Networking Overview 3. Linux and UNIX Overview 4. Windows NT/000/XP/00 Overview 5. Phase 1: Reconnaissance 6. Phase 2: Scanning 7. Phase 3: Gaining Access Using Application & OS Attacks Script Kiddie Exploit Trolling Pragmatism for More Sophisticated Attackers Buffer Overflow Exploits Password Attacks Web Application Attacks Exploiting Browser Flaws 8. Phase 4: Gaining Access Using Network Attacks 9. Phase 4: Denial-of-Service Attacks 10. Phase 4: Maintaining Access: Trojans, Backdoors& Rootkits 11. Phase 5: Covering Tracks & Hiding 12. Putting It All Together: Anatomy of an Attack 13. The Future, References & Conclusions Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, 2/E Skoudis & Liston Prentice Hall, 2006
7. Anatomy of an Attack Reconnaissance “casing the joint” Discovery of physical & online sensitive information Names, contact info (phone, email), IP addresses Social engineering, dumpster diving, Google Scanning “trying doorknobs & windows” Search for openings, network topology, OS type(s) Wireless access points, TCP ports, routers, gateways Inventory of target system & possible vulnerabilities Gaining access “breaking in” Application & OS attacks (Chapter 7) Stack-based & Heap-based Buffer Overflow Attacks
24. C library functions considered harmful Frank Rubin. (March 1987) Communications of the ACM 30 (3): 195–196. Donald Moore, Chuck Musciano, Michael J. Liebhaber, Steven F. Lott and Lee Starr. (May 1987) Communications of the ACM 30 (5): 351–355. http://en.wikipedia.org/wiki/Considered_harmful
25. Finding stack-based buffer overflow vulnerabilities Examine source code (if available) Use debugger on executableto find exploitable library Apply brute force Inundate application with input data Examine stack traces after crashes But what would you input … & what would you look for?
33. Strategy & Structure of a “Sploit” “Fuzzing” Repeated input patterns AAAA… (“A” = 0x41) ABCDEFG… DEF1, DEF2, DEF3, … NOP (No Operation) 0x90 on x86 Also: Add 0 Multiply by 1 Jump to next instruction … NOP sled
36. Script Kiddies & Exploit Collections Attacks (exploits) are widely available French Security Response Team (FrSIRT) http://www.vupen.com/english/ “Only available to trusted organizations” Packet Storm Security http://packetstormsecurity.org/ Security Focus Bugtraq Archives http://www.securityfocus.com/bid Metasploit Project http://www.metasploit.com Little or no knowledge required
38. Sample Payloads Bind shell to current port Bind shell to arbitrary port Reverse shell Windows VNC Server DLL Reverse VNC DLL Inject Inject DLL into running application Create local admin user The Meterpreter (Metasploit Interpreter)