SlideShare a Scribd company logo

Afcea 4 internet networks

Download as PPT, PDF
Paul Strassmann
Paul Strassmann
Technology
1 of 90
Internet Networks AFCEA - Cyber Operations, Lecture #5 Paul A. Strassmann, George Mason University, 5/22/2012 1
Attacks on Cyber Security Social Media Attacks 2
Cyber Security is Asymmetric • A phony “Robin Sage”, easily masquerading as an employee of the Naval Network Warfare command, was able to accumulate in a few months 300 friends on LinkedIn, 110 on Facebook and had 141 followers on Twitter. • She connected with the Joint Chiefs of Staff, the CIO of the NSA, an intelligence director for the U.S. Marines and the a chief of staff for the U.S. House of Representatives. 3
A Social Media Cyber-Attack 1. The cybercriminal sets up a bogus profile, such as “Ana Maria”. 2. An encrypted malware string is coded as text and then uploaded into the bogus profile. 3. After the message enters into a customer’s machine it will search for the string, which will signal the beginning of the malware code. 4. The malware is then executed. If it is a Trojan or a bot, it can proceed to attack the customer’s computer or to propagate further. 4
Example of Bounties for Bug Catchers, by Google $3,137 to Sergey Glazunov for bug 68666 $1,337 to Sergey Glazunov for bug 35724 $1,337 to Sergey Glazunov for bug 45400 $1,337 to Sergey Glazunov for bug 50553 $1,337 to Keith Campbell for bug 51630 $1,337 to Aki Helin from OUSPG for bug 59036 $1,337 to Sergey Glazunov for bug 65764 $1,337 to Sergey Glazunov for bug 70165 $1,000 to Tokuji Akamine for bug 30660 $1,000 to kuzzcc for bug 37383 $1,000 to Jordi Chancel for bug 40445 •http://dev.chromium.org/Home/chromium-security/hall-of-fame 5
“Safe Browsing” Service- Two Factor Authentication • Safe Browsing is a service provided by Google that enables applications to check URLs against Google's constantly updated lists of suspected phishing and malware pages. • Here are some of the things you can do with the Safe Browsing service: • Warn users before clicking on links that appear in your site when they lead to malware-infected pages. • Prevent users from posting links to known phishing pages from your site. • Check a list of pages against Google's lists of suspected phishing and malware pages. 6
Attacks on Cyber Security Attack Prospects 7
Power of Microprocessors: A Historical Perspective 8 http://www.jetpress.org/volume1/moravec.htm
Projected Development of Machine Intelligence 1 300 100,000 2,000,000 60,000,000 3 Billion 100 Billion 0.001 1 100 10,000 100,000 1,000,000 100,000,00 1975 1990 1996 2000 2005 - 2010 2010 - 2020 2020 - Beyond 0.001 1 1,000 10,000 100,000 Million Billion $1,000 $1,000 $100 $1,000 $1,000 $1,000 $100 Bacterium Worm Guppy Lizard Mouse Monkey Human Number of Neurons Equivalent MIPS Computer Processing Available MIPS/ $1000 Computing Costs Organism 9
10
Outline of Internet Networks Topology of Internet Networks 11
12
Internet Advantage • Any properly configured computer can act as a host for a personal web-page. • Any of several hundred million other computers can view that personal web-page. • Any of several hundred million other computers can connect to another computer capable of delivering an information processing service. 13
Internet Liabilities • 17,000+ partially secure, poorly connected networks with practically unlimited number of unverifiable points of access; • The most frequently used security protocol (SSL- Secure Socket Layer) authenticates destination servers, but not the sending sources; • Networks are mostly small, with large ISPs managing less than 10% of network traffic; • Performance of the network depends on “peering relationships” between ISP (Information Service Providers), each providing network capacity and router switching capacity ; • Delivery of packets cannot be guaranteed because network performance determined by routers that may not have sufficient capacity to handle traffic spikes.
Components of the Internet • The (BGP) Border Gateway Protocol are ISP instructions for forwarding packets from one network link to another. BGP is unreliable if router tables are in error; • Average broad-band web-page download time to LAN can be well over 0.5 seconds, if message “packet” traverses several “hops”; • (DNS) Domain Name System can be compromised, by diversion of communications; • Software robots (Botnets) can automatically proliferate and convey destructive software such as “worms”, “rootkits” or parasitic “malware” such as “Trojans” for finding “backdoors” into computers. • Denial of service attacks can be launched.
Problems with Nets and Servers • Capacity limitations for peak loads; • Congestion in access to data sources; • Excessive delays for global access; • Expensive to scale capacity for growth; • Problem not in bandwidth, but mostly in switching; • Depends on reliability and capacity of ISP “peers” to forward data to the destination; • Conflicting economic interests among “peers” can inhibit growth and performance. 16
Outline of Internet Networks Structure of Internet Protocols 17
Layer 7: Application Application Services Layer 6: Presentation Data Representation Layer 5: Session Inter-host Communications Layer 4: Transport End-to-End Connectivity Layer 3: Network Path Determination Layer 2: Data Link Link Reliability Layer 1: Physical Signal Transmission The Internet “Stack”
OSI Protocols 19
All Packets Traverse All Stack Layers 20
All Internet Transmissions in “Hops” (Total elapsed time 6 seconds) 21 From: jtmessert@optonline.net 7 Dec 2008 15:05:39 1. Received: from 48151 invoked from network 2. Received: from localhost (localhost [127.0.0.1]) 3. Received: from rn-out-0910.google.com 4. Received: by rn-out-0910.google.com 5. Received: by 10.100.255.10 6. Received: by 10.100.124.12 7. Received: by 10.65.53.19 8. Received: from qs1473.pair.com 9. Received: from localhost [127.0.0.1] 10. Received: from mta3.srv.hcvlny.cv.net 11. Received: from [10.240.3.210] Forwarded-To: paul@strassmann.com 7 Dec 2008 15:05:45 Above message = 29 “packets”
All Internet Transmissions via “Packets” 22 Header Source Address Destination Address Data
What is in an IPv4 Internet Packet Header • 4 bits that contain the version, that specifies IPv4 or IPv6 packet, • 4 bits that contain the length of the header, • 8 bits that contain the Type of Service - Quality of Service (QoS), • 16 bits that contain the length of the packet, • 16 bits identification tag to reconstruct the packet from fragments, • 3 bits flag that says if the packet is allowed to be fragmented or not, • 13 bits identify which fragment this packet is attached to, • 8 bits that contain the Time to live (TTL) number of hops allowed • 8 bits that contain the protocol (TCP, UDP, ICMP, etc..) • 16 bits that contain the Header Checksum,, • 32 bits that contain the source IP address, • 32 bits that contain the destination address. 23
What Drives Computing to “the Edge”? 24 LAN Connection 2 “hops” Latency: 0.01 seconds MIDDLE MILE : 8-20 “hops” TCP Retransmits at each “hop” Latency: 0.1 to 0.5 seconds Channel Connection 1 “hop” Latency: 0.001 seconds LOCAL WORKSTATION CENTRAL COMPUTER 24
“Middle Mile” In Transmission Takes Microseconds 25 0.529 7.241 7.915 10.527 9.323 10.848 41.431 16.273 17.097 15.699 17.693 0.627 155.202 First Mile Middle Mile Middle Mile Middle Mile Middle Mile Middle Mile Middle Mile Middle Mile Middle Mile Middle Mile Middle Mile Last Mile 192.168.0.1 10.130.160.1 dstswr2-vlan2.rh.nrwlct.cv.net r2-ge12-1.mhe.whplny.cv.net 64.15.8.117 (64.15.8.117) rtr3-tg11-2.in.nycmnyzr.cv.net.0.15.64.in-addr.arpa rtr2-tg10-1.in.asbnva16.cv.net cr1-eqix-peer.wdc003.internap.net core2.wdc002.inappnet-62.cr1.wdc005.internap.net border2.pc2-bbnet2.wdc002.pnap.net infospaceinc-3.border2.wdc002.pnap.net 167.206.251.78 Total Transmission Time without Error Average Milliseconds Elapsed Time Transmission Stage IP Address
26 Example: “Hops” from Desktop to Server 0.0.0.0 dstswr1-vlan2.rh.nrwlct.cv.net r1-ge12-1.mhe.whplny.cv.net r2-srp3-0.wan.whplny.cv.net r2-srp0-0.in.nycmny83.cv.net gige-g0-2.gsr12416.nyc.he.net pos0-3.gsr12416.ash.he.net 64.71.158.140 84.53.144.195 80.67.72.198 Total Transaction Latency (in Miliseconds) 13.084 12.343 14.528 19.735 18.286 24.839 20.012 20.087 21.735 21.097 185.746 1 2 3 4 5 6 7 8 9 10 40 byte packets to Akamai.com (80.67.72.198) traceroute (Number of Hops)
Outline of Internet Networks IPv4 vs. IPv6 27
Is Conversion from IPv4 to IPv6 Necessary Now? • Total capacity of IPv4 is 4.3 billion addresses. • Xerox, IBM, HP, Apple and Ford each have 16.8 million addresses. • Xerox employment is 53,500. • DoD has available 134.2 million addresses 28 http://en.wikipedia.org/wiki/List_of_assigned_/8_IPv4_address_blocks
Current IPv4 vs. IPv6 Status • IPv4 allows 32 bits for the Internet Protocol. • IPv6 uses a 128-bit address and supports a practically infinite number of addresses. • As of the end of 2010 only 533 million unique IP addresses have been assigned. • Though the USA currently has 26.4% of the global IP population, it has obtained more than 50% of the IP addresses, while the quickly growing China is exhausting its allocation. • There are enough IP addresses, on the average, except that they have been misallocated. An immediate rush into IPv6 in the USA cannot be justified. 29
Outline of Internet Networks Virtual Private Networks 30
VPN Features • VPN offers site-to-site connectivity • The protocols are used for “tunneling” the traffic • The tunnel's termination point unpacks the protocol. • VPN enables several levels of security. • Cryptographic tunneling protocols provide confidentiality by blocking intercepts and packet sniffing. • VPN allows sender authentication to block identity spoofing, and message alteration. 31
Examples of VPN Protocols • “IPSEC” VPN protocol developed for IPv6. • Transport Layer Security (SSL/TLS) can tunnel complete network traffic. • Datagram Transport Layer Security (DTLS), solves Transmission Control Protocol (TCP) issues. • Special fixes offered by Microsoft: – Microsoft Point-to-Point Encryption (MPPE). – Microsoft Secure Socket Tunneling Protocol (SSTP). • Secure Shell (SSH) VPN – Offers secure tunneling for inter- network links. 32
Outline of Internet Networks Network Switches 33
Internet Messages Pass Through Routers and Switches 34 R T R T R T R T R T R T R T R T R T R T R T R T RT= ROUTING TABLES SWITCH ROUTERS SWITCH
Internet Switch that Connects ISPs 35
Principal Attack Scenarios on Internet Switches • Flooding Attacks on a Switch • Address Resolution Spoofing • “Man-in-the-Middle” Attack • Denial of Service Attack • Switch Hijacking Attack • Spanning Tree Attack • The Root Claim Attack • Forcing Eternal Root Election Attack • VLAN Hopping Attack 36
Flooding Attacks on a Switch • The Media Access Control (MAC) protocol defines for a switch what transmissions are allowed to access which connection. • A switch will keep a Content Addressable Memory (CAM) table for identification of MAC destinations. CAM tables have a limited memory and will overflow. • Attack tools that can auto generate +100,000 bogus entries per minute, which then overloads the switch so that it malfunctions. 37
VLAN Hopping Attack • Virtual LANs (VLAN) make it possible to group users into logically separate networks. • A switch partitions local area networks into isolated VLANs. The computers and peripherals are then restricted from communicating with each other. • Separate subnets are compromised if an attacker manages to send across different zones (hopping). That will make VLAN subdivisions useless. • For instance, a NIPRNET LAN could be used to initiate a denial of service against computers on SIPRNET. 38
Address Resolution Spoofing • Attacker replaces the Address Resolution Protocol (ARP) cache on a switch with a forged mapping. • It causes traffic to be redirected from the correct target to a target of the attacker’s choice. • Allows an attacker to sniff the data flowing to a local area network. The traffic is then modified. 39
“Man-in-the-middle” Attack • Adds a third party destination into the communications stream without the legitimate recipients being aware. • The third party can extract passwords and confidential data. 40
Switch Hijacking Attack • The switch will inject illegitimate connections that will pretend to be authentic. • The added connections will take over control without the recipients being aware. 41
Spanning Tree Attack • Allows the connection of multiple switches for LAN redundancy or as of spare links to form automatic backup paths. • If the Spanning Tree Protocol (STP) is corrupted, communications will be re-routed to illegitimate links. 42
The Root Claim Attack • Bogus bridge protocols are used to designate the attacker’s station as the new root bridge. • Once in control a variety of malicious attacks can be launched by the attacker, including the sniffing of all messages for sensitive information and for passwords. 43
Forcing Eternal Root Election Attack • Makes the network unstable by tampering with the Spanning Tree Protocol (STP) routing algorithm to keep searching for the root switch, without ever finding it. • The network will be always in the root selection process, which will make the network unstable and potentially disabled. 44
Outline of Internet Networks Network Routers 45
Juniper T4000 router-240 GBPS per slot 46
Internet Routers That Connect ISPs to Backbone Nets 47
Border Gateway Attacks • The Border Gateway Protocol (BGP) is the core routing protocol of the Internet. It maintains tables of networks that can be reached from routers. • BGP makes routing decisions based on path availability, network policies and operating rules. • The Border Gateway protocol does not assure data integrity and does not provide source authentication. • BGP can be tampered with by making changes to the router software. 48
Principal Attack Scenarios on Internet Routers • Promiscuous Mode Corruption • Router Table Attacks • Router Information Attacks • Shortest Path Attacks • Border Gateway Attacks • Border Gateway Poisoning 49
Corruption of Internet Routing Tables • The rapid growth and fragmentation of Internet routing tables is the major threats to the integrity of Internet transmissions. • Destination addresses are chosen by “routing tables”. If these routing tables get incorrect information, misrouting will occur. • Routers tell packets of data which way to go. When an e- mail is sent from one private network to another, the router “decides” which packets should travel within the corporate private network and which should not. http://pstrassmann.blogspot.com/2010/12/corruption-of-internet-routing-tables.html 50
Promiscuous Mode Corruption • The router masquerade as a “super-user” with software control privileges. Many router operating systems make “super-user” privileges available for maintenance or for software updating reasons. • The attacker uses the vendor instructions to acquire “super user” status. • A promiscuous computer can monitor traffic to and from other computers on the Internet. 51
Router Table Attacks • The content of a routing table update is continually modified to reflect changes in the configuration of the surrounding networks. An attacker will create messages that look legitimate and can be then inserted into the routing table. • An attacker creates messages that look legitimate and can be then inserted into the routing table so that transactions can be redirected. • Attacks on the routing table updates represent a high risk in the absence of a strong authentication mechanism. Password are insufficient for protecting military grade routers. 52
Router Poisoning Attacks • Router poisoning is a method used to direct the formation of routing loops within networks. • A “hop” count will indicate to other routers that a route is no longer reachable and should be removed from their respective routing tables. • The desired destination for the packets will cease to function. 53
Shortest Path Attacks • Each router passes the status of its links to its neighbors who in turn forward this information to other routers in the network. • As result of such passing each router has the link information for all other routers and eventually has the picture of the entire network topology. • In a compromised table the calculated shortest paths will be incorrect and the shortest paths will be purged. 54
Black Hole Attack • By making use of router vulnerabilities, various kinds of attacks can be launched to compromise the routing through software changes. • A special case is the “Black Hole” attack where the router directs a packet to a network where packets enter but do not come out.
Outline of Internet Networks Domain Servers 56
What Are the DNS Servers? • The Domain Name System (DNS) is a globally distributed service that is foundational to the way people use the Internet. • DNS uses a hierarchical name structure, and different levels in the hierarchy are each separated with a dot ( . ) • Computers use the DNS hierarchy to translate human readable names like <www.amazon.com> into the IP addresses like 192.0.2.1 that INTERNET can use to route transactions to one another. 57
Principal Attack Scenarios on Domain Name System (DNS) • Address Starvation Attack • Attacks Using Rogue Servers • Attacks Using Bogus Default Gateway • DNS Database with Malicious Records • DNS Spoofing With a Sniffer • DNS Flooding Attack • Spoofed Responses to a DNS Server • Buffer Overflow Attack • Denial of Service Attack 58
Outline of Internet Networks Network Control 59
NOC Control Display 60
Seats Reserved for Countermeasure Specialists 61
Challenge • How to automate monitoring, control and security tasks performed by >50,000 personnel now attending to computers at >500 server farms? • How to migrate to a highly automated environment? 62
The Purpose of a Network Operations Center (NOC) • To manage an automated network environment. • To function as the first line of defense for security. • To operate information warfare countermeasures. • To shift computing workloads to and from: – Locked down internal production operations; – Test and Pre-production environments; – Internal “clouds” for legacy applications; – External “clouds” for fall back and added assets. 63
The NOC Becomes the Key to Net-Centricity • Manages the migration from a device centric world to a customer centric world. • Enables connecting from anywhere, by any means. • Offers access privileges only to authorized persons. • Allows purchasing of computer processing power independent of circuit technology. • Makes it possible to associate computing services according to a person’s roles or location. 64
Concept of Operations for Network Operations Center 65 • Network Operations Center (NOC) manages massively distributed virtual computers. • The scale of NOC dictates the scope of information security safeguards. • NOCs should be geographically distributed and redundant. • The staffing of NOCs can offer huge economies of scale, depending on the capitalization of the staff. • The NOC should include countermeasures as the first line of defence in the case of information warfare. 65
Security & Control Managed from the NOC • Offers visibility into all machine resources and processes. • Monitors and controls the execution of all applications. • Set up traps for viruses, rootkits and malware before they can infect a system. 6666
Security Architecture Managed from the NOC • Delivers a private network that is completely isolated from the public Internet except through a small number of controlled access gateways. • Offers instant visibility of 100% of every network component (such as cabling, routers, switches, servers and end user appliances); • Provides uninterrupted, redundant real-time monitoring of each transaction that is processed anywhere on the entire network; • Offers instant switching of communications as well as of all computing assets to fall-back facilities to deliver. 67 67
Example of NOC Operations • NOCs account for every Internet Protocol (IP) address in the system, which includes all authorized desktops, laptops, smart-phones and RFIDs. • Assuming insider attack, all network incidents, whether human or automatic, shall be followed up and documented for attack pattern analysis. • Forensic and artificial intelligence methods will be applied to analyse attack patterns in the perpetual transactions library. • Keeps inventories of LAN and WAN for identification of alternative paths under failure conditions. 68 68
The Purpose of a Network Operations Center (NOC) • To manage an automated network environment. • To function as the first line of defense for security. • To operate information warfare countermeasures. • To shift computing workloads to and from: – Locked down internal production operations; – Test and Pre-production environments; – Internal “clouds” for legacy applications; – External “clouds” for fall back and added assets. 69 69
Ultimate Purpose: NOCs Manage Connecting of the Clouds • Extends Virtual Infrastructure beyond single data center • Uses secondary Data Center site for testing and overflow • Leverages geographically distributed resources • Rents resources from Service providers for capacity • Maintains IT Service Service Levels Virtual Infrastructure Resource Cloud Test and Development Data Center Primary Data Center Virtual Infrastructure 7070
Software Defined Networks (SDN) • SDN allows direct access to and manipulation of network devices such as switches and routers, both physical and virtual. It is the absence of an open interface to these devices that has led to the characterization of today’s networking devices as monolithic, closed, and mainframe-like. Protocol like SDN is needed to move network control out of the individual switches to centralized control software. • SDN control software can control any SDN-enabled network device from any vendor, including switches, routers, and virtual switches. Rather than having to manage groups of devices from individual vendors, IT will be now able to use SDN-based orchestration and management tools to quickly deploy, configure, and update devices across the entire network. 71
The Future: Virtual Networks 72
Outline of Internet Networks Performance Metrics 73
NOCs Obtain Independent Uptime and Latency Metrics 74 74
From the NOC Monitoring & Control Every Server Possible 75 75
NOC Software Enables Diagnosis of the Status of Servers 76 76
Utilization of Servers Monitored and Controlled from NOC 77 77
Visibility of Virtual Machines at the NOC 78 78
79 VISA Credit Card Case • >1.3 billion Visa cards in circulation; • Accepted at >24 million input sources, >160 countries; • >50,000 decision rules for interoperability; • Interoperability in >50 languages; • Cash access at >one million ATMs; • Capable of processing >6,200 transactions a second; • Global response time <0.25 seconds; • Interoperable with >21,000 financial institutions; • Global Systems Integration Staff of 200;
Amazon Global Network of Private Servers • Ashburn, VA • Dallas/Fort Worth, TX • Los Angeles, CA • Miami, FL • New York, NY • Newark, NJ • Palo Alto, CA • Seattle, WA • St. Louis, MO • Amsterdam • Dublin • Frankfurt • London • Hong Kong • Tokyo • Singapore 80
AKAMAI, a Telecomm Infrastructure Manager • Manages 35,000 servers. • Servers hosted with Internet Service Providers (ISP) • NOC has 12 operating staff. • Most of the Akamai intellectual capital is in their NOC. • 99.98% uptime for “End-to-End” connections. – Performance is inclusive of server failures, connectivity failures and network downtime, measured on a 24/7 basis. • Akamai has $800M in revenues. 81
Outline of Internet Networks The Global Information Grid (GIG) 82
Origin of the Global Information Grid (GIG) • In September 1992, Defense Management Report Decisions (DMRD) expanded DISA's role. • DMRD 918 created the Defense Information Infrastructure (DII), now known as the Global Information Grid. At the same the Defense Information Systems Network was created to consolidate 122 DoD networks. • DISA plans, designs, constructs, and analyzes the effectiveness of the U.S. military's cyberspace. • DISA establishes the technological standards that make the GIG secure and reliable. 83
Large Internet Firms Offer Direct Links to Speed Connections_ 84 26 Routers 169 POP Switches
A 2004 Evaluation by the Government Accountability Office • The most critical challenge ahead for DOD is making the GIG a reality. • DOD has taken steps to define its vision and objectives for the GIG on paper. • DoD is making heavy investments ($21 billion over 6 years) the GIG as well as on systems that dependent on the GIG. • It is not known how DOD will meet GIG objectives. 85 SOURCE: GAO-04-858. 2004
DoD Policies on Building and Operating the GIG 86
GIG as the Cornerstone of Information Superiority • GIG is the enabler of net-centric warfare. • The GIG makes up a secure, reliable network for communications satellites, next-generation radios and military installations-based networks with expanded bandwidth. • Increased budgetary pressures are starting to modify the term GIG. • New concepts are emerging such as Cyberspace Operations which are revising what was the original version of GIG. 87
Questions pstrassm@gmu.edu 88
Required Reading – The Internet’s Vulnerabilities Are Built Into Its Infrastructure, Paul A. Strassmann, November 2009 • http://www.afcea.org/signal/articles/templates/SIGNAL_Article_Templa – Network-Centric Systems Need Standards and Metrics, Paul A. Strassmann, July 2009 • http://www.afcea.org/signal/articles/templates/SIGNAL_Article_Templa – Can DoD Manage the Delivery of GIG Objectives? • http://pstrassmann.blogspot.com/2011/08/can-dod-manage-delivery-of – Why the GIG Warrants Top Priority • http://pstrassmann.blogspot.com/2011/03/how-secure-is-virtual-netwo 89
Class Assignment • Write a >200 word analysis of one of the topics in the required reading list : • Analysis to include: – Discussion of favorable and unfavorable views about the issue – Your personal summary conclusion and recommendations 90

Recommended

Advanced routing worm and its security challenges
Advanced routing worm and its security challengesAdvanced routing worm and its security challenges
Advanced routing worm and its security challengesUltraUploader
 
Voice Search SEO and Long Tail Keyword Research
Voice Search SEO and Long Tail Keyword ResearchVoice Search SEO and Long Tail Keyword Research
Voice Search SEO and Long Tail Keyword ResearchCharles Taylor
 
AN EFFECTIVE PREVENTION OF ATTACKS USING GI TIME FREQUENCY ALGORITHM UNDER DDOS
AN EFFECTIVE PREVENTION OF ATTACKS USING GI TIME FREQUENCY ALGORITHM UNDER DDOSAN EFFECTIVE PREVENTION OF ATTACKS USING GI TIME FREQUENCY ALGORITHM UNDER DDOS
AN EFFECTIVE PREVENTION OF ATTACKS USING GI TIME FREQUENCY ALGORITHM UNDER DDOSIJNSA Journal
 
Eecs 2013-18
Eecs 2013-18Eecs 2013-18
Eecs 2013-18Hai Nguyen
 
Event - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security PerimetersEvent - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security PerimetersSomyos U.
 
Network security interview questions &amp; answers
Network security interview questions &amp; answersNetwork security interview questions &amp; answers
Network security interview questions &amp; answersSimpliv LLC
 
News bytes Sept-2011
News bytes Sept-2011News bytes Sept-2011
News bytes Sept-2011Ashwin Patil, GCIH, GCIA, GCFE
 
Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...
Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...
Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...Paladion Networks
 

Recommended

Advanced routing worm and its security challenges
Advanced routing worm and its security challengesAdvanced routing worm and its security challenges
Advanced routing worm and its security challengesUltraUploader
 
Voice Search SEO and Long Tail Keyword Research
Voice Search SEO and Long Tail Keyword ResearchVoice Search SEO and Long Tail Keyword Research
Voice Search SEO and Long Tail Keyword ResearchCharles Taylor
 
AN EFFECTIVE PREVENTION OF ATTACKS USING GI TIME FREQUENCY ALGORITHM UNDER DDOS
AN EFFECTIVE PREVENTION OF ATTACKS USING GI TIME FREQUENCY ALGORITHM UNDER DDOSAN EFFECTIVE PREVENTION OF ATTACKS USING GI TIME FREQUENCY ALGORITHM UNDER DDOS
AN EFFECTIVE PREVENTION OF ATTACKS USING GI TIME FREQUENCY ALGORITHM UNDER DDOSIJNSA Journal
 
Eecs 2013-18
Eecs 2013-18Eecs 2013-18
Eecs 2013-18Hai Nguyen
 
Event - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security PerimetersEvent - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security PerimetersSomyos U.
 
Network security interview questions &amp; answers
Network security interview questions &amp; answersNetwork security interview questions &amp; answers
Network security interview questions &amp; answersSimpliv LLC
 
News bytes Sept-2011
News bytes Sept-2011News bytes Sept-2011
News bytes Sept-2011Ashwin Patil, GCIH, GCIA, GCFE
 
Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...
Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...
Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...Paladion Networks
 
Hack the hack
Hack the hackHack the hack
Hack the hackShakti Ranjan
 
REVIEW ON IPV6 SECURITY VULNERABILITY ISSUES AND MITIGATION METHODS
REVIEW ON IPV6 SECURITY VULNERABILITY ISSUES AND MITIGATION METHODSREVIEW ON IPV6 SECURITY VULNERABILITY ISSUES AND MITIGATION METHODS
REVIEW ON IPV6 SECURITY VULNERABILITY ISSUES AND MITIGATION METHODSIJNSA Journal
 
News2 bytes
News2 bytesNews2 bytes
News2 bytesShreyasi Rao
 
VoIP Security 101 what you need to know
VoIP Security 101 what you need to knowVoIP Security 101 what you need to know
VoIP Security 101 what you need to knowEric Klein
 
Consequences of dns-based Internet filtering
Consequences of dns-based Internet filteringConsequences of dns-based Internet filtering
Consequences of dns-based Internet filteringAfnic
 
End-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
End-to-End Analysis of a Domain Generating Algorithm Malware Family WhitepaperEnd-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
End-to-End Analysis of a Domain Generating Algorithm Malware Family WhitepaperCrowdStrike
 
Guarding Against Large-Scale Scrabble In Social Network
Guarding Against Large-Scale Scrabble In Social NetworkGuarding Against Large-Scale Scrabble In Social Network
Guarding Against Large-Scale Scrabble In Social NetworkEditor IJCATR
 
Denial of-service (do s) attack
Denial of-service (do s) attackDenial of-service (do s) attack
Denial of-service (do s) attackHTS Hosting
 
Fortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_IntroductionFortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_Introductionswang2010
 
The Post Covid-19 Cybersecurity World - Where Is It Headed?
The Post Covid-19 Cybersecurity World - Where Is It Headed?The Post Covid-19 Cybersecurity World - Where Is It Headed?
The Post Covid-19 Cybersecurity World - Where Is It Headed?Bangladesh Network Operators Group
 
Is Troy Burning - An overview of targeted cyber attacks
Is Troy Burning - An overview of targeted cyber attacksIs Troy Burning - An overview of targeted cyber attacks
Is Troy Burning - An overview of targeted cyber attacksguest6f3af5
 
Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9Geoff Pesimo
 
20150604 nyt-cyber-surveillance-documents
20150604 nyt-cyber-surveillance-documents20150604 nyt-cyber-surveillance-documents
20150604 nyt-cyber-surveillance-documentsAnonDownload
 
Warrantless governmental surveillance through the use of emerging technology ...
Warrantless governmental surveillance through the use of emerging technology ...Warrantless governmental surveillance through the use of emerging technology ...
Warrantless governmental surveillance through the use of emerging technology ...Vania_Chaker
 
Network security
Network securityNetwork security
Network securityGreater Noida Institute Of Technology
 
27.2.15 lab investigating a malware exploit
27.2.15 lab investigating a malware exploit27.2.15 lab investigating a malware exploit
27.2.15 lab investigating a malware exploitFreddy Buenaño
 
2 secure systems design
2 secure systems design2 secure systems design
2 secure systems designdrewz lin
 
New Botnets Trends and Threats (BH Europe 2007)
New Botnets Trends and Threats (BH Europe 2007)New Botnets Trends and Threats (BH Europe 2007)
New Botnets Trends and Threats (BH Europe 2007)André Fucs de Miranda
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Comptia Security+ Exam Notes
Comptia Security+ Exam NotesComptia Security+ Exam Notes
Comptia Security+ Exam NotesVijayanand Yadla
 
Taking the Fear out of WAF
Taking the Fear out of WAFTaking the Fear out of WAF
Taking the Fear out of WAFBrian A. McHenry
 
Weaponizing Intelligence: Interdiction in Today’s Threat Landscape
Weaponizing Intelligence: Interdiction in Today’s Threat LandscapeWeaponizing Intelligence: Interdiction in Today’s Threat Landscape
Weaponizing Intelligence: Interdiction in Today’s Threat LandscapePriyanka Aash
 

More Related Content

What's hot

REVIEW ON IPV6 SECURITY VULNERABILITY ISSUES AND MITIGATION METHODS
REVIEW ON IPV6 SECURITY VULNERABILITY ISSUES AND MITIGATION METHODSREVIEW ON IPV6 SECURITY VULNERABILITY ISSUES AND MITIGATION METHODS
REVIEW ON IPV6 SECURITY VULNERABILITY ISSUES AND MITIGATION METHODSIJNSA Journal
 
VoIP Security 101 what you need to know
VoIP Security 101 what you need to knowVoIP Security 101 what you need to know
VoIP Security 101 what you need to knowEric Klein
 
Consequences of dns-based Internet filtering
Consequences of dns-based Internet filteringConsequences of dns-based Internet filtering
Consequences of dns-based Internet filteringAfnic
 
End-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
End-to-End Analysis of a Domain Generating Algorithm Malware Family WhitepaperEnd-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
End-to-End Analysis of a Domain Generating Algorithm Malware Family WhitepaperCrowdStrike
 
Guarding Against Large-Scale Scrabble In Social Network
Guarding Against Large-Scale Scrabble In Social NetworkGuarding Against Large-Scale Scrabble In Social Network
Guarding Against Large-Scale Scrabble In Social NetworkEditor IJCATR
 
Denial of-service (do s) attack
Denial of-service (do s) attackDenial of-service (do s) attack
Denial of-service (do s) attackHTS Hosting
 
Fortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_IntroductionFortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_Introductionswang2010
 
Is Troy Burning - An overview of targeted cyber attacks
Is Troy Burning - An overview of targeted cyber attacksIs Troy Burning - An overview of targeted cyber attacks
Is Troy Burning - An overview of targeted cyber attacksguest6f3af5
 
Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9Geoff Pesimo
 
20150604 nyt-cyber-surveillance-documents
20150604 nyt-cyber-surveillance-documents20150604 nyt-cyber-surveillance-documents
20150604 nyt-cyber-surveillance-documentsAnonDownload
 
Warrantless governmental surveillance through the use of emerging technology ...
Warrantless governmental surveillance through the use of emerging technology ...Warrantless governmental surveillance through the use of emerging technology ...
Warrantless governmental surveillance through the use of emerging technology ...Vania_Chaker
 
27.2.15 lab investigating a malware exploit
27.2.15 lab investigating a malware exploit27.2.15 lab investigating a malware exploit
27.2.15 lab investigating a malware exploitFreddy Buenaño
 
2 secure systems design
2 secure systems design2 secure systems design
2 secure systems designdrewz lin
 
New Botnets Trends and Threats (BH Europe 2007)
New Botnets Trends and Threats (BH Europe 2007)New Botnets Trends and Threats (BH Europe 2007)
New Botnets Trends and Threats (BH Europe 2007)André Fucs de Miranda
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
 

What's hot (19)

Hack the hack
Hack the hackHack the hack
Hack the hack
 
REVIEW ON IPV6 SECURITY VULNERABILITY ISSUES AND MITIGATION METHODS
REVIEW ON IPV6 SECURITY VULNERABILITY ISSUES AND MITIGATION METHODSREVIEW ON IPV6 SECURITY VULNERABILITY ISSUES AND MITIGATION METHODS
REVIEW ON IPV6 SECURITY VULNERABILITY ISSUES AND MITIGATION METHODS
 
News2 bytes
News2 bytesNews2 bytes
News2 bytes
 
VoIP Security 101 what you need to know
VoIP Security 101 what you need to knowVoIP Security 101 what you need to know
VoIP Security 101 what you need to know
 
Consequences of dns-based Internet filtering
Consequences of dns-based Internet filteringConsequences of dns-based Internet filtering
Consequences of dns-based Internet filtering
 
End-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
End-to-End Analysis of a Domain Generating Algorithm Malware Family WhitepaperEnd-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
End-to-End Analysis of a Domain Generating Algorithm Malware Family Whitepaper
 
Guarding Against Large-Scale Scrabble In Social Network
Guarding Against Large-Scale Scrabble In Social NetworkGuarding Against Large-Scale Scrabble In Social Network
Guarding Against Large-Scale Scrabble In Social Network
 
Denial of-service (do s) attack
Denial of-service (do s) attackDenial of-service (do s) attack
Denial of-service (do s) attack
 
Fortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_IntroductionFortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_Introduction
 
The Post Covid-19 Cybersecurity World - Where Is It Headed?
The Post Covid-19 Cybersecurity World - Where Is It Headed?The Post Covid-19 Cybersecurity World - Where Is It Headed?
The Post Covid-19 Cybersecurity World - Where Is It Headed?
 
Is Troy Burning - An overview of targeted cyber attacks
Is Troy Burning - An overview of targeted cyber attacksIs Troy Burning - An overview of targeted cyber attacks
Is Troy Burning - An overview of targeted cyber attacks
 
Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9
 
20150604 nyt-cyber-surveillance-documents
20150604 nyt-cyber-surveillance-documents20150604 nyt-cyber-surveillance-documents
20150604 nyt-cyber-surveillance-documents
 
Warrantless governmental surveillance through the use of emerging technology ...
Warrantless governmental surveillance through the use of emerging technology ...Warrantless governmental surveillance through the use of emerging technology ...
Warrantless governmental surveillance through the use of emerging technology ...
 
Network security
Network securityNetwork security
Network security
 
27.2.15 lab investigating a malware exploit
27.2.15 lab investigating a malware exploit27.2.15 lab investigating a malware exploit
27.2.15 lab investigating a malware exploit
 
2 secure systems design
2 secure systems design2 secure systems design
2 secure systems design
 
New Botnets Trends and Threats (BH Europe 2007)
New Botnets Trends and Threats (BH Europe 2007)New Botnets Trends and Threats (BH Europe 2007)
New Botnets Trends and Threats (BH Europe 2007)
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)
 

Similar to Afcea 4 internet networks

Comptia Security+ Exam Notes
Comptia Security+ Exam NotesComptia Security+ Exam Notes
Comptia Security+ Exam NotesVijayanand Yadla
 
Taking the Fear out of WAF
Taking the Fear out of WAFTaking the Fear out of WAF
Taking the Fear out of WAFBrian A. McHenry
 
Weaponizing Intelligence: Interdiction in Today’s Threat Landscape
Weaponizing Intelligence: Interdiction in Today’s Threat LandscapeWeaponizing Intelligence: Interdiction in Today’s Threat Landscape
Weaponizing Intelligence: Interdiction in Today’s Threat LandscapePriyanka Aash
 
Top 10 Web Hacks 2013
Top 10 Web Hacks 2013Top 10 Web Hacks 2013
Top 10 Web Hacks 2013Matt Johansen
 
從監聽門事件看資通訊安全演進
從監聽門事件看資通訊安全演進從監聽門事件看資通訊安全演進
從監聽門事件看資通訊安全演進Gemini Reich
 
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionHeartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionCASCouncil
 
Mobile application security and threat modeling
Mobile application security and threat modelingMobile application security and threat modeling
Mobile application security and threat modelingShantanu Mitra
 
2016 - 10 questions you should answer before building a new microservice
2016 - 10 questions you should answer before building a new microservice2016 - 10 questions you should answer before building a new microservice
2016 - 10 questions you should answer before building a new microservicedevopsdaysaustin
 
Security in the News
Security in the NewsSecurity in the News
Security in the NewsJames Sutter
 
DISCOVERING PUBLIC Wi-Fi VULNERABILITIES USING RASBERRY PI AND.pptx
DISCOVERING PUBLIC Wi-Fi VULNERABILITIES USING RASBERRY PI AND.pptxDISCOVERING PUBLIC Wi-Fi VULNERABILITIES USING RASBERRY PI AND.pptx
DISCOVERING PUBLIC Wi-Fi VULNERABILITIES USING RASBERRY PI AND.pptxmahendrarm2112
 
Computer Network Case Study - bajju.pptx
Computer Network Case Study - bajju.pptxComputer Network Case Study - bajju.pptx
Computer Network Case Study - bajju.pptxShivamBajaj36
 
How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?Graham Charters
 
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionOwasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionAnant Shrivastava
 
Application of Machine Learning in Cybersecurity
Application of Machine Learning in CybersecurityApplication of Machine Learning in Cybersecurity
Application of Machine Learning in CybersecurityPratap Dangeti
 
Disruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptxDisruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptxDebra Baker, CISSP CSSP
 

Similar to Afcea 4 internet networks (20)

Comptia Security+ Exam Notes
Comptia Security+ Exam NotesComptia Security+ Exam Notes
Comptia Security+ Exam Notes
 
Taking the Fear out of WAF
Taking the Fear out of WAFTaking the Fear out of WAF
Taking the Fear out of WAF
 
Weaponizing Intelligence: Interdiction in Today’s Threat Landscape
Weaponizing Intelligence: Interdiction in Today’s Threat LandscapeWeaponizing Intelligence: Interdiction in Today’s Threat Landscape
Weaponizing Intelligence: Interdiction in Today’s Threat Landscape
 
Top 10 Web Hacks 2013
Top 10 Web Hacks 2013Top 10 Web Hacks 2013
Top 10 Web Hacks 2013
 
從監聽門事件看資通訊安全演進
從監聽門事件看資通訊安全演進從監聽門事件看資通訊安全演進
從監聽門事件看資通訊安全演進
 
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionHeartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
 
Mobile application security and threat modeling
Mobile application security and threat modelingMobile application security and threat modeling
Mobile application security and threat modeling
 
2016 - 10 questions you should answer before building a new microservice
2016 - 10 questions you should answer before building a new microservice2016 - 10 questions you should answer before building a new microservice
2016 - 10 questions you should answer before building a new microservice
 
Security in the News
Security in the NewsSecurity in the News
Security in the News
 
DISCOVERING PUBLIC Wi-Fi VULNERABILITIES USING RASBERRY PI AND.pptx
DISCOVERING PUBLIC Wi-Fi VULNERABILITIES USING RASBERRY PI AND.pptxDISCOVERING PUBLIC Wi-Fi VULNERABILITIES USING RASBERRY PI AND.pptx
DISCOVERING PUBLIC Wi-Fi VULNERABILITIES USING RASBERRY PI AND.pptx
 
Computer Network Case Study - bajju.pptx
Computer Network Case Study - bajju.pptxComputer Network Case Study - bajju.pptx
Computer Network Case Study - bajju.pptx
 
How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?
 
RAZORPOINT SECURITY GLOSSARY
RAZORPOINT SECURITY GLOSSARYRAZORPOINT SECURITY GLOSSARY
RAZORPOINT SECURITY GLOSSARY
 
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionOwasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
 
Internet
InternetInternet
Internet
 
Internet
InternetInternet
Internet
 
MANRS for Network Operators - bdNOG12
MANRS for Network Operators - bdNOG12MANRS for Network Operators - bdNOG12
MANRS for Network Operators - bdNOG12
 
Application of Machine Learning in Cybersecurity
Application of Machine Learning in CybersecurityApplication of Machine Learning in Cybersecurity
Application of Machine Learning in Cybersecurity
 
Internet
InternetInternet
Internet
 
Disruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptxDisruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptx
 

Recently uploaded

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 

Recently uploaded (20)

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 

Afcea 4 internet networks

  • 1. Internet Networks AFCEA - Cyber Operations, Lecture #5 Paul A. Strassmann, George Mason University, 5/22/2012 1
  • 2. Attacks on Cyber Security Social Media Attacks 2
  • 3. Cyber Security is Asymmetric • A phony “Robin Sage”, easily masquerading as an employee of the Naval Network Warfare command, was able to accumulate in a few months 300 friends on LinkedIn, 110 on Facebook and had 141 followers on Twitter. • She connected with the Joint Chiefs of Staff, the CIO of the NSA, an intelligence director for the U.S. Marines and the a chief of staff for the U.S. House of Representatives. 3
  • 4. A Social Media Cyber-Attack 1. The cybercriminal sets up a bogus profile, such as “Ana Maria”. 2. An encrypted malware string is coded as text and then uploaded into the bogus profile. 3. After the message enters into a customer’s machine it will search for the string, which will signal the beginning of the malware code. 4. The malware is then executed. If it is a Trojan or a bot, it can proceed to attack the customer’s computer or to propagate further. 4
  • 5. Example of Bounties for Bug Catchers, by Google $3,137 to Sergey Glazunov for bug 68666 $1,337 to Sergey Glazunov for bug 35724 $1,337 to Sergey Glazunov for bug 45400 $1,337 to Sergey Glazunov for bug 50553 $1,337 to Keith Campbell for bug 51630 $1,337 to Aki Helin from OUSPG for bug 59036 $1,337 to Sergey Glazunov for bug 65764 $1,337 to Sergey Glazunov for bug 70165 $1,000 to Tokuji Akamine for bug 30660 $1,000 to kuzzcc for bug 37383 $1,000 to Jordi Chancel for bug 40445 •http://dev.chromium.org/Home/chromium-security/hall-of-fame 5
  • 6. “Safe Browsing” Service- Two Factor Authentication • Safe Browsing is a service provided by Google that enables applications to check URLs against Google's constantly updated lists of suspected phishing and malware pages. • Here are some of the things you can do with the Safe Browsing service: • Warn users before clicking on links that appear in your site when they lead to malware-infected pages. • Prevent users from posting links to known phishing pages from your site. • Check a list of pages against Google's lists of suspected phishing and malware pages. 6
  • 7. Attacks on Cyber Security Attack Prospects 7
  • 8. Power of Microprocessors: A Historical Perspective 8 http://www.jetpress.org/volume1/moravec.htm
  • 9. Projected Development of Machine Intelligence 1 300 100,000 2,000,000 60,000,000 3 Billion 100 Billion 0.001 1 100 10,000 100,000 1,000,000 100,000,00 1975 1990 1996 2000 2005 - 2010 2010 - 2020 2020 - Beyond 0.001 1 1,000 10,000 100,000 Million Billion $1,000 $1,000 $100 $1,000 $1,000 $1,000 $100 Bacterium Worm Guppy Lizard Mouse Monkey Human Number of Neurons Equivalent MIPS Computer Processing Available MIPS/ $1000 Computing Costs Organism 9
  • 10. 10
  • 11. Outline of Internet Networks Topology of Internet Networks 11
  • 12. 12
  • 13. Internet Advantage • Any properly configured computer can act as a host for a personal web-page. • Any of several hundred million other computers can view that personal web-page. • Any of several hundred million other computers can connect to another computer capable of delivering an information processing service. 13
  • 14. Internet Liabilities • 17,000+ partially secure, poorly connected networks with practically unlimited number of unverifiable points of access; • The most frequently used security protocol (SSL- Secure Socket Layer) authenticates destination servers, but not the sending sources; • Networks are mostly small, with large ISPs managing less than 10% of network traffic; • Performance of the network depends on “peering relationships” between ISP (Information Service Providers), each providing network capacity and router switching capacity ; • Delivery of packets cannot be guaranteed because network performance determined by routers that may not have sufficient capacity to handle traffic spikes.
  • 15. Components of the Internet • The (BGP) Border Gateway Protocol are ISP instructions for forwarding packets from one network link to another. BGP is unreliable if router tables are in error; • Average broad-band web-page download time to LAN can be well over 0.5 seconds, if message “packet” traverses several “hops”; • (DNS) Domain Name System can be compromised, by diversion of communications; • Software robots (Botnets) can automatically proliferate and convey destructive software such as “worms”, “rootkits” or parasitic “malware” such as “Trojans” for finding “backdoors” into computers. • Denial of service attacks can be launched.
  • 16. Problems with Nets and Servers • Capacity limitations for peak loads; • Congestion in access to data sources; • Excessive delays for global access; • Expensive to scale capacity for growth; • Problem not in bandwidth, but mostly in switching; • Depends on reliability and capacity of ISP “peers” to forward data to the destination; • Conflicting economic interests among “peers” can inhibit growth and performance. 16
  • 17. Outline of Internet Networks Structure of Internet Protocols 17
  • 18. Layer 7: Application Application Services Layer 6: Presentation Data Representation Layer 5: Session Inter-host Communications Layer 4: Transport End-to-End Connectivity Layer 3: Network Path Determination Layer 2: Data Link Link Reliability Layer 1: Physical Signal Transmission The Internet “Stack”
  • 20. All Packets Traverse All Stack Layers 20
  • 21. All Internet Transmissions in “Hops” (Total elapsed time 6 seconds) 21 From: jtmessert@optonline.net 7 Dec 2008 15:05:39 1. Received: from 48151 invoked from network 2. Received: from localhost (localhost [127.0.0.1]) 3. Received: from rn-out-0910.google.com 4. Received: by rn-out-0910.google.com 5. Received: by 10.100.255.10 6. Received: by 10.100.124.12 7. Received: by 10.65.53.19 8. Received: from qs1473.pair.com 9. Received: from localhost [127.0.0.1] 10. Received: from mta3.srv.hcvlny.cv.net 11. Received: from [10.240.3.210] Forwarded-To: paul@strassmann.com 7 Dec 2008 15:05:45 Above message = 29 “packets”
  • 22. All Internet Transmissions via “Packets” 22 Header Source Address Destination Address Data
  • 23. What is in an IPv4 Internet Packet Header • 4 bits that contain the version, that specifies IPv4 or IPv6 packet, • 4 bits that contain the length of the header, • 8 bits that contain the Type of Service - Quality of Service (QoS), • 16 bits that contain the length of the packet, • 16 bits identification tag to reconstruct the packet from fragments, • 3 bits flag that says if the packet is allowed to be fragmented or not, • 13 bits identify which fragment this packet is attached to, • 8 bits that contain the Time to live (TTL) number of hops allowed • 8 bits that contain the protocol (TCP, UDP, ICMP, etc..) • 16 bits that contain the Header Checksum,, • 32 bits that contain the source IP address, • 32 bits that contain the destination address. 23
  • 24. What Drives Computing to “the Edge”? 24 LAN Connection 2 “hops” Latency: 0.01 seconds MIDDLE MILE : 8-20 “hops” TCP Retransmits at each “hop” Latency: 0.1 to 0.5 seconds Channel Connection 1 “hop” Latency: 0.001 seconds LOCAL WORKSTATION CENTRAL COMPUTER 24
  • 25. “Middle Mile” In Transmission Takes Microseconds 25 0.529 7.241 7.915 10.527 9.323 10.848 41.431 16.273 17.097 15.699 17.693 0.627 155.202 First Mile Middle Mile Middle Mile Middle Mile Middle Mile Middle Mile Middle Mile Middle Mile Middle Mile Middle Mile Middle Mile Last Mile 192.168.0.1 10.130.160.1 dstswr2-vlan2.rh.nrwlct.cv.net r2-ge12-1.mhe.whplny.cv.net 64.15.8.117 (64.15.8.117) rtr3-tg11-2.in.nycmnyzr.cv.net.0.15.64.in-addr.arpa rtr2-tg10-1.in.asbnva16.cv.net cr1-eqix-peer.wdc003.internap.net core2.wdc002.inappnet-62.cr1.wdc005.internap.net border2.pc2-bbnet2.wdc002.pnap.net infospaceinc-3.border2.wdc002.pnap.net 167.206.251.78 Total Transmission Time without Error Average Milliseconds Elapsed Time Transmission Stage IP Address
  • 26. 26 Example: “Hops” from Desktop to Server 0.0.0.0 dstswr1-vlan2.rh.nrwlct.cv.net r1-ge12-1.mhe.whplny.cv.net r2-srp3-0.wan.whplny.cv.net r2-srp0-0.in.nycmny83.cv.net gige-g0-2.gsr12416.nyc.he.net pos0-3.gsr12416.ash.he.net 64.71.158.140 84.53.144.195 80.67.72.198 Total Transaction Latency (in Miliseconds) 13.084 12.343 14.528 19.735 18.286 24.839 20.012 20.087 21.735 21.097 185.746 1 2 3 4 5 6 7 8 9 10 40 byte packets to Akamai.com (80.67.72.198) traceroute (Number of Hops)
  • 27. Outline of Internet Networks IPv4 vs. IPv6 27
  • 28. Is Conversion from IPv4 to IPv6 Necessary Now? • Total capacity of IPv4 is 4.3 billion addresses. • Xerox, IBM, HP, Apple and Ford each have 16.8 million addresses. • Xerox employment is 53,500. • DoD has available 134.2 million addresses 28 http://en.wikipedia.org/wiki/List_of_assigned_/8_IPv4_address_blocks
  • 29. Current IPv4 vs. IPv6 Status • IPv4 allows 32 bits for the Internet Protocol. • IPv6 uses a 128-bit address and supports a practically infinite number of addresses. • As of the end of 2010 only 533 million unique IP addresses have been assigned. • Though the USA currently has 26.4% of the global IP population, it has obtained more than 50% of the IP addresses, while the quickly growing China is exhausting its allocation. • There are enough IP addresses, on the average, except that they have been misallocated. An immediate rush into IPv6 in the USA cannot be justified. 29
  • 30. Outline of Internet Networks Virtual Private Networks 30
  • 31. VPN Features • VPN offers site-to-site connectivity • The protocols are used for “tunneling” the traffic • The tunnel's termination point unpacks the protocol. • VPN enables several levels of security. • Cryptographic tunneling protocols provide confidentiality by blocking intercepts and packet sniffing. • VPN allows sender authentication to block identity spoofing, and message alteration. 31
  • 32. Examples of VPN Protocols • “IPSEC” VPN protocol developed for IPv6. • Transport Layer Security (SSL/TLS) can tunnel complete network traffic. • Datagram Transport Layer Security (DTLS), solves Transmission Control Protocol (TCP) issues. • Special fixes offered by Microsoft: – Microsoft Point-to-Point Encryption (MPPE). – Microsoft Secure Socket Tunneling Protocol (SSTP). • Secure Shell (SSH) VPN – Offers secure tunneling for inter- network links. 32
  • 33. Outline of Internet Networks Network Switches 33
  • 34. Internet Messages Pass Through Routers and Switches 34 R T R T R T R T R T R T R T R T R T R T R T R T RT= ROUTING TABLES SWITCH ROUTERS SWITCH
  • 35. Internet Switch that Connects ISPs 35
  • 36. Principal Attack Scenarios on Internet Switches • Flooding Attacks on a Switch • Address Resolution Spoofing • “Man-in-the-Middle” Attack • Denial of Service Attack • Switch Hijacking Attack • Spanning Tree Attack • The Root Claim Attack • Forcing Eternal Root Election Attack • VLAN Hopping Attack 36
  • 37. Flooding Attacks on a Switch • The Media Access Control (MAC) protocol defines for a switch what transmissions are allowed to access which connection. • A switch will keep a Content Addressable Memory (CAM) table for identification of MAC destinations. CAM tables have a limited memory and will overflow. • Attack tools that can auto generate +100,000 bogus entries per minute, which then overloads the switch so that it malfunctions. 37
  • 38. VLAN Hopping Attack • Virtual LANs (VLAN) make it possible to group users into logically separate networks. • A switch partitions local area networks into isolated VLANs. The computers and peripherals are then restricted from communicating with each other. • Separate subnets are compromised if an attacker manages to send across different zones (hopping). That will make VLAN subdivisions useless. • For instance, a NIPRNET LAN could be used to initiate a denial of service against computers on SIPRNET. 38
  • 39. Address Resolution Spoofing • Attacker replaces the Address Resolution Protocol (ARP) cache on a switch with a forged mapping. • It causes traffic to be redirected from the correct target to a target of the attacker’s choice. • Allows an attacker to sniff the data flowing to a local area network. The traffic is then modified. 39
  • 40. “Man-in-the-middle” Attack • Adds a third party destination into the communications stream without the legitimate recipients being aware. • The third party can extract passwords and confidential data. 40
  • 41. Switch Hijacking Attack • The switch will inject illegitimate connections that will pretend to be authentic. • The added connections will take over control without the recipients being aware. 41
  • 42. Spanning Tree Attack • Allows the connection of multiple switches for LAN redundancy or as of spare links to form automatic backup paths. • If the Spanning Tree Protocol (STP) is corrupted, communications will be re-routed to illegitimate links. 42
  • 43. The Root Claim Attack • Bogus bridge protocols are used to designate the attacker’s station as the new root bridge. • Once in control a variety of malicious attacks can be launched by the attacker, including the sniffing of all messages for sensitive information and for passwords. 43
  • 44. Forcing Eternal Root Election Attack • Makes the network unstable by tampering with the Spanning Tree Protocol (STP) routing algorithm to keep searching for the root switch, without ever finding it. • The network will be always in the root selection process, which will make the network unstable and potentially disabled. 44
  • 45. Outline of Internet Networks Network Routers 45
  • 46. Juniper T4000 router-240 GBPS per slot 46
  • 47. Internet Routers That Connect ISPs to Backbone Nets 47
  • 48. Border Gateway Attacks • The Border Gateway Protocol (BGP) is the core routing protocol of the Internet. It maintains tables of networks that can be reached from routers. • BGP makes routing decisions based on path availability, network policies and operating rules. • The Border Gateway protocol does not assure data integrity and does not provide source authentication. • BGP can be tampered with by making changes to the router software. 48
  • 49. Principal Attack Scenarios on Internet Routers • Promiscuous Mode Corruption • Router Table Attacks • Router Information Attacks • Shortest Path Attacks • Border Gateway Attacks • Border Gateway Poisoning 49
  • 50. Corruption of Internet Routing Tables • The rapid growth and fragmentation of Internet routing tables is the major threats to the integrity of Internet transmissions. • Destination addresses are chosen by “routing tables”. If these routing tables get incorrect information, misrouting will occur. • Routers tell packets of data which way to go. When an e- mail is sent from one private network to another, the router “decides” which packets should travel within the corporate private network and which should not. http://pstrassmann.blogspot.com/2010/12/corruption-of-internet-routing-tables.html 50
  • 51. Promiscuous Mode Corruption • The router masquerade as a “super-user” with software control privileges. Many router operating systems make “super-user” privileges available for maintenance or for software updating reasons. • The attacker uses the vendor instructions to acquire “super user” status. • A promiscuous computer can monitor traffic to and from other computers on the Internet. 51
  • 52. Router Table Attacks • The content of a routing table update is continually modified to reflect changes in the configuration of the surrounding networks. An attacker will create messages that look legitimate and can be then inserted into the routing table. • An attacker creates messages that look legitimate and can be then inserted into the routing table so that transactions can be redirected. • Attacks on the routing table updates represent a high risk in the absence of a strong authentication mechanism. Password are insufficient for protecting military grade routers. 52
  • 53. Router Poisoning Attacks • Router poisoning is a method used to direct the formation of routing loops within networks. • A “hop” count will indicate to other routers that a route is no longer reachable and should be removed from their respective routing tables. • The desired destination for the packets will cease to function. 53
  • 54. Shortest Path Attacks • Each router passes the status of its links to its neighbors who in turn forward this information to other routers in the network. • As result of such passing each router has the link information for all other routers and eventually has the picture of the entire network topology. • In a compromised table the calculated shortest paths will be incorrect and the shortest paths will be purged. 54
  • 55. Black Hole Attack • By making use of router vulnerabilities, various kinds of attacks can be launched to compromise the routing through software changes. • A special case is the “Black Hole” attack where the router directs a packet to a network where packets enter but do not come out.
  • 56. Outline of Internet Networks Domain Servers 56
  • 57. What Are the DNS Servers? • The Domain Name System (DNS) is a globally distributed service that is foundational to the way people use the Internet. • DNS uses a hierarchical name structure, and different levels in the hierarchy are each separated with a dot ( . ) • Computers use the DNS hierarchy to translate human readable names like <www.amazon.com> into the IP addresses like 192.0.2.1 that INTERNET can use to route transactions to one another. 57
  • 58. Principal Attack Scenarios on Domain Name System (DNS) • Address Starvation Attack • Attacks Using Rogue Servers • Attacks Using Bogus Default Gateway • DNS Database with Malicious Records • DNS Spoofing With a Sniffer • DNS Flooding Attack • Spoofed Responses to a DNS Server • Buffer Overflow Attack • Denial of Service Attack 58
  • 59. Outline of Internet Networks Network Control 59
  • 61. Seats Reserved for Countermeasure Specialists 61
  • 62. Challenge • How to automate monitoring, control and security tasks performed by >50,000 personnel now attending to computers at >500 server farms? • How to migrate to a highly automated environment? 62
  • 63. The Purpose of a Network Operations Center (NOC) • To manage an automated network environment. • To function as the first line of defense for security. • To operate information warfare countermeasures. • To shift computing workloads to and from: – Locked down internal production operations; – Test and Pre-production environments; – Internal “clouds” for legacy applications; – External “clouds” for fall back and added assets. 63
  • 64. The NOC Becomes the Key to Net-Centricity • Manages the migration from a device centric world to a customer centric world. • Enables connecting from anywhere, by any means. • Offers access privileges only to authorized persons. • Allows purchasing of computer processing power independent of circuit technology. • Makes it possible to associate computing services according to a person’s roles or location. 64
  • 65. Concept of Operations for Network Operations Center 65 • Network Operations Center (NOC) manages massively distributed virtual computers. • The scale of NOC dictates the scope of information security safeguards. • NOCs should be geographically distributed and redundant. • The staffing of NOCs can offer huge economies of scale, depending on the capitalization of the staff. • The NOC should include countermeasures as the first line of defence in the case of information warfare. 65
  • 66. Security & Control Managed from the NOC • Offers visibility into all machine resources and processes. • Monitors and controls the execution of all applications. • Set up traps for viruses, rootkits and malware before they can infect a system. 6666
  • 67. Security Architecture Managed from the NOC • Delivers a private network that is completely isolated from the public Internet except through a small number of controlled access gateways. • Offers instant visibility of 100% of every network component (such as cabling, routers, switches, servers and end user appliances); • Provides uninterrupted, redundant real-time monitoring of each transaction that is processed anywhere on the entire network; • Offers instant switching of communications as well as of all computing assets to fall-back facilities to deliver. 67 67
  • 68. Example of NOC Operations • NOCs account for every Internet Protocol (IP) address in the system, which includes all authorized desktops, laptops, smart-phones and RFIDs. • Assuming insider attack, all network incidents, whether human or automatic, shall be followed up and documented for attack pattern analysis. • Forensic and artificial intelligence methods will be applied to analyse attack patterns in the perpetual transactions library. • Keeps inventories of LAN and WAN for identification of alternative paths under failure conditions. 68 68
  • 69. The Purpose of a Network Operations Center (NOC) • To manage an automated network environment. • To function as the first line of defense for security. • To operate information warfare countermeasures. • To shift computing workloads to and from: – Locked down internal production operations; – Test and Pre-production environments; – Internal “clouds” for legacy applications; – External “clouds” for fall back and added assets. 69 69
  • 70. Ultimate Purpose: NOCs Manage Connecting of the Clouds • Extends Virtual Infrastructure beyond single data center • Uses secondary Data Center site for testing and overflow • Leverages geographically distributed resources • Rents resources from Service providers for capacity • Maintains IT Service Service Levels Virtual Infrastructure Resource Cloud Test and Development Data Center Primary Data Center Virtual Infrastructure 7070
  • 71. Software Defined Networks (SDN) • SDN allows direct access to and manipulation of network devices such as switches and routers, both physical and virtual. It is the absence of an open interface to these devices that has led to the characterization of today’s networking devices as monolithic, closed, and mainframe-like. Protocol like SDN is needed to move network control out of the individual switches to centralized control software. • SDN control software can control any SDN-enabled network device from any vendor, including switches, routers, and virtual switches. Rather than having to manage groups of devices from individual vendors, IT will be now able to use SDN-based orchestration and management tools to quickly deploy, configure, and update devices across the entire network. 71
  • 72. The Future: Virtual Networks 72
  • 73. Outline of Internet Networks Performance Metrics 73
  • 74. NOCs Obtain Independent Uptime and Latency Metrics 74 74
  • 75. From the NOC Monitoring & Control Every Server Possible 75 75
  • 76. NOC Software Enables Diagnosis of the Status of Servers 76 76
  • 77. Utilization of Servers Monitored and Controlled from NOC 77 77
  • 78. Visibility of Virtual Machines at the NOC 78 78
  • 79. 79 VISA Credit Card Case • >1.3 billion Visa cards in circulation; • Accepted at >24 million input sources, >160 countries; • >50,000 decision rules for interoperability; • Interoperability in >50 languages; • Cash access at >one million ATMs; • Capable of processing >6,200 transactions a second; • Global response time <0.25 seconds; • Interoperable with >21,000 financial institutions; • Global Systems Integration Staff of 200;
  • 80. Amazon Global Network of Private Servers • Ashburn, VA • Dallas/Fort Worth, TX • Los Angeles, CA • Miami, FL • New York, NY • Newark, NJ • Palo Alto, CA • Seattle, WA • St. Louis, MO • Amsterdam • Dublin • Frankfurt • London • Hong Kong • Tokyo • Singapore 80
  • 81. AKAMAI, a Telecomm Infrastructure Manager • Manages 35,000 servers. • Servers hosted with Internet Service Providers (ISP) • NOC has 12 operating staff. • Most of the Akamai intellectual capital is in their NOC. • 99.98% uptime for “End-to-End” connections. – Performance is inclusive of server failures, connectivity failures and network downtime, measured on a 24/7 basis. • Akamai has $800M in revenues. 81
  • 82. Outline of Internet Networks The Global Information Grid (GIG) 82
  • 83. Origin of the Global Information Grid (GIG) • In September 1992, Defense Management Report Decisions (DMRD) expanded DISA's role. • DMRD 918 created the Defense Information Infrastructure (DII), now known as the Global Information Grid. At the same the Defense Information Systems Network was created to consolidate 122 DoD networks. • DISA plans, designs, constructs, and analyzes the effectiveness of the U.S. military's cyberspace. • DISA establishes the technological standards that make the GIG secure and reliable. 83
  • 84. Large Internet Firms Offer Direct Links to Speed Connections_ 84 26 Routers 169 POP Switches
  • 85. A 2004 Evaluation by the Government Accountability Office • The most critical challenge ahead for DOD is making the GIG a reality. • DOD has taken steps to define its vision and objectives for the GIG on paper. • DoD is making heavy investments ($21 billion over 6 years) the GIG as well as on systems that dependent on the GIG. • It is not known how DOD will meet GIG objectives. 85 SOURCE: GAO-04-858. 2004
  • 86. DoD Policies on Building and Operating the GIG 86
  • 87. GIG as the Cornerstone of Information Superiority • GIG is the enabler of net-centric warfare. • The GIG makes up a secure, reliable network for communications satellites, next-generation radios and military installations-based networks with expanded bandwidth. • Increased budgetary pressures are starting to modify the term GIG. • New concepts are emerging such as Cyberspace Operations which are revising what was the original version of GIG. 87
  • 89. Required Reading – The Internet’s Vulnerabilities Are Built Into Its Infrastructure, Paul A. Strassmann, November 2009 • http://www.afcea.org/signal/articles/templates/SIGNAL_Article_Templa – Network-Centric Systems Need Standards and Metrics, Paul A. Strassmann, July 2009 • http://www.afcea.org/signal/articles/templates/SIGNAL_Article_Templa – Can DoD Manage the Delivery of GIG Objectives? • http://pstrassmann.blogspot.com/2011/08/can-dod-manage-delivery-of – Why the GIG Warrants Top Priority • http://pstrassmann.blogspot.com/2011/03/how-secure-is-virtual-netwo 89
  • 90. Class Assignment • Write a >200 word analysis of one of the topics in the required reading list : • Analysis to include: – Discussion of favorable and unfavorable views about the issue – Your personal summary conclusion and recommendations 90