new internet security
DESCRIPTION
firewalls,type of attacks,cybercrimes,solution!TRANSCRIPT
Internet SecurityOverview of Internet security
Presentation Content
Internet and its Evolution. Security. Security constraints & computer security. Technology. Attack Types
What is Internet?
Often confused with the World Wide Web, the term Internet actually refers to the combined collection of academic, commercial, and government networks connected over international telecommunication backbones and routed using IP addressing.
How did the Internet develop?
The internet as we know it today is actually a very wide area network(WAN) connecting networks and computer’s
around the world . It makes it possible for the millions of
users to connect via telephone lines, cable lines,and satellites.
Evolution of Internet
Internet was born in late 1960’s the use defence department linked together mainframe computers to form communications network.
Objectives of Department
Create a communication system that could survive a nuclear attack or natural disaster.
Provide a communication link to its users in remote locations.
ARPANet
Early version of internet was known as ARPANet.
Backbone:
Is a term used to describe a structure that handles the major traffic in a networked system,much like the highway.
Network Backbone:
is a “cyberspace highway” made up of highspeed cables and switching stations.
Internetworking
The process of linkin a collections of networks is called internetworking.
This term is where internet got its name.
The term internet was officially adopted in 1983.
More commonly referred as the net.
9
InternetSecurity
What is security? Why do we need security? Common security attacks and countermeasures
Firewalls & Intrusion Detection Systems Denial of Service Attacks TCP Attacks Packet Sniffing Social Problems
Security
Concepts and types of attacks
11
What is “Security”
Meaning of “security”: 1. Freedom from risk or danger; safety. 2. Freedom from doubt, anxiety, or fear;
confidence. 3. Something that gives or assures safety, as:
1. A group or department of private guards: Call building security if a visitor acts suspicious.
2. Measures adopted by a government to prevent espionage, sabotage, or attack.
3. Measures adopted, as by a business or homeowner, to prevent a crime such as burglary or assault: Security was lax at the firm's smaller plant.
contd.
Freedom from risk or danger;safety: In other words, having systems in place
beforehand which prevent attacks before they begin.
Freedom from doubt,fear,anxiety;confidence:Knowing that your system are safe and protected.
Something that assures safety:
Cont.
This includes contingency plans for what to do when attackers strike, keeping up with the latest CERT advisories,
hiring network security consultants to find insecurities in your network, etc.
Why do we need security?
Protect vital information while still allowing access to those who need it Trade secrets, medical records, etc.
Provide authentication and access control for resources Ex: AFS
Guarantee availability of resources Ex: 5 9’s (99.999% reliability)
Common security attacks and their countermeasures Exploiting software bugs, buffer overflows Finding a way into the network
Firewalls Intrusion Detection Systems
Denial of Service Ingress filtering, IDS
TCP hijacking IPSec
Packet sniffing Encryption (SSH, SSL, HTTPS)
Social problems:education
Firewalls
Basic problem – many network applications and protocols have security problems that are fixed over time Difficult for users to keep up with changes
and keep host secure Solution
Administrators limit access to end hosts by using a firewall
Firewall is kept up-to-date by administrators
Intranet
DMZInternet
Firew
all
Firew
allWeb server, email server, web proxy, etc
Firewalls
18
Firewalls
Used to filter packets based on a combination of features These are called packet filtering firewalls
There are other types too, but they will not be discussed
Ex. Drop packets with destination port of 23 (Telnet)
Can use any combination of IP/UDP/TCP header information
man ipfw on unix47 for much more detail
But why don’t we just turn Telnet off?
19
Firewalls
Here is what a computer with a default Windows XP install looks like:
135/tcp open loc-srv 139/tcp open netbios-ssn 445/tcp open microsoft-ds 1025/tcp open NFS-or-IIS 3389/tcp open ms-term-serv 5000/tcp open UPnP
Might need some of these services, or might not be able to control all the machines on the network
What does a firewall rule look like? Depends on the firewall used
Example: ipfw /sbin/ipfw add deny tcp from cracker.evil.org to wolf.tambov.su telnet
Other examples: WinXP & Mac OS X have built in and third party firewalls Different graphical user interfaces Varying amounts of complexity and power
Firewalls
21
Intrusion Detection
Used to monitor for “suspicious activity” on a network Can protect against known software
exploits, like buffer overflows Open Source IDS: Snort, www.snort.org
We can run a dictionary attack on the passwords The passwords in /etc/passwd are
encrypted with the crypt(3) function (one-way hash)
Can take a dictionary of words, crypt() them all, and compare with the hashed passwords
That’s why your passwords should be meaningless.
Dictionary Attack
Denial of Service
Purpose: Make a network service unusable, usually by overloading the server or network.
24
Denial of Service
Internet
Perpetrator V ictim
IC M P echo (spoofed source address of vic tim )Sent to IP broadcast address
IC M P echo reply
25
Denial of Service
Mini Case Study – CodeRed July 19, 2001: over 359,000 computers
infected with Code-Red in less than 14 hours
Used a recently known buffer exploit in Microsoft IIS
Damages estimated in excess of $2.6 billion
How can we protect ourselves?
Ingress filtering If the source IP of a packet comes in on an
interface which does not have a route to that packet, then drop it
RFC 2267 has more information about this Stay on top of CERT advisories and the
latest security patches A fix for the IIS buffer overflow was released
sixteen days before CodeRed had been deployed!
SecurityTypes of security constraints
Security Constraint
Identification
Authentication
Authorization
Access control
Data Integrity
Confidentiality
Non-Repudiation
Identification
Something which uniquely identifies a user and is called UserID.
Sometime users can select their ID as long as it is given too another user.
UserID can be one or combination of the following:
User Name
User Student Number
User SSN
Authentication The process of verifying the identity of a
user Typically based on
Something user knowsPassword
Something user haveKey, smart card, disk, or other device
Something user isfingerprint, voice, or retinal scans
Authentication cont. Authentication procedure
One-Way Authentication Two-Party Authentication
Two-Way Authentication Third-Party Authentication
Kerberos X.509
Single Sign ON User can access several network resources
by logging on once to a security system.
Authorization
The process of assigning access rights to authenticated users.
What do we need to protect?
Data
Resources
Reputation
Private Information
Monetary Transactions
What is computer Security?
Computer security is the process of preventing and detecting unauthorized use of your computer. Prevention measures help you to stop unauthorized users (also known as "intruders") from accessing any part of your computer system. Detection helps you to determine whether or not someone attempted to break into your system, if they were successful, and what they may have done.
Why should I care about security?
We use computers for everything from banking and investing to shopping and communicating with others through email or chat programs. Although you may not consider your communications "top secret," you probably do not want strangers reading your email, using your computer to attack other systems, sending forged email from your computer, or examining personal information stored on your computer (such as financial statements).
Who would want to break into my computer?
Intruders (hackers) who want to gain control of your computer to launch attack on other pc’s.
Having control of your computer gives them the ability to hide their true location as they launch attacks, often against high-profile computer systems such as government or financial systems. Even if you have a computer connected to the Internet only to play the latest games or to send email to friends and family, your computer may be a target.
Contd.
Intruders may be able to watch all your actions on the computer, or cause damage to your computer by reformatting your hard drive or changing your data.
How easy is it to break into computer?
Some software applications have default settings that allow other users to access your computer unless you change the settings to be more secure.
eg: chat programs that let outsiders execute commands on your computer or web browsers that could allow someone to place harmful programs on your computer that run when you click on them.
Technology
Technologies in Internet.
What is Broadband?
"Broadband" is the general term used to refer to high-speed network connections.
Internet connections via cable modem and Digital Subscriber Line (DSL) are frequently referred to as broadband Internet connections.
"Bandwidth" is the term used to describe the relative speed of a network connection
for example, most current dial-up modems can support a bandwidth of 56 kbps (thousand bits per second).
What is cable modem access?
A cable modem allows a single computer (or network of computers) to connect to the Internet via the cable TV network. The cable modem usually has an Ethernet LAN (Local Area Network) connection to the computer, and is capable of speeds in excess of 5 Mbps.
What is DSL access?
Digital Subscriber Line (DSL) Internet connectivity, unlike cable modem-based service, provides the user with dedicated bandwidth. However, the maximum bandwidth available to DSL users is usually lower than the maximum cable modem rate because of differences in their respective network technologies. Also, the "dedicated bandwidth" is only dedicated between your home and the DSL provider's central office -- the providers offer little or no guarantee of bandwidth all the way across the Internet.
How is broadband access different from the network I use at work?
Corporate and government networks are typically protected by many layers of security, ranging from network firewalls to encryption. In addition, they usually have support staff who maintain the security and availability of these network connections.
Although your ISP is responsible for maintaining the services they provide to you, you probably won’t have dedicated staff on hand to manage and operate your home network. You are ultimately responsible for your own computers. As a result, it is up to you to take reasonable precautions to secure your computers from accidental or intentional misuse.
What is at risk?
Confidentiality - information should be available only to those who rightfully have access to it
Integrity -- information should be modified only by those who are authorized to do so
Availability -- information should be accessible to those who need it when they need it
Types of Attacks Attacks and solution
Types
Trojan Horse Denial of Service Unprotected windows share Email borne viruses Email spoofing Cross site scripting Packet sniffing Hidden file extentions
Trojan Horse
Trojan horse programs are a common way for intruders to trick you into installing "back door" programs. These can allow intruders easy access to your computer without your knowledge, change your system configurations, or infect your computer with a computer virus.
Denial of service
Another form of attack is called a denial-of-service (DoS) attack. This type of attack causes your computer to crash or to become so busy processing data that you are unable to use it. In most cases, the latest patches will prevent the attack.
Unprotected Windows share
Unprotected Windows networking shares can be exploited by intruders in an automated way to place tools on large numbers of Windows-based computers attached to the Internet.
Because site security on the Internet is interdependent, a compromised computer not only creates problems for the computer's owner, but it is also a threat to other sites on the Internet.
Email Borne Virus
Viruses and other types of malicious code are often spread as attachments to email messages. Before opening any attachments, be sure you know the source of the attachment.
For eg.Melissa virus is spread via email may disable anti virus software and sites may experience denial of service.
Email Spoofing
Email “spoofing” is when an email message appears to have originated from one source when it actually was sent from another source.
Email spoofing is often an attempt to trick the user into making a damaging statement or releasing sensitive information (such as passwords).
Eg.fake admin telling you to change password.
Cross Site Scripting
A malicious web developer may attach a script to something sent to a web site, such as a URL, an element in a form, or a database inquiry & then malicious code is transferred to your browser.
You can expose your web browser to malicious scripts by links on web,emails,
online discussion where users can post text containing html tags.
Packet Sniffing
A packet sniffer is a program that captures data from information packets as they travel over the network. It may be username,passwords etc
With perhas thousands of passwords captured,intruders can launch widespread attack.
Cable modem users are at higher risk of exposure to sniffers,since entire……
Cont.
Entire neighbourhood of cable modem users are effectively part of the same LAN.
Thus a sniffer on one pc can capture data transmitted by other pc.
Hidden File Extension
Windows operating systems contain an option to "Hide file extensions for known file types". It is enable by default.
Email born viruses are known to exploit
hidden file extension. The first major attack that took advantage of a
hidden file extension was the VBS/LoveLetter worm with enmail attachment “LOVE-LETTER-FOR-YOU.TXT.VBS”.
Cyber Crime Introduction and Overview
What is CyberCrime?
Criminal acts that are performed with the aid of a computer. Crimes that fit this category are identity theft, mischievous hacking, theft, and more.
In Short • Computer is a target. • Computer is a tool of crime • Computer is incidental to crime
Why learn about CyberCrime?
Because nowdays everybody is using computers from teenagers to white collar terrorist.
Conventional Crimes like forgery,extortion
kidnapping etc are being committed with the help of computer.
Most important-monetary transactions moving on the internet.
Profile of Cyber Criminal
Disgruntled Employees Teenagers Political Hacktivist Professional Hackers Business Rival Ex-boyfriend,husband etc
VICTIMS
Innocent people. Unlucky people OverSmart people Unskilled and Inexperienced people.
Computer Crimes are vulnerable
Because off :- Anonymiity,, Computer’’s storage capaciity,, Weakness iin Operatiing System,, Lack off Awareness off user
Types of Cyber Crimes
Hacking Virus Dissemination Net Extortion Phising Threatening Salami Attack
Hacking
Hacking in simple terms means illegal intrusion into computers without permission of user.
Virus Dissemination
Malicious software that attaches to other software. (virus,worms,trojan horse,time bomb,logic bomb,Rabbit and bacterium are malicious softwares )
Net Extortion
Copying the company’’s confidential data in order to extort said company for huge amount..
Phishing
It is technique of pulling out confidential information from the bank/financial institutional account holders by deceptive means
Threatening
The criminal sents the threatning emails or comes in contact in chat rooms with victim.
(Anyone disgruntled may do this with boss,friend,official)
Salami Attack
In this crime criminal make such insignificant changes in such manner that’d go unnoticed.
Criminals make such program that deducts Rs 2.50 from A/c of all customer and deposit the same in his A/c.In such case no customer will approach bank for such small amount but they gain a huge.