CSCE 181 Guest Lecture 2

From Notes
Jump to navigation Jump to search

« previous | Thursday, February 17, 2011 | next »


Dr. Guofei Gu: Networking Security

CSCE 465 "Computer & Network Security Spring 2012" Is your computer secure? Are you sure?

CSO can't even be sure (especially if using MS Windows)

Denial of Service Attack

Blocking out users from using a website

Rerouting

Data packets sent through a single route into pakistan

Other Malware

  • 95% spam email traffic: 200 billion per day
  • Phishing attacks rose 13% to over 28,000
  • 294 hijacked brands

Twitter

Bug in API


All above are result of Botnets

Computers used to be targets, but now they're resources for profit

Supercomputers are single machines with thousands of cores

Storm

Malware (botnet) that sends spam email

Storm Worm has 1-10 million 2.8 GHz processors with petabytes of RAM

"25% of Internet PCs are part of a botnet" (Vint Cerf; father of the Internet)

Client "bots" are infected, they network to a C&C server, and ultimately to a Bot-master

Broken assumptions of Internet Security

  1. Internet infrastructure (DNS, BGP) is trustworthy
    more vulnerable than you think
  2. Computers with AV are secure
    not really
  3. Attackers are for fun and fame
    profit!
  4. Attackers have limited computing power
    almost unbounded power
  5. Attacks are isolated
    The network has you, neo!


Security Basics

Security is the prevention of certain types of intentional actions from occurring. It is also a state of well-being in which the probability of attacks is kept low or tolerable

  • potential violations of security are threats
  • threats that succeeds in violating security are called attacks
  • attacks are carried out by an attacker
  • objects of attacks are assets

Basic Components

Confidentiality
keeping data hidden (privacy)
Authenticiity
identification of origin of information is assured
Integrity
prevention of data tampering
Availability
access to data and resources

Vulnerability

A systematic artifact that exposes the user, data, or system to a threat (buffer-overflow, WEP key leakage)

Sources:

  • Bad software or hardware
  • Bad design
  • Bad policy or configuration

Eavesdropping

Attack on confidentiality: unauthorized access to information

EX packet sniffers and wiretappers

packet sniffers: Wireshark, tcpdump (built-in command line)

Tampering

Attack on Integrity: stop flow of the message; delay and/or modify the message Rerouting through a middle-man

Fabrication

An intruder pretends to be a friend

Denial of Service

Attack on Availability:

  • Destroy hardware (Cutting wires) or software
  • Modify software using alias commands
  • Corrupt packets
  • Crash the server

Goals of Security

  • Prevention - stop attackers in the first place
  • Detection - detect current violations
  • Recovery - cover up violations with secure options
  • Survivability - continue computing as normal

How can we make our computer more secure?

  1. Prevent most threats.
  2. Detect threats that go through prevention
  3. React to threats that evade detection
Retrieved from "https://notes.komputerwiz.net/w/index.php?title=CSCE_181_Guest_Lecture_2&oldid=1184"