! "#$$ %$ $$! &'%$ Prof. Amir Herzberg. Last updated: Sunday, December 18, 2005
|
|
- Cornelius Reynold Austin
- 6 years ago
- Views:
Transcription
1 ! "#$$ %$ $$! &'%$ Last updated: Sunday, December 18, 2005 Prof. Amir Herzberg Computer Science Department, Bar Ilan University
2 "#$! %$ So far we considered attacks on the messages flowing thru the Net Spoofing, eavesdropping (intercepting / sniffing), Today attacks on hosts / networks: Intrusion attacks: gaining unauthorized access / control over host or network (and other `bug exploit attacks`) Denial Of Service (DoS) attacks: preventing host / network from providing (network) services, by exhausting resources The most common network attacks in practice Easier (or: harder to prevent no `end to end` solution) Many incentives for attackers Intrusion: unauthorized (malicious) use, ego, DoS: ego, hate, disrupt competitor/defenses,
3 # "#$! %$ Intrusions Intruders & Defenses Firewalls Malware, viruses Vulnerabilities and Intrusion Detection Denial Of Service (DOS) Syn Clogging Cookies, DOS and DDOS Broadcast and Echo (Smurf) DOS Attacks on Routing and Forwarding Traceback & Zombies
4 "#!$ Important, common threat! Insider: abuse by a person with authorized access to the system. Hacker: attack the via communication links (e.g. Internet). Malicious software (`MalWare`, Trojan horse, Virus): attack on the system by software running on it. Hacking Rule: Routine, everyday defenses are automated, weaker Try to avoid detection of attack!!
5 Intrusion Detection System (IDS) Blocking / Filtering Resiliency (and Proactive Recovery) Remote IDS Vulnerability Assessment Remote Logs Alert Sec Incident Response Team SW/Sys Audit, Testing Alert Reports Update Other IRT/ CERT Decoy IDS Alert Damage Detection and Recovery Remote Alert
6 ('$ )%(! "#$
7 (' *!
8 +% ( (' Basic firewall function, at host or gateway Firewall filters packets, based on Access Control List (ACL ), e.g.: ACL:= Rule ACL, Rule; Rule:= Selector Action; Action {Deny / Pass / Log / Alert / IPSec(p) / Tunnel(t) / } * Selector:= Field {=///>/ } Value Selector {AND/OR} Selector (Selector) Field { SrcIP, DstIP, SrcPort, DstPort, Protocol, Flags, ICMPType}, TTL, Length, Interface_in, Interface_out } Value { {0,1,*} 32, {0, 2 16 }, {TCP / UDP / ICMP }, {SYN / ACK / FIN / RST } *, {8(echo), }, {0, 255} * }
9 (',-.-$ /#$0 First: define a security policy, e.g.: Block incoming TCP connections Except to public servers more later Block some/all UDP and ICMP packets, some outgoing TCP Based on application (ports), source/destination, time Block known vulnerabilities and unnecessary services, e.g. chargen Block possible attacks from within, e.g. spam (SMTP): block port 25 Anti-spoofing filtering: egress (outgoing), incoming External packet with internal IP address, internal packet with external IP Block ports based on application (personal FW only) Block short `Transport header` fragments (or reconstruct) Log some/all traffic Alert (CERT/other firewall) on suspect By statistics or by `signature` (attack pattern) Goals: correctness, efficiency, simplicity Usually processed sequentially specific first
10 # +% ( Stateless filtering rules are limited E.g.: can t block TCP data packet Dropped by TCP if no connection exists Even if connection exists if seq# not in window But: waste resources of internal network and host Worse for UDP (no source port, seq#) [block UDP?] Solution: Stateful packet filtering, e.g.: Pass only `good` TCP packets (within limits) Pass only UDP responses (identify by ports) Advanced firewalls: state may depend on payload Or: an application-level gateway solution
11 1'2$ Packet-filter allows appl packets only via GW Application-aware GW or transparent tunneling GW does appl-aware filtering. processing Example: virus-scan!!"# "#!! $% "# & 1. Allow only GW (e.g. to send http, ftp, smtp, requests) 2. Client app configuration (http proxy, socks, ) or transparent tunneling by packet filter 3. Gateway runs virus-scanner on incoming files
12 ('! 34! 53 '( ) ( "! #!$ % $ "# SMTP WWW Intra DNS, WWW,. DNS ) (
13 ,$ -%! 5 One packet-filtering FW is enough Use separate network to prevent sniffing, spoofing Server-only DMZ: e.g. WWW, incoming SMTP Not allowed to initiate traffic Mixed DMZ: e.g. SMTP, DNS Web Proxy SMTP WWW Incoming SMTP Intra DNS, WWW,. DNS ) (
14 -$ ('$ Firewalls are very important, visible first (external) line of defense from Net But Firewalls cannot block all attacks In particular can t block unknown bug of useful application (e.g. Web) Also: hard to block bug even with application GW: Need special code for each appl, vulnerability Sometimes, only `application fix` is reasonable Example of `unsafe software` and exploits
15 6$ $' #$! 7 $ Buggy application/system software may allow adversary to gain control, info or damage Solutions: Use safe programming methods, tools Use code inspected, certified by experts Notice: typical `code-signing cert` only identifies the source! Filter input to detect, block exploitation Typical bugs/exploits: Buffer overflow Server scripting / injection Cross-Site Scripting (XSS)
16 )# ' 8#$ Bug: no limit to input buffer size Attacker sends oversized input Causes buffer overflow Input overwrite other variables eventually also machine code Goal: replace existing machine code with Attacker s Thereby allowing attacker to install code at victim machine Problem: attacker does not know where existing code begins Solution: attack code begins with many NOPs (no-operation) Attack Input input: buffer NOP NOPOther variables NOP NOP NOP NOPExisting code NOP NOP NOP <`real` attack code>
17 "9 %$ Vulnerability: sites assume input is all textual, concatenate it `as is` to SQL query or script Attacker sends input with control characters, modifying the query/script Query: select?user=`&name` Abuse: input to &name is x` OR 1=1 Resulting query: select?user=`x` OR 1=1 Always true (e.g. returns first name in DB) Many sites vulnerable, many ways to exploit Solutions: Sanitize inputs before using them Suspect attack upon input with control characters
18 ,$$.:0 %$ Vulnerability: sites allow attacker to send scripts, controls to user (browser) Inject script/controls e.g. by `File <filename> not found` Browser thinks this is code from server As JavaScript, VBscript, as <META> tag, Script may modify page, e.g. make it appear as login page May collect information from form, send to attacker May install or expose cookie And more Many sites vulnerable, many variants
19 4 -$ ('$ IP spoofing: router can t know if data really comes from claimed source Packet filtering is quite limited Can t understand app Can t identify initiator in UDP (disallow UDP traffic?) Gateways are hard No general rule: many app have unique vulnerabilities, need special gateway code New vulnerabilities exposed rapidly Can t filter encrypted traffic (SSL, IPSec, ) May use MITM SSL proxy (decrypt-scanencrypt) Insider attacks
20 (' "$ "$!$; <9$= & '& A corrupted internal PC (Trojan) can bypass firewalls: Initiate communication from inside Use port-spoofing or encapsulation to hide protocol Also application-spoofing to avoid local firewall (e.g. ZoneAlarm) Hide, encode `current attacker address` e.g. in public site Encrypt if firewall scans content (e.g. for known viruses) Use internal PC to `sniff`: passwords, port #, seq #... Firewall monitors statistics to limit traffic use multiple internal addresses to foil statistics, sniffing to pick up replies Other Trojans can be blocked / detected by firewall
21 >!$ % $ Prevent insider from sending\accessing information Content filtering (human, automated) and archival Often: prohibit & block encrypted traffic Attacker may use `covert channels` (stenography): Hide in image, text, etc. Random numbers (e.g. in authentication protocol), Timing Crypto-protocols w/o `covert (subliminal) channel` E.g. signing (for nuclear arms treaty inspections) Internet protocols with minimal covert channels Warden filtering at firewall active research, is it practical? & '& #
22 # "#$! %$ Intrusions Intruders & Defenses Firewalls Malware, viruses Vulnerabilities and Intrusion Detection Denial Of Service (DOS) Syn Clogging Cookies, DOS and DDOS Broadcast and Echo (Smurf) DOS Attacks on Routing and Forwarding Traceback & Zombies
23 "$!.0 % 8#$$! 34'3 Malware: Malicious Software Goals: Trojan, Spyware, Adware, Spamware, Distribution: by user (bacteria), by instance in program and add to another (virus), by instance in one computer copied to another (worm), Execution: as object code; as macro/script; by user or automatically (e.g. by browser). Reality: most users, PCs are easily `infected` Protection? Easy and impossible
24 + $ 34'3 Hoax, Bacteria: User (and sys-admin) awareness Proper warning by UI Filtering of known/suspect Worms Ideally: use secure OS, firewall to prevent & detect Worms scan for target (victim) machines avoid being target Hide IP address of internal servers / machines (using NAT) Stateful firewall: identify & block scan attempts (e.g. on DMZ) Restrict access to public servers (e.g. only TCP, no UDP) Prevent servers in DMZ from connecting outside (infecting) Trojans, Viruses: Detection vs. Prevention?
25 8#$$ #? Detection is computationally infeasible Identify malicious programs / viruses Identify programs that erase the disk, etc. Identify programs that may output programs Given programs P and Q, was Q output of P? Prevention could be easy with secure OS: Separation between `kernel` and `user` modes `User` mode apps use `kernel` API service Tricky part restrict outcome of `kernel` calls Restrict application operations (access control) Can t change OS, gain `kernel` mode, etc. Can t access data of other app, format disk, communicate Java: very limited `sandbox` for untrusted applets on JVM Use only signed, certified software Certification of identity (accountability) or of content (CVC)
26 + $ 8#$$ Scan for known viruses (in PC, gateway, mail server) Problem: new viruses? Mutating (changing) viruses? Answer: try to detect mutating viruses by running them in `sandbox` and then scanning But: virus can mutate only randomly, on certain date/event, after much time or after some action, defeating scan. Prevent/detect changes to executables Problem: what about legitimate changes (e.g. by compiler)? Answer: most users never/rarely legitimately change But: prevention/detection not available in popular OS And: hard to add; harder to prevent virus from disabling Better: store OS, apps in read-only storage Periodical (proactive) re-installation of executables Preferably automated from read-only storage (e.g. CD-ROM) Usually managed by operator/server over network
27 ' <9$? Dumb Trojan horses: use fixed port/pattern If listen - easy to block, attacker needs to scan to find it If sending - easy to detect use specific ports, patterns Published, `Readymade` Trojans: identify by `signature` Smart Trojans Act as http clients / browser, no fixed pattern / port Communicate back via `random` computer/server Attacker posts `talkback` IP address in public forums Even when mechanism is known, can t identify post Custom-built, very hard to identify Especially if not acting as virus/worm Don t let it inside `Trusted Computing Base`! Block new/suspect servers, with manual override
28 , %$ Malicious Software (e.g. Virus) Hacking (network attack) Penetration Often Easy May be hard Adversary Control Hard Easy Typical attack: Inject malware to victim organization (by Virus, Trojan) Virus initiates communication back to Adversary (over Firewall) Adversary now has access to internal network and hacks it
29 #2 3)# >3 Reality: insecure computers, OS, negligent users Virus/Malware can expose keys, disable security mechanisms Put security functions in external, dedicated device Authentication and encryption/decryption keys Filtering (access control, firewall, egress) Monitoring, log of events Management (updates, monitoring of PC, support) Use crypto (e.g. IP-Sec, SSL) to secure management of device Optionally: device appears as `drive` of computer (PC) E.g. PC `boots` from the device via USB port $ + Boot src:b dest:a,-. payload *
30 # "#$! %$ Intrusions Intruders & Defenses Firewalls Malware, viruses Vulnerabilities and Intrusion Detection Denial Of Service (DOS) Syn Clogging Cookies, DOS and DDOS Broadcast and Echo (Smurf) DOS Attacks on Routing and Forwarding Traceback & Zombies
31 8#2 $$$$ 2$$ Intrusion Detection System (IDS) Blocking / Filtering Remote IDS Vulnerability Assessment CERT (Central Emergency Response Team) Reality: many security `holes`; exploited (mostly) after announced E.g. Blaster: 200,000 infection (8/2003), patch available for almost a month Too many vulnerabilities, patches for manual administration, penetration testing Monthly testing/scanning may have failed to stop Blaster `Hot` area (Gartner: most important security technology) Recommend: announce fix (disabling!) before announcing problem/patch Allows fix announcements by non-manufacturer experts VA system: detect known vulnerabilities, install (only) needed patches/updates/fix Automated, frequent update, install and scan (daily?) Problem: how to decide which updates/patches to install? Signed patch/fix, with identity and/or attribute certificates (define policy!) Problem: system reliability after patches (test/production???) Recommended: pre-defined graceful disable plan
32 "#$ 2$$ Intrusion Detection System (IDS) Blocking / Filtering Remote IDS Vulnerability Assessment CERT (Central Emergency Response Team) Goal: detect attack, alert CERT, VA, remote IDS, and maintain logs Detect known attack `signatures` (patterns) Signatures provided by CERT (secure how?) Detect other attacks heuristics, statistics Critical: low false positive rate (or: ignored by sys-admin) Sensitivity level set by CERT, alerts from remote IDS Consists of multiple IDS monitors, one or few IDS managers Exercise: how to authenticate communication between IDS manager, IDS monitors, CERT and remote IDS? Need `keep alive` to detect disconnection/disabling attacks
33 "#$ Identify known attack patterns (`signatures`) Attack patterns identified by operator Or sent from trusted source (e.g. CERT) authenticate! Identify access to `decoy` files, machines Detect unusual activity (statistical detection) Once attack is detected: Raise alarm to local administrator, CERT Block suspected / non-critical activities Counter-attack? tempting, but Attack may unintentionally damage third party Source of attack is often a victim (framed / broken) Serious attacker will be prepared much harder to attack Liability, ethics, exposure of techniques Identify source of attack (trace-back)
34 <%!2 % $# Problem: attack packets use fake source IP hide source of attack Prevent IP-spoofing: Sites should do egress filtering (in router) Authenticate source IP of locally-generated packets ISPs should do egress + ingress filtering Authenticate source IP of packets from customer Authenticate packets e.g. with IP-Sec ISPs rarely do any of these (performance/benefit) Traceback (when IP spoofing is possible) Random, active trace-back information from routers, or Request-based trace-back info from routers, or `Tricks` (unmodified routers), e.g. hop-count (TTL)
35 % ' 5$ Attacker uses multiple controlled machines (`Zombies`): To hide origin of attack / communication To foil defenses; e.g. avoid statistical detection of attack Denial of Service (later) Capture Zombies: Malware (virus etc.) Known vulnerabilities To identify attacker: Analyze Malware Attacker (Eve) Super- ZombieA Super- ZombieB Analyze (identified) Zombie messages Zombie1 Zombie2 Zombie3 Zombie4 Zombie5 Use statistics, load, known signatures, decoys Vic ( (
36 ' %$ + 5$ Threat to hacker: exposure of (Super)Zombie Exposure of Attacker / Super-Zombie Subordinate Zombies Solution: Limit information in Super Zombies: Segregation Super-Zombie keeps only one key, no other data Identities, Zombie-keys sent (encrypted) to Super-Zombie Preventing trace-back from Zombie: Spoofed source address in command from Super-Zombie Anonymous posting Public anonymizers
37 2! < +$ Detect who talks to / buys from whom Prevent by aliasing, communicating via anonymizers Overhead; mainly for Gateway may delay, modify communication to prevent identification by timing, length etc. Use multiple gateways for added security Eve An (Anonymizer) Don Alice An An Bob Bob
38 2#$ $ Anonymizers may be traced back (subpoena) Alternative: post in one of the Net s public forums Semi-anonymous, short-term storage Using noisy medium to secure, hide messages Can t even detect message was sent / received Each posting appears innocent cf. to stenography, GPS Destination samples forums (medium), detects msgs Delayed action (so traces disappear, correlation hard) Use MAC to identify MAC k (msg) `Good` Applications: battlefield communication, hidden sensor network, privacy (e.g. ID tags)
39 + <% Anonymous posting Public anonymizers Spoofed source address Spoofed address Attacker (Eve) Easy but allows IP trace-back Special `public anonymizer Spoofed IP address Easy for Eve to initiate Super- ZombieA Super- ZombieB Firewall should block incoming connections Zombie1 Zombie2 Zombie3 Zombie4 Zombie5 Harder for public servers in DMZ (ongoing work) Spoofing reply/connection: only MITM adversary Vic (#
40 # "#$! %$ Intrusions Intruders & Defenses Firewalls Malware, viruses Vulnerabilities and Intrusion Detection Denial of Service (DoS) Syn Clogging Cookies, DoS and DDoS Broadcast and Echo (Smurf) DoS Attacks on Routing and Forwarding Traceback & Zombies
41 %$ Attacker tries to disconnect communication or exhaust resources of host / server / router / user While wasting less resources (attacker usually weaker!) Resources include: Time (user s spam!), Computations (CPU time) Bandwidth (queue in router, token/frequency in MAC layer, ) Storage (e.g. for state of requests/connections) Open TCP connections
42 $ % +%, Sending excessive number of packets / requests Solution: when under attack Accept (new) packets/requests only from trusted sources Limit resource-use for each existing connection/source Problem: attacker use spoofed source IP address Solutions: For spoofing (not MITM) adversary: TCP handshake Identify packets of connection (no SYN, correct port, seq#) Spoofed packets discarded by TCP or by (smart) firewall For delayed-eavesdrop adversary `port hopping` Works (also) for UDP For MITM adversary: IP-Sec or TCP MD5 (MAC) extension
43 <,+ A& (! % A spoofing (not MITM) attack on TCP handshake Victim: a server accepting connections from Internet E.g. web server Attack: exhaust number of open TCP connections Limited to 10s to several thousand connections (depending on hardware, operating system) Which is why Servers `never` keep open connections In TCP session teardown, server closes fast (client waits) SYN flooding attack: attacker (as client) sends `SYN` flow (open connection); server waits
44 A&!.0 % Recall TCP connection setup process Spoofing Adversary sends many SYN requests (using different client IP addresses), no ACK Uses up server s capacity for open connections Q: what about intercepting (MITM) adversary? Server SYN with fake IP source address Hacker Sends SYN-ACK and waits
45 A&!,#$#$ Several ideas: SYN-cache, random drop, SYN-cookies [ Server initial TCP seq# = client s seq# + top 5 bits: t mod 32, where t counts minutes; next 3 bits: identifies one of 8 Max-Segment-Sizes bottom 24 bits: MAC k (clnip,clnport,srvip,srvport,t) Prove spoofing req O(2 24 ) guesses (assume MAC is PRF) Accept SYN even if table is full, simply don t keep state reconstruct using cookie (seq#) Shipped with Linux and FreeBSD
46 ,%$! %$ In general, cookies against spoofing adversary: MAC k (clnip,clnport,srvip,srvport,t) `Hashcash` cookies against intercepting adversary: Request w/o cookie: server sends back the cookie Idea: client `pays` for server resources, cookie is proof Example: cookie=x s.t. h(x, req, time)=*00000 But: recall attacker can use many Zombies Distributed Denial of Service (DDoS) Attack Also: attacker may simply send many requests by echo and broadcast amplification attacks Attacker Super- ZombieA Super- ZombieB Zombie1 Zombie2 Zombie3 Zombie4 Zombie5 Bob (victim)
47 )!$! B %$ IP convention: xx.xx.xx.255 broadcast Amplification Attack Abuse: Reach many computers with one broadcast% Waste more resources by making them echo Worse: use spoofed source IP address of `echo victim`, flooded by replies from `broadcast victims` Low-bandwidth source can kill high-bandwidth connections Third party hosts unwittingly aid attack a bit like Zombies% but without controlling them (yet)!
48 C#D*! B % ",4+ ICMP echo (spoofed source address of victim) Sent to IP broadcast address ICMP echo reply Internet Attacker Echo Victim Broadcast Victims
49 + %$ Prevent attacks from/via your network : Apply filters to each customer network Apply filters to packets `bypassing` thru your Net Prevent being a broadcast victim ()bounce site*): Turn off directed broadcasts to networks Default in new routers Filter (drop) incoming ICMP echo requests Configure hosts to not reply to broadcast ICMP echo Prevent being an echo victim% Filter out ICMP echo replies, other known attacks Connect only to `filtering routers/networks/isps`
50 /$$ %$ Sufficient capacity, redundancy Multiple sites (distribution network) This is hard: insecure computers, viruses and Trojans distributed by spam, spam generated from zombies, a vicious cycle! Identify and filter attack packets (by `attack pattern/signature`) Identify source, use ingress filtering Network of DOS-resistant routers/isps Requires DOS-resistant routing and forwarding Next topic
51 # "#$! %$ Intrusions Intruders & Defenses Firewalls Malware, viruses Vulnerabilities and Intrusion Detection Denial Of Service (DOS) Syn Clogging Cookies, DOS and DDOS Broadcast and Echo (Smurf) DOS-Resistant Routing and Forwarding Traceback & Zombies
52 %$ /#! ('! DOS attacks can focus on host, network, gateway (firewall) or router/routing Router/routing attacks May go unnoticed (`silent disconnect`) May be easier (attack any router; TCP sensitivity to loss) Are on router routing or on forwarding functions Routing attacks: cause bad routing By spoofing router messages: prevent by auth By broken router: easy in theory, but BGP is robust Due to sending policies, limited topology Theoretical solutions also Distributed Algorithms course Or: disable routing completely How?
53 <,+ $ % )1+ TCP disconnects a connection if it receives RST/SYN packets with seq# (32 bits) in window TCP Disconnection Attack requires: Know/guess IP addresses and ports Server port and IP often known, source port & IP sometimes Some protocols (e.g. BGP) use fixed source port (179) Long-lived and critical connection over TCP Using large window (as in fast, reliable link with large RTT) Some claim this holds for Border Gateway Protocol (BGP) But does it (need to) use a very large window? And: prevent by proper filtering rules in BGP router Other spoofing-dos attacks on BGP, e.g. insert bad route Solutions: Use IP-Sec or TCP MD5 Option [RFC2385] Use ONLY TTL=255 on BGP packets (since they are one hop)
54 /#$ (! +!!,$ Robust (limited) bandwidth - no packet drop due to congestion Emergency and recovery applications Routing protocol itself (`Robust flooding`, [Perlman88]) How? Reserve one buffer for each <task,host> Hosts sign (numbered/dated) messages using special task key Can co-exist with `regular` routers But `regular` bandwidth still subject to DDOS Flooding is expensive Can we forward packets along efficient route? Router D Secure - Router A Router C Secure Router B Secure Router E Secure Router F
55 ./#0 ('! (#$ Suppose attacker controls router in path Or: performs DOS attack on router (overload it) Forwarding fault: router simply drops packets! Currently: no detection/fix (silent disconnection) TCP: only end-to-end detection Also: after O(n TIMEOUT), not O(n DELAY+f TIMEOUT) Ack from every router along route [Perlman88] O(n 2 ) acks substantial overhead Ack intervals [HK] O(n log (n)) acks, but requires state in routers Research problems Make Ack intervals practical for ongoing connections More efficient authentication - randomly verify filtering by upstream routers
56 #2,#$#$ Filter suspected packets Based on known attack signatures (profile) Based on statistics, heuristic identification of attack Src-IP reported by servers (e.g. listen queue, random) Extend to whole prefixes if necessary Cookies: spend resources only if client did Trace-back to source of DOS attack (most likely an innocent, compromised machine) Maintain secure connections operative even when other connections are clogged Router network doing authentication and filtering Minimal guaranteed capacity for special hosts and (emergency, recovery) applications
57 ,#$ TCP/IP designed to survive host/router crash, but No built-in authentication and confidentiality mechanisms Spoofing is easy Most connected hosts are insecure Potential for many zombies Vulnerable to DOS (esp. DDoS) attacks Including user-level DoS i.e. spam!!
Network Security. Thierry Sans
Network Security Thierry Sans HTTP SMTP DNS BGP The Protocol Stack Application TCP UDP Transport IPv4 IPv6 ICMP Network ARP Link Ethernet WiFi The attacker is capable of confidentiality integrity availability
More informationDistributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013
Distributed Systems 27. Firewalls and Virtual Private Networks Paul Krzyzanowski Rutgers University Fall 2013 November 25, 2013 2013 Paul Krzyzanowski 1 Network Security Goals Confidentiality: sensitive
More informationChapter 8 roadmap. Network Security
Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity 8.4 Securing e-mail 8.5 Securing TCP connections: SSL 8.6 Network layer security: IPsec 8.7 Securing
More informationChair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 8 System Vulnerabilities and Denial of Service Attacks System Vulnerabilities and
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 18: Network Attacks Department of Computer Science and Engineering University at Buffalo 1 Lecture Overview Network attacks denial-of-service (DoS) attacks SYN
More informationOur Narrow Focus Computer Networking Security Vulnerabilities. Outline Part II
Our Narrow Focus 15-441 15-441 Computer Networking 15-641 Lecture 22 Security: DOS Peter Steenkiste Fall 2016 www.cs.cmu.edu/~prs/15-441-f16 Yes: Creating a secure channel for communication (Part I) Protecting
More informationDenial of Service (DoS)
Flood Denial of Service (DoS) Comp Sci 3600 Security Outline Flood 1 2 3 4 5 Flood 6 7 8 Denial-of-Service (DoS) Attack Flood The NIST Computer Security Incident Handling Guide defines a DoS attack as:
More informationData Communication. Chapter # 5: Networking Threats. By: William Stalling
Data Communication Chapter # 5: By: Networking Threats William Stalling Risk of Network Intrusion Whether wired or wireless, computer networks are quickly becoming essential to everyday activities. Individuals
More informationDistributed Systems. 29. Firewalls. Paul Krzyzanowski. Rutgers University. Fall 2015
Distributed Systems 29. Firewalls Paul Krzyzanowski Rutgers University Fall 2015 2013-2015 Paul Krzyzanowski 1 Network Security Goals Confidentiality: sensitive data & systems not accessible Integrity:
More informationInternet Protocol and Transmission Control Protocol
Internet Protocol and Transmission Control Protocol CMSC 414 November 13, 2017 Internet Protcol Recall: 4-bit version 4-bit hdr len 8-bit type of service 16-bit total length (bytes) 8-bit TTL 16-bit identification
More informationApplied IT Security. System Security. Dr. Stephan Spitz 6 Firewalls & IDS. Applied IT Security, Dr.
Applied IT Security System Security Dr. Stephan Spitz Stephan.Spitz@de.gi-de.com Overview & Basics System Security Network Protocols and the Internet Operating Systems and Applications Operating System
More informationInternet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.
Internet Layers Application Application Transport Transport Network Network Network Network Link Link Link Link Ethernet Fiber Optics Physical Layer Wi-Fi ARP requests and responses IP: 192.168.1.1 MAC:
More informationHacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK
Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for
More informationNetworking Security SPRING 2018: GANG WANG
Networking Security SPRING 2018: GANG WANG About the Midterm Close book; Close notes; Close computer/phone/calculator; No cheat sheet. You are NOT allowed to leave the room during the exam There are 6
More informationOur Narrow Focus Computer Networking Security Vulnerabilities. IP-level vulnerabilities
Our Narrow Focus 15-441 15-441 Computer Networking 15-641 Lecture 22 Security: DOS Peter Steenkiste Fall 2014 www.cs.cmu.edu/~prs/15-441-f14 Yes: Creating a secure channel for communication (Part I) Protecting
More informationChapter 7. Denial of Service Attacks
Chapter 7 Denial of Service Attacks DoS attack: An action that prevents or impairs the authorized use of networks, systems, or applications by exhausting resources such as central processing units (CPU),
More informationEthical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities
Ethical Hacking and Countermeasures: Web Chapter 3 Web Application Vulnerabilities Objectives After completing this chapter, you should be able to: Understand the architecture of Web applications Understand
More informationLecture 12. Application Layer. Application Layer 1
Lecture 12 Application Layer Application Layer 1 Agenda The Application Layer (continue) Web and HTTP HTTP Cookies Web Caches Simple Introduction to Network Security Various actions by network attackers
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 20: Intrusion Prevention Department of Computer Science and Engineering University at Buffalo 1 Lecture Overview Firewalls purpose types locations Network perimeter
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 3 Protecting Systems Objectives Explain how to harden operating systems List ways to prevent attacks through a Web browser Define
More informationComputer Security. 12. Firewalls & VPNs. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 12. Firewalls & VPNs Paul Krzyzanowski Rutgers University Spring 2018 April 15, 2018 CS 419 2018 Paul Krzyzanowski 1 Conversation Isolation: Network Layer Virtual Private Networks (VPNs)
More information20-CS Cyber Defense Overview Fall, Network Basics
20-CS-5155 6055 Cyber Defense Overview Fall, 2017 Network Basics Who Are The Attackers? Hackers: do it for fun or to alert a sysadmin Criminals: do it for monetary gain Malicious insiders: ignores perimeter
More informationCSc 466/566. Computer Security. 18 : Network Security Introduction
1/81 CSc 466/566 Computer Security 18 : Network Security Introduction Version: 2012/05/03 13:57:28 Department of Computer Science University of Arizona collberg@gmail.com Copyright c 2012 Christian Collberg
More informationNetwork Security. Tadayoshi Kohno
CSE 484 (Winter 2011) Network Security Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for sample slides and materials...
More informationECE 435 Network Engineering Lecture 23
ECE 435 Network Engineering Lecture 23 Vince Weaver http://web.eece.maine.edu/~vweaver vincent.weaver@maine.edu 30 November 2017 HW#11 will be posted Announcements Don t forget projects next week Presentation
More informationNetwork Security. Chapter 0. Attacks and Attack Detection
Network Security Chapter 0 Attacks and Attack Detection 1 Attacks and Attack Detection Have you ever been attacked (in the IT security sense)? What kind of attacks do you know? 2 What can happen? Part
More informationSANS SEC504. Hacker Tools, Techniques, Exploits and Incident Handling.
SANS SEC504 Hacker Tools, Techniques, Exploits and Incident Handling http://killexams.com/exam-detail/sec504 QUESTION: 315 Which of the following techniques can be used to map 'open' or 'pass through'
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Intrusion Detection Systems Intrusion Actions aimed at compromising the security of the target (confidentiality, integrity, availability of computing/networking
More informationCTS2134 Introduction to Networking. Module 08: Network Security
CTS2134 Introduction to Networking Module 08: Network Security Denial of Service (DoS) DoS (Denial of Service) attack impacts system availability by flooding the target system with traffic or by exploiting
More informationComputer Security and Privacy
CSE P 590 / CSE M 590 (Spring 2010) Computer Security and Privacy Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for
More informationUnit 4: Firewalls (I)
Unit 4: Firewalls (I) What is a firewall? Types of firewalls Packet Filtering Statefull Application and Circuit Proxy Firewall services and limitations Writing firewall rules Example 1 Example 2 What is
More informationECE 435 Network Engineering Lecture 23
ECE 435 Network Engineering Lecture 23 Vince Weaver http://web.eece.maine.edu/~vweaver vincent.weaver@maine.edu 4 December 2018 Announcements HW#9 graded Don t forget projects next week Presentation schedule
More informationTCP Overview Revisited Computer Networking. Queuing Disciplines. Packet Drop Dimensions. Typical Internet Queuing. FIFO + Drop-tail Problems
TCP Overview Revisited TCP modern loss recovery 15-441 Computer Networking Other Transport Issues, Attacks and Security Threats, Firewalls TCP options TCP interactions TCP modeling Workload changes TCP
More informationApplication Firewalls
Application Moving Up the Stack Advantages Disadvantages Example: Protecting Email Email Threats Inbound Email Different Sublayers Combining Firewall Types Firewalling Email Enforcement Application Distributed
More informationELEC5616 COMPUTER & NETWORK SECURITY
ELEC5616 COMPUTER & NETWORK SECURITY Lecture 17: Network Protocols I IP The Internet Protocol (IP) is a stateless protocol that is used to send packets from one machine to another using 32- bit addresses
More informationCOMPUTER NETWORK SECURITY
COMPUTER NETWORK SECURITY Prof. Dr. Hasan Hüseyin BALIK (7 th Week) 7. Denial-of-Service Attacks 7.Outline Denial of Service Attacks Flooding Attacks Distributed Denial of Service Attacks Application Based
More informationComputer and Network Security
CIS 551 / TCOM 401 Computer and Network Security Spring 2009 Lecture 8 Announcements Plan for Today: Networks: TCP Firewalls Midterm 1: One week from Today! 2/17/2009 In class, short answer, multiple choice,
More informationLecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005
Firewalls Lecture 33 Security April 15, 2005 Idea: separate local network from the Internet Trusted hosts and networks Intranet Firewall DMZ Router Demilitarized Zone: publicly accessible servers and networks
More informationInt ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28
Int ernet w orking Internet Security Literature: Forouzan: TCP/IP Protocol Suite : Ch 28 Internet Security Internet security is difficult Internet protocols were not originally designed for security The
More informationNIP6000 Next-Generation Intrusion Prevention System
NIP6000 Next-Generation Intrusion Prevention System Thanks to the development of the cloud and mobile computing technologies, many enterprises currently allow their employees to use smart devices, such
More informationLast lecture we talked about how Intrusion Detection works. Today we will talk about the attacks. Intrusion Detection. Shell code
4/25/2006 Lecture Notes: DOS Beili Wang Last lecture we talked about how Intrusion Detection works. Today we will talk about the attacks. Intrusion Detection Aps Monitor OS Internet Shell code Model In
More informationConfiguring attack detection and prevention 1
Contents Configuring attack detection and prevention 1 Overview 1 Attacks that the device can prevent 1 Single-packet attacks 1 Scanning attacks 2 Flood attacks 3 TCP fragment attack 4 Login DoS attack
More informationInternetwork Expert s CCNA Security Bootcamp. Common Security Threats
Internetwork Expert s CCNA Security Bootcamp Common Security Threats http:// Today s s Network Security Challenge The goal of the network is to provide high availability and easy access to data to meet
More informationSecurity+ Guide to Network Security Fundamentals, Fourth Edition. Network Attacks Denial of service Attacks
Security+ Guide to Network Security Fundamentals, Fourth Edition Network Attacks Denial of service Attacks Introduction: What is DoS? DoS attack is an attempt (malicious or selfish) by an attacker to cause
More informationCOMPUTER NETWORK SECURITY
COMPUTER NETWORK SECURITY Prof. Dr. Hasan Hüseyin BALIK (9 th Week) 9. Firewalls and Intrusion Prevention Systems 9.Outline The Need for Firewalls Firewall Characterictics and Access Policy Type of Firewalls
More informationHP High-End Firewalls
HP High-End Firewalls Attack Protection Configuration Guide Part number: 5998-2650 Software version: F1000-A-EI&F1000-S-EI: R3721 F5000: F3210 F1000-E: F3171 Firewall module: F3171 Document version: 6PW101-20120719
More informationFirewalls and NAT. Firewalls. firewall isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others.
Firews and NAT 1 Firews By conventional definition, a firew is a partition made of fireproof material designed to prevent the spread of fire from one part of a building to another. firew isolates organization
More informationNetwork Security. Evil ICMP, Careless TCP & Boring Security Analyses. Mohamed Sabt Univ Rennes, CNRS, IRISA Thursday, October 4th, 2018
Network Security Evil ICMP, Careless TCP & Boring Security Analyses Mohamed Sabt Univ Rennes, CNRS, IRISA Thursday, October 4th, 2018 Part I Internet Control Message Protocol (ICMP) Why ICMP No method
More informationCSC 4900 Computer Networks: Security Protocols (2)
CSC 4900 Computer Networks: Security Protocols (2) Professor Henry Carter Fall 2017 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message Integrity 8.4 End point Authentication
More informationAccess Controls. CISSP Guide to Security Essentials Chapter 2
Access Controls CISSP Guide to Security Essentials Chapter 2 Objectives Identification and Authentication Centralized Access Control Decentralized Access Control Access Control Attacks Testing Access Controls
More informationChapter 9. Firewalls
Chapter 9 Firewalls The Need For Firewalls Internet connectivity is essential Effective means of protecting LANs Inserted between the premises network and the Internet to establish a controlled link however
More informationDistributed Denial of Service (DDoS)
Distributed Denial of Service (DDoS) Defending against Flooding-Based DDoS Attacks: A Tutorial Rocky K. C. Chang Presented by Adwait Belsare (adwait@wpi.edu) Suvesh Pratapa (suveshp@wpi.edu) Modified by
More informationIntruders. significant issue for networked systems is hostile or unwanted access either via network or local can identify classes of intruders:
Intruders significant issue for networked systems is hostile or unwanted access either via network or local can identify classes of intruders: masquerader misfeasor clandestine user varying levels of competence
More informationInternet Security: Firewall
Internet Security: Firewall What is a Firewall firewall = wall to protect against fire propagation More like a moat around a medieval castle restricts entry to carefully controlled points restricts exits
More informationTOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS
TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS 1 Introduction Your data and infrastructure are at the heart of your business. Your employees, business partners, and
More informationFirewalls N E T W O R K ( A N D D ATA ) S E C U R I T Y / P E D R O B R A N D Ã O M A N U E L E D U A R D O C O R R E I A
Firewalls N E T W O R K ( A N D D ATA ) S E C U R I T Y 2 01 6 / 2 017 P E D R O B R A N D Ã O M A N U E L E D U A R D O C O R R E I A Slides are based on slides by Dr Lawrie Brown (UNSW@ADFA) for Computer
More informationCS System Security 2nd-Half Semester Review
CS 356 - System Security 2nd-Half Semester Review Fall 2013 Final Exam Wednesday, 2 PM to 4 PM you may bring one 8-1/2 x 11 sheet of paper with any notes you would like no cellphones, calculators This
More informationComputer Network Vulnerabilities
Computer Network Vulnerabilities Objectives Explain how routers are used to protect networks Describe firewall technology Describe intrusion detection systems Describe honeypots Routers Routers are like
More informationConfiguring attack detection and prevention 1
Contents Configuring attack detection and prevention 1 Overview 1 Attacks that the device can prevent 1 Single-packet attacks 1 Scanning attacks 2 Flood attacks 3 TCP fragment attack 4 Login DoS attack
More informationBasic Concepts in Intrusion Detection
Technology Technical Information Services Security Engineering Roma, L Università Roma Tor Vergata, 23 Aprile 2007 Basic Concepts in Intrusion Detection JOVAN GOLIĆ Outline 2 Introduction Classification
More informatione-commerce Study Guide Test 2. Security Chapter 10
e-commerce Study Guide Test 2. Security Chapter 10 True/False Indicate whether the sentence or statement is true or false. 1. Necessity refers to preventing data delays or denials (removal) within the
More informationDenial of Service. Serguei A. Mokhov SOEN321 - Fall 2004
Denial of Service Serguei A. Mokhov SOEN321 - Fall 2004 Contents DOS overview Distributed DOS Defending against DDOS egress filtering References Goal of an Attacker Reduce of an availability of a system
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 8 Denial of Service First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Denial of Service denial of service (DoS) an action
More informationChapter 10: Denial-of-Services
Chapter 10: Denial-of-Services Technology Brief This chapter, "Denial-of-Service" is focused on DoS and Distributed Denial-of-Service (DDOS) attacks. This chapter will cover understanding of different
More informationApplication Security through a Hacker s Eyes James Walden Northern Kentucky University
Application Security through a Hacker s Eyes James Walden Northern Kentucky University waldenj@nku.edu Why Do Hackers Target Web Apps? Attack Surface A system s attack surface consists of all of the ways
More informationFlashback.. Internet design goals. Security Part One: Attacks and Countermeasures. Why did they leave it out? Security Vulnerabilities
Flashback.. Internet design goals Security Part One: Attacks and Countermeasures 15-441 With slides from: Debabrata Dash,Nick Feamster, Vyas Sekar 15-411: F08 security 1 1. Interconnection 2. Failure resilience
More informationR (2) Implementation of following spoofing assignments using C++ multi-core Programming a) IP Spoofing b) Web spoofing.
R (2) N (5) Oral (3) Total (10) Dated Sign Experiment No: 1 Problem Definition: Implementation of following spoofing assignments using C++ multi-core Programming a) IP Spoofing b) Web spoofing. 1.1 Prerequisite:
More informationDan Boneh, John Mitchell, Dawn Song. Denial of Service
Dan Boneh, John Mitchell, Dawn Song Denial of Service What is network DoS? Goal: take out a large site with little computing work How: Amplification Small number of packets big effect Two types of amplification
More informationCSC 574 Computer and Network Security. TCP/IP Security
CSC 574 Computer and Network Security TCP/IP Security Alexandros Kapravelos kapravelos@ncsu.edu (Derived from slides by Will Enck and Micah Sherr) Network Stack, yet again Application Transport Network
More informationDenial of Service. EJ Jung 11/08/10
Denial of Service EJ Jung 11/08/10 Pop Quiz 3 Write one thing you learned from today s reading Write one thing you liked about today s reading Write one thing you disliked about today s reading Announcements
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.
More informationEthical Hacking and Prevention
Ethical Hacking and Prevention This course is mapped to the popular Ethical Hacking and Prevention Certification Exam from US-Council. This course is meant for those professionals who are looking for comprehensive
More informationINF3700 Informasjonsteknologi og samfunn. Application Security. Audun Jøsang University of Oslo Spring 2015
INF3700 Informasjonsteknologi og samfunn Application Security Audun Jøsang University of Oslo Spring 2015 Outline Application Security Malicious Software Attacks on applications 2 Malicious Software 3
More informationHackveda Training - Ethical Hacking, Networking & Security
Hackveda Training - Ethical Hacking, Networking & Security Day1: Hacking windows 7 / 8 system and security Part1 a.) Windows Login Password Bypass manually without CD / DVD b.) Windows Login Password Bypass
More informationACS-3921/ Computer Security And Privacy. Chapter 9 Firewalls and Intrusion Prevention Systems
ACS-3921/4921-001 Computer Security And Privacy Chapter 9 Firewalls and Intrusion Prevention Systems ACS-3921/4921-001 Slides Used In The Course A note on the use of these slides: These slides has been
More informationComputer Security Exam 3 Review. Paul Krzyzanowski. Rutgers University. Spring 2017
Computer Security 2017 Exam 3 Review Paul Krzyzanowski Rutgers University Spring 2017 April 18, 2018 CS 419 2017 Paul Krzyzanowski 1 Exam 3: Grade vs. Completion Time 5 Question 1 A high False Reject Rate
More informationNetwork Security: Firewall, VPN, IDS/IPS, SIEM
Security: Firewall, VPN, IDS/IPS, SIEM Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr What is a Firewall? A firewall is hardware, software, or a combination of both that is used to prevent unauthorized
More informationDrone /12/2018. Threat Model. Description. Threats. Threat Source Risk Status Date Created
Drone - 2 04/12/2018 Threat Model Description Threats Threat Source Risk Status Date Created Mobile Phone: Sensitive Data Leakage Smart Devices Mobile Phone: Session Hijacking Smart Devices Mobile Phone:
More informationCompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management
CompTIA Security+ Lecture Six Threats and Vulnerabilities Vulnerability Management Copyright 2011 - VTC Malware Malicious code refers to software threats to network and systems, including viruses, Trojan
More informationNETWORK SECURITY. Ch. 3: Network Attacks
NETWORK SECURITY Ch. 3: Network Attacks Contents 3.1 Network Vulnerabilities 3.1.1 Media-Based 3.1.2 Network Device 3.2 Categories of Attacks 3.3 Methods of Network Attacks 03 NETWORK ATTACKS 2 3.1 Network
More informationIntroduction to Security. Computer Networks Term A15
Introduction to Security Computer Networks Term A15 Intro to Security Outline Network Security Malware Spyware, viruses, worms and trojan horses, botnets Denial of Service and Distributed DOS Attacks Packet
More informationLast time. Security Policies and Models. Trusted Operating System Design. Bell La-Padula and Biba Security Models Information Flow Control
Last time Security Policies and Models Bell La-Padula and Biba Security Models Information Flow Control Trusted Operating System Design Design Elements Security Features 10-1 This time Trusted Operating
More informationThreat Pragmatics. Target 6/19/ June 2018 PacNOG 22, Honiara, Solomon Islands Supported by:
Threat Pragmatics 25-29 June 2018 PacNOG 22, Honiara, Solomon Islands Supported by: Issue Date: Revision: 1 Target Many sorts of targets: Network infrastructure Network services Application services User
More informationLecture 6. Internet Security: How the Internet works and some basic vulnerabilities. Thursday 19/11/2015
Lecture 6 Internet Security: How the Internet works and some basic vulnerabilities Thursday 19/11/2015 Agenda Internet Infrastructure: Review Basic Security Problems Security Issues in Routing Internet
More informationSingle Network: applications, client and server hosts, switches, access links, trunk links, frames, path. Review of TCP/IP Internetworking
1 Review of TCP/IP working Single Network: applications, client and server hosts, switches, access links, trunk links, frames, path Frame Path Chapter 3 Client Host Trunk Link Server Host Panko, Corporate
More informationn Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network
Always Remember Chapter #1: Network Device Configuration There is no 100 percent secure system, and there is nothing that is foolproof! 2 Outline Learn about the Security+ exam Learn basic terminology
More informationW is a Firewall. Internet Security: Firewall. W a Firewall can Do. firewall = wall to protect against fire propagation
W is a Firewall firewall = wall to protect against fire propagation Internet Security: Firewall More like a moat around a medieval castle restricts entry to carefully controlled points restricts exits
More informationComputer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks
Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition Chapter 3 Investigating Web Attacks Objectives After completing this chapter, you should be able to: Recognize the indications
More informationIntroduction to Computer Security
Introduction to Computer Security Instructor: Mahadevan Gomathisankaran mgomathi@unt.edu CSCE 4550/5550, Fall 2009 Lecture 7 1 Projects Groups Max 3 persons Topics Cryptography Network Security Program
More informationThe DNS. Application Proxies. Circuit Gateways. Personal and Distributed Firewalls The Problems with Firewalls
Network Security - ISA 656 Application Angelos Stavrou August 20, 2008 Application Distributed Why move up the stack? Apart from the limitations of packet filters discussed last time, firewalls are inherently
More informationCYBER ATTACKS EXPLAINED: PACKET SPOOFING
CYBER ATTACKS EXPLAINED: PACKET SPOOFING Last month, we started this series to cover the important cyber attacks that impact critical IT infrastructure in organisations. The first was the denial-of-service
More informationthis security is provided by the administrative authority (AA) of a network, on behalf of itself, its customers, and its legal authorities
INFRASTRUCTURE SECURITY this security is provided by the administrative authority (AA) of a network, on behalf of itself, its customers, and its legal authorities Goals * prevent or mitigate resource attacks
More informationOverview. Computer Network Lab, SS Security. Type of attacks. Firewalls. Protocols. Packet filter
Computer Network Lab 2017 Fachgebiet Technische Informatik, Joachim Zumbrägel Overview Security Type of attacks Firewalls Protocols Packet filter 1 Security Security means, protect information (during
More informationAN TOÀN LỚP 4: TCP/IP ATTACKS NGUYEN HONG SON PTITHCM
1 AN TOÀN LỚP 4: TCP/IP ATTACKS NGUYEN HONG SON PTITHCM 2 Introduction (1/2) TCP provides a full duplex reliable stream connection between two end points A connection is uniquely defined by the quadruple
More informationCSC Network Security
CSC 474 -- Security Topic 9. Firewalls CSC 474 Dr. Peng Ning 1 Outline Overview of Firewalls Filtering Firewalls Proxy Servers CSC 474 Dr. Peng Ning 2 Overview of Firewalls CSC 474 Dr. Peng Ning 3 1 Internet
More informationLecture 10. Denial of Service Attacks (cont d) Thursday 24/12/2015
Lecture 10 Denial of Service Attacks (cont d) Thursday 24/12/2015 Agenda DoS Attacks (cont d) TCP DoS attacks DNS DoS attacks DoS via route hijacking DoS at higher layers Mobile Platform Security Models
More informationChair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 11
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 11 Attack prevention, detection and response Acknowledgments This course is based
More informationPROTECTING INFORMATION ASSETS NETWORK SECURITY
PROTECTING INFORMATION ASSETS NETWORK SECURITY PAUL SMITH 20 years of IT experience (desktop, servers, networks, firewalls.) 17 years of engineering in enterprise scaled networks 10+ years in Network Security
More informationCOPYRIGHTED MATERIAL. Contents. Part I: The Basics in Depth 1. Chapter 1: Windows Attacks 3. Chapter 2: Conventional and Unconventional Defenses 51
Acknowledgments Introduction Part I: The Basics in Depth 1 Chapter 1: Windows Attacks 3 Attack Classes 3 Automated versus Dedicated Attacker 4 Remote versus Local 7 Types of Attacks 8 Dedicated Manual
More informationExam : JK Title : CompTIA E2C Security+ (2008 Edition) Exam. Version : Demo
Exam : JK0-015 Title : CompTIA E2C Security+ (2008 Edition) Exam Version : Demo 1.Which of the following logical access control methods would a security administrator need to modify in order to control
More information