ce 817 - advanced network securitysharif.edu/~kharrazi/courses/40817-941/817-931-lecture-1.pdf ·...

28
CE 817 - Advanced Network Security Lecture 1 Mehdi Kharrazi Department of Computer Engineering Sharif University of Technology Acknowledgments: Some of the slides are fully or partially obtained from other sources. Reference is noted on the bottom of each slide, when the content is fully obtained from another source. Otherwise a full list of references is provided on the last slide.

Upload: others

Post on 15-Jul-2020

3 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: CE 817 - Advanced Network Securitysharif.edu/~kharrazi/courses/40817-941/817-931-lecture-1.pdf · Reference is noted on the bottom of each slide, when the content is fully obtained

CE 817 - Advanced Network Security

Lecture 1

Mehdi KharraziDepartment of Computer Engineering Sharif University of Technology

Acknowledgments: Some of the slides are fully or partially obtained from other sources. Reference is noted on the bottom of each slide, when the content is fully obtained from another source. Otherwise a full list of references is provided on the last slide.

Page 2: CE 817 - Advanced Network Securitysharif.edu/~kharrazi/courses/40817-941/817-931-lecture-1.pdf · Reference is noted on the bottom of each slide, when the content is fully obtained

Spring 1391 Ce 817 -Lecture 1

How to think about insecurity

• The bad guys don’t follow the rules• To understand how to secure a system, you have to understand what sort of

attacks are possible• NOTE: That is not the same as launching them

[Bellovin 06] 2

Page 3: CE 817 - Advanced Network Securitysharif.edu/~kharrazi/courses/40817-941/817-931-lecture-1.pdf · Reference is noted on the bottom of each slide, when the content is fully obtained

Spring 1391 Ce 817 -Lecture 1

Data Breach

• Major retailer, TJX• Disclosed massive data breach of its network in 2007 (1386)• Estimated 94 million accounts compromised

• Customer records• Credit card accounts

• Other data breaches• LinkedIn

• 2012, 6.5 million user passwords stolen • Dropbox

• 2012, user passwords stolen • ........

[Bellovin 06] 3

Page 4: CE 817 - Advanced Network Securitysharif.edu/~kharrazi/courses/40817-941/817-931-lecture-1.pdf · Reference is noted on the bottom of each slide, when the content is fully obtained

Spring 1391 Ce 817 -Lecture 1

Code Red

• Worm released July 13, 2001 (1380)• Exploited buffer overflow on unpatched Microsoft Servers• 395,000 computers infected in one day alone• It defaces Web sites and launches Trojan code in a denial-of-service attack

against fixed IP addresses,• including the White House and Microsoft.

• The event prompts the director of the FBI's National Infrastructure Protection Center to hold a press conference.

[Messmer 08] 4

Page 5: CE 817 - Advanced Network Securitysharif.edu/~kharrazi/courses/40817-941/817-931-lecture-1.pdf · Reference is noted on the bottom of each slide, when the content is fully obtained

Spring 1391 Ce 817 -Lecture 1

Botnets

• The Department of Defense discovers computer systems compromised and turned into a botnet to send spam, launch DoS attacks and commit other crimes in 2004 (1383)• Ancheta, 20 years old, admits to generating more than $107,000 in

payment for sending spam or launching DoS attacks through 400,000 infected computers.

• Amazon, eBay, Yahoo, Dell, E-trade and CNN are all struck down by a massive distributed denial-of-service attack in February 2007 (1386)

• Storm Botnet• Discovered in early 2007 (1386)• Compromised machines used for spam and phishing attacks• Compromised machines estimated from a few million to 50 million

[Messmer 08]

[Messmer 08] 5

Page 6: CE 817 - Advanced Network Securitysharif.edu/~kharrazi/courses/40817-941/817-931-lecture-1.pdf · Reference is noted on the bottom of each slide, when the content is fully obtained

Spring 1391 Ce 817 -Lecture 1

Phishing

                                      You have 1 New Alert Message                             This is to inform you that Mohammad Fazli has transferred 100,000,000 Rial(s) to your Mellat account via Ebank mellat. Please check your account balance. To Login, please click  ebanking.bankmellat.ir/ ebanking                                                Bank Mellat Ebanking                     This is a system generated email. Please do not reply to it.                                     Copyright 2009  Bank Mellat Iran.

Page 7: CE 817 - Advanced Network Securitysharif.edu/~kharrazi/courses/40817-941/817-931-lecture-1.pdf · Reference is noted on the bottom of each slide, when the content is fully obtained

Spring 1391 Ce 817 -Lecture 1

Cyber War

• Estonia, a country of about 3 million people bordering Russia, has a well-developed network infrastructure

• After a dispute with Russia, it came under a crushing cyberattack in 2007• most important government, banking and media Web sites unavailable• Security experts analyzing the cyberattack believe it was triggered by the

"Russian blogosphere," which triggered a second phase that included specially designed bots, dropped onto home computers

[Messmer 08] 7

Page 8: CE 817 - Advanced Network Securitysharif.edu/~kharrazi/courses/40817-941/817-931-lecture-1.pdf · Reference is noted on the bottom of each slide, when the content is fully obtained

Spring 1391 Ce 817 -Lecture 1

It happens Quickly

• A student in our lab installed an unpatched Linux distribution• Left it connected to internet overnight• Next day the university admin was notified by the university service provider

that a compromised machined in the university was causing trouble• There was allot of yelling directed at the student!

8

Page 9: CE 817 - Advanced Network Securitysharif.edu/~kharrazi/courses/40817-941/817-931-lecture-1.pdf · Reference is noted on the bottom of each slide, when the content is fully obtained

Details on the Course

9

Page 10: CE 817 - Advanced Network Securitysharif.edu/~kharrazi/courses/40817-941/817-931-lecture-1.pdf · Reference is noted on the bottom of each slide, when the content is fully obtained

Spring 1391 Ce 817 -Lecture 1

Administrivia

• Website:• sharif.edu/~kharrazi/courses/40817-931/• You are expected to check the website regularly

• Mailing List• Register for it• Registration link will on the website

Page 11: CE 817 - Advanced Network Securitysharif.edu/~kharrazi/courses/40817-941/817-931-lecture-1.pdf · Reference is noted on the bottom of each slide, when the content is fully obtained

Spring 1391 Ce 817 -Lecture 1

Administrivia

• Prerequisites• Computer networks• Data and network security

• Grading (tentatively)• 50% Homework• 50% Final

Page 12: CE 817 - Advanced Network Securitysharif.edu/~kharrazi/courses/40817-941/817-931-lecture-1.pdf · Reference is noted on the bottom of each slide, when the content is fully obtained

Spring 1391 Ce 817 -Lecture 1

References

• Lot’s of research papers

12

Page 13: CE 817 - Advanced Network Securitysharif.edu/~kharrazi/courses/40817-941/817-931-lecture-1.pdf · Reference is noted on the bottom of each slide, when the content is fully obtained

Spring 1391 Ce 817 -Lecture 1

Policies

• Late Homework• One day late will cost you 25%, two days 50%, and three days 75%.• No homework will be accepted after the third day.

• Cellphones• Please turn them off before entering class.

• Cheating and Copying• First time you are caught you will get a zero for the task at hand.• Second time you are caught you will fail the course.• Providing your assignment to someone else is considered cheating on

your behalf.

13

Page 14: CE 817 - Advanced Network Securitysharif.edu/~kharrazi/courses/40817-941/817-931-lecture-1.pdf · Reference is noted on the bottom of each slide, when the content is fully obtained

Spring 1391 Ce 817 -Lecture 1

Ethics of security

• Taking a network security class is not an excuse for hacking• “Hacking” is any form of unauthorized access, including exceeding

authorized permissions• The fact that a file or computer is not properly protected is no excuse for

unauthorized access• Absolutely no Trojan horses, back doors, or other malicious code in

homework assignments

[Bellovin 06] 14

Page 15: CE 817 - Advanced Network Securitysharif.edu/~kharrazi/courses/40817-941/817-931-lecture-1.pdf · Reference is noted on the bottom of each slide, when the content is fully obtained

Network Security

15

Page 16: CE 817 - Advanced Network Securitysharif.edu/~kharrazi/courses/40817-941/817-931-lecture-1.pdf · Reference is noted on the bottom of each slide, when the content is fully obtained

Spring 1391 Ce 817 -Lecture 1

Goals

• Usual security trinity: confidentiality, integrity, availability• Must insure these in two domains:

• Over-the-wire• On the host (for network connected applications)

• Strategies are very different

[Bellovin 06] 16

Page 17: CE 817 - Advanced Network Securitysharif.edu/~kharrazi/courses/40817-941/817-931-lecture-1.pdf · Reference is noted on the bottom of each slide, when the content is fully obtained

Spring 1391 Ce 817 -Lecture 1

Host

• The host is (or can be) well-controlled• There are well-developed authentication and authorization models• There is a strong notion of privileged state, as well as what program can use it• Non of that is true for networks

[Bellovin 06] 17

Page 18: CE 817 - Advanced Network Securitysharif.edu/~kharrazi/courses/40817-941/817-931-lecture-1.pdf · Reference is noted on the bottom of each slide, when the content is fully obtained

Spring 1391 Ce 817 -Lecture 1

Networks

• Any one can (and does) connect to the network• Connectivity can only be controlled in very small, well-regulated

environments, and maybe not even then• Different operating systems have different notions of userIDs and privilages

[Bellovin 06] 18

Page 19: CE 817 - Advanced Network Securitysharif.edu/~kharrazi/courses/40817-941/817-931-lecture-1.pdf · Reference is noted on the bottom of each slide, when the content is fully obtained

Spring 1391 Ce 817 -Lecture 1

Benign Failures

• On top of that, most network failures are benign• You have to program for such failures:

• data corruption, timeouts, dead hosts, routing problems, etc.• Anything that can happen by accident, can happen by malice. ONLY MORE

SO.

[Bellovin 06] 19

Page 20: CE 817 - Advanced Network Securitysharif.edu/~kharrazi/courses/40817-941/817-931-lecture-1.pdf · Reference is noted on the bottom of each slide, when the content is fully obtained

Spring 1391 Ce 817 -Lecture 1

Trust Nothing

A host can trust nothing that comes over the wire

[Bellovin 06] 20

Page 21: CE 817 - Advanced Network Securitysharif.edu/~kharrazi/courses/40817-941/817-931-lecture-1.pdf · Reference is noted on the bottom of each slide, when the content is fully obtained

Spring 1391 Ce 817 -Lecture 1

Unproductive Attitudes

• “Why would anyone ever do that?”• “That attack is too complicated”• “No one knows how this system works, so they can’t attack it”

[Bellovin 06] 21

Page 22: CE 817 - Advanced Network Securitysharif.edu/~kharrazi/courses/40817-941/817-931-lecture-1.pdf · Reference is noted on the bottom of each slide, when the content is fully obtained

Spring 1391 Ce 817 -Lecture 1

Better Attitudes

• Assume that serial number 1 of any device is delivered to the enemy• You hand your packets to the enemy to deliver; you receive all incoming

packets from the enemy

[Bellovin 06] 22

Page 23: CE 817 - Advanced Network Securitysharif.edu/~kharrazi/courses/40817-941/817-931-lecture-1.pdf · Reference is noted on the bottom of each slide, when the content is fully obtained

Spring 1391 Ce 817 -Lecture 1

Familiar?

• SYN flooding• Trojans• Bloom filters• Onion routing• Snort• tcpdump• Traffic analysis• TCP 3-way handshake• Code Red• Buffer Overflow• IP Fragmentation• man-in-the-middle attack

23

Page 24: CE 817 - Advanced Network Securitysharif.edu/~kharrazi/courses/40817-941/817-931-lecture-1.pdf · Reference is noted on the bottom of each slide, when the content is fully obtained

Spring 1391 Ce 817 -Lecture 1

Familiar?

• IDS• Wireshark• IP Spoofing• ICMP Redirect• OS Fingerprinting• DNS Cache Poisoning• DDoS• Botnets• Phishing• BGP• Morris worm

24

Page 25: CE 817 - Advanced Network Securitysharif.edu/~kharrazi/courses/40817-941/817-931-lecture-1.pdf · Reference is noted on the bottom of each slide, when the content is fully obtained

Spring 1391 Ce 817 -Lecture 1

Course Outline

• Threats and Attacks• Firewalls• IDS/NIDS• DoS/DDoS• Worms/Malware• Botnets• Honeypots• Spyware• Phishing

25

Page 26: CE 817 - Advanced Network Securitysharif.edu/~kharrazi/courses/40817-941/817-931-lecture-1.pdf · Reference is noted on the bottom of each slide, when the content is fully obtained

Spring 1391 Ce 817 -Lecture 1

Course Outline

• Privacy/Traffic Analysis• Anonymity• Routing Security• Network Forensics• Wireless Security• VoIP Security

26

Page 27: CE 817 - Advanced Network Securitysharif.edu/~kharrazi/courses/40817-941/817-931-lecture-1.pdf · Reference is noted on the bottom of each slide, when the content is fully obtained

Spring 1391 Ce 817 -Lecture 1

Homework 0

• Watch the video by Dr. Kiarash Bazargan on scientific ethics (will post the link on the web):

http://profs-against-plagiarism.blogspot.com/2008/09/blog-post_14.html

27

Page 28: CE 817 - Advanced Network Securitysharif.edu/~kharrazi/courses/40817-941/817-931-lecture-1.pdf · Reference is noted on the bottom of each slide, when the content is fully obtained

Spring 1391 Ce 817 -Lecture 1

Acknowledgments/References

• [Bellovin 06] COMS W4180 — Network Security Class Columbia University.• [Messmer 08] 10 of the Worst Moments in Network Security History, Events

that shock sensibilities and shaped the future, By Ellen Messmer, Network World, 03/11/08

28