Professional Documents
Culture Documents
GranLabradorL.Martinez,CCNA,CCNP,ITILv3F,JNCIA
Overview
What is security?
Why do we need security?
Who is vulnerable?
Common security attacks and
countermeasures
What is Security
Dictionary.com says:
etc.
3
What is Security
Dictionary.com says:
etc.
4
What is Security
Dictionary.com says:
etc.
5
What is Security
Dictionary.com says:
etc.
6
Ex: AFS
Who is vulnerable?
Pharmaceutical companies
Multinational corporations
IPSec
Packet sniffing
TCP hijacking
Denial of Service
Firewalls
Social problems
Education
9
Firewalls
Solution
10
Firewalls
11
Firewalls
Internet
DMZ
Firewall
Firewall
Intranet
12
Firewalls
Firewalls
Firewalls
Example: ipfw
Intrusion Detection
15441
Networks
Fall2002
16
Intrusion Detection
Example
/cgi-bin/webdist.cgi?distloc=?;cat%20/etc/passwd
Dictionary Attack
Denial of Service
SYN flooding
SMURF
Distributed attacks
19
Denial of Service
SYN flooding attack
Send SYN packets with bogus source address
Why?
Denial of Service
21
Denial of Service
SMURF
22
Denial of Service
I C M P e c h o ( s p o o f e d s o u r c e a d d r e s s o f v ic t im )
S e n t to IP b ro a d c a s t a d d re s s
IC M P e c h o r e p ly
In te rn e t
V ic t im
P e rp e tra to r
15441
Networks
Fall2002
23
Denial of Service
Example:
Denial of Service
July 19, 2001: over 359,000 computers infected with CodeRed in less than 14 hours
25
Denial of Service
26
Denial of Service
Ingress filtering
A fix for the IIS buffer overflow was released sixteen days
before CodeRed had been deployed!
15441
Networks
Fall2002
27
TCP Attacks
28
TCP Attacks
29
TCP Attacks
30
TCP Attacks
15441
Networks
Fall2002
31
TCP Attacks
15441
Networks
Fall2002
32
TCP Attacks
Mr. Big Ears lies on the path between Alice and Bob on
the network
15441
Networks
Fall2002
33
TCP Attacks
First, Mr. Big Ears must drop all of Alices packets since
they must not be delivered to Bob (why?)
Packets
TheVoid
15441
Networks
Fall2002
34
TCP Attacks
Then, Mr. Big Ears sends his malicious packet with the
next ISN (sniffed from the network)
ISN,SRC=Alice
15441
Networks
Fall2002
35
TCP Attacks
15441
Networks
Fall2002
36
TCP Attacks
Webserver
Trustingwebclient
Malicioususer
15441
Networks
Fall2002
37
TCP Attacks
IPSec
15441
Networks
Fall2002
38
Packet Sniffing
They put the bits on the wire with the destination MAC
address
15441
Networks
Fall2002
39
Packet Sniffing
15441
Networks
Fall2002
40
Packet Sniffing
15441
Networks
Fall2002
41
Packet Sniffing
Many people at CMU still use Telnet and send their password in the
clear (use PuTTY instead!)
Now that I have told you this, please do not exploit this
information
IPSec
42
Social Problems
15441
Networks
Fall2002
43
Social Problems
Fun Example 1:
15441
Networks
Fall2002
44
Social Problems
Fun Example 2:
Have you been calling Egypt for the last six hours?
No
15441
Networks
Fall2002
45
Social Problems
Fun Example 3:
They did this from inside the company, where they had
full access to the companies systems
15441
Networks
Fall2002
46
Social Problems
47
Conclusions
15441
Networks
Fall2002
48