October 12th, 2004U.S. National Cybersecurity U.S. National Cybersecurity Understanding Internet...
-
Upload
horace-underwood -
Category
Documents
-
view
220 -
download
3
Transcript of October 12th, 2004U.S. National Cybersecurity U.S. National Cybersecurity Understanding Internet...
U.S. National Cybersecurity October 12th, 2004
U.S. National CybersecurityU.S. National Cybersecurity
Understanding Understanding Internet SecurityInternet Security
William J. PerryMartin Casado • Keith Coleman • Dan Wendlandt
MS&E 91SIFall 2004
Stanford University
U.S. National Cybersecurity October 12th, 2004
Announcements
• Axess + Email lists
• Coursework Forum
• Bios/Photos
U.S. National Cybersecurity October 12th, 2004
Outline
What is Security?
Attack Classifications
Internet Security Mechanisms
Discussion Questions (if time)
U.S. National Cybersecurity October 12th, 2004
The “Big Five”
Security is traditionally broken up into:
1) Availability
2) Integrity
3) Confidentiality
4) Authentication
5) Access Control
U.S. National Cybersecurity October 12th, 2004
Security From What?
What can disrupt the higher-level services running on the Internet?
• Attacks
• Accidents
• Failures NASA Control Room
U.S. National Cybersecurity October 12th, 2004
Failures on the Internet
Why do security failures matter?
Security failures affect the Internet’s ability to function as a reliable and secure critical infrastructure.
U.S. National Cybersecurity October 12th, 2004
Vulnerabilities
Def. vulnerability (n)
“a state with the potential to lead to a failure”
Where can vulnerabilities exist in technology?
Services (Amazon, SCADA)
Applications (Word, IE, Email Client)
Service-Level Protocols (http, smtp)
Network and Network Protocols (ip, tcp)
Operating Systems (Windows, Linux, Cisco IOS)
Physical Hardware (cables, routers, CPUs)
Basic Infrastructure (electricity)
U.S. National Cybersecurity October 12th, 2004
Vulnerabilities & Attacks
The nature of the network technologies, protocols, and operators are the basis for attacks.
Attacks can (and will) come at vulnerabilities in every layer.
Big Question: What is it about the Internet architecture that causes these vulnerabilities to exist?
Physical
Network
Transport
ApplicationHumans
Attacks
U.S. National Cybersecurity October 12th, 2004
Scanning & Fingerprinting
Reconnaissance technique to explore networks, classify + analyze connected hosts, and identify potential vulnerabilities.
Example: nmap security scanner
What is it?
U.S. National Cybersecurity October 12th, 2004
Exploits
What is it?
The use of vulnerabilities in or misconfiguration of software or hardware to gain access to information or resources on a system.
Exploits may be manual or automated.
worms/viruses are exploits with code to facilitate propagation.
example: Blaster worm exploits RPC bug
U.S. National Cybersecurity October 12th, 2004
Trojaned Software
What is it?
Software/Hardware with hidden functionality that its use allows an attacker an avenue to access a system or its information.
This is sometimes also referred to as a “backdoor”.
Example: A free copy of MSWord downloaded off of Kazaa may have been modified to include a trojan leading to a compromise.
U.S. National Cybersecurity October 12th, 2004
Denial of Service
The malicious consumption of resources in order to make a system incapable of fulfilling its designed role. Attacks are often “distributed” to increase resource consumption (zombies or botnets).
example: SYN flood against Yahoo
What is it?
U.S. National Cybersecurity October 12th, 2004
Social Engineering Attack
What is it?
Any attempt that employs non-technical means to attack a system. Often the attacker uses information gleaned from outside sources to produce false credentials (dumpster diving).
Attacks are often hybrid, relying on human and technical factors.
example: Beagle virus used email domain name to pose as a message from the user’s ISP.
U.S. National Cybersecurity October 12th, 2004
Access Control Failures
What is it?
Failure to set up adequate access control– Default configurations– Privilege revocation
Example: default administrator password for windows
U.S. National Cybersecurity October 12th, 2004
Authentication Failures
What is it?
Some authentication schemes are better than others:– Passwords– Public Key Crypto
Example: phishing schemes that steal passwords break the authentication model.
U.S. National Cybersecurity October 12th, 2004
Infrastructure Attack
An attack against the core systems that operate as the Internet infrastructure. Attacks can be either physical or virtual, often focusing on central points of failure.
example: Attack on root DNS servers.
What is it?
U.S. National Cybersecurity October 12th, 2004
Insider Threats
What is it?
Attacks that exploit an existing trust relationship to harm the overall security of a system.
example: former employee uses knowledge of a company’s network systems and passwords to steal customer information entrusted to the company
U.S. National Cybersecurity October 12th, 2004
Traffic Sniffing/Modification
What is it?
Using access to a link or infrastructure system to examine or modify the contents of Internet traffic. Similar to a phone tap, with ability to change contents.
example: ISP’s potential for information gathering
U.S. National Cybersecurity October 12th, 2004
Don’t Forget
Attacks are only one of the reasons systems can fail. There are many other, perhaps less exciting, ways systems are vulnerable.
U.S. National Cybersecurity October 12th, 2004
What is Cryptography
A critical TOOL in securing information systems and their communications.
• You may have heard of:– SSL– Trusted Computing – Public Key Cryptography– Tripwire
U.S. National Cybersecurity October 12th, 2004
Cryptography Overview
Crypto can great hard guarantees (backed by math) in the digital world similar to those we have long relied upon for security in the physical world:
- Data Encryption (privacy)“No one else can read my message”
- Data Integrity “My message has not been modified”“My message is from who it says it is”
Also provides for some improved authentication schemes.
U.S. National Cybersecurity October 12th, 2004
Cryptography Examples
How do these mechanisms function?(at 10,000 feet)
U.S. National Cybersecurity October 12th, 2004
Problems with Crypto
• Bad Standards– WEP, CSS
• Bad Implementation– IE, OpenSSL
• Attacks on Authentication – Phishing, password sniffing
• Weak back-end– Weak link, insider attacks
• Encryption is often slow & cumbersome• PKI has difficulty scaling to large numbers
U.S. National Cybersecurity October 12th, 2004
Ideal vs. Real Internet Security
Ideally we can utilize authentication and access control to protect systems and data.
In reality this is not practical.
E.g. What if everyone needed to be authenticated to talk to you computer?
Additionally, authentication schemes are only as secure as those using them.
E.g. An uneducated but authenticated user may install a trojan.
U.S. National Cybersecurity October 12th, 2004
Attack Detection/Prevention
Firewalls – Software to inspect packets, compare them to rules and drop traffic specified by these rules.
Intrusion Detection/Prevention Systems (IDS/IPS) – Software to inspect traffic flows for signatures or other behavior that appears to be malicious.
Anti-Virus Software – Inspects files for signs of infectious programs and eliminates them.
These mechanisms can either be deployed on individual hosts or on dedicated network servers.
U.S. National Cybersecurity October 12th, 2004
Patching
Fix vulnerabilities in software that may lead to exploitation. Patch management is major hidden cost to companies.
Important:- Process is still embarrassingly manual (changing?).
- Gap between release of patch + first exploit “in the wild” is shrinking (Witty worm and zero-days).
- Often patches are not applied to critical systems because updates sometimes have conflicts that can break software running on the systems.
Do we patch?
Check out: “Security Holes? Who Cares” by Eric Rescorla. : http://www.rtfm.com/upgrade.pdf
U.S. National Cybersecurity October 12th, 2004
Process, Education & Risk Assessment
Often forgotten as security mechanisms:
- Having well-defined and consistent preparation, response, and recovery plans across an organization.
- Attempting to secure humans, often the weakest link.
- Determining the danger associated with each potential vulnerability.
U.S. National Cybersecurity October 12th, 2004
Attributability
For traffic on the Internet, can we determine who a packet come from?
Two levels: Can we tell what computer sent a given packet?
(what are the implications of source spoofing?) Can we attribute a packet to a human?
- What does this say about our ability to catch and prosecute perpetrators of online attacks? What about active response?
U.S. National Cybersecurity October 12th, 2004
Determining Intent
Can you infer intent from analyzing network traffic? What about at the application level?
- What is the different between a denial of service attack and normal overwhelming usage?
- What is more important, the intent or the result of Internet traffic?
- What about ‘enablement’ versus ‘use’?
U.S. National Cybersecurity October 12th, 2004
Trust Relationships
What are key trust relationships relating to cybersecurity? Think about:
- designers- developers- distributors- owners - operators- users
If security is a “weakest-link” issue, what forces keep one of these trust links from breaking?
U.S. National Cybersecurity October 12th, 2004
The Power of the Core
- How much control do we have with determining where traffic flows on the Internet, and what entities have control over it?
- What can someone ‘on route’ potentially do? How can you trust the integrity of what you see?
- What does it take to have control of the Internet core?
U.S. National Cybersecurity October 12th, 2004
Infrastructure Attacks
How vulnerable is the actual Internet infrastructure to attacks?
- Could a single group bring down the Internet? What does this mean? What kind of resources would it take?
- How reliant is the Internet on a relatively few critical systems?
- What happens when you rely on the security of infrastructure that you have absolutely no control over? As a company? As a country? How does this compare to security in the physical world?
U.S. National Cybersecurity October 12th, 2004
Determining Identity
How can we trust an Internet entity is who they say they are?
- Why is this process more difficult than it is in the “brick & mortar” world?
- How important is this for a critical infrastructure?- Do our solutions for providing identity scale to the millions
of actions on the Internet?
U.S. National Cybersecurity October 12th, 2004
Overwhelming Complexity
What does the extreme complexity of the Internet mean for our ability to secure it?
- Are there just too many things that could go wrong to ever possibly be able to completely rely on it?
- In what way does the complexity impact our ability to educate average users? Is user education necessary? Is effective user education even possible?
- Will the Internet become more or less complex to manage in the future?
U.S. National Cybersecurity October 12th, 2004
Why is this so hard?
What are the major barriers to providing security guarantees for an information system on the Internet?
- What (or who) are the weak links for security systems?- Can we ever really secure a usable Internet computer
system? (e.g. directed attack)- How does software size & complexity relate to our ability
to secure a system? What is zero-day?