Understanding Network Security: Attacks, Defenses, and Real-World Examples
Delve into the realm of network security, exploring how malicious entities target computer networks, the defensive strategies deployed by cybersecurity experts, and practical examples of security breaches. Learn about packet sniffing, spoofing, malware threats, DoS attacks, and more, emphasizing the critical importance of enhancing security measures in the digital landscape.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
University of Calgary CPSC 329 Guest Lecture: Carey Williamson
What is network security? Types of attacks Real-world examples Wrapup and questions 2
The field of network security is about: how the bad guys attack computer networks (or users) how the good guys defend networks against attacks how to design architectures that are immune to attacks Note that the Internet was not originally designed with (much) security in mind original vision: a group of mutually trusting users attached to a transparent network Internet protocol designers have been playing catch-up by trying to add security features to existing protocols Security considerations are needed in all protocol layers! 3
Packet sniffing (to steal confidential personal information) Spoofing (to forge identity, location, or other credentials) Playback (to record and replay valid credentials later) Scanning (to actively probe for vulnerable hosts or ports) Malware (malicious software, to exploit vulnerabilities) DoS: Denial of Service (to make a service inaccessibly slow) DDoS: Distributed DoS (like DoS on steroids, using botnets) Inference attacks (to learn implicit structural information) 4
The bad guys can observe packets on a LAN shared broadcast media (classic Ethernet, WiFi hotspots) promiscuous network interface can read and record the contents (including passwords!) of all transmitted packets C A src:B dest:A payload B Wireshark software is an example of a packet sniffer 5
The bad guys can use false source addresses IP spoofing: send packet with false source address C A src:B dest:A payload B 6
The bad guys can record/playback packets sniff sensitive info (e.g., password), and use later password holder is the legit user from system point of view C A src:B dest:A user: B; password: fooz B 7
Malware can get in host from a virus, worm, or trojan horse. Spyware malware can record keystrokes, web sites visited, upload info to collection site. Infected host can be enrolled in a botnet, used for spam and DDoS attacks. Malware is often self-replicating: from an infected host, seeks entry into other hosts 8
Trojan horse Hidden part of some otherwise useful software Today often on a Web page (Active-X, plugin) Worm: infection by passively receiving object that gets itself executed self- replicating: propagates to other hosts, users Virus infection by receiving object (e.g., e-mail attachment), actively executing self-replicating: propagate itself to other hosts, users 9
Bad guys can attack servers and network infrastructure Denial of service (DoS): attackers make resources (server, bandwidth) unavailable to legitimate traffic by overwhelming resource with bogus traffic 1. select target 2. break into hosts around the network to create a botnet target 3. send packets toward target from compromised hosts 10
As a networking researcher, I have seen many strange and mysterious things on the U of C network, including these: Port scanning NTP amplification attacks RIP attacks Viruses/malware SSH attacks DoS attacks Spam bots 11
Outbound Traffic Totals for February 2016 # 1 2 3 4 5 6 7 8 9 10 IP 518.90 334.148 334.130 649.196 951.98 742.7 742.5 906.25 819.141 742.6 Name Protocol UDP UDP UDP TCP TCP UDP UDP TCP TCP UDP Port 123 53 53 10433 80 53 53 80 443 53 Service NTP DNS DNS VPN HTTP DNS DNS HTTP HTTPS DNS Volume 9.8 TB 6.5 TB 2.9 TB 2.9 TB 2.8 TB 2.3 TB 2.1 TB 1.7 TB 1.5 TB 1.5 TB Issue? Yes rb1-s rb1 gvpn aurora ns4-a ns2-a www Maybe ns3-a 14
Connection Counts for January 2016 # 1 2 3 4 5 6 7 8 9 10 IP 293.8 293.9 293.7 293.8 293.9 529.230 293.7 518.90 334.148 334.51 Name pc8 pc9 pc7 pc8 pc9 pc230 pc7 Protocol UDP UDP UDP UDP UDP UDP UDP UDP UDP UDP Port 665 665 665 655 655 137 655 123 53 520 Service Conns 908 M 778 M 702 M 538 M 502 M 476 M 469 M 324 M 261 M 240 M Issue? Yes Yes Yes Yes Yes Yes Yes Yes Maybe Maybe NetBios NTP DNS RIP rb1-s nassrv3 15
Spambot-generated email traffic (mostly) Human-generated email traffic (mostly)
Jan 25 (noon) Mar 4 (4am) Mar 11 (6pm) Jan 28 (6-9pm) March 28 Jan 21 (noon) 17
Take CPSC 441: Computer Networks Learn about the Internet and its protocol stack Take CPSC 526: Network Systems Security Course Description: Attacks on networked systems, tools and techniques for detection and protection against attacks including firewalls and intrusion detection and protection systems, authentication and identification in distributed systems, cryptographic protocols for IP networks, security protocols for emerging networks and technologies, privacy enhancing communication. Legal and ethical issues will be introduced. 18
Some of these slides are courtesy of: Computer Networking: A Top Down Approach 6th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 19
