1

NETWORKSLecture 11

2

Review – Last LectureReview – Last Lecture

• Network Manager Headaches

• Routers

• Routing Algorithms

3

Review - RoutingReview - Routing

• Definition– The task of constructing and maintaining forwarding

information (in hosts or routers)

• Goals– Capture the notion of “best” routes– Propagate changes effectively– Require limited information exchange

• Conceptually– A network can be represented as a graph where each

host/router is a node and each physical connection is a link

4

OutlineOutline

• Computer Crimes

• Network Attacks

• What should we do?

5

Computer Computer CrimesCrimes

6

Crimes 1Crimes 1

• Crooks, operating in the Birmingham, area, are preying on people using public access terminals for Internet banking.

• The scam came to light after a local man discovered to his horror an authorized transfer of £6,300 from the joint account he and his wife hold with Lloyds TSB

• It appears that account details are being harvested from public access points such as Internet Cafes

7

Crimes 2Crimes 2

• Los Angeles based forensic specialists Computer Forensics International (CFI) says it has discovered a pattern of privacy violations centering around the use of recycled hard drives in the U.S. – The firm says that, by using EnCase forensic analysis software, its

team of examiners found undeleted files on the drives, containing personal details of the previous owners, including credit card and social security numbers.

– According to CFI, the hard drives found had to be completely destroyed to close the privacy loop.

– The company says that management must ensure that hard drives are wiped clean when recycling used computers and points out that reformatting a hard drive does not permanently delete information.

8

Crimes 3Crimes 3

• A computer expert working for UBS PaineWebber has been charged with trying to manipulate the stock price of the brokerage's parent company by sabotaging its computer system.– Roger Duronio, 60, of Bogota, hoped to cash in on a resulting drop in

the stock value of the parent company, prosecutors said

– Duronio spent just under $22,000 in February and March buying a type of security known as a put option contract, which increases in value as a company's stock price declines, according to the New York Times.

– Prosecutors claim he then sent a computer virus to 1,000 of the 1,500 computers used by PaineWebber brokers across the country.

– But the plan failed to disrupt work seriously or cause a sharp change in the stock price.

9

Network AttacksNetwork Attacks

10

Overview of Network Overview of Network WeaknessesWeaknesses

• Why are networks vulnerable?

Reason 1: All software including security software andReason 1: All software including security software and patches are insecure patches are insecure

Reason 2: Almost all users, managers, programmers,Reason 2: Almost all users, managers, programmers, and system administrators are not aware ofand system administrators are not aware of Reason 1. Reason 1.

“We wouldn’t have to spend so much time,money, and effort on network security if wedidn’t have such bad software security.”[Viega, 2002]

11

ExampleExample

• Based on an analysis of 45 e-business applications, @stake found security design flaws in 70% of the defects they analyzed– After they excluded flaws that were of low impact or not

easily exploitable, nearly half (47%) of the remaining serious defects could have been caught and fixed inexpensively during the design stage

– These serious defects are readily exploitable and could have caused significant loss of reputation or customer revenue

12

Weak Points in NetworksWeak Points in Networks

• Reliance on Shared Resources• System Complexity• Unknown Perimeter• Many Points of Attack• Attacker Anonymity• Multiple Paths to Hosts

13

Other ProblemsOther Problems

• In the rush to benefit from using networks, organizations often overlook significant security issues.

– The engineering practices and technology used by system providers are often not sufficient to prevent the fielding of systems vulnerable to attack

– Network and system operators do not always follow best practices that would prevent such attacks or minimize damage

14

Strain on System Strain on System Administrators 1Administrators 1

• There is continued movement to complex, client-server and heterogeneous configurations with distributed management

• There is little evidence of security improvements in most products; new vulnerabilities are found routinely

• Comprehensive security solutions are lacking; current tools address only parts of the problem

15

Strain on System Strain on System Administrators 2Administrators 2

• 2.3 million hosts are connected to the Net each month. There aren’t 2.3 million sysadmins. Something has to give….– Unfortunately, it’s the sysadmin. – Not enough training, too many conflicting demands on

their time.– The Prime Directive: Keep the system up!– Patch the system? When I have time….

16

Routing ConcernsRouting Concerns

• Every hop between two systems is a potential security concern– a large message will be broken up into multiple packets,

with each packet potentially taking a different path to your PC.

S.F.

L.A.

Minneapolis

Chicago

St.Louis

Omaha

Dallas

N.Y.C.

Atlanta

17

More Sophisticated More Sophisticated IntrudersIntruders

• Intruders are:– building technical knowledge and skills– gaining leverage through automation– exploiting network interconnections and

moving easily through the infrastructure– becoming more skilled at masking their

behavior

18

Fundamental PrincipleFundamental Principle

• Anyone can break into anything if they have the sufficient:

– Motivation

• They have to want to do it.

– Skill

• They have to be good enough to understand and pierce the defenses.

– Opportunity • They have to have enough access to the defenses for long

enough to penetrate them.

19

It’s going to get worse 1It’s going to get worse 1

• Explosive growth of the Internet continues– continues to double in size every 10-12 months– where will all the capable system administrators come

from?

• Market growth will drive vendors– time to market, features, performance, cost are primary– “invisible” quality features such as security are secondary

• More sensitive applications connected to the Internet– low cost of communications, ease of connection, and power

of products engineered for the Internet will drive out other forms of networking

– hunger for data and benefits of electronic interaction will continue to push widespread use of information technology

20

It’s going to get worse 2It’s going to get worse 2

• The death of the firewall– traditional approaches depend on complete administrative

control and strong perimeter controls– today’s business practices and wide area networks violate these

basic principles• no central point of network control• more interconnections with customers, suppliers, partners• more network applications

- “the network is the computer”• who’s an “insider”and who’s an “outsider”

• Beware of snake-oil– the market for security products and services is growing faster

than the supply of quality product and service providers– an informed consumer base needs understanding, not just

awareness– sometimes the suppliers don’t understand either– “if you want it badly, you’ll get it badly”

21

But, it will get better . . . But, it will get better . . .

• Strong market for security professionals will eventually drive graduate and certificate programs

• Increasing understanding by technology users will build demand for quality security products; vendors will pay attention to the market

• Insurance industry will provide incentives for improved business security practices

22

How bad is it 1 How bad is it 1

23

How bad is it 2How bad is it 2

24

How bad is it 3How bad is it 3

• The Slammer/Sapphire worm hit on January 25, 2003 and in just a few hours it,– Shut down some Bank of America Corp ATMs

– Fouled Continental Airlines online ticketing system

– Essentially blacked out an emergency call center in Seattle

– Cut off access to the Internet for millions of personal computers users including most of those in South Korea

– Specialists described the impact as a sort of global traffic jam

25

How bad is it 4How bad is it 4

• It infected 90% of vulnerable computers within ten minutes– The number of infections doubled in size every

8.5 seconds

– After 3 minutes Slammer was generating 55 million scans for vulnerable computers every second

26

Growth of Security Growth of Security ConceptsConcepts

27

What should we do?What should we do?

28

First StepFirst Step

• Understand that Network Security is a journey not a destination

• View security as a critical business process to address the ever-changing risk environment.

– It is not be a program, but a process.

• Use a combinations of Techniques, Tools and Products.

29

Security DecisionsSecurity Decisions

• Decide what is, and is not permitted.

• This process is normally driven by the business or structural needs of the organization, such as:– An edict that bars personal use of corporate computers.

– Restrictions on outgoing traffic (employees exporting valuable data).

– Not allowing a specific protocol because it cannot be administered securely.

– Not allowing employees to import software without proper permission (licensing issues, virus’, etc).

30

Identify ResourcesIdentify Resources

• It’s difficult to protect something you don’t know you have - or know what its worth.

• Identify all resources to be protected, such as:– Mainframes

– Servers and Workstations (including laptops)

– Interconnection devices (gateways, routers, bridges, hubs, etc.)

– Terminal servers

– Network and applications software

– Network cables

– Information in files and databases

31

Ask YourselfAsk Yourself

• What resources are you trying to protect, and why?• Which people do you need to protect the resources from?

– Internal threats– External threats (Perimeter security)

• How likely are the threats?• How important is the resource?• What measures can you take to protect your assets in a

cost-effective and timely manner.• Periodically examine your network security policy to see if

your objectives and network circumstances have changed.

32

Identify the Threats Identify the Threats

• An understanding of the technology is important, but common sense is equally valuable in stopping potential security threats.– Define Authorized Access

• Physical access to computing facilities.

• Access to computers.

• “Borrowing” another user’s account/password (Training and Policy issues).

– Identify the Risk of Information Disclosure• Determine the value or sensitivity of the information stored on your

computers.

• Encrypt password files.

• Use minimum 8 characters passwords (mixed alpha/numeric, upper/lower case).

– Change passwords on a regular basis.

• Don’t forget laptops.

33

Plan of ActionPlan of Action

• Develop a plan of action when a security policy is violated.– Response to security violations from the ‘outside’.

– Response to security violations by local users (from the inside).

– Response strategies.

– Define the responsibilities of being a good citizen on the Internet.

– Contacts and responsibilities to external organization (CERT, etc).

34

OverallOverall

• Tight configuration management is the most critical aspect of a secure network. If you can ensure that:– All machines in your organization are running up-to-date

copies of the operating system

– All patches are applied as they are shipped

– The service and configuration files do not have any serious holes

– Known default passwords are removed from products as they are installed

– This is all supported by suitable organization discipline

35

Possible QuizPossible Quiz

• Remember that even though each quiz is worth only 5 to 10 points, the points do add up to a significant contribution to your overall grade

• If there is a quiz it might cover these issues:– What is CERT?

– What is one of the strains on system administrators?

– What is the number one reason networks are vulnerable?