Professional Documents
Culture Documents
1
Overview
What is security?
Why do we need security?
Who is vulnerable?
Common security attacks and countermeasures
Firewalls
Denial of Service Attacks
TCP Attacks
Social Problems
2
What is Security
Dictionary.com says:
1. Freedom from risk or danger; safety.
2. Freedom from doubt, anxiety, or fear; confidence.
3. Something that gives or assures safety, as:
1. A group or department of private guards: Call building
security if a visitor acts suspicious.
2. Measures adopted by a government to prevent espionage,
sabotage, or attack.
3. Measures adopted, as by a business or homeowner, to
prevent a crime such as burglary or assault: Security was lax
at the firm's smaller plant.
etc.
3
What is Security
Dictionary.com says:
1. Freedom from risk or danger; safety.
2. Freedom from doubt, anxiety, or fear; confidence.
3. Something that gives or assures safety, as:
1. A group or department of private guards: Call building
security if a visitor acts suspicious.
2. Measures adopted by a government to prevent espionage,
sabotage, or attack.
3. Measures adopted, as by a business or homeowner, to
prevent a crime such as burglary or assault: Security was lax
at the firm's smaller plant.
etc.
4
What is Security
Dictionary.com says:
1. Freedom from risk or danger; safety.
2. Freedom from doubt, anxiety, or fear; confidence.
3. Something that gives or assures safety, as:
1. A group or department of private guards: Call building
security if a visitor acts suspicious.
2. Measures adopted by a government to prevent espionage,
sabotage, or attack.
3. Measures adopted, as by a business or homeowner, to
prevent a crime such as burglary or assault: Security was lax
at the firm's smaller plant.
etc.
5
What is Security
Dictionary.com says:
1. Freedom from risk or danger; safety.
2. Freedom from doubt, anxiety, or fear; confidence.
3. Something that gives or assures safety, as:
1. A group or department of private guards: Call building
security if a visitor acts suspicious.
2. Measures adopted by a government to prevent espionage,
sabotage, or attack.
3. Measures adopted, as by a business or homeowner, to
prevent a crime such as burglary or assault: Security was lax
at the firm's smaller plant.
etc.
6
Why do we need security?
9
Firewalls
10
Firewalls
11
Firewalls
Internet DMZ
Web server, email
server, web proxy,
Firewall
Firewall
etc
Intranet
12
Firewalls
15-441 16
Networks
Fall 2002
Dictionary Attack
SMURF
Source IP address of a broadcast ping is forged
Large number of machines respond back to victim,
overloading it
15-441 19
Networks
Fall 2002
Denial of Service
I C M P e c h o ( s p o o f e d s o u r c e a d d r e s s o f v ic t im )
S e n t to IP b ro a d c a s t a d d re s s
IC M P e c h o r e p ly
In te rn e t
P e rp e tra to r V ic t im
15-441 20
Networks
Fall 2002
TCP Attacks
22
TCP Attacks
Mr. Big Ears lies on the
path between Alice and
Bob on the network
He can intercept all of their
packets
23
TCP Attacks
TheVoid
24
TCP Attacks
Then, Mr. Big Ears
sends his malicious
packet with the
next ISN (sniffed
from the network)
ISN,SRC=Alice
25
TCP Attacks
15-441 26
Networks
Fall 2002
Social Problems
Fun Example 1:
Hi, Im your BSNL rep, Im stuck on a pole. I need
you to punch a bunch of buttons for me
28
Social Problems
Fun Example 2:
Someone calls you in the middle of the night
Have you been calling Nigeria for the last six hours?
No
Well, we have a call thats actually active right now, its
on your calling card and its to Nigeria and as a matter
of fact, youve got about $2000 worth of charges on
your card and read off your ATM card number and PIN
and then Ill get rid of the charge for you
29
Social Problems
Fun Example 3:
Who saw Office Space?
In the movie, the three disgruntled employees
installed a money-stealing worm onto the companies
systems
They did this from inside the company, where they
had full access to the companies systems
What security techniques can we use to prevent this
type of access?
15-441 30
Networks
Fall 2002
Social Problems
15-441 31
Networks
Fall 2002