Security Part One Attacks and Countermeasures 15-441 With slides from: Debabrata Dash, Nick Feamster, Myas Sekar 15-411: F08 security
Security Part One: Attacks and Countermeasures 15-441 With slides from: Debabrata Dash,Nick Feamster, Vyas Sekar 15-411: F08 security 1
Flashback. Internet design goals 1. Interconnection 2. Failure resilience 3. Multiple types of service 4. Variety of networks 5. Management of resources 6. Cost-effective 7. LoW entry-cost 8. Accountability for resources Where is security? 15-411: F08 security
Flashback .. Internet design goals 1. Interconnection 2. Failure resilience 3. Multiple types of service 4. Variety of networks 5. Management of resources 6. Cost-effective 7. Low entry-cost 8. Accountability for resources Where is security? 15-411: F08 security 2
Why did they leave it out? Designed for connectivity Network designed with implicit trust ◆ No bad"guys Can't security be provided at the edge? Encryption, Authentication etc End-to-end arguments in system design 15-411: F08 security
Why did they leave it out? • Designed for connectivity • Network designed with implicit trust No “bad” guys • Can’t security be provided at the edge? Encryption, Authentication etc End-to-end arguments in system design 15-411: F08 security 3
Security vulnerabilities At every laver in the protocol stack! ° Network-layer attacks IP-level vulnerabilities ◆ Routing attacks Transport-layer attacks ◆ TCP vulnerabilities Application-layer attacks 15-411: F08 security
Security Vulnerabilities • At every layer in the protocol stack! • Network-layer attacks IP-level vulnerabilities Routing attacks • Transport-layer attacks TCP vulnerabilities • Application-layer attacks 15-411: F08 security 4
IP-evel vulnerabilities iP addresses are provided by the source ◆ Spoofing attacks Using IP address for authentication + e.g., login with. rhosts Some features that have been exploited ◆ Fragmentation Broadcast for traffic amplification 15-411: F08 security
IP-level vulnerabilities • IP addresses are provided by the source Spoofing attacks • Using IP address for authentication e.g., login with .rhosts • Some “features” that have been exploited Fragmentation Broadcast for traffic amplification 15-411: F08 security 5
Security Flaws in IP The iP addresses are filled in by the originating host Address spoofing Using source address for authentication r-utilities(rlogin, rsh, rhosts etc.) 2111c Can a claim it is b to the server s? Internet .ARP Spoofing 1.13s Can c claim it is b to the server s? A11111112B 15-411: F08 security ° Source routing
Security Flaws in IP • The IP addresses are filled in by the originating host Address spoofing • Using source address for authentication r-utilities (rlogin, rsh, rhosts etc..) Internet 2.1.1.1 C A 1.1.1.1 1.1.1.2 B 1.1.1.3 S •Can A claim it is B to the server S? •ARP Spoofing •Can C claim it is B to the server S? 15-411: F08 security •Source Routing 6
Smurf Attack 口 Internet Attacking System Broadcast Enabled 6 Network Victim System 15-411: F08 security
Smurf Attack Attacking System Internet Broadcast Enabled Network Victim System 15-411: F08 security 7
ICMP Attacks No authentication ICMP redirect message Can cause the host to switch gateways ◆ Benefit of doing this? Man in the middle attack, sniffing icmP destination unreachable Can cause the host to drop connection ICMP echo request/reply Many more .http://www.sans.org/rr/whitepapers/threats/477.php 15-411: F08 security
ICMP Attacks • No authentication • ICMP redirect message Can cause the host to switch gateways Benefit of doing this? ▪ Man in the middle attack, sniffing • ICMP destination unreachable Can cause the host to drop connection • ICMP echo request/reply • Many more… http://www.sans.org/rr/whitepapers/threats/477.php 15-411: F08 security 8
Routing attacks Divert traffic to malicious nodes ◆B|ack-ho|e ◆ Eavesdropping How to implement routing attacks? ◆ Distance∨ ector: ◆Link- state: BGP vulnerabilities 15-411: F08 security 9
Routing attacks • Divert traffic to malicious nodes Black-hole Eavesdropping • How to implement routing attacks? Distance-Vector: Link-state: • BGP vulnerabilities 15-411: F08 security 9
Routing attacks Divert traffic to malicious nodes ◆B|ack-ho|e ◆ Eavesdropping How to implement routing attacks? Distance-Vector Announce low-cost routes Link-state: Dropping links from topology BGP vulnerabilities ◆ Prefix-hijacking ◆ Path alteration 15-411: F08 security 10
Routing attacks • Divert traffic to malicious nodes Black-hole Eavesdropping • How to implement routing attacks? Distance-Vector: Announce low-cost routes Link-state: Dropping links from topology • BGP vulnerabilities Prefix-hijacking Path alteration 15-411: F08 security 10