Introduction - Communication Systems Group - ETH Zürich
13.07.2015 Views
Share Embed Flag

Introduction - Communication Systems Group - ETH Zürich

Introduction - Communication Systems Group - ETH Zürich

Introduction - Communication Systems Group - ETH Zürich

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
csg.ethz.ch

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

About this courseThis course discusses fundamental conceptsand technologies in the area of networksecurity. Several case studies illustrate the darkside of the Internet and explain how to protectagainst such threats. A hands-on computer labthat accompanies the course gives a deep diveon firewalls, penetration testing and intrusiondetection.<strong>ETH</strong> Zurich, Bernhard Plattner Network Security HS 2009 NSHS08H8353226 2

Outline• Course Organization• Course Contents• Security Trends• Security Threats• Security Concepts• Reader: Attack Case StudiesAcknowledgements to Thomas Dübendorfer, Stefan Frei and members of TIK for their input.<strong>ETH</strong> Zurich, Bernhard Plattner Network Security HS 2009 NSHS08H8353226 3

Course OrganizationNetwork Security HS 2009

Lecture and Exercise SessionsLecture: Tue 10:15-11:55, ETF C1• Key security concepts, theory, technologies, case studies• Schedule and topics at http://tinyurl.com/netsec2009Exercise session and guest talks: Tue 9:15-10:00, ETF C1• „Attack show cases“, discussion of assignmentsTeaching Assistants• Dominik Schatzmann (Coordinator), ETZ G 95,+41 44 63 25447, schatzmann@tik.ee.ethz.ch• Bernhard Tellenbach, ETZ G97,+41 44 63 27006, tellenbach@tik.ee.ethz.ch• Gabriel Popa [GP], Room ETZ G94,+41 44 63 27010, popa@tik.ee.ethz.ch• Elias Raftopoulos [IR], Room ETZ G94,+41 44 63 27052, raftopoulos@tik.ee.ethz.ch<strong>ETH</strong> Zurich, Bernhard Plattner Network Security HS 2009 NSHS08H8353226 6

Blackboard and Network LaboratoryBlackboard• A closed group collaboration tool: lecture material,• assignments, self-assessments, discussion boardNetwork Laboratory: Mo/Fr 13.15 - 17.00, ETF B5• From port scans and firewalls to IPSec in five lab sessions• Printed laboratory handouts (sold in lab sessions)Material:• Lecture slides and readers, self-assessments, labdocumentation, exercises; no specific book recommendation• <strong>ETH</strong> Podcast recordings will be published in a suitable place(tba).<strong>ETH</strong> Zurich, Bernhard Plattner Network Security HS 2009 NSHS08H8353226 8

Oral Exam• Time: 30 minutes oral exam per person• Language: German or English (your choice)• Exam coverage:• Lecture, lab, guest talks, exercises, readers• Exam starts with two questions from self-assessments• What and how we assess:• we cover two to three main topics of the lecture• understanding of security concepts, techniques and attacks as well asthe ability to suggest appropriate defense measures• we measure performance as work done per time, not just work;talking excessively slow or off topic to prevent other topics from beingcovered seems like a bad idea• Hint:• Check your knowledge against the "take home message" at the end ofevery lecture<strong>ETH</strong> Zurich, Bernhard Plattner Network Security HS 2009 NSHS08H8353226 9

Action Items for Network Security Students• Lecture registration (“Einschreibung”)• Subscribe to “Network Security HS 2009” onhttps://www.mystudies.ethz.ch/• This will also allow us to send you a Blackboardinvitation. If you can’t register, send an email to thelecture coordinator schatzmann@tik.ee.ethz.ch to get aguest blackboard account.• Network security laboratory registration• Register on paper list available during the break• To register later (but not after Sept. 30): send e-mail toDominik Schatzmann, schatzmann@tik.ee.ethz.ch<strong>ETH</strong> Zurich, Bernhard Plattner Network Security HS 2009 NSHS08H8353226 10

Course ContentsNetwork Security HS 2009

Course Contents (see course website for schedule)• Vulnerability Lifecycle• Firewalling Concepts• Worms and Viruses• Availability and DoS• Secure Channels• Secure Shell (SSH)• Identity andAuthentication• Case Study: DNS• Security of EmbeddedDevices• Application Security I:Buffer Overflow Attacks• Application Security II:SQL Injection, Session State• Application Security II:Cross Site Scripting (XSS)• Intrusion Detection,Prevention and Monitoring• Email Spam• Dark Side of the Internet<strong>ETH</strong> Zurich, Bernhard Plattner Network Security HS 2009 NSHS08H8353226 12

Security TrendsNetwork Security HS 2009

Why is network security an issue?• Email, web sites, video conferencing, instant messaging,voice over IP, e-commerce, e-government, distributed controlsystems (for energy, water, traffic etc.), ...à Distributed information systems have become criticalinfrastructuresà Economy depends more and more on the Internet• Open systemsà technology gets standardized and is no longer a secretà physical security is no longer sufficient• Insecurity driven by organized crime• Huge and fast growing Internet user base (2008: 1.408 billion)à increasing risk (both damage potential and probability ofoccurrence increase)<strong>ETH</strong> Zurich, Bernhard Plattner Network Security HS 2009 NSHS08H8353226 14

Security has become critical• Security• Security is one of the hidden building blocks of the Internet• The limits of security will become the limits of the Internet• Growing online business attracts more attackers• Attackers increase the cost of doing business online• But the opportunities of being on the Internet far outweigh the risksMarket acceptanceof InternetSerious Use(since 2000)EarlyAdoption(mid 90s)MaximumHype(late 90s)Trough ofDisillusionment(2000-2003)Time<strong>ETH</strong> Zurich, Bernhard Plattner Network Security HS 2009 NSHS08H8353226 15

Several decades of security problemsAttacker knowledge requiredAttacks by „script kiddies“ andcommercialization of attack tools<strong>ETH</strong> Zurich, Bernhard Plattner Network Security HS 2009 NSHS08H8353226 16

Security ThreatsNetwork Security HS 2009

What can attackers do?• Overhear communication• Send fake messages• Replay a message• Manipulate messages ordata (stored, in transit)• Generate code with specialproperties („active content“)• Breach privacy boundaries• Issue defamatory statements• Assume false identity• Get unauthorized access• Overload system resources• etc.à This poses risks for individuals and organizations<strong>ETH</strong> Zurich, Bernhard Plattner Network Security HS 2009 NSHS08H8353226 18

Asymmetric threat and leverage• Asymmetric Threat• IT and the Internet continually give attackers new opportunitiesfor leverage- automation, technique propagation- distant action in a network- security unaware users join the Internet• Attacker tries a few exploits on a few systems, but defendersmust secure all systems against all exploits• Leverage• You may reach 100 million potential subjects (customers, orvictims)• We can’t count on previous constraints (e.g. travel cost, cost ofphysical shipment) to limit the effectiveness of an attackeràScary aspect of modern technology<strong>ETH</strong> Zurich, Bernhard Plattner Network Security HS 2009 NSHS08H8353226 19

Attacker Motivation• Ego• To show the world what one can do• To impress peers• To live some fantasy of omnipotence• Revenge, destruction, creation of fear:• Military applications• Terrorism• Direct revenge (e.g. a disgruntled former employee)• Criminal intent• Blackmail, racketeering• Credit card fraud• Infiltrating e-banking• Spamming, phishing<strong>ETH</strong> Zurich, Bernhard Plattner Network Security HS 2009 NSHS08H8353226 20

Attacker Motivation (cont.)• Acquisition of computing and network resources:• Typically commercial motivation, stealth is usually desired• Has become widespread in the last few years• Danger-level is high- Botnets have 10k-1M hosts, have been used in DoS attacks...• Often causes overall network degradation and cost forprotection (e.g. Spam) à collateral damages are significant• Acquisition of sensitive information:• Industry espionage by competitors and intelligence agencies• Undercover criminal investigations (“On-line-Durchsuchung”in Germany, http://www.spiegel.de/netzwelt/tech/0,1518,464629,00.html)<strong>ETH</strong> Zurich, Bernhard Plattner Network Security HS 2009 NSHS08H8353226 21

Security ConceptsNetwork Security HS 2009

What is the goal of „security“?• Confidentiality• Integrity• AvailabilityAnd more:• Authenticity• Accountability• Non repudiation• PrivacyGlossary:TheCIAtriadConfidentiality: prevention of unauthorized disclosure of informationIntegrity: prevention of unauthorized modification or deletion of informationAvailability: prevention of unauthorized withholding of information<strong>ETH</strong> Zurich, Bernhard Plattner Network Security HS 2009 NSHS08H8353226 23ICA

Attack classificationPassive attacksActive attacksConfidentialityAvailabilityIntegrity andAuthenticityCompromiseof contentTraffic analysisClassification due to Steve Kent, BBN TechnologiesDenial ofserviceModificationFabricationReplay<strong>ETH</strong> Zurich, Bernhard Plattner Network Security HS 2009 NSHS08H8353226 24

Establishment of a virtual secure channelContent integrity, confidentialitySourceauthenticitySecuritymeasuresSecure ChannelAuthorizedrecipientsAliceInternetBob<strong>ETH</strong> Zurich, Bernhard Plattner Network Security HS 2009 NSHS08H8353226 25

<strong>Communication</strong> channel modelNot confidential channelAn attacker can eavesdrop on allinformation sent.Confidential channelNo eavesdropping possible oninformation sent.Not authentic channelThe receiver has no guarantee thatthe sender is the one he claims tobe, and that the content is original.Authentic channelThe receiver can be assured that thesender of the information is the onehe claims to be and that the contentis original.ChanneltypeNotauthenticauthenticsecure = authentic and confidentialNot confidentialconfidential<strong>ETH</strong> Zurich, Bernhard Plattner Network Security HS 2009 NSHS08H8353226 26

Secure communication using insecurechannelAttacker•Has full access to the physical channel•Knows all mechanisms and protocols•Does not know any secret keysMessageMessageSecret Key 1SecuritytransformationencryptionChannelSecuritytransformationdecryptionSecret Key 2SenderReceiver<strong>ETH</strong> Zurich, Bernhard Plattner Network Security HS 2009 NSHS08H8353226 27

Access controlLegitimateuserattackerAccesscontrolInformationsystem(hardware,software,storage,applicationsLocal security measuresintrusion detection, event logging, local access control ...<strong>ETH</strong> Zurich, Bernhard Plattner Network Security HS 2009 NSHS08H8353226 28

System Map: Security on different OSI layersUser InterfaceIntrusion detection/protection, spam filtering,economic incentives, legal enforcement, forensicsUser InterfaceAuthApplicationSSHApplicationAuthAuthApplicationTransportSSLTransportTransportNetworkIPSECNetworkNetworkPhysical LayerLinkencryptionPhysical LayerQuantumCryptographyPhysical Layer<strong>ETH</strong> Zurich, Bernhard Plattner Network Security HS 2009 NSHS08H8353226 29

Conclusionsand take home messageNetwork Security HS 2009

Take Home Message• Decades of security problems:Security is a process, not a one time thing• What is the security goal? Know the CIA triad• Attacks differ a lot but can be classified• Cryptography can provide secure channels in an insecurenetwork• Security can be implemented at different OSI layers• Know some large attack cases (see reader on blackboard)<strong>ETH</strong> Zurich, Bernhard Plattner Network Security HS 2009 NSHS08H8353226 31

Threats to CivilizationImage source: Kevin Siers, North Carolina, The Charlotte Observer<strong>ETH</strong> Zurich, Bernhard Plattner Network Security HS 2009 NSHS08H8353226 32

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!