Network Security ( 网 络 安 全 原 理 与 技 术 ) Instructor: Di Wu ( 吴 迪 ) Sun Yat-Sen University Introduction 1
Question Computer Security Network Security Difference? Sun Yat-Sen University Introduction 2
Answer Computer Security Protect data itself. Especially for a shared computer system Network Security Protect data transmission Sun Yat-Sen University Introduction 3
Networks under attack What can be wrong? How are computer networks vulnerable? What are some of the more prevalent attacks today? Acknowledgement: Part of the slides are adopted from Prof. Keith Ross lecture notes. Sun Yat-Sen University Introduction 4
The bad guys can put malware into your host via the Internet We connect our hosts to the Internet to get good stuff: E-mail, web pages, mp3s, video clips, search results, etc. But along with the good stuff, comes the malware: Delete files Install spyware that collects private info Enroll our compromised host in a botnet Sun Yat-Sen University Introduction 5
Malware: self-replicating Once it infects one host: seeks entry it into other hosts and then into yet more hosts Virus ( 病 毒 ) Worms ( 蠕 虫 ) Trojan horse ( 木 马 ) Difference? Sun Yat-Sen University Introduction 6
Difference Virus Requires some form of human interaction to spread Classic example: E-mail viruses Worms No user replication needed Worm in infected host scans IP addresses and port numbers, looking for vulnerable processes to infect Trojan horse Hidden, devious part of some otherwise useful software Sun Yat-Sen University Introduction 7
Case Study Virus: ILOVEYOU 以 电 子 邮 件 消 息 的 形 式 发 来, 主 题 是 ILOVEYOU, 附 件 名 为 LOVE-LETTER-FOR-YOU.TXT.vbs E E 向 被 感 染 者 Outlook 通 讯 簿 名 单 发 出 自 动 信 件, 藉 以 连 锁 性 的 大 规 模 散 播, 造 成 企 业 mail server 瘫 痪 Worm:Code Red "Hacked by Chinese! Trojan horse ( 木 马 ): 盗 版 软 件 可 通 过 QQ/ 网 游 外 挂 传 播 Sun Yat-Sen University Introduction 8
The bad guys attack servers & network infrastructure: DoS attacks Denial of Service: Diminishes usability of network host, network, or network infrastructure. Vulnerability attack: Attacker sends well-crafted messages to a vulnerable app or OS, crashing service or host. Bandwidth flooding: Attacker sends a deluge of packets to the targeted host. Target s access link becomes clogged.. Connection flooding: The attacker establishes large number of half- or fully-open TCP connections at the target host. Target becomes incapable of accepting legitimate connections. Sun Yat-Sen University Introduction 9
Case Study: 暴 风 影 音 519 5.19 事 件 暴 风 影 音 5.19 事 件 :2009 年 5 月 18 19 日, 我 国 多 个 省 市 网 络 出 现 瘫 痪 堵 塞 的 现 象, 这 是 继 2006 年 12 月 27 日 台 湾 地 震 导 致 海 底 光 缆 中 断 以 来, 国 内 最 严 重 的 一 次 网 络 事 故 原 因 : 某 游 戏 私 服 网 站 使 用 僵 尸 网 络 对 国 内 最 大 的 免 费 域 名 服 务 提 供 商 DNSPod 进 行 DDoS 攻 击 暴 风 影 音 用 户 (1.2 亿 ) 无 法 解 析 baofeng.com, 而 转 向 ISP 的 DNS 服 务 器, 使 各 ISP 的 DNS 瘫 痪 Sun Yat-Sen University Introduction 10
The bad guys can sniff packets Passive sniffers near wireless transmitters Wired environments too. Many LANs broadcast Residential cable access systems broadcast Bad guys with access with internal network infrastructure can install sniffers. Packet sniffers are passive and therefore difficult to detect. t Sun Yat-Sen University Introduction 11
Case Study: 无 线 蹭 网 卡 使 用 蹭 网 卡 ---- 享 受 永 久 免 费 无 线 上 网! 教 你 如 何 在 外 租 房 或 经 常 搬 家 时, 想 上 网 而 不 方 便 时 轻 松 免 费 无 线 上 网 教 你 如 何 节 省 昂 贵 的 网 费, 随 时 随 地 接 收 到 附 近 的 无 线 网 络 您 出 差 在 外 是 否 遇 到 没 有 网 络 而 无 法 给 客 户 发 邮 件 而 焦 虑? 现 在, 您 已 经 不 必 担 忧 了!! 因 为 有 了 蹭 网 卡, 你 就 能 蹭 网 无 线 上 网! Sun Yat-Sen University Introduction 12
Case Study: 反 蹭 网 器 Sun Yat-Sen University Introduction 13
The bad guys can masquerade as someone you trust Easy to create packet w/ arbitrary source address, packet content & dest address then transmit packet into the Internet which forwards the packet to its destination. Man-in-the-middle: bad guy inserted in path between two communicating entities Sniff, inject, modify, delete packets Compromise integrity of data sent btwn 2 entities Sun Yat-Sen University Introduction 14
Top 5 Hackers of All time No 1. Kevin Mitnick No 2. Adrian Lamo No. 3. Jonathan James No. 4. Robert Morris No. 5. Kevin Poulsen Sun Yat-Sen University Introduction 15
How did the Internet get to be such an insecure place? Originally for a group of mutually trusting users attached to a transparent network. By definition, no need for security Mutual trust By default, can send a packet to any other user No requested/granted capability in TCP/IP IP source address taken by default to be true Today, communication between trusted users is the exception rather than the rule Sun Yat-Sen University Introduction 16
Course Goals Become expert in Internet protocols Understand the types of problems Survey some attacks Become familiar with some attack tools Understand the basic network security tools to counter the attacks Become familiar with firewall, IDS, VPN configuration fg Focus on principles rather than technology trends, current events Sun Yat-Sen University Introduction 17
Topics covered Network attacks Advanced d topics Cryptography Symmetric key, public key, integrity Secure protocols PGP, SSL, IPsec, etc Intrusion detection Firewalls Security issues in P2P IP traceback Secure WiFi Sun Yat-Sen University Introduction 18
Prerequisites Equivalent course on computer networking with a heavy dose of TCP/IP Proficiency in C programming and Linux Sun Yat-Sen University Introduction 19
Recommended Books Network Security Essentials, William Stallings, 2007, Prentice Hall; decent introduction to cryptography and secure protocols. Computer Networking, 4 th Edition, Kurose and Ross, 2007: for networking and TCP/IP background material, cryptography and secure protocols Counter Hack, 2nd Edition, Ed Skoudis, 2005, for material in first few lectures on attacks Network Security, Private Communication in a Public World, C. Kaufman, R. Perlman, M. Speciner, Prentice Hall, 1995; more advanced. Sun Yat-Sen University Introduction 20
Grading Main course Homework 20% Mid Term 20% Final exam 60% Labs 5 labs, each 20% Sun Yat-Sen University 21
Policy Do it independently No copy Can use reference books Staple your solution Write your name also, For report, you could discuss with classmates then write your own report Sun Yat-Sen University 22
Personnel Instructor: Di Wu ( 吴 迪 ), Email: wudi.cuhk@gmail.com Office hours: Thursday, 1pm 3pm Office: Room 632E Teaching Assistant: Zhihui Zhan ( 詹 志 辉 ) Email: zhanapollo@163.com. Office: Room 507 All questions about labs should be directed to Zhihui. Course Website: http://sysu.wikidot.com Sun Yat-Sen University Introduction 23
First lab assignment Started next Thursday 2 Wireshark assignments IP, TCP Max 10 pages; one document To be done individually Part of becoming an expert in Internet protocols Sun Yat-Sen University Introduction 24