Internet Security 1  (

Internet Security 1 ( - Description

IntSi1. ). Prof. Dr. Peter Heinzmann. Prof. Dr. Andreas Steffen. Institute for Internet Technologies and Applications (ITA). 1 Introduction. Internet Security 1 (. IntSi1. ). 1.1 . What. . is. . Internet Security?. ID: 343808 Download Presentation

71K - views

Internet Security 1 (

IntSi1. ). Prof. Dr. Peter Heinzmann. Prof. Dr. Andreas Steffen. Institute for Internet Technologies and Applications (ITA). 1 Introduction. Internet Security 1 (. IntSi1. ). 1.1 . What. . is. . Internet Security?.

Similar presentations


Download Presentation

Internet Security 1 (




Download Presentation - The PPT/PDF document "Internet Security 1 (" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.



Presentation on theme: "Internet Security 1 ("— Presentation transcript:

Slide1

Internet Security 1 (IntSi1)

Prof. Dr. Peter HeinzmannProf. Dr. Andreas SteffenInstitute for Internet Technologies and Applications (ITA)

1 Introduction

Slide2

Internet Security 1 (IntSi1)

1.1

What

is

Internet Security?

Slide3

Definition of Information Security

Information Security (ISO/IEC 27001:2005)Preservation of confidentiality, integrity and availability of information; in addition, other properties such as authenticity, accountability, non-repudiation and reliability can also be involved.Information Security (Wikipedia) = IT SecurityInformation security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.IT SecurityIT Security is a subset of Information Security and is concerned with the protection of computers and/or protecting information by meansof computers.Internet Security (Wikipedia)Internet Security is a branch of Computer Security specifically related to the Internet. Its objective is to establish rules and measures to use against attacks over the Internet.

Slide4

xyz.ch

2095

Mio

Internet

users

(March

'

11)

vs.

850

Mio

hosts

(

July

'

11)

ISP

Private

Homes

Business,

Administration

Commerce,

Shops

Worldwide

Criminal

Potential in

the

Internet

Slide5

?? ? ?

What do you expect from Internet Security?

Slide6

Security Elements:

The CIA Triad + Extensions

ConfidentialityValuable information or sensitive data must be protected from unauthorized access.IntegrityData must be protected from getting accidentally or mischievouslychanged either in its storage location or during transmission.AvailabilityIn a global business environment the server and communications infrastructure must be available on a 24/7 basis.

Authenticity

In

any

electronic

transaction

the

true

identity

of

the

communication

partners

(

hosts

/

users

)

should

be

verifiable

.

Accountability

(Non-Repudiation)

There

should

be

a

provable

association

between

an

electronic

transaction

and

the

entity

which

initiated

it.

Slide7

Identifying the Security Elements

Availability

waiting for response

Integrityprotects data against change

Confidentiality keep information secret

Authenticationverifies the host

SSL/TLSmakes it allpossible

Slide8

Internet Security 1 (IntSi1)

1.2 Security Risks

Slide9

Threats

Vulnerabilities

Assets, Values

Security measures

Data

Cost of incidents

Overall cost

Cost of

security measures

unprotected

high level protection

Security

level

Value of system

to be protected

Cost

Security

Risk

Analysis

Risk

=

Value

Threat

Vulnerability

Slide10

Internet Security 1 (IntSi1)

1.3 Security

Threats

Slide11

National Interest

Personal

Profit

PersonalEgo

Curiosity

Author

Thief

Trespasser

Hacker

/

Expert

Vandal

Script Kiddy

Motivation

Expertise and Resources

Professional

Spy

Vandals, Script Kiddies, Thieves and Spies

Slide12

Attack Sophistication vs. Intruder Knowledge

High

Low

1980

1985

1990

1995

2000

Intruders

Technical

Knowledge

“stealth” / advanced scanning techniques

denial of service

exploiting known vulnerabilities

disabling audits

automated probes/scans

Attack

Sophistication

Cross site scripting

password guessing

self-replicating code

password cracking

back doors

hijacking

sessions

sweepers

sniffers

packet spoofing

GUI

www attacks

Tools

burglaries

network mgmt. diagnostics

distributed

attack tools

Staged

Auto

Coordinated

Slide13

Vandalism - Web Defacing

Slide14

Vandalism - Web Defacing

Slide15

I

nternet Security Threat Situation in 2010

Source: Symantec

Slide16

Internet Security

Threat Situation in 2010

Source: Symantec

Slide17

Trojan Horse hidden in Android App

Source: Symantec

Slide18

The Year 2010 in Numbers

Source

: Symantec

Slide19

Global

Threat Situation Today

Source: Symantec

New malicious code threats

Slide20

Global Threat Situation Today

Top Web-based attacks

Source: Symantec

Slide21

Global Threat Situation Today

Web browser plugin vulnerabilities

Source: Symantec

Slide22

Global Threat Situation Today

Malicious activity by country

Source: Symantec

Slide23

Global Threat Situation Today

Source

: Symantec

Slide24

The Underground Economy

January

2010

fraud

of 1600$

Source: Symantec

Goods and services available for sale in the underground economy

Slide25

Denial of Service Attacks

A Denial of Service (DoS) attack against a computer system makes the service unavailable to legitimate users.DoS is usually attempted by consuming CPU time, memory or network bandwidth of the target system or network.The original DoS attacks usually exploited bugs in a target platforme.g. by sending malformed packets to a host (Ping of Death, Winnuke) in order to crash the system.Other classic DoS attacks SYN flood: send TCP connection requests with spoofed source IP addresses quickly causing the server to reach its maximum number of half-open connections (counter measures: SYN cookies)Smurf attack: send ICMP ping requests to an IP broadcast address using the IP source address of the target which then receives allICMP ping replies.Today, assuming correctly configured hosts and networks, the threat from a single host to bring down a server is rather small.

Slide26

Denial

of

Service – Ping Attack with IP Spoofing

Corporate

Network

Victim

Internet

Attacker

pings to broadcast address

of corporate network

with spoofed source

address of victim

Firewall

Slide27

Distributed

Denial of Service Attacks (DDoS)

Target

Attacker

Zombie

Zombie

Zombie

Zombie

Handler

Handler

Control

&

Command

Attack

Traffic

Available

DDoS

Tools

:

Trinoo

,

Tribe

Flood

Network

, Stacheldraht

Slide28

Vulnerability of amazon.com’s Internet Business

Net sales in 2Q 2011: 9’910’000’000 $US

Lost business due to one hour off the Internet 4’600’000 $US

U.S. Server Outage on June 6, 2008 2 hour downtime due to human error

Slide29

Novartis – a Global Player

Slide30

Many Hops to www.novartis.com

traceroute to www.novartis.com (164.109.68.201) 1 edugw.zhwin.ch (160.85.160.1) Winterthur 2 intfw.zhwin.ch (160.85.111.1) 3 winfh1.zhwin.ch (160.85.105.1) 4 swiEZ2-G2-9.switch.ch (130.59.36.157) Zurich 5 swiIX1-10GE-1-1.switch.ch (130.59.36.250) 6 zch-b1-geth3-1.telia.net (213.248.79.189) 7 ffm-bb1-pos0-3-3.telia.net (213.248.79.185) Frankfurt 8 prs-bb1-pos7-0-0.telia.net (213.248.64.110) Paris 9 ldn-bb1-pos7-2-0.telia.net (213.248.64.10) London10 nyk-bb1-pos0-2-0.telia.net (213.248.65.90) New York11 nyk-b1-link.telia.net (213.248.82.14)12 POS3-1.IG4.NYC4.ALTER.NET (208.192.177.29)13 0.so-2-3-0.XL2.NYC4.ALTER.NET (152.63.19.242)14 0.so-6-0-0.XL2.DCA6.ALTER.NET (152.63.38.74) Washington, D.C.15 0.so-7-0-0.GW6.DCA6.ALTER.NET (152.63.41.225) 16 digex-gw.customer.alter.net (157.130.214.102)17 gigabitethernet1-0.dca2c-fcor-rt2.netsrv.digex.net (164.109.3.10)18 vlan28.dca2c-fdisc-sw1-msfc1.netsrv.digex.net (164.109.3.166)19 164.109.92.14 (164.109.92.14)20 164.109.68.201 (164.109.68.201)

Slide31

Emerging Challenges

Mobile DevicesLoss of confidential dataEmbedded SystemsAbout 8 billion microcontrollers sold in 2006 Usually no or only marginal security mechanismsUbiquitous (pervasive) ComputingRFID (profiling)Home AutomationControllable over the Internet

Slide32

Stuxnet attacks Industrial Control Equipment

Targeted at Siemens Supervisory Control and Data Acquisition systems that control and monitor specific industrial processes. Stuxnet includes a Programmable Logic Controller (PLC) rootkit.Designed by a team of 5-10 professionalsand meant to sabotage the Iranianuranium enrichment facility at Natanz.

Slide33

Internet Security 1 (IntSi1)

1.4

Vulnerabilites

Slide34

Vulnerabilities and Exposures

A universal vulnerability is a state in a computing system(or set of systems) which either:allows an attacker to execute commands as another user allows an attacker to access data that is contrary to the specified access restrictions for that data allows an attacker to pose as another entity allows an attacker to conduct a denial of serviceAn exposure is a state in a computing system (or set of systems) which is not a universal vulnerability, but either:allows an attacker to conduct information gathering activities allows an attacker to hide activities includes a capability that behaves as expected, but can be easily compromised is a primary point of entry that an attacker may attempt to use togain access to the system or data is considered a problem according to some reasonable security policy

Source: www.cve.mitre.org/about/terminology.html

Slide35

Common Vulnerabilities and Exposures Database

Slide36

NIST Statistics on Vulnerabilities with High Severity

Slide37

Internet Security 1 (IntSi1)

1.5

Security

Measures

Slide38

Security Measures

Organize (Plan) Set up a security policy, build awareness, analyze and classify security risks, decide on and implement security measures, define responsibilities, train staff periodically. Protect (Do)Encrypt stored data and transmitted information, use authentication in order to insure data integrity, install patches, use and periodically check data backup mechanisms.Filter (Do)Limit physical access to systems and data by using strong authentication for users and hosts. Filter traffic by using firewalls and virus scanners.Combine (Do)Combine multiple security measures (multilevel / in-depth security)Monitor and Control (Act)detect attacks (Intrusion Detection Systems, Honey Pot), run periodic security checks (Tiger Teams), react and correct.

Slide39

Security Life Cycle

1: Security Policy

(Why?)

2: Risk Analysis

3: Define measures

5: Control

measures

4: Implement measures

Slide40

Slide41

Slide42

Slide43

Slide44

Slide45

Slide46

Slide47

Slide48

Slide49