IntSi1. ). Prof. Dr. Peter Heinzmann. Prof. Dr. Andreas Steffen. Institute for Internet Technologies and Applications (ITA). 1 Introduction. Internet Security 1 (. IntSi1. ). 1.1 . What. . is. . Internet Security?. ID: 343808 Download Presentation
IntSi1. ). Prof. Dr. Peter Heinzmann. Prof. Dr. Andreas Steffen. Institute for Internet Technologies and Applications (ITA). 1 Introduction. Internet Security 1 (. IntSi1. ). 1.1 . What. . is. . Internet Security?.
Download Presentation - The PPT/PDF document "Internet Security 1 (" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Presentation on theme: "Internet Security 1 ("— Presentation transcript:
Slide1
Internet Security 1 (IntSi1)
Prof. Dr. Peter HeinzmannProf. Dr. Andreas SteffenInstitute for Internet Technologies and Applications (ITA)
1 Introduction
Slide2
Internet Security 1 (IntSi1)
1.1
What
is
Internet Security?
Slide3
Definition of Information Security
Information Security (ISO/IEC 27001:2005)Preservation of confidentiality, integrity and availability of information; in addition, other properties such as authenticity, accountability, non-repudiation and reliability can also be involved.Information Security (Wikipedia) = IT SecurityInformation security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.IT SecurityIT Security is a subset of Information Security and is concerned with the protection of computers and/or protecting information by meansof computers.Internet Security (Wikipedia)Internet Security is a branch of Computer Security specifically related to the Internet. Its objective is to establish rules and measures to use against attacks over the Internet.
Slide4
xyz.ch
2095
Mio
Internet
users
(March
'
11)
vs.
850
Mio
hosts
(
July
'
11)
ISP
Private
Homes
Business,
Administration
Commerce,
Shops
Worldwide
Criminal
Potential in
the
Internet
Slide5
?? ? ?
What do you expect from Internet Security?
Slide6
Security Elements:
The CIA Triad + Extensions
ConfidentialityValuable information or sensitive data must be protected from unauthorized access.IntegrityData must be protected from getting accidentally or mischievouslychanged either in its storage location or during transmission.AvailabilityIn a global business environment the server and communications infrastructure must be available on a 24/7 basis.
Authenticity
In
any
electronic
transaction
the
true
identity
of
the
communication
partners
(
hosts
/
users
)
should
be
verifiable
.
Accountability
(Non-Repudiation)
There
should
be
a
provable
association
between
an
electronic
transaction
and
the
entity
which
initiated
it.
Slide7
Identifying the Security Elements
Availability
waiting for response
Integrityprotects data against change
Confidentiality keep information secret
Authenticationverifies the host
SSL/TLSmakes it allpossible
Slide8
Internet Security 1 (IntSi1)
1.2 Security Risks
Slide9
Threats
Vulnerabilities
Assets, Values
Security measures
Data
Cost of incidents
Overall cost
Cost of
security measures
unprotected
high level protection
Security
level
Value of system
to be protected
Cost
Security
Risk
Analysis
Risk
=
Value
Threat
Vulnerability
Slide10
Internet Security 1 (IntSi1)
1.3 Security
Threats
Slide11
National Interest
Personal
Profit
PersonalEgo
Curiosity
Author
Thief
Trespasser
Hacker
/
Expert
Vandal
Script Kiddy
Motivation
Expertise and Resources
Professional
Spy
Vandals, Script Kiddies, Thieves and Spies
Slide12
Attack Sophistication vs. Intruder Knowledge
High
Low
1980
1985
1990
1995
2000
Intruders
Technical
Knowledge
“stealth” / advanced scanning techniques
denial of service
exploiting known vulnerabilities
disabling audits
automated probes/scans
Attack
Sophistication
Cross site scripting
password guessing
self-replicating code
password cracking
back doors
hijacking
sessions
sweepers
sniffers
packet spoofing
GUI
www attacks
Tools
burglaries
network mgmt. diagnostics
distributed
attack tools
Staged
Auto
Coordinated
Slide13
Vandalism - Web Defacing
Slide14
Vandalism - Web Defacing
Slide15
I
nternet Security Threat Situation in 2010
Source: Symantec
Slide16
Internet Security
Threat Situation in 2010
Source: Symantec
Slide17
Trojan Horse hidden in Android App
Source: Symantec
Slide18
The Year 2010 in Numbers
Source
: Symantec
Slide19
Global
Threat Situation Today
Source: Symantec
New malicious code threats
Slide20
Global Threat Situation Today
Top Web-based attacks
Source: Symantec
Slide21
Global Threat Situation Today
Web browser plugin vulnerabilities
Source: Symantec
Slide22
Global Threat Situation Today
Malicious activity by country
Source: Symantec
Slide23
Global Threat Situation Today
Source
: Symantec
Slide24
The Underground Economy
January
2010
fraud
of 1600$
Source: Symantec
Goods and services available for sale in the underground economy
Slide25
Denial of Service Attacks
A Denial of Service (DoS) attack against a computer system makes the service unavailable to legitimate users.DoS is usually attempted by consuming CPU time, memory or network bandwidth of the target system or network.The original DoS attacks usually exploited bugs in a target platforme.g. by sending malformed packets to a host (Ping of Death, Winnuke) in order to crash the system.Other classic DoS attacks SYN flood: send TCP connection requests with spoofed source IP addresses quickly causing the server to reach its maximum number of half-open connections (counter measures: SYN cookies)Smurf attack: send ICMP ping requests to an IP broadcast address using the IP source address of the target which then receives allICMP ping replies.Today, assuming correctly configured hosts and networks, the threat from a single host to bring down a server is rather small.
Slide26
Denial
of
Service – Ping Attack with IP Spoofing
Corporate
Network
Victim
Internet
Attacker
pings to broadcast address
of corporate network
with spoofed source
address of victim
Firewall
Slide27
Distributed
Denial of Service Attacks (DDoS)
Target
Attacker
Zombie
Zombie
Zombie
Zombie
Handler
Handler
Control
&
Command
Attack
Traffic
Available
DDoS
Tools
:
Trinoo
,
Tribe
Flood
Network
, Stacheldraht
Slide28
Vulnerability of amazon.com’s Internet Business
Net sales in 2Q 2011: 9’910’000’000 $US
Lost business due to one hour off the Internet 4’600’000 $US
U.S. Server Outage on June 6, 2008 2 hour downtime due to human error
Mobile DevicesLoss of confidential dataEmbedded SystemsAbout 8 billion microcontrollers sold in 2006 Usually no or only marginal security mechanismsUbiquitous (pervasive) ComputingRFID (profiling)Home AutomationControllable over the Internet
Slide32
Stuxnet attacks Industrial Control Equipment
Targeted at Siemens Supervisory Control and Data Acquisition systems that control and monitor specific industrial processes. Stuxnet includes a Programmable Logic Controller (PLC) rootkit.Designed by a team of 5-10 professionalsand meant to sabotage the Iranianuranium enrichment facility at Natanz.
Slide33
Internet Security 1 (IntSi1)
1.4
Vulnerabilites
Slide34
Vulnerabilities and Exposures
A universal vulnerability is a state in a computing system(or set of systems) which either:allows an attacker to execute commands as another user allows an attacker to access data that is contrary to the specified access restrictions for that data allows an attacker to pose as another entity allows an attacker to conduct a denial of serviceAn exposure is a state in a computing system (or set of systems) which is not a universal vulnerability, but either:allows an attacker to conduct information gathering activities allows an attacker to hide activities includes a capability that behaves as expected, but can be easily compromised is a primary point of entry that an attacker may attempt to use togain access to the system or data is considered a problem according to some reasonable security policy
Source: www.cve.mitre.org/about/terminology.html
Slide35
Common Vulnerabilities and Exposures Database
Slide36
NIST Statistics on Vulnerabilities with High Severity
Slide37
Internet Security 1 (IntSi1)
1.5
Security
Measures
Slide38
Security Measures
Organize (Plan) Set up a security policy, build awareness, analyze and classify security risks, decide on and implement security measures, define responsibilities, train staff periodically. Protect (Do)Encrypt stored data and transmitted information, use authentication in order to insure data integrity, install patches, use and periodically check data backup mechanisms.Filter (Do)Limit physical access to systems and data by using strong authentication for users and hosts. Filter traffic by using firewalls and virus scanners.Combine (Do)Combine multiple security measures (multilevel / in-depth security)Monitor and Control (Act)detect attacks (Intrusion Detection Systems, Honey Pot), run periodic security checks (Tiger Teams), react and correct.
