HOME NETWORK SECURITY - PowerPoint PPT Presentation

About This Presentation
Title:

HOME NETWORK SECURITY

Description:

Neither of the following two links are really CNN... http://www.cnn.com:mainpage_at_2175456613/~sws/0/ (works from most platforms) ... – PowerPoint PPT presentation

Number of Views:40
Avg rating:3.0/5.0
Slides: 39
Provided by: Myse5
Learn more at: http://www.cs.sjsu.edu
Category:

less

Transcript and Presenter's Notes

Title: HOME NETWORK SECURITY


1
HOME NETWORK SECURITY
EMPHASIS ON WEB SPOOFING
CS 265 SHALINI RAMESH

2
  • TOPICS
  • Crisis
  • Computer Crimes
  • Types of Spoofing
  • Web Spoofing
  • - working
  • - short term solutions
  • - long term solutions
  • General Precautions

3
Crisis
  • Internet has grown very fast and security has
    lagged behind.
  • Legions of hackers have emerged as impedance to
    entering the hackers club is low.
  • It is hard to trace the perpetrator of cyber
    attacks since the real identities are
    camouflaged.
  • It is very hard to track down people because of
    the ubiquity of the network.
  • Large scale failures of internet can have a
    catastrophic impact on the economy which relies
    heavily on electronic transactions.

4
Why Security?
  • Some of the sites which have been compromised
  • U.S. Department of Commerce
  • NASA
  • CIA
  • Greenpeace
  • Motorola
  • UNICEF
  • Church of Christ
  • Some sites which have been rendered ineffective
  • Yahoo
  • Microsoft
  • Amazon

5
Growing Networks
6
Wired Wireless Networks
7
Protocol- is a well defined specification that
allows computers to communicate across a
network. Internet Protocol can be thought of
as a common language of computers on the
internet. IP address every computer on the
internet has an IP address associated with it.
But this address may change over time due
to- Dialing into ISP Connected behind a network
firewall Connected to a broadband service using
dynamic IP addressing.
8
TECHNOLOGY
Dial-up Broadband
Connection type Dial on demand Always on
IP address Changes on each call Static or infrequently changing
Relative connection speed Low High
Remote control potential Computer must be dialed in to control remotely Computer is always connected, so remote control can occur anytime
ISP-provided security Little or none Little or none

9
  • What can intruders do?
  • Attackers can gain control of the system and
    launch attacks on other systems.
  • They can hide their true location and attack high
    profile computer system in government or
    financial institutions.
  • Intruders can program in such a way, where they
    can watch all the actions a person does.
  • Reformat the hard disc and change the data of a
    good guy.

10
Intentional misuse of your computer
  1. Trojan horse programs
  2. Back door and remote administration programs
  3. Denial of service
  4. Being an intermediary for another attack
  5. Unprotected Windows shares
  6. Mobile code (Java, JavaScript, and ActiveX)
  7. Cross-site scripting
  8. Email spoofing
  9. Email-borne viruses
  10. Hidden file extensions
  11. Chat clients
  12. Packet sniffing

11
  • Trojan horse programs
  • Intruder tricks the computer user into installing
    back door programs.
  • Intruder gets easy access to the system without
    the users knowledge.
  • Intruder can change the system configuration
  • He can infect the computer with virus.
  • Back door and remote administration programs
  • Mostly windows computers are vulnerable to this
    attack.
  • 3 tools which are commonly used by intruders to
    gain control are BACKORIFICE, NETBUS and SUBSEVEN.

12
  • Denial of service
  • This attack causes the users computer to crash
    or it becomes very busy processing data, that the
    owner of the computer becomes unable to use it.
  • Unprotected windows shares
  • Unprotected windows networking shares can be
    exploited by the intruders in an automated way to
    place tools on a large number of windows-leased
    computers attached to the internet.
  • Site security on the internet is inter-
    dependent.
  • Another threat is that worms and virus propagate
    thro unprotected windows networks.
  • Eg 911 worm

13
  • Mobile code ( java / java script /activex )
  • These programming languages let web developers to
    write code and they are executed on the browser.
  • This code can be used by intruders to gather
    information about various things, the user does
    on the internet.
  • Email borne viruses
  • Viruses and other types of malicious code mostly
    spread thro attachments with email messages.
  • The user should never run a program which he has
    received from an unauthorized address.

14
  • Cross-site scripting
  • A bad guy may attach a script to something and
    send it to a website. Later when the web-site
    responds to the user, the malicious script is
    transferred to the users browser.
  • The many ways this can happen is-
  • Following links in web pages, email messages
    without knowing what the link is.
  • Using interactive forms on an untrustworthy
    website
  • Participating in online discussion groups, where
    users can
  • post text containing HTML tags only.

15
Spoofing
  • Definition
  • An attacker alters his identity so that some one
    thinks he is some one else
  • Email, User ID, IP Address,
  • Attacker exploits trust relation between user and
    networked machines to gain access to machines
  • Types of Spoofing
  • IP Spoofing
  • Email Spoofing
  • Web Spoofing
  • Frame Spoofing

16
Email Spoofing pretending to be somebody else
in emails. IP Spoofing pretending to be
somebody elses machine( pretending to be the
trusted intranet host with a particular IP
address ) Frame Spoofing attacker inserts a
frame into the web-page. one of the user frames
can be controlled by an attacker while
the others are normal.
17
  • DETAILS ABOUT WEB SPOOFING
  • web spoofing
  • pretending to be somebody elses website.
  • It is an internet security attack that could
    endanger the privacy of world wide web users and
    the integrity of their data.
  • Todays browsers like internet explorer and
    Netscape navigator are vulnerable to this attack.
  • Almost unnoticeable to web page visitor
  • Changes are so small and buried in thousands of
    lines of html source code.
  • www.ebay.com becomes www.ebey.com

18
WWW SERVER
VICTIM
Classic example of Man-inthe-middle
1
Request URL
5
3
Send requested URL
Rewrite page
Rewritten page sent
2
4
RequestURL
ATTACKER
19
  • Working
  • Attacker registers a web address matching an
    entity.
  • Eg amazone.com , ebey.com
  • Web- spoofing allows the attacker to create a
    shadow copy of the entire world wide web.
  • The user accesses this shadow web thro the
    attackers machine.
  • The attacker gets hold of all the personal
    information like user-ids, passwords, financial
    statements.
  • Another major drawback is that the attacker can
    send false or misleading data to the web servers
    in the users name or vice-versa.
  • In other words the attacker controls all the
    activities a user does on the web.

20
  • How the attack works?
  • The attacker creates misleading context in order
    to trick the victim into making an inappropriate
    security relevant decision.
  • The attacker sets up a false but convincing world
    around the victim.
  • The victim thinks that the false world is the
    real world and does something which will have
    disastrous effects.
  • After the attacker makes a copy of the page
    requested, looks for all special html commands
    that may reference a URL and changes them.

21
Details URL rewriting The attackers first
trick is to rewrite all the Urls on some
web-page so that they point to the attackers
server rather than the real server. Consider
http//www.hotmail.com Is rewritten
as http//www.attacker.org/http//hotmail.com Wher
e www.attacker.org is the attackers server. Once
the attackers server gets the real document, he
rewrites all the urls . Then the attackers
server sends the rewritten page to the victim.
22
  • The real attack
  • To start an attack, the attacker must convince
    the victim to use the attackers false web.
  • He can put a link of his web on a popular
    website.
  • The attacker can email the victim a pointer to
    the false web
  • Attacker can trick a web search engine into
    indexing part of the false web.
  • Perfecting the art
  • Some content that give the victim clues that an
    attack is being made.
  • Easy to convince the victim, because browsers are
    very customizable.

23
Perfecting the art STATUS LINE A single line of
text at the bottom of the browser. When the mouse
is held on the web page, the url is
displayed. The victim might notice a false
URL. When the page is being fetched the status
line briefly displays the name of the server
being contacted. Hence www.attacker.org may be
displayed. Solution The attacker can cover up
both by adding a java script program to every
rewritten page. These programs can write to
status line Hence they always show the victim the
address of the real web
24
LOCATION LINE Displays the url of the current
page. Rewritten url may appear on the location
line Solution a java script program can hide
the real location line and replace it by a false
location line that looks right and is in the same
expected place. This fake location line can also
accept keyboard input, allowing the victim to
type in the urls normally.
25
Viewing document source A user can possibly
see the rewritten urls in the HTML source code
and could spot an attack. Solution Write a
JavaScript to hide a browsers menu bar,
replacing it with a menu bar that looks
identical. From this the user could view the
original (non- rewritten) HTML source. Tracing
an attacker Not possible!!!!!!!!!!!!!!!!! He
attacks thro some innocent users machine.
26
Smart hacker 1.) Victim uses IE, hacker might
write an ActiveX control, which is executed each
time the victim runs the browser. The hackers
ActiveX might replace a normal URL with hacked
URL. 2.) hacker can hide the rewritten URL using
an embedded program within the spoofing
server This hides the real location line and
replaces it with a fake location line.
27
  • Secure connection
  • Attack works even when victim requests a page
    thro secure connection
  • Secure web access using S-HTTP or Secure Sockets
    Layer browser display is as usual
  • Hackers server will deliver the page
  • Victims browser will turn on the secure
    connection indicator
  • But!!!!!!!!!!!!!!!!!!!!!!!!

28

Example????????? False ATM machine in public
areas. Misleading URLs... Neither of the
following two links are really CNN...
http//www.cnn.commainpage_at_2175456613/sws/0/
(works from most platforms) http//www.cnn.comm
ainpage_at_129.170.213.101/sws/0/ (works from most
of the
29
Spoofing can be of 2 types 1 Security-relevant
decisions the decision taken by the
user may result in breach of privacy or
unauthorized tampering with data. Eg Typing in
a password or user-id The user accepts a
downloaded document, which contains malicious
elements that may harm the user.
30
2 context The text and pictures on a web page
might give some information as to where the page
came from Eg If the user sees a corporate logo,
then he can assume that the page originated from
that company. WWW.MICROSOFT.COM
WWW.MICR0S0FT.COM Manual.doc may not be so
!!!!!!!!!!!!!
31
  • Ways to attack
  • The attacker can see and modify any data that is
    going from the victim to the web server. The
    attacker may also control the return traffic from
    the web server to the victim.
  • 1 Surveillance
  • The attacker passively watches the traffic moving
    along the network.
  • He will be able to record the pages the victim
    visits and the contents of those pages
  • In an interactive form , the details are
    captured.

32
  • 2 Tampering
  • The attacker modifies the data from the victim to
    the server
  • He can also modify the data from the server to
    the victim
  • Spoofing the www
  • The attacker does not have the whole spoofed
    copy. Only the web page requested is spoofed.

33
  • Short term solution
  • Disable JavaScript in the browser attacker
    unable to hide the evidence
  • Browsers location line is always visible
  • Keep checking the urls are they the intended
    ones.
  • Disable java, ActiveX
  • Use URL checking software to check that the links
    point to expected locations.
  • Use host security policies procedures to ensure
    that critical files cannot be modified. Eg Some
    type of access control method to deny access if
    somebody attempts to modify files.

34
  • Contd.
  • Enabling the browser to show the URL we are
    accessing. This enables us to see the actual URL
    that is being referenced.
  • Do not be paranoid- old saying just because you
    are paranoid does not mean that somebody isnt
    trying to get you

35
  • Long term solutions
  • Action on the part of browser manufacturers-Changi
    ng browser code so that the browser always
    displays the location line
  • An improved secure connection indicator would
    help, for pages fetched via secure locations.
  • Indicate the browser at the other end
  • Use simple language to indicate like HP.Inc
    instead of www.hp.com

36
  • Arcticsofts solution
  • Arcticsofts WebAssurity
  • Lets users dynamically verify web pages
  • User can instantly say if anything is wrong

37
  • Some general precautions
  • Consult your system support personnel if you work
    from home
  • Use virus protection software
  • Don't open unknown email attachments
  • Don't run programs of unknown origin
  • Keep all applications, including your operating
    system, patched
  • Turn off your computer or disconnect from the
    network when not in use
  • Make a boot disk in case your computer is
    damaged or compromised
  • Make regular backups of critical data

38
References Website of department of Computer
Science, Princeton University -
www.cs.princeton.edu Website of Carnegie Mellon
University www.cs.dartmouth.edu
www.systemexperts.com citeseer.nj.nec.com
Write a Comment
User Comments (0)
About PowerShow.com