Beruflich Dokumente
Kultur Dokumente
Society
Security (1)
Internet Technology
Suguru Yamaguchi TCP/IP
TCP/IP
Nara Institute of Science and Technology CATV S
ate
lit
e
Cable Modem Optical Fiber
ATM Copper Cable
Wi
rel
ess WDM/SDH
ISDN
SOI Asia/Advanced Internet Technology Communication Technology
SOI Asia/Advanced Internet Technology
1
Technical trend Buffer Overflow Attack
l Advanced attack method are widely deployed l Recognized as the most dangerous security hole, especially
cases when we can find them in network service servers.
– Recently reported that only 48 hours duration when we can
get attack tool using a specific security hole from the time – Major course for intrusion
when the vulnerability was reported. – Anyone can stop the service servers from the Internet
• Try to make “process crash (core dump)”
– Attack tools are very popular and traded in the Internet
– Implanting “shell code”
• Many developers
• Obtain backdoor access with administrator privilege
• Traded in the Internet
l Reported buffer overflow found in many service servers
• Various kinds of information about security holes, attack
methods and attack tools are available and aggressively – wuftp, Netscape Enterprise Server, Microsoft IIS, ….
exchanged among the community – Caused by functions in standard library that do not make boundary
– E.g. “bugtraq” check of memory assignment.
– Through WWW and IRC – Internet Worm (1988) used this method, so quite classic but can’t
– Professionally developed be eliminated
• Give actual damage on the system
Smurf Attack
2
DDoS Actual DoS traffic
l In Nov. 2002, root DNS servers were attacked by
DDoS
– 13 top level DNS server (serving TLD) for the whole Internet
– No major damage
• The design of DNS already concerns DoS attack
http://www.ipa.go.jp/
SOI Asia/Advanced Internet Technology SOI Asia/Advanced Internet Technology
http://www.npa.go.jp/hightech/arrest_repo/kenkyo_2000.htm
3
Threats (1) Threats (2)
l passive attack l In systems
– eavesdropping, wire tapping – File and data modifications
– traffic analysis – Unauthorized account creation
– Virus
l active attack – Unauthorized copy of information
– packet stream modification – ……
– Denial of Service
– masquerading
– unauthorized access
– Packet spoofing
– Replay attack
– Others….
l Inspection
– IDS, virus check, ….
– Monitoring & analysis
4
High performance FW (2) Multifunctional FW
Honey pot
Firewall
Quarantine Quarantine Quarantine Intranet
VPN/SSH gateway
SMTP forwarder
Service traffic
WWW contents filtering
(10G bb)
Management Center
5
Research Area (3)
l Digital Forensics
– IP Traceback
– Monitoring and recording
– Data mining from huge information repositories
– Logging