DOCSLIB.ORG

Software Why Software?

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Why Software? ❑ Why is software as important to security Part IV: Software as crypto, access control, protocols? ❑ Virtually all information security features are implemented in software ❑ If your software is subject to attack, your security can be broken o Regardless of strength of crypto, access control, or protocols ❑ Software is a poor foundation for security Part 4 ⎯ Software 1 Part 4 ⎯ Software 2 Chapter 11: Bad Software is Ubiquitous Software Flaws and Malware ❑ NASA Mars Lander (cost $165 million) If automobiles had followed the same development cycle as the computer, o Crashed into Mars due to… o …error in converting English and metric units of measure a Rolls-Royce would today cost $100, get a million miles per gallon, o Believe it or not and explode once a year, killing everyone inside. ⎯ Robert X. Cringely ❑ Denver airport o Baggage handling system ⎯ very buggy software o Delayed airport opening by 11 months My software never has bugs. It just develops random features. o Cost of delay exceeded $1 million/day ⎯ Anonymous o What happened to person responsible for this fiasco? ❑ MV-22 Osprey o Advanced military aircraft o Faulty software can be fatal Part 4 ⎯ Software 3 Part 4 ⎯ Software 4 Complexity Software Issues ❑ “Complexity is the enemy of security”, Paul Kocher, Cryptography Research, Inc. Alice and Bob Trudy ❑ Find bugs and flaws ❑ Actively looks for System Lines of Code (LOC) Netscape 17 million by accident bugs and flaws Space Shuttle 10 million ❑ Hate bad software… ❑ Likes bad software… Linux kernel 2.6.0 5 million ❑ …but they learn to ❑ …and tries to make Windows XP 40 million Mac OS X 10.4 86 million live with it it misbehave Boeing 777 7 million ❑ Must make bad ❑ Attacks systems via software work bad software ❑ A new car contains more LOC than was required to land the Apollo astronauts on the moon Part 4 ⎯ Software 5 Part 4 ⎯ Software 6 Lines of Code and Bugs Software Security Topics ❑ Conservative estimate: 5 bugs/10,000 LOC ❑ Program flaws (unintentional) ❑ Do the math o Buffer overflow o Typical computer: 3k exe’s of 100k LOC each o Incomplete mediation o Conservative estimate: 50 bugs/exe o Race conditions o Implies about 150k bugs per computer ❑ Malicious software (intentional) o So, 30,000-node network has 4.5 billion bugs o Viruses o Maybe only 10% of bugs security-critical and o Worms only 10% of those remotely exploitable o Other breeds of malware o Then “only” 45 million critical security flaws! Part 4 ⎯ Software 7 Part 4 ⎯ Software 8 Example Program Flaws char array[10]; ❑ An error is a programming mistake for(i = 0; i < 10; ++i) array[i] = `A`; o To err is human array[10] = `B`; ❑ An error may lead to incorrect state: fault ❑ This program has an error o A fault is internal to the program ❑ This error might cause a fault ❑ A fault may lead to a failure, where a o system departs from its expected behavior Incorrect internal state o A failure is externally observable ❑ If a fault occurs, it might lead to a failure o Program behaves incorrectly (external) error fault failure ❑ We use the term flaw for all of the above Part 4 ⎯ Software 9 Part 4 ⎯ Software 10 Secure Software Program Flaws ❑ In software engineering, try to ensure that ❑ Program flaws are unintentional a program does what is intended o But can still create security risks ❑ Secure software engineering requires that software does what is intended… ❑ We’ll consider 3 types of flaws ❑ …and nothing more o Buffer overflow (smashing the stack) ❑ Absolutely secure software? Dream on… o Incomplete mediation o Absolute security anywhere is impossible o Race conditions ❑ How can we manage software risks? ❑ These are the most common flaws Part 4 ⎯ Software 11 Part 4 ⎯ Software 12 Attack Scenario Buffer Overflow ❑ Users enter data into a Web form ❑ Web form is sent to server ❑ Server writes data to array called buffer, without checking length of input data ❑ Data “overflows” buffer o Such overflow might enable an attack o If so, attack could be carried out by anyone with Internet access Part 4 ⎯ Software 13 Part 4 ⎯ Software 14 Buffer Overflow Simple Buffer Overflow int main(){ ❑ Consider boolean flag for authentication int buffer[10]; buffer[20] = 37;} ❑ Buffer overflow could overwrite flag allowing anyone to authenticate Boolean flag ❑ Q: What happens when code is executed? ❑ A: Depending on what resides in memory buffer at location “buffer[20]” F O U R S C … TF o Might overwrite user data or code o Might overwrite system data or code ❑ In some cases, Trudy need not be so lucky o Or program could work just fine as in this example Part 4 ⎯ Software 15 Part 4 ⎯ Software 16 Memory Organization Simplified Stack Example ← low low → ❑ Text ⎯ code text address ❑ Data ⎯ static variables void func(int a, int b){ data : char buffer[10]; : ❑ Heap ⎯ dynamic data heap } void main(){ ❑ Stack ⎯ “scratch paper” ↓ ← stack func(1,2); ← SP o Dynamic local variables buffer pointer (SP) } ↑ o Parameters to functions ret ← returnSP stack ← high address o Return address address a ← SP ← high → b SP Part 4 ⎯ Software 17 Part 4 ⎯ Software 18 Smashing the Stack Smashing the Stack low → low → ❑ Trudy has a ❑ What happens if ??? : better idea… : : : buffer overflows? ❑ Code injection ❑ Program “returns” ← SP ❑ Trudy can run ← SP buffer to wrong location code of her evil code overflowret ← ret…SP NOT! retret ← SP ❑ A crash is likely choosing… ← SP ← SP overflowa o …on your machine a ← ← high → b SP high → b SP Part 4 ⎯ Software 19 Part 4 ⎯ Software 20 Smashing the Stack Stack Smashing Summary ❑ A buffer overflow must exist in the code : : ❑ Trudy may not know… ❑ Not all buffer overflows are exploitable NOP o Things must align properly 1) Address of evil code : ❑ If exploitable, attacker can inject code 2) Location of ret on stack NOP ❑ Trial and error is likely required ❑ Solutions evil code o Fear not, lots of help is available online 1) Precede evil code with ret o Smashing the Stack for Fun and Profit, Aleph One NOP “landing pad” ret ← ret ❑ Stack smashing is “attack of the decade”… : o …for many recent decades 2) Insert ret many times ret o Also heap & integer overflows, format strings, etc. : Part 4 ⎯ Software : 21 Part 4 ⎯ Software 22 Stack Smashing Example Buffer Overflow Present? ❑ By trial and error, Trudy discovers ❑ Suppose program asks for a serial number apparent buffer overflow that Trudy does not know ❑ Also, Trudy does not have source code ❑ Trudy only has the executable (exe) ❑ Note that 0x41 is ASCII for “A” ❑ Program quits on incorrect serial number ❑ Looks like ret overwritten by 2 bytes! Part 4 ⎯ Software 23 Part 4 ⎯ Software 24 Disassemble Code Buffer Overflow Attack ❑ Next, disassemble bo.exe to find ❑ Find that, in ASCII, 0x401034 is “@^P4” ❑ The goal is to exploit buffer overflow ❑ Byte order is reversed? What the … to jump to address 0x401034 ❑ X86 processors are “little-endian” Part 4 ⎯ Software 25 Part 4 ⎯ Software 26 Overflow Attack, Take 2 Buffer Overflow ❑ Reverse the byte order to “4^P@” and… ❑ Trudy did not require access to the source code ❑ Only tool used was a disassembler to determine address to jump to ❑ Success! We’ve bypassed serial number ❑ Find desired address by trial and error? check by exploiting a buffer overflow o Necessary if attacker does not have exe ❑ What just happened? o For example, a remote attack o Overwrote return address on the stack Part 4 ⎯ Software 27 Part 4 ⎯ Software 28 Source Code Stack Smashing Defenses ❑ Source code for buffer overflow example ❑ Employ non-executable stack o “No execute” NX bit (if available) ❑ Flaw easily o Seems like the logical thing to do, but some real exploited by code executes on the stack (Java, for example) attacker… ❑ Use a canary ❑ Address space layout randomization (ASLR) ❑ …without access to ❑ Use safe languages (Java, C#) ❑ Use safer C functions source code! o For unsafe functions, safer versions exist o For example, strncpy instead of strcpy Part 4 ⎯ Software 29 Part 4 ⎯ Software 30 Stack Smashing Defenses Microsoft’s Canary low → ❑ Microsoft added buffer security check : ❑ Canary : feature to C++ with /GS compiler flag o Run-time stack check o Based on canary (or “security cookie”) o Push canary onto stack Q: What to do when canary dies? A: Check for user-supplied “handler” o Canary value: buffer ❑ Handler shown to be subject to attack ▪ Constant 0x000aff0d overflowcanary ← o Claimed that attacker can specify handler code ▪ Or, may depends on ret overflowret o If so, formerly “safe” buffer overflows become a exploitable when /GS is used! high → b Part 4 ⎯ Software 31 Part 4 ⎯ Software 32 ASLR Buffer Overflow ❑ Address Space Layout Randomization ❑ A major security threat yesterday, today, o Randomize place where code loaded in memory and tomorrow ❑ Makes most buffer overflow attacks ❑ The good news? probabilistic o It is possible to reduce overflow attacks (safe ❑ Windows Vista uses 256 random layouts languages, NX bit, ASLR, education, etc.) o So about 1/256 chance buffer overflow works ❑ The bad news? ❑ Similar thing in Mac OS X and other OSs o Buffer overflows will exist for a long time ❑ Attacks against Microsoft’s ASLR do exist o Why? Legacy code, bad development practices, o Possible to “de-randomize” clever attacks, etc. Part 4 ⎯ Software 33 Part 4 ⎯ Software 34 Input Validation Incomplete Mediation ❑ Consider: strcpy(buffer, argv[1]) ❑ A buffer overflow occurs if len(buffer) < len(argv[1]) ❑ Software must validate the input by checking the length of argv[1] ❑ Failure to do so is an example of a more general problem: incomplete mediation Part 4 ⎯ Software 35
Recommended publications
  • Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress

    Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress

    Order Code RL32114 Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress Updated January 29, 2008 Clay Wilson Specialist in Technology and National Security Foreign Affairs, Defense, and Trade Division Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress Summary Cybercrime is becoming more organized and established as a transnational business. High technology online skills are now available for rent to a variety of customers, possibly including nation states, or individuals and groups that could secretly represent terrorist groups. The increased use of automated attack tools by cybercriminals has overwhelmed some current methodologies used for tracking Internet cyberattacks, and vulnerabilities of the U.S. critical infrastructure, which are acknowledged openly in publications, could possibly attract cyberattacks to extort money, or damage the U.S. economy to affect national security. In April and May 2007, NATO and the United States sent computer security experts to Estonia to help that nation recover from cyberattacks directed against government computer systems, and to analyze the methods used and determine the source of the attacks.1 Some security experts suspect that political protestors may have rented the services of cybercriminals, possibly a large network of infected PCs, called a “botnet,” to help disrupt the computer systems of the Estonian government. DOD officials have also indicated that similar cyberattacks from individuals and countries targeting economic,
  • Storm: When Researchers Collide 7 Based on the Kademlia DHT Algorithm [5]

    Storm: When Researchers Collide 7 Based on the Kademlia DHT Algorithm [5]

    When It comes to Internet threats, B R a n d o n E n R i g h t, g E o ff V o E l k er , few topics get researchers and the media as Stefan SaVagE, ChRiS kaniCh, and kiRill LevchEnko excited as the propagation speed and vital- ity of modern malware. One such example is the SQL Slammer worm, which was the first so-called Warhol Worm, a term used to Storm: when describe worms that get their “15 minutes of fame” by spreading at an exponential researchers collide rate—infecting every vulnerable machine Brandon Enright is a network security analyst at in under 15 minutes [1]. It is ironic, then, that the University of California, San Diego. He is pri- the latest malware to capture the attention marily interested in malware and exploit research. of researchers is not one of the shortest- [email protected] lived but one of the longest, largest, and most successful bots ever: Storm. Geoff Voelker is an associate professor of computer science at the University of California, San Diego. He works in computer systems and networking. Storm got its name from a particular self-propa- [email protected] gation spam email subject line used in early 2007: “230 dead as storm batters Europe.” Storm, also known as the Storm worm, is not actually a worm. It is hybrid malware: part worm, part bot (a pro- Stefan Savage is an associate professor of computer gram designed to perform automated tasks), part science at the University of California, San Diego.
  • Detection, Propagation Modeling and Designing of Advanced Internet Worms

    Detection, Propagation Modeling and Designing of Advanced Internet Worms

    DETECTION, PROPAGATION MODELING AND DESIGNING OF ADVANCED INTERNET WORMS By PARBATI KUMAR MANNA A DISSERTATION PRESENTED TO THE GRADUATE SCHOOL OF THE UNIVERSITY OF FLORIDA IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF DOCTOR OF PHILOSOPHY UNIVERSITY OF FLORIDA 2008 1 °c 2008 Parbati Kumar Manna 2 To my family, friends, and teachers 3 ACKNOWLEDGMENTS I want to take this opportunity to thank all the people who helped me during my doctoral sojourn. I understand that it is rather late to acknowledge their contributions, but as the saying goes, better late than never! First, I want to thank my committee, starting with my advisor and Chair, Dr. Sanjay Ranka. He expressed his intention to work with me during my very first week of class at University of Florida, and has been a true guide to me in every aspect since then. He offered me complete freedom in pursuing my research in any area that I felt passionate about, and provided ample research direction from time to time. I am truly thankful and honored to work as his student for the past six years. It has also been a pleasure to work with Dr. Shigang Chen, who served as my co-chair. A stalwart in the network research community, he has been instrumental in providing his domain expertise to my research area in a very big way. Without his help, I can barely imagine myself to be where I am now. I would also like to thank Dr. Alin Dobra, Dr. Christopher Germaine, Dr. Sartaj Sahni and Dr. Malay Ghosh who helped me in various academic as well as non-academic matters throughout my stay at Gainesville.
  • Effective Malicious Features Extraction and Classification for Incident Handling Systems

    Effective Malicious Features Extraction and Classification for Incident Handling Systems

    EFFECTIVE MALICIOUS FEATURES EXTRACTION AND CLASSIFICATION FOR INCIDENT HANDLING SYSTEMS CHO CHO SAN UNIVERSITY OF COMPUTER STUDIES, YANGON OCTOBER, 2019 Effective Malicious Features Extraction and Classification for Incident Handling Systems Cho Cho San University of Computer Studies, Yangon A thesis submitted to the University of Computer Studies, Yangon in partial fulfillment of the requirements for the degree of Doctor of Philosophy October, 2019 Statement of Originality I hereby certify that the work embodied in this thesis is the result of original research and has not been submitted for a higher degree to any other University or Institution. …..…………………………… .…………........………………………… Date Cho Cho San ACKNOWLEDGEMENTS First of all, I would like to thank Hist Excellency, the Minister for the Ministry of Education, for providing full facilities support during the Ph.D. course at the University of Computer Studies, Yangon. Secondly, my profound gratitude goes to Dr. Mie Mie Thet Thwin, Rector of the University of Computer Studies, Yangon, for allowing me to develop this research and giving me general guidance during the period of my study. I would like to express my greatest pleasure and the deepest appreciation to my supervisor, Dr. Mie Mie Su Thwin, Professor, the University of Computer Studies, Yangon, for her excellent guidance, caring, patient supervision, and providing me with excellent ideas throughout the study of this thesis. I would also like to extend my special appreciation to Dr. Khine Moe Nwe, Professor and Course-coordinator of the Ph.D. 9th Batch, the University of Computer Studies, Yangon, for her useful comments, advice, and insight which are invaluable through the process of researching and writing this dissertation.
  • Chapter 3: Viruses, Worms, and Blended Threats

    Chapter 3: Viruses, Worms, and Blended Threats

    Chapter 3 Chapter 3: Viruses, Worms, and Blended Threats.........................................................................46 Evolution of Viruses and Countermeasures...................................................................................46 The Early Days of Viruses.................................................................................................47 Beyond Annoyance: The Proliferation of Destructive Viruses .........................................48 Wiping Out Hard Drives—CIH Virus ...................................................................48 Virus Programming for the Masses 1: Macro Viruses...........................................48 Virus Programming for the Masses 2: Virus Generators.......................................50 Evolving Threats, Evolving Countermeasures ..................................................................51 Detecting Viruses...................................................................................................51 Radical Evolution—Polymorphic and Metamorphic Viruses ...............................53 Detecting Complex Viruses ...................................................................................55 State of Virus Detection.........................................................................................55 Trends in Virus Evolution..................................................................................................56 Worms and Vulnerabilities ............................................................................................................57
  • A Research on Different Types of Malware and Detection Techniques

    A Research on Different Types of Malware and Detection Techniques

    International Journal of Recent Technology and Engineering (IJRTE) ISSN: 2277-3878, Volume-8 Issue-2S8, August 2019 A Research on Different Types of Malware and Detection Techniques Chandini S B, Rajendra A B,Nitin Srivatsa G Abstract—Malware has become a serious threat. Malware that load on to memory by inserting infected code into an analysis is one of the challenging domain. The increase in the executable file. malware exploitation has made the detailed study of the malware, understand the different types of malware and its behavior model Resident Virus and analyze the existing detection system with their short comes to This type of virus hides within the computer memory and identify the research gaps [8] to solve the specific problem. So in gets activated whenever the operating system starts or this paper, we have presented the different malware taxonomy and different malware detection techniques with its features and also execute a specific action. presented the malware model and the research gaps in the Non-resident Virus malware analysis domain. This type of virus does not reside in memory. It infects the Keywords: Polymorphic virus, Malware genesis, target and transfers the control to the infected application Self-replicating cellular automata, Zero-day threat, obfuscation program. It consists of finder module and replicating modules technique, and Anomaly-based detection. finder will find the new targets to infect the new file and the replicates will infect the file. I. INTRODUCTION Macro Virus Malware is a malicious code which comes with the intention to destruct the system [1]. Some of the symptoms of This virus is written in a macro language.
  • A Highly Immersive Approach to Teaching Reverse Engineering Golden G

    A Highly Immersive Approach to Teaching Reverse Engineering Golden G

    A Highly Immersive Approach to Teaching Reverse Engineering Golden G. Richard III Department of Computer Science University of New Orleans New Orleans, LA 70148 Email: [email protected] Abstract most operating systems courses, but for reverse engi- neering, the devil really is in the details. For example, While short training courses in reverse engineering are to understand an offensive technique like Shadow frequently offered at meetings like Blackhat and Walker [13], which relies on de-synchronization of the through training organizations such as SANS, there are data and instruction TLBs in Intel’s split-TLB design virtually no reverse engineering courses offered in aca- to hide code and data, it’s not enough to have seen a demia. This paper discusses possible reasons for this Powerpoint slide depicting the abstract functionality of situation, emphasizes the importance of teaching re- a TLB—that’s a good start, but both more details and verse engineering (and applied computer security edu- hands-on experience are needed. Furthermore, assem- cation in general), and presents the overall design of a bler language courses, if they exist at all as independ- semester-long course in reverse engineering malware, ent courses in a modern computing curriculum, tend to recently offered by the author at the University of New be much weaker than in the past, often emphasizing the Orleans. use of High Level Assembler (HLA) [4] and develop- 1 Introduction ment of toy applications. In many curricula, the as- sembler language course of old has been folded into the Reverse engineering of software involves detailed undergraduate architecture class.
  • Nusikaltimai Elektroninėje Erdvėje Ir Jų Tyrimo Metodikos Nikolaj Goranin Dalius Mažeika

    Nusikaltimai Elektroninėje Erdvėje Ir Jų Tyrimo Metodikos Nikolaj Goranin Dalius Mažeika

    Nikolaj Goranin Dalius Mažeika NUSIKALTIMAI elektroninėje erDvėje ir jų tyriMo MetoDikos Nikolaj Goranin Dalius Mažeika NUSIKALTIMAI ELEKTRONINĖJE ERDVĖJE IR JŲ TYRIMO METODIKOS MOKOMOJI KNYGA Projektas „Aukštojo mokslo I ir II pakopų informatikos ir informatikos inžinerijos krypčių studijų programų atnaujinimas bei naujų sukūrimas ir įgyvendinimas (AMIPA)“, kodas VP1–2.2–ŠMM–09–V–01–003, finansuojamas iš Europos socialinio fondo ir Lietuvos valstybės biudžeto lėšų. Recenzavo: prof. dr. V. Jusas doc. dr. K. Driaunys © N. Goranin, D. Mažeika, 2011 © KTU Informatikos fakultetas, 2011 © VGTU Fundamentaliųjų mokslų fakultetas, 2011 © UAB TEV, 2011 ISBN 978-609-433-055-1 TURINYS ĮVADAS ........................................................................................................................7 1. NUSIKALTIMAI ELEKTRONINĖJE ERDVĖJE ...................................................9 1.1. Nusikaltimų elektroninėje erdvėje apibrėžimas ir jų tipai ................................9 1.2. Informacinis karas ...........................................................................................11 1.3. Savikontrolės klausimai ..................................................................................14 2. NEE TEISINIAI ASPEKTAI ..................................................................................15 2.1. Teisinė nusikaltimų elektroninėje erdvėje samprata .......................................15 2.2. Elektroninių nusikaltimų kategorijos ..............................................................17 2.3. Tarptautiniai
  • Computer Viruses and Malware Advances in Information Security

    Computer Viruses and Malware Advances in Information Security

    Computer Viruses and Malware Advances in Information Security Sushil Jajodia Consulting Editor Center for Secure Information Systems George Mason University Fairfax, VA 22030-4444 email: [email protected] The goals of the Springer International Series on ADVANCES IN INFORMATION SECURITY are, one, to establish the state of the art of, and set the course for future research in information security and, two, to serve as a central reference source for advanced and timely topics in information security research and development. The scope of this series includes all aspects of computer and network security and related areas such as fault tolerance and software assurance. ADVANCES IN INFORMATION SECURITY aims to publish thorough and cohesive overviews of specific topics in information security, as well as works that are larger in scope or that contain more detailed background information than can be accommodated in shorter survey articles. The series also serves as a forum for topics that may not have reached a level of maturity to warrant a comprehensive textbook treatment. Researchers, as well as developers, are encouraged to contact Professor Sushil Jajodia with ideas for books under this series. Additional tities in the series: HOP INTEGRITY IN THE INTERNET by Chin-Tser Huang and Mohamed G. Gouda; ISBN-10: 0-387-22426-3 PRIVACY PRESERVING DATA MINING by Jaideep Vaidya, Chris Clifton and Michael Zhu; ISBN-10: 0-387- 25886-8 BIOMETRIC USER AUTHENTICATION FOR IT SECURITY: From Fundamentals to Handwriting by Claus Vielhauer; ISBN-10: 0-387-26194-X IMPACTS AND RISK ASSESSMENT OF TECHNOLOGY FOR INTERNET SECURITY.'Enabled Information Small-Medium Enterprises (TEISMES) by Charles A.
  • Malware Primer Malware Primer

    Malware Primer Malware Primer

    Malware Primer Malware Primer Table of Contents Introduction Introduction ...........................................................................................................................................................................2 In The Art of War, Sun Tzu wrote, “If you know the enemy and know yourself, you need not fear the result of a hundred battles.” This certainly applies Chapter 1: A Brief History of Malware—Its Evolution and Impact ..............................3 to cyberwarfare. This primer will help you get to know cybercriminals by providing you with a solid foundation in one of their principle weapons: Chapter 2: Malware Types and Classifications ....................................................................................8 malware. Chapter 3: How Malware Works—Malicious Strategies and Tactics ........................11 Our objective here is to provide a baseline of knowledge about the different types of malware, what malware is capable of, and how it’s distributed. Chapter 4: Polymorphic Malware—Real Life Transformers .............................................14 Because effectively protecting your network, users, data, and company from Chapter 5: Keyloggers and Other Password Snatching Malware ...............................16 malware-based attacks requires an understanding of the various ways that the enemy is coming at you. Chapter 6: Account and Identity Theft Malware ...........................................................................19 Keep in mind, however, that we’re only able here
  • CS 3700 Networks and Distributed Systems

    CS 3700 Networks and Distributed Systems

    CS 3700 Networks and Distributed Systems Lecture 20: Malware/Botnets Slides stolen from Vern Paxson (ICSI) and Stefan Savage (UCSD) Motivation 2 Internet currently used for important services ! Financial transactions, medical records Increasingly used for critical services ! 911, surgical operations, water/electrical system control, remote controlled drones, etc. Networks more open than ever before ! Global, ubiquitous Internet, wireless Malicious Users 3 Miscreants, e.g. LulzSec ! In it for thrills, street cred, or just to learn ! Defacing web pages, spreading viruses, etc. Hacktivists, e.g. Anonymous ! Online political protests ! Stealing and revealing classified information Organized Crime ! Profit driven, online criminals ! Well organized, divisions of labor, highly motivated Network Security Problems 4 Host Compromise ! Attacker gains control of a host ! Can then be used to try and compromise others Denial-of-Service ! Attacker prevents legitimate users from gaining service Attack can be both ! E.g., host compromise that provides resources for denial-of- service Definitions 5 Virus ! Program that attaches itself to another program Worm ! Replicates itself over the network ! Usually relies on remote exploit (e.g. buffer overflow) Rootkit ! Program that infects the operating system (or even lower) ! Used for privilege elevation, and to hide files/processes Trojan horse ! Program that opens “back doors” on an infected host ! Gives the attacker remote access to machines Botnet ! A large group of Trojaned machines, controlled
  • Leading International University Squashes Threats from Modern Malware with Palo Alto Networks

    Leading International University Squashes Threats from Modern Malware with Palo Alto Networks

    PALO ALTO NETWORKS: Customer Profile Leading International University Squashes Threats from Modern Malware with Palo Alto Networks “Palo Alto Networks gives us true insight into what’s really going on in our network to ensure that risky traffic and activity is blocked. The control, visibility and threat prevention capabilities of the PA-4000 Series are unmatched. The cost was right and the ORGANIZATION: benefits quickly justified the cost.” University of Groningen – Mente Heemstra, Network Specialist, University of Groningen INDUSTRY: Education BACKGROUND CHALLENGE: Founded in 1614, the University of Groningen enjoys an international reputation Gain visibility into network to improve as one of the oldest and leading educational and research universities in Europe. security and control while maintaining a Located in the north of the Netherlands, the university offers degree programs policy of application access for all users. at Bachelor’s, Master’s and Ph.D. levels in virtually every field, many of them SOLUTION: completely taught in English. Research and knowledge, combined with an Replace legacy firewalls and Intrusion interdisciplinary approach, form the basis of the school’s programs. Research and Prevention System (IPS) managing traffic education at the University of Groningen is internationally oriented, as students between the university and its Internet from every continent prepare themselves for international career paths. Groningen Service Provider with Palo Alto Networks PA Series next-generation firewall with is an ideal, safe city with a flourishing student life. IPS for granular visibility of threats and better control of suspect Internet FILE SHARING AND MALWARE ON CAMPUS applications. Approximately 28,000 students study at the acclaimed University of Groningen.