Computer and Network Security

Document Sample
Computer and Network Security Powered By Docstoc
					  Computer and Network
       Security
            Chang-Han Jong
        chjong@csie.nctu.edu.tw
 2nd Lieutenant, Fu-Hsin-Kang College
Master of Science, Nat’l Chiao-Tung Univ.
                Agenda
•   General Concepts
•   Intrusion Demo
•   Intrusion Techniques
•   The Way of Thinking
•   Cryptography Basic and PKI
•   Log Analysis
         General Concepts
• Support
• Why security is hard?
• Who are they playing with security?
                            Support
• CERT
   – TWCERT http://www.cert.org.tw
   – 國家資通安全應變中心http://www.ncert.nat.gov.tw
   – 通資局CERT
• Law
   – 教育部網路法律知識宣導網 http://www.crime.org.tw
   – 刑事局偵九隊
• PKI
   – 政府憑證管理中心 http://www.pki.gov.tw/
• Info
   – http://www.csie.nctu.edu.tw/~chjong/public
         • InformationWarefare.htm
Why Computer Security is Hard?
1. Must have extreme experience on
   programming from low level machine
   architecture to high level e-Commerce
2. Interdisciplinary
3. Extensible knowledge on known exploits
4. Inventing the knowledge
Who are they playing with security?
1. Hacker
  1. Invent new trend (CIH)
  2. Invent new attack
  3. Use known attacks to break in
2. Cracker (Use known attacks to break in)
3. Script Kiddy (Use tools only)
             Intrusion Demo
1.   Gathering information (ip, port, services)
2.   Searching for exploits for vulnerabilities
3.   Break in
4.   Repeat (1)-(3) to break in many hosts
5.   Denial of Service targets

•    Can be done manually or automatically
           Intrusion Techniques
1.    Humanity
2.    Software Vulnerabilities
3.    Network Protocols
4.    Network Infrastructure
5.    Web
6.    Email
7.    Backdoor
8.    Worm
9.    Being Stealth
10.   Cryptography
              1. Humanity
• Social engineering (Very important)
  – Ex. Cheating in phone, fax and
    communication systems
• Think as the original programmer
• Traditional way
  – Telescope
  – Garbage collection
     2. Software Vulnerability
• Inborn, software has bugs, nicknamed
  undocumented features
• Buffer overflow(緩衝區溢位)
  – most hazardous
  – 一擊必殺
• Race condition
        3. Network Protocols
• Sniffer
  – You can see everything if it is not encrypted
• Authentication
  – Ex. windows 98 ID/Password is not secure
    enough
• Hijacking
• Information gathering
  – Who and what is doing on certain server?
  – What service does a server provided?
        4. Network Infrastructure
• PKI
  – IC Card with digital signature
  – CA distributed IC Card
  – PKI chains the CA
• ISP
  – TANet need to connect with
    APOL/Seednet/Hinet/Giganet

• PKI may be compromised
• ISP interconnection may fail
                 5. Web
1. Web programs are often not well-
   designed and well-programmed
2. Cookies leak the personal data
3. Proxy can be the stepping stone
4. Web server is vulnerable (Microsoft IIS)
               6. Email
1. Many virus/worm work on emails
2. Password is not secure
              7. Backdoor
• Intruder can remotely control the
  computers
               8. Worm
1. A program that break in computers and
   distributes itself
2. The most modern platform for other
   intrusion techniques
             9. Being Stealth
•   Delete the logs
•   Evade logging
•   Encrypted programs
•   Install Rootkit program on target machine
    – Change the system software so that the
      victim cannot aware of the intrusion
           10. Cryptography
• Authentication
  – Other people become you
• Digital Signature
  – Document become signed by you
• Encryption
  – Information is leaked
        The Way of Thinking
• People behave similarly
  – Reasonable guessing is possible
• Nobody is perfect
  – Software has bugs
  – Misuse is reasonable
• There is no complete secure system
  – Only risk management
               Defense of Intrusion
•       Network
    –     Firewall ($)
    –     IDS (Intrusion Detection Systems) ($$)
    –     Honeypots       ($$)
•       Host
    –     Integrity Check ($$)
    –     Anti-virus software($)
    –     Update (Almost free !!)
•       Cryptography
    –     Research, Research and Research

•       Quality of human resource is most important
  Cryptography Basic and PKI
1. Concept of Digital Signature
2. Encryption/Decryption
3. IC Card/CA/PKI
   Concept of Digital Signature
• A bit-string attached with the document to
  – Authenticate the receiver or/and sender
  – Encrypt so that only the receiver can read
• Key (Certificate,憑證) can be put in IC
  Card or a File
• Need a third-party to issue the digital
  signature
    Encryption/Decryption
1. Symmetry encryption
  1. Encryption key and Decryption key are the same
  2. Fast
  3. Ex. DES(56bits), AES(128bits)
2. Asymmetry encryption
  1. Encryption key and Decryption key are different
  2. Powerful but slow
  3. Ex. RSA, D&H (512, 1024, 2048 bits)
3. Longer the key, more secure the
   cryptography system
                      PKI

• IC Card( Smart Card)
  – A small computer with CPU/Memory which
    stored 32Kbytes information (Certificate)
• CA (Certificate Authority)
  – A computer system that issues the certificates
• PKI (Public Key Infrastructure)
  – The trust relation of CAs
         How to Use PKI?
• Email to somebody with signing and
  encryption
• Let a document seen only by somebody
• Let a document signed by the boss
• The basic of e-commerce
• Networked Bank
       國軍電子公文
• WordXML文卷室電子公文交換系統(IC
  Card)國資中心交換中心…
• Problem
 – IC Card接觸不良
 – 電子公文交換系統不穩定
 – WordXML轉換程式不好用
 – 公文在國資中心會送丟
                 Log Analysis
•   Audit data is a basic requirement
•   Forensics is possible

•   WWW Server has log
    – Who intrudes the systems
•   IE has log
    – What was seen by this IE

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:5
posted:6/26/2012
language:
pages:27