E2 _CNS Unit 1 Slides.pdf
Document Details
Uploaded by Deleted User
PES University
Tags
Full Transcript
Welcome to PES University Ring Road Campus, Bengaluru Computer Network Security UE21CS343AB6 Prasad Honnavalli Lecture 1 Emergency Exit Assembly Point Washroom No Chatting Phones on silent No Sleeping Co...
Welcome to PES University Ring Road Campus, Bengaluru Computer Network Security UE21CS343AB6 Prasad Honnavalli Lecture 1 Emergency Exit Assembly Point Washroom No Chatting Phones on silent No Sleeping Computer Network Security 3 Disclaimer ☞ This presentation is purely educational. ☞ The views expressed by the presenter is not representation of any organization. ☞ The views are based on professional experience of the presenter and no liability is accepted by the presenter in the event of any potential or perceived losses resulting from this presentation. Computer Network Security 4 About Prasad Honnavalli ☞ Experience: 30+ years of global experience in advisory, consultancy and execution of - IT services, IT transformation, Software development, Cloud Adoption, Information Security - end to end software and Infrastructure design, development, testing and deployment for FinTech, Manufacturing, Transport, Telecom, Resources & various Governments. Lived in 5 continents and worked with over 40 nationalities ☞ Founded two Start-ups in Bangalore and Singapore ☞ Education: MBA – University of Melbourne. Bachelor of Electronics Engineer – UVCE, Bangalore University, India. ☞ Currently: Since 2017 Professor - Computer Science and Engineering, PES University Director – PESU Centre for Information Security, Digital Forensics and Cyber Resilience (C-ISFCR) Director – PESU Centre for Internet of Things (C-IoT) Founder – AbhayaSecure ☞ Advisor to Start-ups and Growth firms Computer Network Security 5 About the Team Preet Kanwal Dr. Radhika M. Hirannaiah Experience: Experience: 8+ years of Experience in Teaching. Have 8+ years in the industry and 6yrs of teaching in High school, Undergrad and Graduate students. Education: Research experience in Software Defined Networks (SDN), Pursuing PhD– PES University, M.Tech(CSE) – VTU. Bachelor OpenFlow and Voice over IP applications. Currently working of Engineering(CSE) – VTU, India. on 5G mobile network. Currently: Since 2015 Education: Associate Professor - Computer Science and Engineering, Phd from Wichita State University, USA PES University Currently: Since 2023 Courses Handled: Associate Professor - Computer Science and Engineering, Machine Learning, Deep Learning, Data Science, Compiler PES University Design, Automata Theory Courses Handled: Software Testing/Engineering, Computer Networks Computer Network Security 6 Course Objectives and Outcomes Computer ISFCR Executive NetworkEducation Security 7 Course Objectives: ☞ Our primary goal is to be able to identify security issues in various aspects of Network computing, including: – Data Packet composition and spoofing – Secure Packet Transmission – Security Issues in Layer 2, 3 4 & 5 Protocols like ARP, IP, TCP and UDP – Security aspects of protocols like DNS, VPN and TLS ☞ And to be able to use this ability to design systems that are more protective of security and privacy. Computer Network Security 8 Course Outcomes ☞ At the end of this course students should be able to: Sniff packets and analyse them to extract important info such as headers, passwords etc. Launch Spoofing, DoS and MITM attacks using various protocols and mitigate them. Configure firewalls on Linux machines and perform network monitoring using IDS/IPS. Implement/Configure VPN for a secure connection over internet. Learn skills of enabling and configuring a wireless network system for security. Understand how network security attacks work in practice /real life Assess threats for their significance / impact / Risk Build programs & systems with robust security properties / posture Gauge the protections and limitations provided by today's technology Computer Network Security 9 Course Information– Computer Network Security (4-0-0-0-4) Click here for Course Information Computer Network Security 10 Distribution of Sessions # Activity Type # of Hours 1 Lectures Hours 49 2 Revision Hours 2 3 Lab Hours 26 4 Assignment Hours 7 Total 84 Computer Network Security 11 What is our goal in this course? ☞ Understand the key concepts underpinning Security ☞ Apply the concepts to solve real issues/problems. ☞ Higher Quality learning - LEARN by DOING! Learn to install and use various industry leading tools to understand offensive and defensive security. Learn by doing the Labs Learn by doing Assignments ☞ Peer Learning Computer Network Security 12 Course Mechanics Computer ISFCR Executive NetworkEducation Security 13 Textbook ☞ Prescribed Textbook: Internet Security – A Hands-on approach by Wenliang Du (3rd Edition). ☞ Additional readings will be provided as appropriate ☞ Lecture Slides and notes (as required) will be handed out Computer Network Security 14 Course Mechanics ☞ Instructor: Prasad Honnavalli - https://staff.pes.edu/nm1300 Preet kanwal - https://staff.pes.edu/nm1125 Dr. Radhika M. Hirannaiah - https://staff.pes.edu/nm1664/ ☞ Class Timings: Tuesday (8 AM - 10:15 AM) Thursday (10:45 AM to 1:00 PM) ☞ Come to class! Not every bit of material will be on the slides or in the text. Some classes will be Labs! Computer Network Security 15 Course Mechanics ☞ Submit all assignments online through MS TEAMS (Details will be shared later) ☞ Feedback is encouraged! Email [email protected] [email protected] [email protected] Computer Network Security 16 Evaluation Policy Assessment policy: In Semester Assessment (ISA) Max : 50 Assessment policy: End Semester Assessment (ESA) Max: 50 Total = ISA + ESA = 100 marks Activity Marks Remarks ISA 1,2 (MCQ) 40 * 2 = 80 Scaled down to 30 Labs (10) 100 (approx.) Scaled down to 10 Assignments (3) 50 (approx.) Scaled down to 10 Total Marks 50 Activity Marks Remarks Pen and Paper 100 Scaled down to 50 Total marks 50 Computer Network Security 17 Grading Range – Marks1 Grade Letter 90 to 100 S 80 to 89 A 70 to 79 B 60 to 69 C 50 to 59 D 40 to 49 E Below 40 F (Fail) 1 Range May be adjusted as appropriate Computer Network Security 18 Prerequisites ☞ Students Should have a taken the course on Computer Networks Should have a good understanding of Computer Network concepts Have a passion for Network technologies Respect Academic Honesty / Ethics Say NO to plagiarism Computer Network Security 19 Topics OSI Model – Day in. the life of a packet MAC Layer attacks Network Layer Attacks – IP, ICMP TCP Attacks – TCP and UDP TLS Attacks DNS Attacks VPN Issues End point Security – Firewalls, IDS, IPS, SIEM Wireless security Computer Network Security 20 Labs / Assignments Labs: Assignments: 1. Sniffing and Spoofing iPremier Case Study 2. PCAP Analysis University of Virginia Case Study 3. ARP Cache Poisoning 4. TCP Attacks 5. DNS Attacks 6. Kaminsky Attacks 7. Firewall Exploration 8. VPN Attack 9. Bypassing Firewall using VPN 10. HeartBleed Attack Computer Network Security 21 Other Readings ☞ From time to time, there will be other readings assigned as well ☞ You should usually try to do the readings before the class in which we will discuss them. Computer Network Security 22 Penalty for late submission: ☞ If any assignment or lab work is submitted late, the following applies: ☞ Late by up to 24 hours ( 1 day) – lose 25% of your marks ☞ Late by up to 48 hours (2 days) – lose 50% of your marks ☞ Late by up to 72 hours (3 days) – lose 75% of your marks ☞ Late Beyond 72 hours – Zero If you have accentuating circumstances, please let us know earliest and positively before the deadlines; we will try to accommodate. Computer Network Security 23 Collaboration: Do’s and Don’t’s ☞ Asking questions is encouraged Discussing course topics with others is welcome Peer Learning is Encouraged ☞ Limits of collaboration Don’t share your Homework, Assignment and Lab solutions with anyone else; And Vice versa; You should never see or have possession of anyone else’s solutions — including from past semesters Dishonesty will result in severe penalties Computer Network Security 24 Honour Code ☞ The Honour Code is PESU statement on academic integrity. ☞ It articulates our expectations of students and faculty in establishing and maintaining the highest standards in academic work. Computer Network Security 25 Honour Code ☞ The Honour Code is an undertaking of the students, individually and collectively: Students will not give or receive aid in examinations and class work, labs and assignments; Students will not give or receive unpermitted aid in class work, in the preparation of reports, or in any other work that is to be used by the instructor as the basis of grading; Students will do their share and take an active part in seeing to it that others as well as themselves uphold the spirit and letter of the Honour Code. Computer Network Security 26 Academic Honesty ☞ Academic honesty is expected from each student participating in the course. ☞ No sharing (willing, unwilling, knowing, unknowing) of assignment code or solutions between students; ☞ Labs and Assignments must be done by each student independently. ☞ No submission of downloaded code (from the Internet, Campus LAN, or anywhere else) is accepted. Computer Network Security 27 Academic Honesty ☞ Any dis-honesty will result in will result in Zero marks for the assignment/work And in addition, downgrade of final subject result by ONE grade! This applies for both students giving and students taking e.g. B grade will downgrade to C Computer Network Security 28 A Note on Security ☞ In this course, you will be exposed to information about security problems and vulnerabilities with computing systems and networks. ☞ To be clear, you are not to use this or any other similar information to test the security of, break into, compromise, or otherwise attack, any system or network without the express consent of the owner. ☞ In particular, you will comply with all my instructions when doing the labs. My instructions are in consonance with applicable laws of India and PES University policies. If in any doubt, please consult your professor! ☞ Any violation is at YOUR RISK! And may result in severe consequences. Computer Network Security 29 Ethics Guide ☞ Of necessity, this class has a fair amount of "dark web" content And a lot of "don't try this at home" stuff ☞ As defenders you must understand the Big WORD is consent Its usually OK to break into your own stuff; its a great way to evaluate systems Its usually OK to break into someone else's stuff with explicit permission to do so It is both grossly unethical and often exceedingly criminal to access systems without explicit permission and explicit authorization Computer Network Security 30 Outcomes in Summary Be aware of different methods by which you can protect your data across computer systems and how to secure the same ! Computer Network Security 31 Outcomes in summary Cybersecurity starts with me! Computer Network Security 32 Understanding Plagiarism Computer ISFCR Executive NetworkEducation Security 33 Plagiarism (adopted from Indiana University) ☞ Plagiarism is defined as presenting someone else’s work, including the work of other students, as one’s own. Any ideas or materials taken from another source for either written or oral use must be fully acknowledged, unless the information is common knowledge. What is considered “common knowledge” may differ from course to course. ☞ A student must not adopt or reproduce ideas, opinions, theories, formulas, graphics, or pictures of another person without acknowledgment. Computer Network Security 34 Plagiarism (adopted from Indiana University) ☞ A student must give credit to the originality of others and acknowledge an indebtedness whenever: 1. Directly quoting another person’s actual words, whether oral or written; 2. Using another person’s ideas, opinions, or theories; 3. Paraphrasing the words, ideas, opinions, or theories of others, whether oral or written; 4. Borrowing facts, statistics, or illustrative material; or 5. Offering materials assembled or collected by others in the form of projects or collections without acknowledgment Computer Network Security 35 Plagiarism ☞ For those NOT familiar, please visit the links and follow the instructions. ☞ University College London- Learn about Plagiarism ☞ Welcome to the Indiana University Plagiarism Tutorials and Tests - Learn how to recognize plagiarism, test your understanding, and earn a certificate. Take the certificate for Bachelor’s level. ☞ Any plagiarism will result in Zero marks for the assignment/work And in addition, downgrade of final subject result by ONE grade! For both students giving and students taking e.g. B to C, D to E Computer Network Security 36 Introducing Centre for Excellence Computer ISFCR Executive NetworkEducation Security 37 PESU Center for Information Security, Forensics and Cyber Resilience ISFCR - Focus Computer Network Security 39 Computer Network Security 40 Computer Network Security 41 ISFCR - Activities Computer Network Security 42 ISFCR – Security Domains Computer Network Security 43 Location PES University, B-Block, 11th floor, Room No. 1114 RR Campus, Bangalore www.isfcr.pes.edu Computer Network Security 44 45 Objectives ☞ Provide students and faculty opportunities to work on IoT domains and understand the implementation challenges of greenfield and brownfield projects. ☞ Address the security of IoT platforms comprehensively working with Centre for Information Security (ISFCR). ☞ Form a research and development community with cross disciplinary collaboration, including engineering, non-engineering, communication, electronics, microsystems, information systems, and software, to focus on challenges in IoT issues. ☞ Pursue research in IoT technology, applications and services. Computer Network Security 46 Domains Note: This classification is for our convenience Computer Network Security 47 1. Industrial IoT ☞ This will cover domains like: Industry 4.0, SCADA, Autonomous Vehicles, Robotics, Drones and appliances Computer Network Security 48 2. Smart City 49 3. Critical Information Infrastructure The focus here is to protect CII from cyber attacks and Denial of Service attacks ☞ This includes all forms of transport Land – Road, Rail & Mass Transit Water Air ☞ Generation and distribution of Energy Smart Grid, Smart Meters etc. ☞ Potable Water supply and distribution ☞ Financial services including Banking, Digital payments etc. Computer Network Security 50 4. Rural IoT ☞ The needs of Rural India covers ☞ Agriculture and agri-based activities ☞ Smart Diaries ☞ Water Management ☞ Livestock ☞ Waste ☞ etc. Computer Network Security 51 5. Medical IoT ☞ This needs the most security considerations as it involves human lives. Computer Network Security 52 Location PES University, B-Block, 11th floor, Room No. 1112 RR Campus, Bangalore www.iot.pes.edu Computer Network Security 53 Executive MTech in Cybersecurity Engineering https://www.cysec.pes.edu/ Computer Network Security 54 The Journey so far Computer ISFCR Executive NetworkEducation Security 55 ISFCR – The Journey So Far 23 Courses Cumulative count. B.Tech + M.Tech 18 Faculty Non-cumulative Count Computer Network Security 56 ISFCR – The Journey So Far 2000+ Student 100 + Publications Community Cumulative Count Since 2018 Journal – 25 Conference - 75 Cumulative count. B.Tech + M.Tech Computer Network Security 57 ISFCR – The Journey So Far 15 Internships Cumulative count 111 Projects Cumulative count. B.Tech + M.Tech Computer Network Security 58 ISFCR – The Journey So Far 5 PHD Scholars 6 PHD Holders 45 Professionals trained under Executive Education by ISFCR 10 Hackathons 600+ Participants Certifications – CompTIA - Network+, Security+, EC Council - CHFI, SANS GIAC - GISF Computer Network Security 59 Industry Collaborations 2018 2019 2020 Computer Network Security 60 What is Information? Computer ISFCR Executive NetworkEducation Security 61 Digital Transformation ☞ Cloud First, Mobile First Strategy - Driving the digital transformation in India and across the world. ☞ World Economic forum (WEF) estimates that 463 exabytes of data will be created each day globally by 2025. One Exabyte = one billion gigabytes https://www.weforum.org/agenda/2019/04/how-much-data-is-generated-each-day-cf4bddf29f/ Computer Network Security 62 Compiled from apple.com, Time.com, Intel.com, skype.com, NYtimes.com, Dailymail.co.uk Adapted from Cisco, IBSG and UNç https://www.weforum.org/agenda/2021/08/one-minute-internet-web-social-media-technology-online/ 63 IEEE-Sensor.org Compiled from apple.com, Time.com, Intel.com, skype.com, NYtimes.com, Dailymail.co.uk Adapted from Cisco, IBSG and UNç 64 IEEE-Sensor.org Compiled from apple.com, Time.com, Intel.com, skype.com, NYtimes.com, Dailymail.co.uk Adapted from Cisco, IBSG and UNç 65 Internet of Things – Economic Value 66 What is Information Security? Computer ISFCR Executive NetworkEducation Security 67 Information Security “The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources” (includes hardware, software, firmware, information/data, and telecommunications). Source: NIST Refers to the processes and methodologies which are designed and implemented to protect print, electronic, or any other form of confidential, private and sensitive information or data from unauthorized access, use, misuse, disclosure, destruction, modification, or disruption. Computer Network Security 68 The CIA Triad - Core Security Principles Human ☞ Confidentiality - Data Confidentiality and Privacy Mergers, Facilities / Spinoffs, Software ☞ Integrity - Data Integrity and System Integrity Perimeter Governance ☞ Availability Networks Attack Surface High Medium Low Source: NIST standard FIPS 199 (Standards for Security Categorization of Federal Information and Information Systems) Computer Network Security 69 What is Security? Enforcing a desired property in the presence of an attacker ☞ data confidentiality ☞ user privacy ☞ data and computation integrity ☞ authentication ☞ availability.. Computer Network Security 70 Why is security important? ☞ It is important for our ☞ personal safety ☞ confidentiality/privacy ☞ functionality ☞ protecting our assets ☞ successful business ☞ country’s economy and safety ☞ and so on... Computer Network Security 71 Vulnerabilities, Threats and Attacks ☞ Categories of vulnerabilities Corrupted (loss of integrity) Leaky (loss of confidentiality) Unavailable or very slow (loss of availability) ☞ Threats Capable of exploiting vulnerabilities Represent potential security harm to an asset Computer Network Security 72 Vulnerabilities, Threats and Attacks ☞ Attacks (threats carried out) Passive – attempt to learn or make use of information from the system that does not affect system resources Active – attempt to alter system resources or affect their operation Insider – initiated by an entity inside the security parameter Outsider – initiated from outside the perimeter Computer Network Security 73 Assets of a Computer System Hardware e s fa c r Software Su Data c k tta Communication facilities and networks A Physical Facility 74 Anatomy of an Attack Threat Owners Agents value Wish to Wish to abuse impose minimize and/or may damage Countermeasures Assets Give rise to To reduce to to Risks Threats That increase 75 Countermeasures Means used to deal with ☞ May itself introduce new Security Attacks vulnerabilities Prevent ☞ Residual vulnerabilities may remain Detect ☞ Goal is to minimize Recover residual level of risk to the assets 76 Security and Reliability ☞ Security has a lot to do with reliability ☞ A secure system is one you can rely on to (for example): Keep your personal data confidential Allow only authorized access or modifications to resources Give you correct and meaningful results ☞ Give you correct and meaningful results when you want them Computer Network Security 77 What is Privacy? There are many definitions of privacy ☞ A useful one: “informational self-determination” This means that you get to control information about you “Control” means many things: Who gets to see it Who gets to use it What they can use it for Who they can give it to Computer Network Security 78 What is data privacy? Right of an individual to have control over how personal information is collected and used Data protection, a subset of data privacy, ensures confidentiality, integrity and availability of personal information Data Subject Joint Controller Controller/ Fiduciary / Fiduciary Processor Sub Processor PwC ET master class 79 79 Need for Data Privacy Increasing number of internet users Wider spectrum of data-collection channels 2016 - 2019 | Internet users around the world increased by 29% When organizations were asked how they collect user data 42% from other organizations 2016 - 2019 | Internet users in India increased by nearly 50% 33% purchase from third parties 33% from connected devices 79% directly from individuals Increasing personal data breaches Customers demand it Q2-Q3 FY’20 | 7.9 Billion personal data breaches (33% increase) As per a global survey of consumers in 2019: Q4 FY’20 | 100% increase in phishing attacks in Indian orgs 48% stopped buying from a company over privacy concerns 84% wanted more visibility & control over their data Source: PwC ET master class 1. PwC survey 80 80 2. Dataprivacymanager.net General Data Protection and Regulation 81 California Consumer Privacy Act – Effective 01 Jan 2020 82 India – moving in the right direction India – Sector Updates Amendment of Section 43-A of The IT 2011 TRAI – Recommendation on ‘Privacy, Security ACT, 2000 focusing on SPDI and Ownership of Data in the Telecom Sector’ On 16 July’18, TRAI issued recommendations Srikrishna Committee formed to study on Privacy & Security of Data in the Telecom 2017 the issues related to data protection Sector Includes TSPs, communication networks, Draft PDPB submitted by the committee browsers, operating systems, OTT service 2018 to the Ministry of electronics and providers Information Technology Digital Information Security in Healthcare Act Passed by the cabinet , now pending with (DISHA) 2019 joint select committee to present its report DISHA seeks to regulate all digital health data PwC ET master class Enable sharing of personal health records b/w 83 83 About India’s draft Personal Data Protection Bill What’s Unique? First attempt to bring a harmonized data privacy regime in India Who does it Everyone effect? Consequences for Financial & regulatory risk, Operational disruption, Reputational damage organizations Civil Penalties: Higher of INR 15 Cr or 4 % of total turnover Penalties Criminal Penalties: Imprisonment (ranging from 3 to 5 years) Who should Data Fiduciary & Processor protect & what? Personal data and Sensitive Personal data PwC ET master class 84 Computer Network Security 84 Security vs. Privacy ☞ Sometimes people think of Security and Privacy as if they're opposing forces. ☞ Are they really? ☞ Do we have to give up one to get the other? 85 Why should we care? Computer ISFCR Executive NetworkEducation Security 86 Total value at risk from cybercrime US$5.2 trillion over the period 2019 to 2023 Source: https://www.accenture.com/_acnmedia/PDF-96/Accenture-2019-Cost-of-Cybercrime-Study-Final.pdf#zoom=50 Computer Network Security 87 Cyber crime is Growing exponentially and Pays ☞ Multiple studies estimate cyber crime costs to cross $2.1 trillion by the year 2019 and $6 trillion by 2021 (WEF, Juniper, IBM, Lloyds..) ☞ 60 percent of small businesses go out of business six months after a cyberattack “Cyber crime is the greatest transfer of wealth in History” General Keith B Alexander, , Commander – US Cyber Command. ☞ Ransomware - great example of a solid economic model of cybercrime business and growing exponentially. ☞ Cybercrime-as-a-service - hack or shut down a business by DDoS attack Computer Network Security 88 There are two forces at work here, pulling in different directions: The attackers, who are getting better and faster at making their attacks work Attackers only need to find a single weakness, the developer needs to find all weaknesses And the companies, which still struggle with the overload of urgent Technical security tasks and Economic constraints too! 89 Days to identify and contain a data breach The mean or average time to identify and contain a data breach fell from 287 days in 2021 to 277 days in 2022, a decrease of 10 days or 3.5%. We say, Lifecycle of data breach in 2022 is 277 days. Source: IBM Cost of Data Breach 2022 report Computer Network Security 90 Days to identify and contain a data breach Computer Source: Network IBM Ponemon ReportSecurity 2019 91 Data Breach Lifecycle and Data breach costs Source: IBM Cost of breach report 2022 Computer Network Security 92 Cost of Data Breach Computer Network Security 93 Impact of Data Breaches Computer Network Security 94 Security Mindset Computer ISFCR Executive NetworkEducation Security 95 What is Cybersecurity Mindset? Computer Network Security 96 What is Cybersecurity Mindset? ☞ Normally, we are concerned with correctness ☞ Does the software achieve the desired behavior? ☞ Security is a form of correctness ☞ Does the software prevent “undesired” behavior? ☞ The key difference: ☞ Security involves an adversary who is active and malicious. ☞ Adversary seeks to circumvent protective measures. Computer Network Security 97 What is Cybersecurity Mindset? ☞ Normal users ignore or report bugs/flaws ☞ Adversaries / Attackers are not normal users ☞ Adversaries / Attackers seek out bugs/flaws and try to exploit them ☞ This extends beyond software and to entire systems Computer Network Security 98 What is Cybersecurity Mindset? ☞ There is no such thing as absolute security! ☞Goal: Raise the bar for the attacker Too difficult, Too expensive Lower Return on Investment (ROI) and hence not the attractive target Ultimately, we want to mitigate undesired behaviour Computer Network Security 99 Cybersecurity – why does it fail? ☞ Systems may fail for many reasons Reliability deals with accidental failures Usability deals with problems arising from operating mistakes made by users Security deals with intentional failures created by intelligent parties Computer Network Security 100 Cybersecurity – why does it fail? ☞ “Computing in the presence of an adversary” ☞ Computer security experts think like an attacker all the time “What can go wrong?” “How can it go wrong?” “What assumptions might not be correct?” “How can I exploit this system?” ☞ Think outside the box! Computer Network Security 101 What does “Cybersecurity” mean? ☞ Who are our adversaries? Motives? Capabilities? Access? ☞ What kinds of attacks do we need to prevent? ☞ Can we ignore any type/kind attacks? Computer Network Security 102 Thinking like an attacker ☞ Thinking like an attacker Understanding how to circumvent security Look for where security can fail ☞ Thinking like a defender What are you defending (assets) and from whom (APT, state-actors, kiddies) Weigh benefits vs. costs: No system is ever completely secure!! “Rational paranoia!” Computer Network Security 103 CIA and Cybersecurity Mindset ☞ Reveals info users wish to hide (confidentiality breached) Corporate secrets Private data; personally identifying information (PII) ☞ Modifies information or functionality (integrity breached) Destroys records Changes data in-flight (think “the telephone game”) Installs unwanted software (spambot, spyware, etc.) ☞ Denies access to a service (availability issues) Crashing a website for political reasons, Denial of service attack Variant: Bias, Fairness in question Computer Network Security 104 WHY ARE ATTACKS COMMON? ☞ Because attacks are derived from design flaws or implementation bugs But all software has bugs: so what? ☞ A normal user never sees most bugs ☞ Too expensive to fix every bug Normal thought process: “Let’s only fix what’s likely to affect normal users” Computer Network Security 105 How secure should Security be? Computer ISFCR Executive NetworkEducation Security 106 Security Cornerstones ☞Threat Mode – No Absolute Security, Only Relative Security ☞Prevention, Detection & Response, Mitigation and Recovery ☞False Positives, False Negatives, and measurements/metrics Computer Network Security 107 How secure should we make it? ☞ Principle of Adequate Protection “Security is economics” Don't spend $100,000 to protect a system that can only cause $1000 in damage Or has a replacement cost of $5000 ☞ Why Information Security is Hard – An Economic Perspective By Ross Anderson - https://www.acsac.org/2001/papers/110.pdf Computer Network Security 108 How secure should we make it? ☞ Principle of Easiest Penetration “A system is only as strong as its weakest link” The attacker will go after whatever part of the system is easiest for him, not most convenient for you. In order to build secure systems, we need to learn how to think like an attacker! Computer Network Security 109 It All Comes Down To People... The Attacker(s) ☞ People attack systems for some reason for money, for politics, for the fun, for Kicks! ☞ Often the most effective security is to attack the attacker’s motivation Computer Network Security 110 It All Comes Down to People... The Users ☞ If a security system is unusable, it will be unused ☞ Or at least so greatly resented that users will actively attempt to subvert it: "Let's set the ICB Missile launch code to 00000000" (oh, and write down the password anyway!) ☞ Users will subvert systems anyway ☞ Programmers will make mistakes ☞ And Social Engineering... Computer Network Security 111 False Positives and False Negatives ☞ False positive: You alert when there is nothing there ☞ False negative: You fail to alert when something is there ☞ This is the real cost of detection: Responding to false positives is not free And too many false positives and alarms get removed False negatives mean a failure Computer Network Security 112 Defence in Depth ☞ The notion of layering multiple types of protection together EG, : Moat -> wall -> depression -> even bigger wall And some towers to rain down an eclectic mix of flaming and pointy death on those caught up in the defences ☞ Hypothesis is that attacker needs to breach all the defences At least until something comes along to make the defence irrelevant like, oh, say siege cannons D1 ☞ But defence in depth isn't free: D2 Alert You are throwing more resources at the problem You can have an increased false positive rate: FP1 1-FP1 FP2 FP If D1 has rate FP1 and D2 has rate FP2, a composition where either can alert has:.1.9.1.19 FP = FP1 + (1-FP1) * FP2.3.7.3.51 Computer Network Security 113 Mitigation & Recovery... ☞ OK, something bad happened... Now what? ☞ Assumption: bad things will happen in the system Can we design things so we can get back working? ☞ So how do I plan for earthquakes? "1 week of stay put and 50+ miles of get outta town" ☞ So how do I plan for ransomware? "If my computer and house catches fire, I have backups"... AKA, "If you love it, back it up!" Computer Network Security 114 Real World Security... How is your account breached? ☞ Humans can't remember good passwords... Well, we can remember a couple good passwords, but that's about it Computer Network Security 115 Computer Network Security 116 Thank you! Follow us isfcr.pesu www.isfcr.pes.edu ISFCR Welcome to PES University Ring Road Campus, Bengaluru Computer Network Security UE21CS343AB6 Prasad Honnavalli Lecture 2 Disclaimer ☞ This presentation is purely educational. ☞ The views expressed by the presenter is not representation of any organization. ☞ The views are based on professional experience of the presenter and no liability is accepted by the presenter in the event of any potential or perceived losses resulting from this presentation. Computer Network Security 3 General Rules of Engagement Emergency Exit Assembly Point Washroom No Chatting Phones on silent No Sleeping Computer Network Security 4 A Note on Security ☞ In this course, you will be exposed to information about security problems and vulnerabilities with computing systems and networks. ☞ To be clear, you are not to use this or any other similar information to test the security of, break into, compromise, or otherwise attack, any system or network without the express consent of the owner. ☞ In particular, you will comply with all my instructions when doing the labs. My instructions are in consonance with applicable laws of India and PES University policies. If in any doubt, please consult your professor! ☞ Any violation is at YOUR RISK! And may result in severe consequences. Computer Network Security 5 What does a day online look like? You browse the You visit web, shop online, a post some photos, website order food, read Fill up feedbacks, You exit participate in and some surveys , come get some free offline vouchers PwC ET master class Computer Network Security 6 What does a day online look like? What do you think actually took place? PwC ET master class Computer Network Security 7 What happens at the backend? Collection of Enterprise collects user personal data via user’s personal authentication, surveys, loyalty prog. etc. information Sites collect data via cookies which stores personal data, preferences, browsing history Data gets shared with ISPs, third parties , apps, Sharing of data to platforms 3rd parties The backend data gets stored with cloud providers having data centers across the world These 3rd parties further share this data with other parties who may or may not have adequate security PwC ET master class measures 8 8 What happens at the backend? Innovative technologies & process manipulate the Profiling of user data data Processes used to take decisions & analyze data is unknown to user Fields collected are social media friend list, location, web search history, chat history, IP addresses etc. Online sites ultimately change user perception, Data behaviour, psychology to predict behavior & Monetization monetize data which was collected initially for a different purpose PwC ET master class 9 9 The Attack Landscape The Human Factor! Computer ISFCR Executive NetworkEducation Security 10 The Attack Landscape Computer ISFCR Executive NetworkEducation Security 11 How safe is our Credentials? ☞ So many logins and passwords to remember that it’s tempting to reuse credentials —a fact attackers rely on. ☞ Security best practices Use strong passwords/passphrases with a combination of Upper and Lower case letters, numbers and symbols. Use unique passwords / passphrases for all your applications and websites Change Default passwords Use password manager Computer Network Security 12 MITM / Eavesdropping ☞ MITM / eavesdropping is another method used by cyber criminals to capture personal information. ☞ What it is: ☞ Virtual “listening in” on information that's shared over an unsecure (not encrypted) WiFi network. ☞ Session hijacking Computer Network Security 13 Social Engineering - Phishing ☞ Is a seemingly legitimate email with an attachment to open or a link to click. ☞ Appears to be from someone you trust, like your boss or a company you do business with. ☞ Upon opening the malicious attachment, you’ll thereby install malware in your computer. ☞ If you click the link, it may send you to a legitimate-looking website that asks for you to log in to access an important file—except the website is actually a trap used to capture your credentials when you try to log in. Check this for examples: https://security.berkeley.edu/resources/phishing/phish-tank Computer Network Security 14 Denial of Service ☞ In DoS an attacker floods a website with an overwhelming amount of traffic to essentially shut it down for all users. ☞ When these DoS attacks are performed by many computers at the same time, it is called as a Distributed Denial of Service Attack (DDoS). More than 2000 1/3 $150 of all downtime incidents are can buy a week-long DDoS attack on the daily DDoS Attacks are observed world-wide by attributed to DDoS attacks. black market. TrendMicro Research Arbor Networks. Understanding DDoS - Verizon Digital Attack Map Computer Network Security 15 https://www.youtube.com/watch?v=xzCk08fGz1c 16 OSI layers susceptible to DDoS attacks DDoS Attacks DDoS Attacks Computer Network Security 17 Malware / Ransomware ☞ Is various forms of harmful software, that can take control of your machine, monitor your actions and keystrokes, Silently send all sorts of confidential data from your computer or network to the attacker's home base. covertly encrypts your files – preventing you from accessing them – then demands payment for their safe recovery. Computer Network Security 18 Patching Behavior – Before and after WannaCry 2019 potential cost of US Ransomware attacks in excess of $7.5 billion. Impacted at least 966 government agencies including, 113 state and municipal governments and agencies. 764 healthcare providers. 89 universities, colleges and up to 1,233 school districts. Source: https://blog.emsisoft.com/en/34822/the-state-of-ransomware-in-the-us-report-and-statistics-2019/ Computer Network Security 19 2019 – US Ransomware attacks ☞ In 2019, the U.S. was hit by an unprecedented and unrelenting barrage of ransomware attacks ☞ That impacted at least 966 government agencies including, 113 state and municipal governments and agencies. ☞ 764 healthcare providers. ☞ Educational establishments, 89 universities, colleges and school districts, with operations at up to 1,233 individual schools potentially affected. ☞ At a potential cost in excess of $7.5 billion. Source: https://blog.emsisoft.com/en/34822/the-state-of-ransomware-in-the-us-report-and-statistics-2019/ Computer Network Security 20 OWASP Top 10 – IoT 2018 OWASP IoT Top 10 2018 Description Use of easily bruteforced, publicly available, or unchangeable I1 Weak, Guessable, or credentials, including backdoors in firmware or client software Hardcoded Passwords that grants unauthorized access to deployed systems. Unneeded or insecure network services running on the device I2 Insecure Network itself, especially those exposed to the internet, that compromise Services the confidentiality, integrity/authenticity, or availability of information or allow unauthorized remote control. Insecure web, backend API, cloud, or mobile interfaces in the ecosystem outside of the device that allows compromise of the I3 Insecure Ecosystem device or its related components. Common issues include a lack Interfaces of authentication/authorization, lacking or weak encryption, and a lack of input and output filtering. 21 OWASP Top 10 – IoT 2018 OWASP IoT Top 10 2018 Description Lack of ability to securely update the device. This includes lack of I4 Lack of Secure Update firmware validation on device, lack of secure delivery Mechanism (un-encrypted in transit), lack of anti-rollback mechanisms, and lack of notifications of security changes due to updates. Use of deprecated or insecure software components/libraries that could allow the device to be compromised. This includes I5 Use of Insecure or insecure customization of operating system platforms, and the Outdated Components use of third-party software or hardware components from a compromised supply chain User’s personal information stored on the device or in the I6 Insufficient Privacy ecosystem that is used insecurely, improperly, or without Protection permission. 22 OWASP Top 10 – IoT 2018 OWASP IoT Top 10 2018 Description Lack of encryption or access control of sensitive data anywhere I7 Insecure Data Transfer within the ecosystem, including at rest, in transit, or during and Storage processing Lack of security support on devices deployed in production, I8 Lack of Device including asset management, update management, secure Management decommissioning, systems monitoring, and response capabilities. Devices or systems shipped with insecure default settings or lack I9 Insecure Default the ability to make the system more secure by restricting Settings operators from modifying configurations. Lack of physical hardening measures, allowing potential I10 Lack of Physical attackers to gain sensitive information that can help in a future Hardening remote attack or take local control of the device. 23 Cyber Attack Map ☞ https://norse-corp.com/map/ ☞ https://www.digitalattackmap.com/ ☞ https://cybermap.kaspersky.com/ ☞ https://threatmap.checkpoint.com/ ☞ https://www.fireeye.com/cyber-map/threat-map.html ☞ https://threatmap.fortiguard.com/ ☞ https://www.akamai.com/uk/en/resources/visualizing-akamai/ real-time-web-monitor.jsp ☞ https://talosintelligence.com/fullpage_maps/pulse ☞ https://www.sophos.com/en-us/threat-center/threat-monitori ng/threatdashboard.aspx Computer Network Security 24 Cyber Security Framework Computer ISFCR Executive NetworkEducation Security 25 Security Framework Computer Network Security 26 CyberSecurity Framework https://www.nist.gov/cyberframe work Computer Network Security 27 The biggest cyber-threat is simply: Complacency failing to create a security policy Educating employees, putting software protection in place, encouraging sensible cyber-security practice are solid foundations on which to build your company's defences. Computer Network Security Board Room Cyber watch survey 2014 28 Social Engineering – a short video https://www.youtube.com/watch?v=fHhNWAKw0bY&t=28s 29 Real Life Examples of Cyber Crime Computer ISFCR Executive NetworkEducation Security 30 Hackers target Cyber Physical Systems 31 Exposed and hackable Attack surface in a Car 32 Chrysler Jeep Hack 2015 By Charlie Miller and Chris Valasek https://spectrum.ieee.org/cars-that-think/transportation/systems/jeep-hacking-101 https://www.youtube.com/watch?v=OobLb1McxnI 33 Olympic Games aka "Stuxnet” 34 Target Data Breach ☞ The third biggest retail chain in USA suffered a massive security breach - 40 million credit-card users and personal data from as many 70 million were compromised in 19 days during the Christmas shopping season ☞ Target announced that Steinhafel, who is also president and chairman of the board, will step down immediately. (http://pressroom.target.com/news/statement-from-targets-board-of-d irectors ) Computer Network Security 35 The Central Bank of Bangladesh heist ☞ On February 4, 2016, a cyber-attack on the central bank of Bangladesh resulted in losses of $81 Million and prevented another $850 Million in transactions from being processed. ☞ Hackers request the Federal Reserve Bank of New York to transfer nearly $1 billion of the Bangladesh Bank’s funds to bank accounts in the Philippines, Sri Lanka and other parts of Asia. Computer Network Security 36 Equifax: 143 million Social Security and personal info Stolen Equifax says the breach lasted from mid-May through July 29th when it was detected Equifax CEO Smith blames breach on a single person who failed to deploy patch for public vulnerability in Apache’s Struts software Source: https://www.govinfo.gov/content/pkg/CHRG-115shrg28123/html/CHRG-115shrg28123.htm https://www.congress.gov/event/115th-congress/house-event/106455/text Computer Network Security 37 Capital One – Data Breach July 2019 100 million consumer applications for credit from Capital One. The problem stemmed in part from a misconfigured open-source Web Application Firewall (WAF) that Capital One was using as part of its operations hosted in the cloud with Amazon Web Services (AWS). For More Info https://www.capitalone.com/facts2019/ https://www.cyberint.com/wp-content/uploads/2019/08/Capital-One-Breach_-CyberInts-Take.pdf https://krebsonsecurity.com/tag/capital-one-breach/ 38 Marriot Data Breach Marriott first revealed it had suffered a massive data breach affecting the records of up to 500 million customers on 30 November last year. Information accessed included payment information, names, mailing addresses, phone numbers, email addresses and passport numbers. For more info: https://www.consumer.ftc.gov/blog/2018/12/marriott- data-breach https://krebsonsecurity.com/2018/12/what-the-marrio tt-breach-says-about-security/ https://www.wsj.com/articles/marriott-faces-123-millio n-fine-over-starwood-data-breach-11562682484 39 Threats to Personal Safety Computer Network Security 40 Confidentiality/privacy 5,183 breaches exposed 7.9 billion records in the first nine months of 2019 June 09, 2020 - The healthcare sector was the most targeted by hackers and cyberattacks in 2019. And its 382 data breaches cost the sector more than $17.76B billion, according to ForgeRock’s 2019 Consumer Breach Report. Computer Network Security 41 Colonial Pipeline Attack ☞ The result of a single compromised password, ☞ Hackers gained entry into the networks of Colonial Pipeline Co. on April 29 through a VPN account, which allowed employees to remotely access the company’s computer network, said Charles Carmakal, senior vice president at cybersecurity firm Mandiant, part of FireEye Inc., in an interview. ☞ The account was no longer in use at the time of the attack but could still be used to access Colonial’s network, he said. Computer Network Security 42 Can affect a country’s economy... Multiple times! Computer Network Security 43 NotPetya https://en.wikipedia.org/wiki/Petya_(malware) ☞ A White House assessment pegged the total damages brought about by NotPetya to more than $10 billion. ☞ Maersk, the world's largest container ship and supply vessel operator, was estimated to have lost between $200m and $300m ☞ On 28 June 2017, JNPT, India's largest container port, was reportedly affected, with all operations coming to a standstill ☞ Mondelez International's insurer, Zurich American Insurance Company, has refused to pay, on the grounds that Notpetya is an "act of war" that is not covered by the policy. Mondelez is suing Zurich American for $100 million Computer Network Security 44 Vendors with Most Published vulnerabilities 45 Vulnerabilities by Category 46 Vulnerabilities by Year Source: https://cve.mitre.org/ https://www.cvedetails.com/browse-by-date.php https://cwe.mitre.org/data/index.html 47 IoT – Internet of Things ☞ Three large IoT botnets—Mirai, BrickerBot, and Hajime ☞ 665-Gbps attack targeted the security blogger Brian Krebs in September 2016. ☞ Shortly thereafter, a 1-TBps attack was launched against the French hosting company OVH abusing over 150,000 IoT devices. ☞ And in October, DynDNS suffered an attack that caused an outage to hundreds of popular websites—the largest of the three Internet of Things (IoT) DDoS attacks. “KrebsOnSecurity Hit with Record DDoS,” by Brian Krebs, KrebsOnSecurity blog, September 21, 2016: krebsonsecurity.com/2016/09/krebsonsecurity-hit-with-record-ddos/. “150,000 IoT Devices Abused for Massive DDoS Attacks on OVH,” by Eduard Kovacs, SecurityWeek, September 27, 2016: securityweek.com/150000-iot-devices-abused-massive-ddos-attacks-ovh. “DDoS Attack on Dyn Came from 100,000 Infected Devices,” by Michael Kan, IDG News Service, for ComputerWorld, October 26, 2016: Computer Network Security 48 The DDoS Attack on Google, 2020 ☞ On October 16, 2020, Google’s Threat Analysis Group (TAG) posted a blog update concerning how the threats and threat actors are changing their tactics due to the 2020 U.S. election. At the end of the post, the company snuck in a note: ☞ in 2020, our Security Reliability Engineering team measured a record-breaking UDP amplification attack sourced out of several Chinese ISPs (ASNs 4134, 4837, 58453, and 9394), which remains the largest bandwidth attack of which we are aware. ☞ Mounted from three Chinese ISPs, the attack on thousands of Google’s IP addresses lasted for six months and peaked at a breath-taking 2.5Tbps! Damian Menscher, a Security Reliability Engineer at Google, wrote: ☞ The attacker used several networks to spoof 167 Mpps (millions of packets per second) to 180,000 exposed CLDAP, DNS, and SMTP servers, which would then send large responses to us. This demonstrates the volumes a well-resourced attacker can achieve: This was four times larger than the record-breaking 623 Gbps attack from the Mirai botnet a year earlier. Computer Network Security 49 IIoT Cyber attacks 50 Ransomed medical devices: It’s happening ☞ Medical devices at US hospitals have been hit by the now-infamous Dick Cheney ordered changes to his WannaCry ransomware - Pacemakers pacemaker to better and other implants protect it from hackers. ☞ And St. Jude has spent months dealing with the fallout of vulnerabilities in some of the company's defibrillators, pacemakers, and other medical electronics. ☞ Johnson & Johnson warned customers about a security bug in one of its insulin pumps last fall. Computer Network Security 51 Major U.S. Healthcare Data Breaches of 2018 ☞ Email, targeted phishing attacks, and database misconfigurations were behind the year’s largest breaches of patient data - With one attack lasting more than a year. ☞ Accudoc solutions: 2.65 million atrium health patients Hack on North Carolina-based billing vendor AccuDoc Solutions, whichprepares patient bills and operates Atrium Health’s compromised patient data for a week ☞ Unitypoint health: 1.4 million patients - second breach in a year The email system was hit with a series of highly targeted phishing emails that looked as if they were sent from an executive from within the organization. An employee fell for the scam. ☞ Cno financial group: 566,217 customers Hackers accessed several employee credentials and used them to access company websites, compromising the data of policy holders and applicants. The breached data included names, insurance details, dates of birth, and the last four digits/complete Social Security numbers, credit or debit information, medications, diagnoses and or treatment details were included in the breach. Source: https://healthitsecurity.com/news/the-10-biggest-u.s.-healthcare-data-breaches-of-2018 Computer Network Security 52 In Summary – without these, the rest can’t help! Sensible Cyber Practices Training & Social Education Engineering Update your Validated Software / Backup Patching Use Strong Human Use Anti-Malware Passwords / Software Factors Protection Computer Network Security 53 “Cyber Security is everyone’s responsibility!” Do your Part, #Be Cybersafe!! Computer Network Security 54 Job Outlook Computer ISFCR Executive NetworkEducation Security 55 Source: https://www.linkedin.com/pulse/cybersecurity-domain-map-ver-30-henry-jiang/ 56 Information Security is growing by 33% 8th fastest growing among all 800 job profiles tracked by US Bureau of Labor Computer Network Security 57 Cybersecurity Workforce Demand 58 Cybersecurity Workforce Demand 59 India – Cyber Security Jobs ☞ Specialist staffing firm ☞ 3.5 Million unfilled Xpheno estimates 67,000 cybersecurity jobs by 2021 job openings in cyber security in the country, with nearly 19,000 in Bangalore alone. Source: Source: https://economictimes.indiatimes.com/tech/internet/cyber-security-professi https://cio.economictimes.indiatimes.com/news/digital-security/3-5-million-unfi onals-in-big-demand-over-67000-job-openings-says-estimate/articleshow/73 lled-cybersecurity-jobs-by-2021-report/64776284 769582.cms?from=mdr 60 Job Outlook ☞ "The shortage of skilled and qualified cybersecurity professionals is one of the biggest issues facing our Internet-connected world today. Professionals who gain the skills and tactics needed to defend against the next generation of security threats will be better prepared for careers at IBM and other organizations in the cybersecurity industry." — Bob Kalka , CRISC, Vice President, IBM Security Business Unit ☞ Employment of information security analysts is projected to grow 28 percent from 2016 to 2026, much faster than the average for all occupations. Demand for information security analysts is expected to be very high, as these analysts will be needed to create innovative solutions to prevent hackers from stealing critical information or causing problems for computer networks. Source:https://www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm Computer Network Security 61 Cybersecurity Job Outlook ☞ If you are currently part of the cybersecurity workforce, then congratulations on selecting a wonderful career - Jonathan Trull, Chief Information Security Officer, REGIS University ☞ And if you are still deciding on a career or looking to transition into a new field, then I would strongly recommend you consider a career in information security (cybersecurity and information security can be used interchangeably). ☞ To convince you, let me provide you with some facts. First, there is a severe labour shortage, which means that qualified candidates have numerous opportunities and can typically demand high salaries. According to the Symantec CEO, “the demand for the cybersecurity workforce is expected to rise to 6 million globally by 2019, with a projected shortfall of 1.5 million.” According to the Federal CIO, there are more than 10,000 openings in the federal government for cyber security professionals. With such a severe labor shortage, salaries for cyber security professionals are at an all time high and are increasing year over year. Computer Network Security 62 Job Outlook ☞ The ISACA, a non-profit information security advocacy group, predicts there will be a global shortage of two million cyber security professionals by 2019. ☞ Every year in the U.S., 40,000 jobs for information security analysts go unfilled, and employers are struggling to fill 200,000 other cyber- security related roles, according to cyber security data tool CyberSeek. ☞ And for every ten cyber security job ads that appear on careers site Indeed, only seven people even click on one of the ads, let alone apply. Source: Forbes.com Computer Network Security 63 Job Outlook ☞ https://www.cybersecurityeducation.org/careers/ ☞ https://www.burning-glass.com/wp-content/uploads/2020/10/ Fastest_Growing_Cybersecurity_Skills_Report.pdf ☞ https://www.forbes.com/sites/louiscolumbus/2020/11/01/wha t-are-the-fastest-growing-cybersecurity-skills-in-2021/?sh=2076 ddd35d73 ☞ https://www.cyberinternacademy.com/everything-you-need-to -know-about-if-cybersecurity-is-the-career-for-you/ ☞ https://www.bls.gov/ooh/computer-and-information-technolo gy/information-security-analysts.htm#tab-1 Computer Network Security 64 Thank you! Follow us isfcr.pesu www.isfcr.pes.edu ISFCR Welcome to PES University Ring Road Campus, Bengaluru Computer Network Security UE21CS343AB6 Prof. Prasad H B, Prof. Preet Kanwal Lecture 3 Emergency Exit Assembly Point Washroom No Chatting Phones on silent No Sleeping Computer Network Security 3 A Note on Security ☞ In this course, you will be exposed to information about security problems and vulnerabilities with computing systems and networks. ☞ To be clear, you are not to use this or any other similar information to test the security of, break into, compromise, or otherwise attack, any system or network without the express consent of the owner. ☞ In particular, you will comply with all my instructions when doing the labs. My instructions are in consonance with applicable laws of India and PES University policies. If in any doubt, please consult your professor! ☞ Any violation is at YOUR RISK! And may result in severe consequences. Computer Network Security 4 Outline (Unit 1) ☞ Introduction to Network Security Basics ☞ Introduction to Network Security Attacks ☞ Packet Sniffing and Spoofing ☞ Sending/Receiving Packets ☞ Sniffing Packets ☞ Sniffing Packets – Raw Sockets ☞ Sniffing Packets – PCAP API Computer Network Security 5 Network Security Essentials Introduction to Network Security Basics Preet Kanwal Department of Computer Science and Engineering Computer ISFCR Executive NetworkEducation Security 6 Outline - Introduction to Network Security Basics Introduction to Network Security Basics IP address NAT Public IP vs Private IP Network interfaces TCP/IP model Packet Construction & its Journey NIC Packet Sending Tools Socket Programming Endianness(Byte Order) Computer Network Security 7 What is a Network? Two or more devices connected together. Communicate with each other, share data or resources Computer Network Security 8 IP Addresses An IP address identifies a network or device on the internet. IP addresses let computers and devices communicate with one another over the internet. IP addresses are assigned to every type of network device. It could be an IP camera, a laptop, a desktop device, an IP phone, a cell phone on a wireless network, computer servers, or websites. Even children’s toys that are internet connected will have an IP address assigned to them. Computer Network Security 9 Types of IP Addresses Computer Network Security 10 NAT- Network Address Translation Every computer needs IP address to connect to the network. IPV4 addresses ran out many years ago and that was the main reason for IPV6. But before IPV6 gets widely adopted, NAT technology was introduced and most of you are probably using it everyday. NAT aided in gradual move from IPv4 to IPv6. Computer Network Security 11 Private IP Addresses Home routers have their local address set to a default, private IP address number. It’s usually the same address for the other models from that manufacturer, and it can be seen in the manufacturer’s documentation. Example : Linksys routers use 192.168.1.1 D-Link and NETGEAR routers are set to 192.168.0.1 Cisco routers use either 192.168.10.2, 192.168.1.254 or 192.168.1.1 Belkin and SMC routers often use 192.168.2.1 Private IP address is just for you, your router and your internal network. Private IP addresses are : Non-routable Untrackable Computer Network Security 12 Range of Private IP Addresses The organizations that distribute IP addresses to the world reserves a range of IP addresses for private networks. Class Range # of IP Default First Octet in High-Order addresses Subnet Mask Decimal Bits A 10.0.0.0 – 10.255.255.255 16,777,216 255.0.0.0 or 1 – 126 0 10.0.0.0/8 B 172.16.0.0 – 172.31.255.255 1,048,576 255.255.0.0 or 128 – 191 10 172.16.0.0/16 C 192.168.0.0 – 192.168.255.255 65,536 255.255.255.0 or 192 – 223 110 192.168.0.0/24 This slash notation is sometimes called CIDR (classless interdomain routing) notation. Computer Network Security 13 Network Interfaces Can you use Ethernet and Wi-Fi at the same time? Computer Network Security 14 Network Interfaces Possible in some systems – must change the system settings Computer Network Security 15 Network Interfaces Computer Network Security 16 Network Interface/ Network Adapter/ Network Controller A computer connects to a network using a piece of hardware* called Network Interface Card (NIC). Ethernet and Wifi are two standard types of NIC. Each NIC connects a computer to one network. A device can multiple NICs (like router and the example presented in slides) Technically, IP addresses are not assigned to a computer, they are assigned to NICs, one for each network. NIC (Network Interface Card) is a physical or logical link between a machine and a network. Each NIC has a MAC address. Hence, if a computer has multiple NICs, it may have multiple IP addresses and multiple MAC addresses * In modern systems, NICs can be software example : Virtual network interface Computer Network Security 17 Network Interfaces Computer Network Security 18 Virtual Network Interface When you use a virtual machine, you must set up virtual hardware to interact with the machine. For example, o you expose some of your physical memory to act as virtual memory o you can expose folders to act as virtual drives. Similarly, we can provide the guest/virtual machine with a virtual network adapter/interface so that it can access the internet through our host’s network adapter. There are different types of virtual network adapters, including: 1. NAT adapters 2. Bridged adapters 3. Host-Only adapters Computer Network Security 19 Virtual Network Interface Network Address Translation (NAT) Adapters: The NAT adapter will give access to your VM as if it were the host, making use of the same address. This is similar to having multiple computers on a home network, which communicate with each other using different addresses (eg. 192.168.1.11 and 192.168.1.15) and all communicate with the internet using the same address (eg. 172.119.27.80) Bridged Adapters: Bridged adapters lets the VM simulate being a distinct node on the network. This means that a VM will communicate externally using a different address than the host (eg. 172.119.27.80 and 172.119.27.85). It is unlikely you can use this adapter on home networks as they typically only allow one external IP address. Host-Only Adapters: Host-Only adapters network the host and VM directly. Any other VMs running on the host will also be connected. These adapters are an easy way to communicate between VMs and experiment with networked machines. Computer Network Security 20 Virtual Network Interface Host-only only permits network operations with the Host OS. In the default configuration, a virtual machine in a host-only network cannot connect to the Internet. If you install the proper routing or proxy software on the host system, you can establish a connection between the host virtual network adapter and the physical network adapter in the host system. One can connect to internet with Bridged and NAT mode NAT mode will mask all network activity as if it came from your Host OS, although the VM can access external resources. Bridged mode replicates another node on the physical network and your VM will receive it's own IP address if DHCP is enabled in the network. Computer Network Security 21 Other examples of Virtual Network Interface Loopback Interface : IP address 127.0.0.1 Dummy Interface TUN Interface Computer Network Security 22 Basic Commands Check IP address, MAC address, Network Interfaces on Linux– ifconfig or ip addr show Get IP address from a host name – dig www.example.com Computer Network Security 23 OSI Reference Model vs TCP/IP Model The socket layer acts as the interface to and from the application layer to the transport layer. Computer Network Security 24 Layered Approach https://0xbharath.github.io/art-of-packet-crafting-with-scapy/networking/l ayers/index.html Computer Network Security 25 Introduction - Packet When any data has to be transmitted over the computer network, it is broken down into smaller units at the sender’s node called data packets and reassembled at receiver’s node in original format. It is the smallest unit of communication over a computer network. It is also called a block, a segment, a datagram or a packet. Computer Network Security 26 What does a Packet Look Like? To understand packet filtering, you first have to understand packets and how they are handled at each layer of the TCP/IP protocol stack. At each layer, a packet has two parts: the header and the body. Data Encapsulation The header contains protocol information relevant to that layer The body contains the data for that layer which often consists of a whole packet from the next layer in the stack. Each layer treats the information it gets from the layer above it as data and applies its own header to this data. At each layer, the packet contains all of the information passed from the higher layer; nothing is lost. This process of preserving the data while attaching a new header is known as encapsulation. At the receiver end, process is reversed - Decapsulation. Computer Network Security 27 How Packets are sent to the Network Applications have some data to be sent and uses a system call socket api() to send data to the kernel User Space Socket API Data along with transport layer header(dest port is fixed Protocol Stack = Transport Layer + Network Protocol Stack and source port is set by the OS)is passed to Network Layer layer which adds the IP header (adds dest and src IP addr) Link Level Driver Data Frames are constructed here. Ethernet header Kernel is added (adds source and dest mac address)_ Network Card Frames passes through wire as signal Hardware network packet Computer Network Security 28 Packet Construction inside Kernel (Journey of a Network Packet) Computer Network Security Packet Construction inside Kernel (Journey of a Network Packet) At the application layer where data is written to the socket by a user program through the socket interface API. The Socket layer is responsible for identifying the type of the protocol and for directing the control to the appropriate protocol specific function. Transport layer header is added to the data/payload from the application layer. Destination port number is provided by the Application. Source port number is randomly selected by the OS. At the Network/IP layer, IP header is added. Destination IP is provided by the Application. Source IP is decided by the OS (depending on which network interface is used to send out the packets) Performs Routing MAC layer header is added at the Data Link Layer : Source and Destination MAC Address Majority of this layer is implemented in NIC in hardware Eventually packet is given to physical layer where it is translated into signals and transmitted. This layer is implemented inside NIC Hardware. Computer Network Security How Packets are Received NIC (Network Interface Card) is a physical or logical link between a machine and a network Each NIC has a MAC address. Every NIC on the network will hear all the frames on the wire. NIC checks the destination address for every packet, if the address matches the cards MAC address, it is further copied into a buffer in the kernel. Computer Network Security How Packets are Received Applications only receive packets that are meant for the CPU and the registered User port. Space Socket API Protocol Stack Link Level Driver Kernel only receive packets that are meant for the CPU. Kerne Kernel buffer DMA transfer of packet to kernel l memory Check if destination address matches Network Card the card's MAC address. Hardware All packets on the network arrive here. Computer Network Security 32 network packet How Packets are Received Dropped if not the intended recipient Computer Network Security 33 How Packets are Received - if the machine is a Router If the comp is a router it forwards the packet to another router. This is done using routing. Router must select the Network Interface to send out the packet and select the next hop destination. Once that is decided, the packet is given to MAC layer. Routing table is inside the kernel. Computer Network Security 34 Packet Sending Tools Use netcat to send and receive packets: UDP Server : nc –lnuv example : nc –lnuv 9090 UDP Client : nc –u example : nc –u 10.0.2.13 9090 (For TCP connection, do not use –u option it stands for UDP packets) Use bash’s pseudo device /dev/tcp and /dev/udp to send packets echo “Hello there” > /dev/udp// echo “Hello there” > /dev/tcp// telnet to send out TCP Packets telnet ping to send out ICMP Packets ping Computer Network Security 35 Network Security Essentials Socket Programming using Python Preet Kanwal Department of Computer Science and Engineering Computer ISFCR Executive NetworkEducation Security 36 What is a Socket A socket is one endpoint of a two-way communication link between two programs running on the network. A socket is bound to a port number so that the Transport layer can identify the application that data is destined to be sent to. An endpoint is a combination of an IP address and a port number. Socket is an interface between Application Layer and Transport Layer Computer Network Security 37 UDP Client-Server Implementation Both client and server need to setup the socket In UDP, the client does not form a connection with the server like in TCP and instead just sends a datagram. Similarly, the server need not accept a connection and just waits for datagrams to arrive. Datagrams upon arrival contain the address of the sender which the server uses to send data to the correct client. As a client, the application needs to be aware of the server port to which it needs to connect, and as a server, the application needs to be aware of the server port to which it needs to listen. Therefore, the server needs to bind to an IP address and port so that the client can connect to it. https://www.geeksforgeeks.org/udp-server-client-implementation-c/ Computer Network Security 38 UDP Client-Server Implementation using Python udp_server.py udp_client.py Computer Network Security 39 Network Security Essentials Socket Programming using C Preet Kanwal Department of Computer Science and Engineering Computer ISFCR Executive NetworkEducation Security 40 Socket Programming - Important Functions sockfd = socket(int domain, int type, int protocol) Creates an unbound socket in the specified domain. Returns socket file descriptor. Arguments domain – Specifies the communication domain ( AF_INET for IPv4/ AF_INET6 for IPv6 ) type – Type of socket to be created ( SOCK_STREAM for TCP / SOCK_DGRAM for UDP ) protocol – Protocol to be used by the socket (redundant parameter) Computer Network Security 41 Socket Programming - Important Functions int bind(int sockfd, const struct sockaddr *addr, socklen_t addrlen) Assigns address to the unbound socket. Arguments : sockfd – File descriptor of the socket addr – Structure in which address(Port and IP) to be bound to is specified addrlen – Size of addr structure Computer Network Security 42 Socket Programming - Important Functions ssize_t sendto(int sockfd, const void *buf, size_t len, int flags, const struct sockaddr *dest_addr, socklen_t addrlen) Send a message on the socket Arguments : sockfd – File descriptor of the socket buf – Application buffer containing the data to be sent len – Size of buf application buffer flags – Bitwise OR of flags to modify socket behavior dest_addr – Structure containing the address of the destination addrlen – Size of dest_addr structure Computer Network Security 43 Socket Programming - Important Functions ssize_t recvfrom(int sockfd, void *buf, size_t len, int flags, struct sockaddr *src_addr, socklen_t *addrlen) Receive a message from the socket. Arguments : sockfd – File descriptor of the socket buf – Application buffer in which to receive data len – Size of buf application buffer flags – Bitwise OR of flags to modify socket behavior src_addr – Structure containing source address is returned addrlen – Variable in which size of src_addr structure is returned Computer Network Secu