COMP NET & DIST APP
COMP NET & DIST APP INFO 341
Popular in Course
Popular in Informatics
This 22 page Class Notes was uploaded by Brennan Schmeler on Wednesday September 9, 2015. The Class Notes belongs to INFO 341 at University of Washington taught by Staff in Fall. Since its upload, it has received 28 views. For similar materials see /class/192220/info-341-university-of-washington in Informatics at University of Washington.
Reviews for COMP NET & DIST APP
Report this Material
What is Karma?
Karma is the currency of StudySoup.
You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!
Date Created: 09/09/15
Security Discussion INFO 341 VVhy is security important What Security Problems Have Resulted In Financial Losses H rr sp nd ms 010 20 30 40 50 60 70 80 industrial Spl nag Mm l usa tsfr m mm Natural Disast r Mm l usatsby mpl y s N wisest rd Wntlm lnadv nant rr rs l Data from ErnstampYoung 1996 Some Common Threats 0 PasswordAuthentication Trojan Horse 0 Worm Virus Macro Virus Email Attacks Network Attacks Code Attacks Social Engineering Monday May 28 2007 mip WWW pcsym pathycom Icoriteritidr nrmi Linux vs Windows Viruses By Scd tGrannemam SecuritvFDcus Platform Comments Viruses A few hundred have caused Windows 60000 age Macintosh 4 23 Important enough to cause 0 some 39 39 damage Linux 40 Confined to laboratory UNIX 5 Confined to laboratory http lwwwopenumbiellaorgpdllossilsimypdl mm Open Source Soltwae l Flee Software OBSF8 hat is a password authentication attack reventing password authentication attack Require 78 character or longer passwords Don t use real words instead use a combination of letters numbers or speCIal characters consider using a phrase I ke stbampquotav Squash tomatoes beans and carrots are vegetablesquot Change the administrator or root password periodically Consider asking users to change their passwords regularly but be careful about forcing people to change too o en Educate users not to share their passwords with others Monday May 28 2007 http Hgallery euroweb martmlepoioglandomemolanmo lpg 39 39 i m i What is a Trojan Horse p K J What is a Trojan Horse A malicious program that masquerades as a legitimate program People who share software were often at more risk These seem to be less common these days Example ls command in HOME Example explorerexe httpsecinfnettrojans TheCompleteWindowsTrojansPaperhtml What is a Worm Monday May 28 2007 What is a Worm Worms are standalone programs thatare designed to search for known vulnerabilities of well known services and exploit them 0 Once they find a hole they propagate by copying themselves often using an open port to that new host and start executing They are typically able to propagate very quickly and are the source of most of the serious outbreaks Enternet Worm by Robert Morris Exploit sendmail root vulnerability Exploit buffer overrun in ngerd 0 Target SUNs amp VAXen running BSD 0 Password cracking list of 400 0 Password attack from dictionary 0 Targets found using etchosts rhosts 0 Program name of sh to hide 0 Code checked for existing infection Enternet Worm by Robert Morris 0 Bug in infection code failed 0 Password cracking code exhausted the system s resources 0 No other harm was done Monday May 28 2007 Enternet Worm by Robert Morris 0 A few references httpwwwresearchattcomsmbtalks computerinsecurityindexhtm httpwwwworm net httpwwwvtciftelstracomaupubdocs securitysertdocspafwormpsZ What is a Virus What is a Virus A piece of executable code attached to inserted in a legitimate program Can only execute when the legitimate program runs or automated launches Spreads by infecting noninfected copies of the legitimate or of other programs Monday May 28 2007 Typical virus actions Infect boot sectors cannot boot Send Email via address books Format hard drive Cripple system performance Registry hacks Insert as a startup program How Viruses Propagate Vulnerable TCP service ports 0 Email attachments Removableshared mediastorage CDROMs from vendors 0 Macro viruses crossplatform What is a network attack Monday May 28 2007 What is a network attack 0 Packet Snif ng Find interesting data 0 Port Scanning Find wellknown insecure services nmapfe Nessus What is a code attack 20 What is a code attack 0 An attack that takes advantage of a software aw or deeper understanding of a protocol 0 Buffer Overruns 0 Denial of Service DoS Distributed Denial of Service DDoS SYN Flood 0 ICMP Flood 21 Monday May 28 2007 What is social engineering 22 What is social engineering 0 An exploit that plays on an individuals notions of proper authority or an individuals naivet Hi I m Jake Smith work in the IT group I need to fix your roaming profile If you give me your password I ll have it fixed in just a second Hi my name is Darrin I m with your ISP Hi I m Kevin Mitnick and you ve been p0wned 23 What can be done Mtp lwww pcmag cumamciezul7ael5meaauu asp Why Are Virus Attacks Getting Worse The second thing that concerns me is the neverending evolution of social engineering The est example I39ve seen to date is the bogus message that appears to come 39om the email administrator ofthe domain you use for your email In one Jnny example I recently got a memo from the mail administrator at dvorakorg Since I39m the on person at dvorakorg l was surprised to nd I suddenly had an email administrator as part of e team I got several ofthese messages telling me about various problems with my account and how I had to x s an attachment with them ich lwas instructed to click on to get details While this was laughable for me I could imagine some new employee at General Electric or Procter and Gamble sitting at his or her desk worried sick about getting off probation and seeing this memo come 39om administratorGEcom or whatever 24 Monday May 28 2007 Tools SPAM lters Email server attachment scrubbers VirusWorm scanners SATAN COPS PDF checker HPUX Monitor logs event viewers 25 Good System Administration Only login as the administrator when there is administrivia to perform Often you can run as or authenticate brie y to perform the admin task EX sudo mount a A nonadministrator cannot harm the OS system files 26 27 Monday May 28 2007 gem Acmunls 396 i v Slum All Displays Sound Network 5 ulesk luhn Blummlrs Admin Sewnd Administrar igmm Picture Seturily Sum pllems 7 Name John Slammer ShorrNamv ohnb mm jahnstandard 39 5mm VeIIfVI quot quot Third Admlnlslratoi r quot Admin Passwmd Hint Optional Address Rook Card 39 Edit Q Lugm Options ll W H mm m link In prevent furmerchanges 28 a him H p mum mgm l iupwmav Senmhiilmr Liszt Emum I I I I m sun ma 1m Elnmmers hmhash lhom phnh 29 Security Methodologies Talk 0 What is a security event 0 Risk mitigation Who what where when why whow Aword on prevention 0 Business Continuity Planning 0 Security tools A simple security questionnaire The Security Policy 0 Developing the questionnaire 0 The Firewall Page 3O Monday May 28 2007 Timeline of a Security Event These are 39 Ew u ugms mm Scenariu r a Security Event and preems Having mem duesnut mean i 2 3 4 5 6 yuu are secure permmdsruvtnn my iVmA are being cased me my WW 3mm 2 An anaok uoours amp succeeds new 3 Deiewun Encryvtnn 4 Curr i fang2mm 5 Nurmai uperatiuns resume i 7 M C P Ask What an we ieam mmsmeeim cenm ies Scraen Callers tn av id deten deted prevent shurten mews minimiZE and duoumentthe evem beiure it aaegeneaeer Booms 31 I need to know about Security I learned from Star Trek Exam huwtu spei mwene Hirojen Femembc r Hw hon ipr m 819 quotFM Vayojer radial ikeir prev ke re 4A6 inun39f Risk Mitigation s Meme isss vui we ingsysiem sgrai gees w was seesseoms amnemnem ms ewes m pemeesmsweusueiseeummw areinpmeamcra omiim d amncn rat m an i ate rauaiERhS mew pen mm resv nse eemges is work 1x019 gene we be me man ewesem as him use amass pesimem new vaawawaiad use New mesa enemies Mame Maw my 5 Sewnes 75m rad 5 Wm Wu eem Monday May 28 2007 what where when copy roomi AWord on Prevention n Seounty holes you know about a and have addressed that you keep track of on all systems xt OS update that a system restore won39t undo 39 Seounty holes you don39t know about that are already on the baokup tapes and on the servets and on usets39 floppy dIsks Burning guestlon how do you know you39ve found all the holes7 that the audIts always validate are there gt Business Continuity Planning corporation to continue by proyiding a plan location equipment resources cornrnunications i i piaii Publish tne disaster recoyery plan distnpute to all participants and store copies ot it at secure welleknown iocations Some ottnese iocations snouid pe ott site Keep tne oi a ter involved inciuding statt at tne oiirsile taciiities o recoyery plan disaster tney knowwhal to do were to go howto get there mat to bring who eise to Contact and seyerai ways to contact tnern I u h a an y i partner s premises in otner part ottne company s taciiities and at otner corporate sites The disaster recovery pian inciudes intorrnation about howto reacn tnese sites vmolo contact there what s stored tnere identity equipment supplies docurnentation and otner resourcestnat Will be needed o a i rnaniiai in disaster recoyery pian ilseli test equipment network equipment sottware and yarious suppiies cables paper Snickers pars etc nduct a test ot tne disaster pian by seiecting one ottne anticipated disasters and actuaiiy executing tne pian Note disasters rnay occur in cornpinations 39 o o 34 35 Monday May 28 2007 36 Security Tools Simple Security Questionnaire 1T0 whom does your rnost senior inrorrnation security person report Telecommunication encryption 4 Does your organization utiiize tne internet ror exchange of irnportant pusiness correspondence or inrorrnation externally 5 D itor internet aotiyities associated Witn your organization tnrougn internai or external services Terminal key locks orlock words 38 Developing the Question naire 1 Start With something Client Information provided up front Use a general questionnaire overleaf 2 Build on technical resources interyiew 39 7 end u technical expertise net admins books and references 7 managers sample wor from oth 39 exec mVeS 3 Develop and enhance information With interVIews Ja mmr a snipping clerk open ended questions no YN replies who what where when why whow use the Risk Analysis table follow newly discovered directions tie up loose ends in a nal meeting make follow up calls to clarify points a receipionis a randorn persons Monday May 28 2007 39 The Security Policy supported at the highest corporate leve 0 Wing document updated distributed read training user feedback Draconian policies cite dismissal for failure to comply I Table of Contents Purpose goals risks auditing Scope who wh ere when why whow Physical Security locks backups classi ation User Educatio roles responsibilities authentication Email Viruses Security Administration managing acc nts Application Security engineenng production accounting monitoring OSN A ministrator Practices cautions for root user Network Security all clientrserver systems network ele t onics Security Enforcement logging reporting enforce Support help desk security desk libr w esc ec ri The p o a alation ction of enterprise assets from unauthorized ntentional or accidental modi cation ment management The Firewall Page 0quot A useful resource 0 Computer Emergency Response Team CERT provides a central coordination point for many security issues 0 httpwwwcertorg 41 4O 42 Monday May 28 2007 INFO 341 Midterm Review Not comprehensive Exam Thursday February em Two pans L Part1 dosed book ciosed ndtes PartZOpen book open notes Queslions cronym amp De nition v Bpianationshort answer TrueFain exp anamon robiems Transmission Media Wires v PCoaXiaiCabie FiberOpIicgiass adio Saleiiiie r Geosynchro usGeostdionary Law Earth Orbit LEO Law Earth OrbitAnays Microwave I inlrared Signaling I Signal Encoding analog wave forms amplitude frequency phase v digital I Signal MultipIeXing implex halfduplex duplex iv time division frequency division multiplexing wave division optical I Signal Loss Attenuation cross talk re ection ambient noise Packets Frames Error I Packet philosophy z Share resource 0 Packet sWitching networks I Frame 0 Header Data I Errordetection z Parity CRC Checksum LANS Network Topology I Point to point connections I Topological Solution 0 Star Ring Bus Tree z Logical topology vs physical topology I Ethernet example of bus I IBM Token Ring amp FDDI example rings Ethernet I Origin history Aloha net DIX I Manchester encoding not a british band I Ethernet frame format addressing types payload I CSMACD Vs CSMACA m binary exponential backoff I BroadcastMulti cast Special Ethernet addresses LAN Wiring amp Hardware I NIC DMA I Wiring L Thicknet lOBase5 AUI BNC connector Thinnet lOBaseZ UTP lOBaseT Cat l CatZ CatS Cat4 Cat5 I DeVices Hubs Repeaters Bridges Switches I Distance Segment limits I Redundancy bridging cycles amp sWitch cycles Distance Connectivity WANS I Connectivity Options amp Speeds 0 T1 T3 0C1 0C3 SONET ISDN DSL Cable Frame Relay ATM X25 I Switched Networks 9 Routers amp routing 9 Hierarchical addressing u Store ampforward Graph Theory I Networks as graphs Graph abstraction nodes amp edges Graph Algorithms a Minimum Spanning Tree 9 Shortest Paths Routing Route Determination I Gateways amp Border protocols u IGP EGP I Route protocols 9 RIP OSPF BGP I Steps to route determination Network Ownership I Public networks I Private networks I Virtual Private Networks VPN I Service Paradigms 0 Connection Oriented Connectionless I Performance Characteristics z Throughput Delay Protocols I Protocols a An end to end agreement I Protocol sultes w A collection of protocols organized I Stacks Layers I Sequenctng retransmlsston flow control acknowledgement congestlon control I Slldlng wtndow protocol ISO 7 Layer Model Appllca nn R l vDatallnk Physical ISO Layers more detail mml may mwmmma mg mummy am manuawvga thskalElectmalmmvamn Daween the D32 Yevmlnal zmmm mm am can cmnmmm zmmm may and mm mm swab w L M By New momma a W mam m magth menth m m relahan m m mm m me m m maneng ms lewl M cancel Wen mm m a e m and m 622 n mmquot quota wrymlrstauvlwstemevmnams mm um net mm tchl y u mam between mummy quotemu r l n u x mmwmm 533m Dyer vvw esmechansmsiuvanmgamze meanstmachang ala between was such smmnmsaammn anemanetvammss checkwmlvmmmesam resynchmnmunawaev m m Pmnhtmn Dyer lawman my mwwmmmwmwnmm vmmneameans mawmemgmawa macmrva maman mama mhmalevmatu ttva 92mm macmrm a memmmantvamie m aamthendmethsmmtt an awmpmemm the mmquot macmne mmquot Dyer my 5 unnamed mm the semantwsu tha am saw was swam manaEEmEM we transev mam mall manual data Mme aka suvwnsme wmal tevmmalam mmal we NHDEVIS mamwsmmwwt Other Layered Models Data Flow Anpllcatmn beatnik 39 NetwmkAmr 39 Physical Physical IBM SNA DECnet Internet Reference Model lnternetworking amp TCPIP I Universal Senice 3 Connect dlfferent heterogeneous networks 0 Create a Vlrtuallabstract network that works the same everywhere I TCPIP 7 Hlstory orlglns layer model 0 Hosts IP Internet Protocol I IP Addresses Address classes blt relatlonshlps Dotted dectmal notatlon dotted quad Classful and classless addressan Subnet masks CIDR Speclal Addresses A DHCP BOOTP for settlng addresses 0 u u on Subnetting amp Masks I Assume your organization is given a class B address 64100xx i What is the subnet mask for this address 7 Suppose you want to break this up into 8 networks of approXimately equal size what su net mask would you give to the local administrators lP ARP amp Datagrams I ARP I Connection Oriented amp 39 39 I Datagram delivery 39 Next hop delivery Best effort delivery I IP Encapsulation r Enveloping I Segmentation amp Reassembly Top 1 I Reliable transport connection oriented 0 Features of TCP senice Flow control sliding Windows 9 Three way handshake 9 Congestion control Network OS I Bnef Htstory of NOS H39 tory Netware WinNT WinZK Linux I Cltent Sener vs Peer to Peer I Essenttal NOS sentoes PrinterS rin User amp Group permissionsaccess control Accounting management Sockets Network Programming I Youjustsawthis
Are you sure you want to buy this material for
You're already Subscribed!
Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'