The document discusses network security, focusing on buffer overflow attacks and their significance in protecting automated information systems. It outlines the phases of a network security attack, including reconnaissance, gaining access, and maintaining access, along with various attack methods. Additionally, it highlights the importance of defensive measures and resources available for learning more about network security.
Overview of network security and its importance. Agenda includes definitions and types of attacks.
Network security protects systems' integrity, availability, and confidentiality. Its interdisciplinary nature emphasizes personal and professional relevance.
Phases of network attacks include reconnaissance, scanning, and gaining access through various methods, focusing on application and OS attacks.
Review of main memory structure and detailed exploration of stack-based buffer overflow attacks.
Discussion on harmful C library functions and methods to find buffer overflow vulnerabilities in code.
Running sample programs illustrating buffer overflow attacks and their outcomes, showcasing exploit mechanics.
Strategies for buffer overflow attacks including fuzzing, payload executions through exploit frameworks like Metasploit.
Graphical and command-line uses of Metasploit. Advantages for attackers and defenders highlighted.
Defensive strategies against buffer overflow attacks and further reading resources, including extensive CVE statistics.
Today’s AgendaWhat isNetwork Security?Why should you care?What is a network security attack?What is a buffer overflow attack?Where can you learn more?All in 30 minutes …
3.
What is NetworkSecurity?Computer SecurityThe protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications)February 2004http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdfNetwork Security Essentials, 4/EWilliam StallingsPrentice Hall, 2011
4.
Why study NetworkSecurity?Multi-disciplinaryComputer science, mathematics, psychology, sociology, politics, ethics, economics, forensics, …New way of thinking: security mind setPreventing undesirable behavior vs. enabling desirable behaviorPersonal relevanceKeeping your personal data & devices safeProfessional relevance
5.
TCSS 431: NetworkSecurityCounter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, 2/EEd SkoudisTom ListonPrentice Hall, 2006Network Security:Private Communication in a Public World, 2/ECharlie KaufmanRadia PerlmanMike SpecinerPrentice Hall, 2002
6.
Today’s Agenda 1. Introduction 2. Networking Overview 3. Linux and UNIX Overview 4. Windows NT/000/XP/00 Overview 5. Phase 1: Reconnaissance 6. Phase 2: Scanning 7. Phase 3: Gaining Access Using Application & OS Attacks Script Kiddie Exploit Trolling Pragmatism for More Sophisticated Attackers Buffer Overflow Exploits Password Attacks Web Application Attacks Exploiting Browser Flaws 8. Phase 4: Gaining Access Using Network Attacks 9. Phase 4: Denial-of-Service Attacks10. Phase 4: Maintaining Access: Trojans, Backdoors& Rootkits11. Phase 5: Covering Tracks & Hiding12. Putting It All Together: Anatomy of an Attack13. The Future, References & ConclusionsCounter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, 2/ESkoudis & ListonPrentice Hall, 2006
7.
Anatomy of anAttackReconnaissance“casing the joint”Discovery of physical & online sensitive informationNames, contact info (phone, email), IP addressesSocial engineering, dumpster diving, GoogleScanning“trying doorknobs & windows”Search for openings, network topology, OS type(s)Wireless access points, TCP ports, routers, gatewaysInventory of target system & possible vulnerabilitiesGaining access“breaking in”Application & OS attacks (Chapter 7)Stack-based & Heap-based Buffer Overflow Attacks
9.
Brief review ofMain MemoryDataDataHeapStackCodeStackHeapCodeuser view of memorylogical memory spaceEach page is only a piece of memory but has no meaning.
C library functionsconsidered harmfulFrank Rubin. (March 1987)Communications of the ACM 30 (3): 195–196. Donald Moore, Chuck Musciano, Michael J. Liebhaber, Steven F. Lott and Lee Starr.(May 1987)Communications of the ACM 30 (5): 351–355. http://en.wikipedia.org/wiki/Considered_harmful
25.
Finding stack-based bufferoverflow vulnerabilitiesExamine source code (if available)Use debugger on executableto find exploitable libraryApply brute forceInundate application with input dataExamine stack traces after crashesBut what would you input … & what would you look for?
Strategy & Structureof a “Sploit”“Fuzzing”Repeated input patternsAAAA… (“A” = 0x41)ABCDEFG…DEF1, DEF2, DEF3, …NOP (No Operation)0x90 on x86Also:Add 0Multiply by 1Jump to next instruction…NOP sled
Script Kiddies &Exploit CollectionsAttacks (exploits) are widely availableFrench Security Response Team (FrSIRT)http://www.vupen.com/english/“Only available to trusted organizations”Packet Storm Securityhttp://packetstormsecurity.org/Security Focus Bugtraq Archiveshttp://www.securityfocus.com/bidMetasploit Projecthttp://www.metasploit.comLittle or no knowledge required