Today's lesson discus network security threats on a security departments. Combination of low-cost powerful computing and high-performance networks is a two-edged sword, while new services and application are enabled. Computer systems and network become highly susceptible to a wide variety of security threats. In particular, the internet and TCP/IP protocols were designed for openness and intrusiveness, but they expose security concerns as well. Network security involves countermeasures to protect computer systems from intruders. Typical measures include firewalls, security protocols, security practices and so on. Public packet switching networks, such as the Internet traditionally hundreds of things are secure in sense of providing high level of security for the information that is transmitted. And these networks are increasingly used for commercial transactions. They're need to provide security become critical. Let's bravely reveal several representative threats. What is eavesdropping? Information transmitted over network is not secure, and can be observed and recorded by eavesdroppers. For example, using a packet sniffer, information can be replayed in attempts to access server. Client imposters attempt to gain unauthorized access to the server. So to access bank account or database of personal records. For example, in IP spoofing, an imposter sends packets with false source IP address. Our server imposter impersonates a legitimate server to gain sensitive information from a client. We have witnessed many denial of service attacks, including distributed denial of service attacks. In those scenarios an attack can flood a server with requests overloading the server resources so as to result in denial of service to legitimate clients. Distributed denial of service attack on a server involves coordinated attack from multiple, usually hijacked, computers. TCP SYN Flood is a type of distributed denial-of-service, that exploits parts of the normal TCP three-way handshake, to consume resources on a targeted server and render it unresponsive. Essentially, we're seeing Flood DDoS. The offender sends TCP connection request faster than the target in the machine can process, causing network saturation. Procedure cause a TCP streetway, hind-shaped procedure, as shown in the left figure. In a SYN Flood attack, and shown in the right figure, the attacker sends a repeated same packet to every port on the targeted server over using a fake IP address. The server unaware of the attack receive multiple apparently legitimate requests to establish a communication in response to each attempt with the same ACK packet from each open port. The attacker doesn't send the expected ACK or if the IP address is spoofed, never receive a SYN ACK in the first place. The server under attack will wait for acknowledgement of it's SYN to ACK packet for some time. During this time, the server cannot cross bounds a connection by sending an RST packet and the connection stays open. Before the connection can time out, another SYN packet will arrive. This leaves an increasingly larger number of connections half open. And indeed SYN flood attacks are also referred to as half open attacks. Eventually, as the server connection overflow table fill. Server to legitimate clients, will be denied and the server may even not function or crash. While the classic SYN flood described above tries to exhaust network parts. SYN packets can also be used DDOS attacks that try to clog your pipes with fake packets to achieve network saturation. The type of packet is not important. Still, SYN packets are often used because they are the least likely to be rejected by default. An imposter manages to place itself as a man in the middle, convincing the server that it is the legitimate client and the legitimate client that it is the legitimate server. A client becomes infected with malicious code. For example, when opening attachments in email message, or executing code from bulletin boards or other sources. Virus is code that when executed, inserts itself in other programs. Worms is a code that install copies of themselves in other machines attached to the network. There are many variations of malicious code. These threats give rise to one or more of the following security requirements for information that is transmitted over a network. Privacy, the information should be readable only by the intended recipient. Integrity, the recipient of information should confirm that a message hasn't been altered during transmission. Authentication, it is possible to verify that sender or receiver is who he claims to be. Non-repudiation sender cannot deny having sent a given message and availability of information and service. Counter measures for secure communication channels include encryption, cryptographic checksum and hash authentication and digital signature. Counter measures for securing borders include firewalls, virus checking, intrusion detection, authentication and access control. Interest the readers please take another specialization in network and system security. This concludes today's lesson.
