Professional Documents
Culture Documents
3) Infrastructure Level Threats and Vulnerabilities
3) Infrastructure Level Threats and Vulnerabilities
System Security
Dr. E.Silambarasan
Assistant Professor
Department of CSE - Cyber Security
Indian Institute of Information Technology, Kottayam
Module 1
• Introduction- Background, Distributed Systems, Distributed Systems Security,
Common Security
Issues and Technologies
• Host-Level Threats and Vulnerabilities- Background, Malware, Eavesdropping, Job
Faults, Resource
Starvation, Privilege Escalation, Injection Attacks.
• The networking infrastructure has seen huge growth over the last few years,
especially with the advent of
wireless technologies.
• The importance of securing the network has grown rapidly in recent years due to
the series of attacks that
shut down some of the world’s most high-profile Web sites, like Yahoo! and Amazon.
• Securing the networking infrastructure is clearly the need of the hour and
different components of the
networking infrastructure, like the routers, servers, wireless devices, and so on,
need to be protected for
sustained IT security.
Infrastructure Level Threats and Vulnerabilities
Network Level Threats and Vulnerabilities:
• Denial-of-Service attack
• One of the most dangerous network-level threats is the denial-of-service (DoS)
attack. These attacks have
a simple objective, to deny service to the service consumers.
• In DoS attacks, the packets are routed correctly but the destination and the
network become the targets of
the attackers.
• DoS attacks are very easy to generate and are very difficult to detect, and hence
they are attractive
weapons for hackers.
• In a typical DoS attack, the attacker node spoofs its IP address and uses
multiple intermediate nodes to
overwhelm other nodes with traffic.
• DoS attacks are typically used to take important servers out of action for a few
hours, resulting in DoS for
all users. They can also be used to disrupt the services of the intermediate
routers.
• Generally, DoS attacks can be categorized into two main types: (i) ordinary and
(ii) distributed.
• In an ordinary network-based DoS attack, an attacker uses a tool to send packets
to the target system.
• These packets are designed to disable or overwhelm the target system, often
forcing a reboot.
• Often, the source address of these packets is spoofed, making it difficult to
locate the real source of the
attack.
• In the distributed denial-of-service (DDoS) attack, there might still be a single
attacker, but the effect of
the attack is greatly multiplied by the use of attack servers known as ‘agents’.
Infrastructure Level Threats and Vulnerabilities
Network Level Threats and Vulnerabilities:
• Distributed Denial-of-Service (DDoS) attack
• One of the deadliest forms of DoS attack is when the attackers are distributed in
nature. Such an
attack is called a DDoS attack.
• According to the computer incident advisory capability (CIAC), the first DDoS
attacks occurred in
the summer of 1999. In February 2000, one of the first major DDoS attacks was waged
against
yahoo.com.
• Another DDoS attack occurred on October 20, 2002 against the 13 root servers that
provide the
domain name system (DNS) service to Internet users around the world.
• Most of these attacks target a particular network protocol, like the Transfer
Control Protocol
(TCP), User Datagram Protocol (UDP), and so on.
• SYN Flood attack
• The most popular DDoS attack is the synchronize (SYN) flood attack.
• This type of attack targets the TCP to create service denial.
• The TCP protocol includes a three-way handshake between the sender and the
receiver before
data packets are sent.
Infrastructure Level Threats and Vulnerabilities
Network Level Threats and Vulnerabilities:
• Distributed Denial-of-Service (DDoS) attack
• SYN Flood attack
• The attacker instructs the zombies (systems previously compromised by the
attacker for this
purpose) to send bogus TCP SYN requests to a victim server in order to tie up the
server’s
processor resources, and hence prevent the server from responding to legitimate
requests.
•
PUSH+ACK attacks
• The attacker again uses the properties of the TCP protocol to target victims.
• In the TCP protocol, packets that are sent to a destination are buffered within
the TCP stack and
when the stack is full, the packets get sent on to the receiving system.
• However, the sender can request the receiving system to unload the contents of
the buffer before
the buffer becomes full by sending a packet with the PUSH bit set to one.
• PUSH is a one-bit flag within the TCP header.
• The TCP stores incoming data in large blocks for passage onto the receiving
system in order to
minimize the processing overhead required by the receiving system each time it must
unload a
nonempty buffer.
Infrastructure Level Threats and Vulnerabilities
Network Level Threats and Vulnerabilities:
• Distributed Denial-of-Service (DDoS) attack
• Smurf attacks:
• The attacker sends packets to a network amplifier (a system supporting broadcast
addressing),
with the return address spoofed to the victim’s IP address.
• The attacking packets are typically ICMP ECHO REQUESTs, which are packets
(similar to a ‘ping’)
that request the receiver to generate an ICMP ECHO REPLY packet.
• The amplifier sends the ICMP ECHO REQUEST packets to all of the systems within
the broadcast
address range, and each of these systems will return an ICMP ECHO REPLY to the
target victim’s IP
address.
• This type of attack amplifies the original packet tens or hundreds of times.
Infrastructure Level Threats and Vulnerabilities
Network Level Threats and Vulnerabilities:
• DNS attack
• The DNS is a distributed, hierarchical, global directory that translates
machine/domain names to
numeric IP addresses.
• Due to its ability to map human memorable names to numerical addresses, its
distributed nature
and its robustness, the DNS has evolved into a critical component of the Internet.
• Therefore, an attack on the DNS infrastructure has the potential to affect a
large portion of the
Internet.
• Attacks of this type have illustrated the lack of authenticity and integrity of
the data held within the
DNS, as well as in the protocols that use host names as an access control
mechanism.
• Impact of Hacking:
•
DoS
Masquerading
Information leakage
Domain hijacking
Infrastructure Level Threats and Vulnerabilities
Network Level Threats and Vulnerabilities:
• DNS attack
• Types of Hacking
• Cache poisoning
• If a DNS server is made to cache bogus information, the attacker can redirect
traffic intended
for a legitimate site to a site under the attacker’s control.
• Server compromising
•
Attackers can compromise a DNS server, thus giving them the ability to modify the
data
served to the users – Cache poisoning or DoS attack on some other server.
• Spoofing
•
Attacker masquerades as a DNS server and feeds the client wrong and/or potentially
malicious information.
Infrastructure Level Threats and Vulnerabilities
Network Level Threats and Vulnerabilities:
• Routing attack
• Routing tables are used to route packets over any network, especially the
Internet.
• Routing protocols like distance vector, link state, and path vector protocols
have been designed to
create routing tables through the exchange of routing packets.
• Routing table ‘poisoning’ is a type of attack on the routing protocols where the
routing updates are
maliciously modified, resulting in the creation of incorrect routing tables.
• Impacts of Routing Table poisoning
• Suboptimal routing:
• With the emergence of the Internet as a means of supporting soft real-time
applications,
optimality in routing assumes significant importance.
• Routing table poisoning attacks can result in suboptimal routing, which can
affect real-time
applications.
• Similarly in Grid – QoS Violation
Infrastructure Level Threats and Vulnerabilities
Network Level Threats and Vulnerabilities:
• Routing attack
• Impacts of Routing Table poisoning
• Congestion:
• Routing table poisoning can lead to artificial congestion if packets are
forwarded to only certain
portions of the network.
• Partition
• This can become a significant problem since hosts residing in one partition will
be unable to
communicate with hosts residing in another
• Overwhelmed host:
• If a router sends updates that result in the concentration of packets into one or
more selected
servers, the servers can be taken out of service because of the huge amounts of
traffic.
• Looping:
• The creation of triangle routing, caused due to packet mistreatment attacks, can
also be simulated
through improper updates of the routing table.
• Loops thus formed may result in packets getting dropped and hence in lowering of
the overall
network throughput.
• Access to data
• Attackers may gain illegal access to data through the routing table poisoning
attack. This may lead to
the attackers snooping packets.
Infrastructure Level Threats and Vulnerabilities
Network Level Threats and Vulnerabilities:
• Routing attack
• Different routing protocols
• Distance vector:
• The nodes in the network create a vector of the shortest path distances to all
the other nodes in
the network.
• This distance vector information is exchanged between the nodes.
• After receiving the distance vector information from its neighbors, each node
calculates its own
distance vector.
• No node has the full topology information and each depends on its neighbors for
creating its
routing tables.
• The count-to-infinity problem, can result from not having the full topology
information.
• Example: Routing Information Protocol (RIP)
Infrastructure Level Threats and Vulnerabilities
Network Level Threats and Vulnerabilities:
• Routing attack
• Different routing protocols
• Link State:
• Each node sends its connectivity information to all the other nodes in the
network.
• Based on the information received from the other nodes, each node computes the
shortest
path tree by applying the Bellman-Ford algorithm.
• As a result, link state protocols are inherently robust.
• Example: Open Shortest Path Forwarding (OSPF)
• Path Vector:
• Each node sends the full shortest path information of all the nodes in the
network to its
neighbors.
• Example: Border Gateway Protocol(BGP)
Infrastructure Level Threats and Vulnerabilities
Network Level Threats and Vulnerabilities:
• Routing attack
•
Routing table poisoning can be broadly categorized into (i) link and (ii) router
attacks.
• Routers can send wrong and potentially dangerous updates regarding any nodes in
the
network since the nodes do not have the full network topology.
• If a malicious router creates a wrong distance vector and sends it to all its
neighbors, the
neighbors accept the update since there is no way to validate it.
Network technologies are slowly moving in the wireless direction as more and more
transactions
take place using mobile systems.
However, even with the growth of wireless technologies, enterprises are slow in
going fully mobile.
Other than operational issues, security concerns are their primary reason.
Traffic Analysis:
•
One of the simplest attacks that can be employed against a wireless network is to
analyze the
traffic in terms of the number and size of the packets transmitted.
This attack is very difficult to detect as the attacker is in promiscuous mode and
Also, the attacker may be able to obtain information about the type of protocol
used.
Infrastructure Level Threats and Vulnerabilities
Network Level Threats and Vulnerabilities:
• Wireless Security Vulnerabilities
• Eavesdropping:
• The attacker is assumed to be passive, getting information about the data
transmitting
• through the wireless channel.
• In addition to the payload, source, and destination information can be obtained,
which can be used
for spoofing attacks.
• Spoofing:
• The attacker changes the destination IP address of the packet to the IP address
of a host they control.
In the case of a modified packet, the authentic receiving node will request a
resend of the packet and
so the attack will not be apparent.
• Another approach is to resend the packet with the modified header. Since the
receiver judges
whether a packet is valid, the resend should not cause any response from the access
point or access
controller, which kindly decrypts the packet before sending it to the attack
receiver, thus violating
the confidentiality of the communication.
• The attacker can inject known traffic into the network in order to decrypt future
packets in the
wireless network. This type of attack can be useful in detecting the session key of
the communicating
parties.
• Stricter measures of encryption like changing the session keys and using stronger
security protocols
are needed to prevent this attack from taking place.
Infrastructure Level Threats and Vulnerabilities
Network Level Threats and Vulnerabilities:
• Wireless Security Vulnerabilities
•
Unauthorized access:
•
The attacker can launch additional attacks or just enjoy free network use.
Due to the physical properties of WLANs, the attacker will always have access to
the wireless
component of the network.
In some wireless security architectures, this will also grant the attacker access
to the wired
component of the network.
In other architectures, the attacker must use some technique like MAC address
spoofing to gain
access to the wired component
Replay attack
•
Nonce or timestamps are generally used to prevent this type of attack from taking
place.
However, if the attacker is able to selectively modify the contents of the packets,
this type of solution
does not work.
Infrastructure Level Threats and Vulnerabilities
Network Level Threats and Vulnerabilities:
• Wireless Security Vulnerabilities
•
Man-in-the-Middle attack:
•
The attacker can sneak into the middle of the conversation by gaining access to
header information
and spoofing the header information to deceive the recipient.
The attacker sends a forged ARP reply message that changes the mapping of the IP
address to the
given MAC address.
Once the cache has been modified, the attacker can act as a man-in-the-middle
between any two
hosts in the broadcast domain.
The more mechanisms the attacker will have to subvert when re-establishing the
connection with
both the target and the access point.
If encryption is in use, the attacker must also subvert the encryption to either
read or modify the
message contents.
Infrastructure Level Threats and Vulnerabilities
Network Level Threats and Vulnerabilities:
• Wireless Security Vulnerabilities
•
Session Hijacking
•
The attacker takes an authorized and authenticated session away from its proper
owner.
The target knows that it no longer has access to the session but may not be aware
that the
session has been taken over by an attacker.
The target may attribute the session loss to a normal malfunction of the WLAN.
Once a valid session has been owned, the attacker may use the session for whatever
purposes
they want and maintain the session for an extended time.
This attack occurs in real time but can continue long after the victim thinks the
session is over.
To successfully execute session hijacking, the attacker must accomplish two tasks.
Infrastructure Level Threats and Vulnerabilities
Network Level Threats and Vulnerabilities:
• Wireless Security Vulnerabilities
•
Session Hijacking
•
This includes crafting the higher-level packets to maintain the session, using any
persistent
authentication tokens, and employing any protective encryption.
The attacker must stop the target from continuing the session.
The attacker normally will use a sequence of spoofed disassociate packets to keep
the target
out of the session
Infrastructure Level Threats and Vulnerabilities
Grid Computing Threats and Vulnerabilities:
• Recently, the high-computing industries like finance, life sciences, energy,
automobiles, rendering, and
so on have been showing a great amount of interest in the potential of connecting
standalone and silobased clusters into a department and sometimes enterprise-wide
grid system.
• Grid computing is currently in the middle of evolving standards, inheriting and
customizing from those
developed in the high-performance, distributed, and, recently, web-services
communities.
• Due to the lack of consistent and widely-used standards, several enterprises are
concerned about the
implementation of an enterprise-level grid system, though the potential of such a
system is well
understood.
Information Security
•
Unauthorized Access
•
The security protocol should be flexible and scalable to handle all the different
requirements and provide a seamless interface to the user.
Information Security
•
Confidentiality
Similar to the authentication mechanisms, there may be a need to define, store, and
share
security contexts across different entities.
Integrity
•
Grid security mechanisms should include message integrity, which means that any
change made to the messages or documents can be identified by the receiver.
Infrastructure Level Threats and Vulnerabilities
Grid Computing Threats and Vulnerabilities:
• Architecture-related issues
•
Information Security
•
Single Sign-on
In a grid environment, there may be instances where requests have to travel through
multiple security domains.
Delegation Vulnerabilities
•
When dealing with delegation of authority from one entity to another, care should
be
taken so that the authority transferred through delegation is scoped only to the
task(s)
intended and a limited lifetime, to minimize misuse.
Infrastructure Level Threats and Vulnerabilities
Grid Computing Threats and Vulnerabilities:
• Architecture-related issues
•
Authorization
•
It is particularly important for systems where the resources are shared between
multiple
departments or organizations, and department-wide resource usage patterns are
predefined.
Scalability issues - Based on the number of users and amount of grid dynamism
Security issues – Compromise at two levels: User level and System Level
Revocation issues – If the user allows access later come to know he compromised
then
denied to access
QoS Violation -A company may end up losing a lot of money if service level
agreements
(SLAs) are not met. Example: Pizza eater
DoS Attack
Infrastructure Level Threats and Vulnerabilities
Grid Computing Threats and Vulnerabilities:
• Infrastructure-related issues
•
The grid infrastructure consists of the grid nodes and the communication network.
When grids move to the enterprises, several interesting and critical challenges
will be
witnessed.
•
•
Globus is open-source grid software that addresses the most challenging problems in
distributed resource sharing.
Infrastructure Level Threats and Vulnerabilities
Grid Computing Threats and Vulnerabilities:
• Management-related issues
• Credential Management(CM)
• Management of credentials becomes very important in a grid context as there are
multiple
different systems, which require varied credentials to access them.
• CM systems store and manage the credentials for a variety of systems and users
can access them
according to their needs.
• This mandates that the CM system should provide secure transmission of
credentials and secure
storage of credentials, and should cater to different types of systems and
mechanisms.
• Different characteristics that a CM system requires:
• Initiation – Password-based, certificate-based, and so on
• Secure Storage
• Accessibility
• Renewal
• Translation
• Delegation
• Control
• Revocation
Infrastructure Level Threats and Vulnerabilities
Grid Computing Threats and Vulnerabilities:
• Management-related issues
•
Trust Management
•
Trust is a complicated concept, and the ability to generate, understand and build
relationships based on trust varies
from individual to individual, situation to situation, society to society and
environment to environment.
Trust negotiation phase - begins when a new entity or node joins the system.
•
At the heart of the trust negotiation lie the policies and the policy language
acceptable to both parties.
Policy Exchange
Credential exchange
Trust computation
Trust distribution
•
Trust storage
Trust update