文档详细内容(约124页)
Network stack Phishing attacks, usabilit people email, Web, NFS Sendmail, FTP, NFS bugs, chosen application protocol and version-rollback attack RPC session RPC worms, portmapper exploits TCP SYN flooding, RIP attacks, transport sequence number prediction network P smurfing and other address spoofing attacks 80211 data link WEP attacks RF ohysical RF fingerprinting, DoS Only as secure as the single weakest layer or interconnection between the layers 2021/2/3 11
Network Stack 2021/2/3 11 people application session transport network data link physical IP TCP email, Web, NFS RPC 802.11 Sendmail, FTP, NFS bugs, chosenprotocol and version-rollback attacks SYN flooding, RIP attacks, sequence number prediction IP smurfing and other address spoofing attacks RPC worms, portmapper exploits WEP attacks Only as secure as the single weakest layer… … or interconnection between the layers RF RF fingerprinting, DoS Phishing attacks, usability
Network Defenses People Password managers End uses company policies Systems Implementations Firewalls. intrusion detection Blueprints Protocols and policies TLS.IPsec. access control Building blocks Cryptographic primitives RSA, DSS SHA-1 2021/2/3 12
Network Defenses 2021/2/3 12 Cryptographic primitives Protocols and policies Implementations Building blocks Blueprints Systems RSA, DSS, SHA-1… TLS, IPsec, access control… Firewalls, intrusion detection… End uses People Password managers, company policies…
Correctness versus Security System correctness. system satisfies specification For reasonable input, get reasonable output System security system properties preserved in face of attack For unreasonable input, output not completely disastrous Main difference: active interference from adversary 2021/2/3 3
Correctness versus Security System correctness: system satisfies specification For reasonable input, get reasonable output System security: system properties preserved in face of attack For unreasonable input, output not completely disastrous Main difference: active interference from adversary 2021/2/3 13
Bad News Security often not a primary consideration Performance and usability take precedence Feature-rich systems may be poorly understood Implementations are buggy Buffer overflows are the "vulnera bility of the decade Cross-site scripting and other Web attacks 2021/2/3 14
Bad News Security often not a primary consideration Performance and usability take precedence Feature-rich systems may be poorly understood Implementations are buggy Buffer overflows are the “vulnerability of the decade” Cross-site scripting and other Web attacks 2021/2/3 14
Bad News Networks are more open and accessible than ever Increased exposure, easier to cover tracks Many attacks are not even technical in nature Phishing, impersonation, etc 2021/2/3 15
Bad News Networks are more open and accessible than ever Increased exposure, easier to cover tracks Many attacks are not even technical in nature Phishing, impersonation, etc. 2021/2/3 15
