Network Security (II)

Network Security (II)

授課老師 : 鄭伯炤Office: Dept. of Communication Rm #112Tel: X33512Email: [email protected]

Network Security ClassNational Chung Cheng University

2

Network Compromise & Denial of Service

Internet

Intranet

Extranet

74%

Authentication: Password Crackers

Poor Service Configuration: e.g., DNS, Mail, FTP and Web

Protocol Weakness: ARP, ICMP

Application hole

Backdoors

Physical Access

Remote Access12%

Internal System33%

Out-of-Bounds Attack:e.g., Ping of Death and IP fragment attack

Host Resource Starvation:e.g., SYN flood

DDoS: Client Handler Agent Victime.g., Trinoo and Tribe Flood Network

Bandwidth Consumption:e.g., SMURF and Fraggle

Hackers Beware Author: Eric Cole; ISBN 0735710090


3

Unsolicited Commercial E-mail (UCE) — Junk e-mail usually annoying but harmless commercial advertising.

But … Spread a computer virus Dangerous when it is a fraud. Illegal when a chain letter involves the U.S. Postal Service

IDC predicts that a growing glut of spam daily volume of e-mail from 31 billion messages 2002 to 60 billion

in 2006.

寄信者為了不被抓到都會使用假的 E-mail address 及利用其它單位的 mail server 作為 relay 來送信。

Mail spam


4

History of Spam

Nothing with Hormel product, SPAM (SPiced hAM). Monty Python's sketch:

A restaurant that serves SPAM with every meal. A particular customer tries to order a meal without SPAM. A side table of SPAM-loving Vikings

When they hear the word SPAM they would joyously sing a song about their love for SPAM.

The song quietly started of with the words, " SPAM, SPAM, SPAM, SPAM, SPAM..." The Vikings would sing the song, rising in volume and drowning out other conversations.

During the 2.5 minute sketch, the word SPAM would be used more than 100 times.

The analogy of unwanted messages drowning out normal Internet communications.

http://notebook.ifas.ufl.edu/spam/


5

React to Mail spam

台灣大學 [email protected]政治大學 [email protected]中央大學 [email protected]交通大學 [email protected]中興大學 [email protected]中正大學 [email protected]成功大學 [email protected]中山大學 [email protected]花蓮師院 [email protected]東華大學 [email protected]台東師院 [email protected]

各區網中心處理檢舉 Spam Mail 信箱

Source: http://140.111.1.22/tanet/spam.html

•當教育部收到國內外的抗議信件時會將信件轉給十二個區域網路中心的管理者或相關人員處理，並限制該主機連接學術網路骨幹。 •在得到 mail server 管理者處理並改善的回信後，再行解除限制， ( 依據台灣學術網路技術小組第五十三次會議記錄 ) 。


6

毒 ! 毒 ! 毒 !

發生年份病毒名稱歷史意義損失金額（以美金計算）

感染電腦數目（與產能損失）

Blast 電腦受攻擊數目：

疾風病毒 100 ( )超過萬截至目前為止

電腦受攻擊數目：

100超過萬

2002Klez求職信首個歷經一年的變種病毒，依然造成全球大感染。

90 億美金 600電腦受攻擊數目：萬

Code Red 100電腦受攻擊數目：萬

紅色警戒 11清除病毒花費：億

2001Nimda 娜妲首個利用多重途徑途徑癱瘓網路的駭客型病毒，包含：電子

IIS 郵件、伺服器、網上鄰居。6.35 億美金電腦受攻擊數目：超過800萬

2001首個駭客型病毒，因不斷搜尋IIS Server 而導致網路交通異常

26.2 億美金

統計中

2003SQL SlammerSQL警戒

SQL 首個攻擊伺服器的病毒 10 億美金

2003首個利用公佈不到一個月的微軟漏洞犯案的病毒

http://www.trendmicro.com/tw/about/news/pr/archive/2003/pr030827.htm


7

惡性程式（ Malicious Code ）

『惡性程式』則泛指所有不懷好意的程式碼，包括電腦病毒 (Viruses) 、特洛伊木馬程式 (Trojan) 、電腦蠕蟲 (Worm) 。

*Analysis by Symantec Security Response using data from Symantec Security Response, IDC, & ICSA; 2002 estimated**Source: CERT


8

What Is Viruses ( 電腦病毒 )?

A hidden, self-replicating section of computer software, usually malicious logic, that propagates by infecting--i.e., inserting a copy of itself into and becoming part of--another program (RFC 2828).

A virus cannot run by itself; it requires that its host program be run to make the virus active.

When does it bomb? 這就和病毒的寫作者如何設計程式有關，並不屬於電腦病毒的特

性。 “PETER-2”: 在每年 2 月 27 日會提 3 個問题，答錯則將 HD 加密。

“黑色星期五”在逢 13 日的星期五發作


9

What Is Trojan Horse ( 特洛伊木馬程 )?

A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program.

特洛伊木馬程式就不像電腦病毒一樣會感染其他檔案

特洛伊木馬程式通常都會以一些特殊管道進入使用者的電腦系統中 Back Orifice 及 SubSeven 便是特洛伊木馬程式案例


10

What Is Worm ( 電腦蠕蟲 )?

A computer program that can run independently, can propagate a complete working version of itself onto other hosts on a network, and may consume computer resources destructively.

但『本尊』會複制出很多『分身』，就像西遊記中的孫悟空一樣，拔幾根毛就可以複制出幾個分身，然後像蠕蟲般在電腦網路中爬行，從一台電腦爬到另外一台電腦

最常用的方法是透過區域網路（ LAN ）、網際網路（ Internet ）或是 E-mail 來散佈自己。著名的電腦蠕蟲『 VBS_LOVELETTER 』就是一個例子。


11

Viruses, Worm and Trojan Horse

電腦病毒特洛伊木馬程式電腦蠕蟲感染其他檔案 O X X

被動散播自己 O O X

主動散播自己 X X O

造成程式增加數目

一般隨電腦使用率提高，受染感檔案數目則增加

不增加

視網路連結狀況而定，連結範圍愈廣，散佈的數目多

破壞能力視寫作者而定視寫作者而定 X

對企業的影響性中低高

Source: http://www.trendmicro.com/tw/security/general/guide/overview/guide01.htm


12

Security Management

ISO/IEC7799-1:2000 (Part 1) a standard code of practice and can be regarded as a comprehensive

catalogue of good security things to do. BS7799-2:2002 (Part 2)

a standard specification for an Information Security Management Systems (ISMS).

Senior Management monitor and control their security, minimizing the residual business risk and ensuring that security continues to fulfill corporate, customer and legal requirements.

Scope, ISMS Policy, Risk assessment, Risk management/Risk treatment, Select control objectives and controls, Statement of Applicability (SOA), Risk Treatment Plan

http://www.fisc.com.tw/news/MAZ/30/p4a.asp

http://www.gammassl.co.uk/bs7799/works.html

Documents

Network Security (II)