Tip:
Highlight text to annotate it
X
When we read about computer networks in the newspaper, it’s often because they have
been attacked or compromised. Almost every week we read about hackers breaking in and
walking off with millions of credit card numbers and other private data, perhaps following
a phishing attack or by exploiting some other vulnerability to access a supposedly private
network. Or we read about a new worm that Is designed to take over computers turning
them into botnets, such as the infamous Code Red and Slammer worms of the early 2000s.
Botnets are armies of infected computers, controlled by a master, that are commonly
used to send SPAM. While SPAM levels appear to be dropping slightly, reports suggest that
between 75% and 95% of emails sent every day are SPAM, adding up to hundreds of millions
of emails per day. Worms are also sent by one government to attack another. For example
when the 2010 Stuxnet worm – which is widely believed to have been created by the US and
Israel - to attack centrifuges used for processing nuclear material in Iran.
In this video we’ll look at some of the ways a network can be compromised by an attacker,
and I’ll explain the security characteristics we want from a network.
Let’s start by exploring the different ways a communication can be compromised.
The first and simplest method is for an attacker to Eavesdrop on someone’s else’s private
communication . This means passively sniffing and recording network data. Or it could mean
listening to the metadata, such as noting that a connection has been made, without necessarily
recording the data in the connection. Connection metadata was made infamous recently when the
NSA acknowledged recording information about calls and connections made, without – suuposedly
- recording the contents.
There are many ways to tap a network. For example, at the physical layer an attacker
might passively tap an electrical or optical cable. Or – as you have seen before – we
can listen-in to WiFi because the packets are broadcast for everyone to hear. A third
way is for an attacker to persuade a router to duplicate and forward copies of packets.
In each case, the attacker can use standard tools such as wireshark to decode the protocols
and understand the user’s data.
A second type of compromise is when an attacker modifies, deletes or inserts data as it passes
through the network. In other words, they are actively tampering with our data by Changing
the contents of the packets, redirecting packets to a different, rogue server without us knowing,
or taking over control of our end host. This might happen by persuading us to download
malware based on a phishing attack, or by exploiting a vulnerability in our computer
or the way we communicate. For example, later, we’ll see how it is possible to hijack an
ongoing TCP connection without either end knowing.
Finally, an attacker might just want to prevent us from communicating. This kind of attack
is usually called a denial of service attack. Sometimes these attacks are performed by swamping
servers or entire networks by generating billions of messages from different botnets spread
around the Internet. We’ll learn more about Denial of Service attacks in a later video.
Let’s take a look at an example.
Imagine that Alice is making a purchase online from an e-commerce site. She is using her
laptop, connected to her local WiFi access point, then over the Internet to Amazon.com.
She browses the site and makes her credit-card purchase using vanilla http. Unfortunately,
what she doesn’t know is the bad guy Attacker is listening in to what she is doing.
There are a few ways the Attacker can eavesdrop. For example, by simply listening or sniffing
the WiFi packets broadcast into the air. Anyone with a laptop and the Wireshark tool can listen
to packets in the air and – if they are not encrypted – decode their contents. Alternatively,
the attacker can eavesdrop on the physical wire, by placing a passive detector to pick
up small electromagnetic signals that leak from the cable. Or the attacker might insert
an electrical connection onto the wire. If the attacker is eavesdropping on a long haul
link in the Internet backbone, they are more likely to be tapping into an optical fiber.
This can be done by placing a device called an optical coupler which diverts a small fraction
of the optical signal onto a second optical fiber which can then be listened to and decoded.
An attacker without physical access might manage to subvert the switches and routers
along the path, tricking one of them into duplicating data and forwarding it to the
attacker’s computer. This can be done by remotely subverting Ethernet, IP or DNS traffic.
We’ll see examples of all three later. Or the attacker might manage to break into the
router console and take over the router completely.
In our example, if the attacker successfully eavesdrops on the clear http communication,
he or she can learn Alice’s private data, such as her credit card number and her home
address. In a later video we’ll learn more about
https prevents this from happening in practice.
If the attacker is able to insert herself into the middle of the communication, between
Alice and Amazon.com, then the Attacker can terminate the http connection in the middle,
pretending to be Amazon to Alice, and pretending to be Alice to Amazon. The Attacker could
simply pass through the data, recording it without changing it. Or the Attacker could
alter the data, for example to modify the shipping address, causing the purchased items
to be delivered to the Attacker instead of Alice. So called Man in the Middle attacks
are very hard to detect, because both parties can think they are talking to a legitimate
end host.
A third line of attack is to redirect the traffic away from the server without Alice
realizing that she is not actually talking to Amazon. If the Attacker is able to fool
a router to forward packets destined to Amazon.com to the Attacker instead, then the Attacker
can respond and pretend to be Amazon. Or the Attacker might fool Alice’s DNS server into
returning the Attacker’s IP adddress when Alice is trying to lookup Amazon’s IP address.
In each case, Alice can be forced to browse the Attacker’s website and be encouraged
to enter her credit card information.
Clearly Alice is not happy and would like her communication to be more secure. In general,
when we say we want secure communications over the Internet we are saying that we want:
Secrecy/confidentiality: We don’t want anyone to listen-in to our communication. For this,
we use encryption and we will describe how it works in one of the upcoming videos.
Integrity – We don’t want our messages to be altered in transit. The most common
way to prove that a message has not been tampered with is to attach what is called a message
authentication code, or MAC. MACs are based on encryption as well, coupled with calculating
a hash over the transmitted message. WE’ll study message authentication codes in an upcoming
video. Authentication – We often want to confirm
the identity of the other party we are communicating with. In our example, Alice wants to know
that she is really talking to Amazon – who she trusts – before entering her credit
card details. In a later video we will study digital signatures and certificates that help
us ensure that we are really communicating with who we think we are.
Finally, we want: Uninterrupted communication – We don’t want someone to prevent us
from communicating. You may have heard of denial of service attacks where an attacker
floods a network or a set of servers to prevent them from working properly. We will study
denial of service attacks shortly.
And so in the next few videos we will study different types of attack
Eavesdropping. Redirecting Ethernet, IP and DNS traffic.
Hijacking a running TCP connection. Denial of service.