Benson Wu, 20051 Research Roadmap on network security: from practical firewall to anti-spam/spyware...
-
Upload
jasper-may -
Category
Documents
-
view
223 -
download
0
Transcript of Benson Wu, 20051 Research Roadmap on network security: from practical firewall to anti-spam/spyware...
![Page 1: Benson Wu, 20051 Research Roadmap on network security: from practical firewall to anti-spam/spyware PhD Candidate: Ming-Wei (Benson) Wu, 吳明蔚 Dept. of Electrical.](https://reader035.fdocument.pub/reader035/viewer/2022062408/56649de35503460f94ada6f0/html5/thumbnails/1.jpg)
Benson Wu, 2005 1
Research Roadmap on network security:
from practical firewall to anti-spam/spyware
PhD Candidate: Ming-Wei (Benson) Wu, 吳明蔚Dept. of Electrical Engineering
National Taiwan University
http://www.ee.ntu.edu.tw/~benson
![Page 2: Benson Wu, 20051 Research Roadmap on network security: from practical firewall to anti-spam/spyware PhD Candidate: Ming-Wei (Benson) Wu, 吳明蔚 Dept. of Electrical.](https://reader035.fdocument.pub/reader035/viewer/2022062408/56649de35503460f94ada6f0/html5/thumbnails/2.jpg)
Benson Wu, 2005 2
Questions to Answer
Changes in Security Perimeter Depth Granularity
Case studies Anti-spyware
Conclusions
What have I done? Brief background Research
What does Internet Security look like today?
Changes in Internet users and applications
Changes in Threat Legacy security measures
![Page 3: Benson Wu, 20051 Research Roadmap on network security: from practical firewall to anti-spam/spyware PhD Candidate: Ming-Wei (Benson) Wu, 吳明蔚 Dept. of Electrical.](https://reader035.fdocument.pub/reader035/viewer/2022062408/56649de35503460f94ada6f0/html5/thumbnails/3.jpg)
Benson Wu, 2005 3
Leadership Implementation
Brief Background
工研院交大網路測試中心Network Benchmarking Lab
交大資科高速網路實驗室High Speed Network Lab
利基網路L7 Networks
資訊工業策進會Information Industry
Institution
台大電機分散式網路實驗室Dependable and
Distributed Network Lab
台網資訊中心台灣新世代網路菁英
TaiWan Internet Next Generation
2000~20032000~2003
2003~20052003~2005Domain knowledge
Discipline
馬尼拉美國學校ISM
1992~19961992~1996English
![Page 4: Benson Wu, 20051 Research Roadmap on network security: from practical firewall to anti-spam/spyware PhD Candidate: Ming-Wei (Benson) Wu, 吳明蔚 Dept. of Electrical.](https://reader035.fdocument.pub/reader035/viewer/2022062408/56649de35503460f94ada6f0/html5/thumbnails/4.jpg)
Benson Wu, 2005 4
Research
Connectivity
P2P GatewayWeb ServicesDigital Home
Security
Security GatewayBenchmarking XML FirewallAnti-spyware
Anti-spam
Public interests…
Open Source Dev.Textbook writingMag. article writing
![Page 5: Benson Wu, 20051 Research Roadmap on network security: from practical firewall to anti-spam/spyware PhD Candidate: Ming-Wei (Benson) Wu, 吳明蔚 Dept. of Electrical.](https://reader035.fdocument.pub/reader035/viewer/2022062408/56649de35503460f94ada6f0/html5/thumbnails/5.jpg)
Benson Wu, 2005 5
Internet Evolution
Changes in Networking Technologies Changes in Internet Users and Internet
Applications Changes in Security Accessories
![Page 6: Benson Wu, 20051 Research Roadmap on network security: from practical firewall to anti-spam/spyware PhD Candidate: Ming-Wei (Benson) Wu, 吳明蔚 Dept. of Electrical.](https://reader035.fdocument.pub/reader035/viewer/2022062408/56649de35503460f94ada6f0/html5/thumbnails/6.jpg)
Benson Wu, 2005 6
Changes in Internet Applications: Primitive Web becoming Web Services
Is Primitive Web enough? When they are still newbie…they want to “join”
ALL Client-to-Server When they become big enough…they want to
“share” Some Peer-to-Peer (P2P) Some Server-to-Server (Web Services)
![Page 7: Benson Wu, 20051 Research Roadmap on network security: from practical firewall to anti-spam/spyware PhD Candidate: Ming-Wei (Benson) Wu, 吳明蔚 Dept. of Electrical.](https://reader035.fdocument.pub/reader035/viewer/2022062408/56649de35503460f94ada6f0/html5/thumbnails/7.jpg)
Benson Wu, 2005 7
Changes in Internet Users:from Browsing towards Clicking
Necessary services at one-click: Web Services
e.g. One-stop shopping
Necessary authentications at one-time: Single Sign-On
e.g. One-click cart/basket
Necessary confidentiality with higher-granularity: XML Enc.
e.g. Interleaved workflow
![Page 8: Benson Wu, 20051 Research Roadmap on network security: from practical firewall to anti-spam/spyware PhD Candidate: Ming-Wei (Benson) Wu, 吳明蔚 Dept. of Electrical.](https://reader035.fdocument.pub/reader035/viewer/2022062408/56649de35503460f94ada6f0/html5/thumbnails/8.jpg)
Benson Wu, 2005 8
Such changes are more like a reality…
Some numbers about P2P 2 millions of Kuro users and 50.2% of teenag
ers (15~22) have visited either Kuro or EZPeer (創市際市場研究顧問公司 , 2003/09)
Some NT$9.6 billions lost due to P2P sharing (資策會網路通訊雜誌 , 2003/06)
Some numbers about Web Services… 79% are evaluating (Accenture) 52% are using or testing (TechMetrix) 45.5% consider security to be the biggest obs
tacle (BusinessWeek)
![Page 9: Benson Wu, 20051 Research Roadmap on network security: from practical firewall to anti-spam/spyware PhD Candidate: Ming-Wei (Benson) Wu, 吳明蔚 Dept. of Electrical.](https://reader035.fdocument.pub/reader035/viewer/2022062408/56649de35503460f94ada6f0/html5/thumbnails/9.jpg)
Benson Wu, 2005 9
The Evolution of P2P: Darwinism
![Page 10: Benson Wu, 20051 Research Roadmap on network security: from practical firewall to anti-spam/spyware PhD Candidate: Ming-Wei (Benson) Wu, 吳明蔚 Dept. of Electrical.](https://reader035.fdocument.pub/reader035/viewer/2022062408/56649de35503460f94ada6f0/html5/thumbnails/10.jpg)
Benson Wu, 2005 10
2004 P2P Popularity and User Rating
Top 20 Popular P2P File-Sharing Applications
0
50,000,000
100,000,000
150,000,000
200,000,000
250,000,000
300,000,000
350,000,000
400,000,000
# of D
ownlo
ads
0102030405060708090100
TotalDownloads
User Rating
![Page 11: Benson Wu, 20051 Research Roadmap on network security: from practical firewall to anti-spam/spyware PhD Candidate: Ming-Wei (Benson) Wu, 吳明蔚 Dept. of Electrical.](https://reader035.fdocument.pub/reader035/viewer/2022062408/56649de35503460f94ada6f0/html5/thumbnails/11.jpg)
Benson Wu, 2005 11
Extending Client-Server to P2P:Its Problems and Solutions
Connectivity Internet transparency?
How to connect resources successfully? Sol: middleman (e.g. gatekeeper in H.323, broker in middleware,
renderzvous node in JXTA)
Scalability size?
How to locate MANY resources? Sol: smart routing (make use of DHT)
time? How to locate resources INSTANTLY?
Sol: Distributed hash table or DHT (resilience?)
![Page 12: Benson Wu, 20051 Research Roadmap on network security: from practical firewall to anti-spam/spyware PhD Candidate: Ming-Wei (Benson) Wu, 吳明蔚 Dept. of Electrical.](https://reader035.fdocument.pub/reader035/viewer/2022062408/56649de35503460f94ada6f0/html5/thumbnails/12.jpg)
Benson Wu, 2005 12
Extending Client-Server to Web Services:Its Problems and Solutions
What most XML firewall do? How to manipulate only parts of a document?
Per-element XML encryption/signing How to authenticate/authorize between more than
two parties Single-Sign On
How to assure the validity of Web Services’ action? SOAP Schema validation SOAP Digital Signature verification
![Page 13: Benson Wu, 20051 Research Roadmap on network security: from practical firewall to anti-spam/spyware PhD Candidate: Ming-Wei (Benson) Wu, 吳明蔚 Dept. of Electrical.](https://reader035.fdocument.pub/reader035/viewer/2022062408/56649de35503460f94ada6f0/html5/thumbnails/13.jpg)
Benson Wu, 2005 13
Changes in Threat:Volume and Impact Security is tougher than ever
In volume: >600% 137,529 reported incidents during 2003, which is more
than 6 times of 2000 (CERT) In impact: <10 minutes
SQL slammer (aka. Sapphire) happened to own the Internet in less than 10 minutes in 2003
![Page 14: Benson Wu, 20051 Research Roadmap on network security: from practical firewall to anti-spam/spyware PhD Candidate: Ming-Wei (Benson) Wu, 吳明蔚 Dept. of Electrical.](https://reader035.fdocument.pub/reader035/viewer/2022062408/56649de35503460f94ada6f0/html5/thumbnails/14.jpg)
Benson Wu, 2005 14
A Remind of Legacy Security Measures
Access security Firewall Content Filter
Data security Virtual Private Network (VPN)
System security Intrusion Detection System (IDS) Antivirus
![Page 15: Benson Wu, 20051 Research Roadmap on network security: from practical firewall to anti-spam/spyware PhD Candidate: Ming-Wei (Benson) Wu, 吳明蔚 Dept. of Electrical.](https://reader035.fdocument.pub/reader035/viewer/2022062408/56649de35503460f94ada6f0/html5/thumbnails/15.jpg)
Benson Wu, 2005 15
Technical Analysis: Issues
FW: must leave alone well-known ports, e.g. 80 IDS: false alarm, new attack, correlation AV: new virus, signatures, where (desktop or
network), polymorphism CF: false positives, false negatives VPN: management overhead, interoperability
![Page 16: Benson Wu, 20051 Research Roadmap on network security: from practical firewall to anti-spam/spyware PhD Candidate: Ming-Wei (Benson) Wu, 吳明蔚 Dept. of Electrical.](https://reader035.fdocument.pub/reader035/viewer/2022062408/56649de35503460f94ada6f0/html5/thumbnails/16.jpg)
Benson Wu, 2005 16
Changes in Security: Perimeter, Depth and Granularity
Existing security measures that protect you TCP/IP firewall: packet-level Virtual Private Network (VPN): IP-level tunneling Content filter: application-level Intrusion Detection System (IDS): application-level Antivirus: application-level
Situation had changed Network perimeters have become less defined due to pervasive mobile devices
(e.g. WLAN, PDA, etc.) 80% of all attacks come from external parties, yet 80% of all security-related loss
es are due to remaining 20% of attacks Increasing Depth
Stand-alone security measure Integrated all-in-one approach Demand for internal security is emerging (plus more applications and more u
sers requiring higher bandwidth) Finer Granularity
Packet-level Application-level Per-flow basis Per-element basis
![Page 17: Benson Wu, 20051 Research Roadmap on network security: from practical firewall to anti-spam/spyware PhD Candidate: Ming-Wei (Benson) Wu, 吳明蔚 Dept. of Electrical.](https://reader035.fdocument.pub/reader035/viewer/2022062408/56649de35503460f94ada6f0/html5/thumbnails/17.jpg)
Benson Wu, 2005 17
Anti-spyware: What are we dealing?
Spyware Definition: a generic term referring to a class of software program
s that could violate and potentially jeopardize people privacy and security concerns
Examples: Gator, Cydoor, Aureate, Comet Cursor and Web3000 could be found in many free applications (Kazaa, Bearshare, iMesh and Limewire) Read the EULA (End-user license agreement)
How serious? nearly 70% spyware penetration in campus environment (Saroiu et al., 2004)
Impact: credit card numbers could be stolen keystrokes could be captured browser settings could be modified users could be profiled …following spyware often comes with Trojan, virus and worms
![Page 18: Benson Wu, 20051 Research Roadmap on network security: from practical firewall to anti-spam/spyware PhD Candidate: Ming-Wei (Benson) Wu, 吳明蔚 Dept. of Electrical.](https://reader035.fdocument.pub/reader035/viewer/2022062408/56649de35503460f94ada6f0/html5/thumbnails/18.jpg)
Benson Wu, 2005 18
Anti-spyware: Rootkits as an example
Definition: software that comprise tools to erase traces of the intrusion from audit logs have "backdoors" that allow easy access hide the rootkit itself from administrators
Types: User-mode rootkit
replacing system binaries with trojaned ones Kernel-mode rootkit (with Linux Kernel Module support)
insert a module that overrides kernel syscalls Runtime kernel patchings
writing to /dev/kmem (with or without the LKM support) Tools for Rootkit Detection
Tripwire AIDE (Advanced Intrusion Detection Environment) Chkrootkit (~56 rootkits)
![Page 19: Benson Wu, 20051 Research Roadmap on network security: from practical firewall to anti-spam/spyware PhD Candidate: Ming-Wei (Benson) Wu, 吳明蔚 Dept. of Electrical.](https://reader035.fdocument.pub/reader035/viewer/2022062408/56649de35503460f94ada6f0/html5/thumbnails/19.jpg)
Benson Wu, 2005 19
Conclusions
Firewall Application-aware filtering Anti-spam Single-sign on
IDS IPS
VPN SSL VPN
Anti-virus Anti-spyware
![Page 20: Benson Wu, 20051 Research Roadmap on network security: from practical firewall to anti-spam/spyware PhD Candidate: Ming-Wei (Benson) Wu, 吳明蔚 Dept. of Electrical.](https://reader035.fdocument.pub/reader035/viewer/2022062408/56649de35503460f94ada6f0/html5/thumbnails/20.jpg)
Benson Wu, 2005 20
Many thanks for your time :)