1 / 10

Host versus Network Security

Host versus Network Security. Steven M. Bellovin smb@research.att.com http://www.research.att.com/~smb. What’s a Network Problem?. “Hackers Break Into Microsoft’s Network” (Wall Street Journal, 10/27/00)

abigail-vega
Download Presentation

Host versus Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Host versus Network Security Steven M. Bellovin smb@research.att.com http://www.research.att.com/~smb

  2. What’s a Network Problem? • “Hackers Break Into Microsoft’s Network” (Wall Street Journal, 10/27/00) • “In the Wake of Web-Site Hacking, No Easy Answers, or Solutions” (New York Times, 2/9/00)

  3. Microsoft Break-in • A host problem, not a network problem. • The network was the vehicle for the attack. • “Highway robbery” doesn’t mean that someone stole the pavement...

  4. Denial of Service Attacks • These attacked the network, not Web sites. • A real network problem. • Can’t be solved by end-systems, firewalls, etc.

  5. Model of the Internet • Smart hosts, dumb network. • Network’s concern is packet transport. • Host’s concern is packet processing.

  6. Network Security Issues • Availability • Protocol infrastructure (i.e., DNS) • Routing • Link-flooding • Theft of Service • Primarily for switched services and shared media

  7. Availability • “How many backhoes are needed?” • “How many backbones are needed?”

  8. Host Security Issues • Break-ins • Data confidentiality • Transmission confidentiality • Remote user authentication • Buggy software

  9. Who Does What? • ISPs • Provide sufficient redundancy to protect links • Harden infrastructure protocols • Protect their own resources • End users • Encryption • Suitable authentication • Firewalls

  10. Why ISPs Can’t Protect Users • They don’t know what users want to do • Your “odd behavior” is my new, cutting-edge application • Your “allowed service” is my vulnerability • But what of ordinary consumers?

More Related