2007 企業網路發展藍圖 wang-jiunn cheng 1 2007 企業網路發展藍圖鄭王駿博士...

2007企業網路發展藍圖

Wang-Jiunn Cheng 1

2007 企業網路發展藍圖

鄭王駿博士實踐大學資管系副教授[email protected]

http://www.im.usc.edu.tw/wjcheng/2007end.ppt2006/10/19


Wang-Jiunn Cheng 2

Counter Attacks

•Prevention tends to inefficient– Myriad unknown vulnerabilities

•Detection tends to inaccurate– No work for novel or irregular attacks

•Reaction tends to limited– Little understanding of cause-effect

patterns

N. Ye and T. Farley, "A Scientific Approach to Cyberattack Detection," IEEE Computer Magazine, Dec. 2005.


Wang-Jiunn Cheng 3

Rise of the Stupid Network• The Internet does not care what you do, its

job is just to "deliver the bits, stupid".– The bits could be part of

• an email message• a data file• a photograph• a video• etc.

• a denial-of-service attack• a malicious worm• a break-in attempt• an illegally shared song• etc.

D. Isenberg, "Rise of the Stupid Network," Computer Telephone, Aug. 1997.


Wang-Jiunn Cheng 4

Conflict with the end-to-end

• The FBI has asked that it be able to review all new Internet services for tapability before they are deployed.– we have today over the un-tapability of VOIP?

Will anonymous teleport stations become illegal?

S. Bradner, "The End of End-to-End Security?," IEEE Security & Privacy Magazine, March/Appril 2006.


Wang-Jiunn Cheng 5

VPN limitations

• A VPN tunnel is ideal if a laptop client wants to communication with only one server. – If the client must communicate with multiple s

ervers, …– If the client wants to browse Web sits, …– Incompatible implementations: L2TP, PPTP, I

Psec, … etc.


Wang-Jiunn Cheng 6

Wi-Fi Security Not Ready

• Wireless hacking tools for WEP, …

• A wireless hacker can steal company data or upload malicious software through local machines…because IT personnel do not control access points in home networks.

K. J. Hole, et al., "Securing Wi-Fi Networks," IEEE Computer Magazine, July 2005.


Wang-Jiunn Cheng 7

Spam E-mail Networks

• E-mail address can be easily obtained from publicly available documents.

• Spammers have exploited this vulnerability to inundate users with unsolicited bulk email.

• 35% of e-mail users reported that more than 60% of their inbox messages were spam.

• 28% said they spend more than 15 minutes a day dealing with junk e-mail

J. S. Kong, et al., "Collaborative Spam Filtering Using E-Mail Networks," IEEE Computer Magazine, August 2006.


Wang-Jiunn Cheng 8

Spyware and Adware (I)

• Malicious websites may attempt to install spyware on readers' computers. In this screenshot a spamblog has triggered a pop-up that offers spyware in the guise of a security upgrade.

• Many Internet Explorer add-on toolbars monitor the user's activity. When installed and run without the user's consent, such add-ons count as spyware. Here multiple toolbars (including both spyware and innocuous ones) overwhelm an Internet Explorer session

http://www.benedelman.org/spyware/images/blogspot-2a.pnghttp://en.wikipedia.org/wiki/Spyware#Spyware.2C_adware.2C_and_tracking


Wang-Jiunn Cheng 9

Spyware and Adware (II)


Wang-Jiunn Cheng 10

Spyware and Adware (III)


Wang-Jiunn Cheng 11

Web Security (RSS, AJAX, SOAP)?

Figure 1. (a) Breakdown of disclosed vulnerabilities by software type in May 2006, and (b) current vulnerability types disclosed in Web-based applications. (Source: SecurityFocus.com)

M. andrews, "The State of Web Security," IEEE Security & Privacy Magazine, July/August 2006.


Wang-Jiunn Cheng 12

Why are Systems Unreliable?

• Fault density: 6~16/2~75 bugs per 1,000 lines of executable code– The Linux kernel probably has 15,000 bugs– The Windows XP has at least double that.– About 70% of OS are device drivers which

have error rates 3~7 times…– Bug-inside becomes the logo of all operating

systems.

A. S. Tanenbaum, et al., "Can We Make Operating Systems Reliable and Secure?," IEEE Computer Magazine, May 2006.


Wang-Jiunn Cheng 13

Ad Hoc and P2P Security

• Both P2P and ad hoc networks are no fixed infrastructure. – What happens if some of the nodes are

malicious and want to corrupt the network’s behavior?

– Introduce several new security challenges…

S. W. Shieh, et al., "Ad Hoc and P2P Security," IEEE Internet Computing Magazine, Dec. 2005.


Wang-Jiunn Cheng 14

How to do?

• Read 網管人 magazine monthly.• Read 網管人 magazine monthly.• Read 網管人 magazine monthly.

Internet

IEEE 802.1x

RADIUSSNMP

SSL

VPN

DHCP SSH

Firewall

IDS/IPS

SPAM-Filter

Anti-VirusLDAP

Cisco

Juniper FortinetSonicwall

Watchguard

CyberGuard

CheckPoint

UTM

Symantec

ISS

IPv6

2007 企業網路發展藍圖 wang-jiunn cheng 1 2007 企業網路發展藍圖 鄭王駿 博士...

Documents

2007 企業網路發展藍圖 wang-jiunn cheng 1 2007 企業網路發展藍圖鄭王駿博士...