计算机网络安全概述

Q & A

• 什么是计算机病毒？• 你遇到过或听说过什么病毒？写出你能想

到的和计算机安全相关的关键词• 病毒发作会遇到什么样的问题？• 一般如何避免遭到病毒入侵？

What does security mean?

• In real life:– No one should be able to break into my house– Or steal something from me– Or impersonate me or others I know– Or attack me– Or take my time with irrelevant things– Or damage my property– ……

What does security mean?

• In networks: I want to communicate with A– No one should be able to break into my computer– Or sniff information I exchange– Or spoof my address and act in my name (or somebody

else’s)– Or attack me and disable my machine– Or take my resources with bogus packets– Or plant malicious code– Or attack anything on route from me to A– Or misuse my machine to attack someone else– ……

What does security mean?

• Goal of networking is to enable communication– At all times and in all scenarios!!!

• Security = robustness or fault tolerance?• Security also means keeping communication

private

What are the threats?

• No one should be able to break into my computer– Hackers• Break password• Misuse vulnerability• Sniff my network• Use social engineering• Impersonate someone I trust

– Viruses– Worms （网络）

What are the threats?

• No one should sniff the information I exchange– I will use cryptography!• There are many ways to break ciphers• There are many ways to divulge partial information

(e.g. who do you talk to)

– I would also like to hide who I talk to and when• I will use anonymization techniques• Anonymization hinders other security approaches that

build models of normal traffic patterns

What are the threats?

• No one should spoof my address or act in my name– I want to be sure who I am talking to

(authentication and digital signatures)

What are the threats?

• No one should attack me and disable my machine– Denial-of-service attacks （ DOS ）– Viruses

What are the threats?

• No one should take up my resources with bogus– packets– Denial-of-service attacks– Spam mail– Malicious mail– Worms

What are the threats?

• No one should plant malicious code on my machine– Viruses– Worms– Denial-of-service attacks (preparatory phase)

What are the threats?

• No one should attack anything on route to A– A could be attacked– Routers could be overloaded– DNS （域名解析器） servers could be attacked

What are the threats?

• No one should misuse my machine to attack someone else– Zombies– Reflector attacks– Worms– E-mail with viruses– Be a good citizen– …

What are the challenges?

• Your security frequently depends on others• Good solution must– Handle the problem to a great extent– Handle future variations of the problem, too– Be inexpensive– Have economic incentive– Require a few deployment points– Require non-specific deployment points

What are the challenges?

• Fighting a live enemy– Security is adversarial field– No problem is likely to be completely solved– New advances lead to improvement of attack

techniques– Researchers must play double game

What are the challenges?

• Attack patterns change• Frequently there is scarce attack data• No agreement about legitimate traffic patterns• No agreement about metrics• There is no standardized evaluation procedure• Some security problems require a lot of

resources• to be reproduced realistically

案例• 根据 360 安全中心的统计数据， 2010 年度

网民面临的十大 " 丢钱 " 陷阱分别是：购物欺诈网站、股票或彩票欺诈网站、游戏盗号、木马劫持网上交易资金、 QQ 盗号及借钱诈骗、假冒网银页面钓鱼、网上黑药店、黑客窃取隐私敲诈、虚假中奖信息，以及木马删除重要文件后敲诈 " 数据恢复费 " 。

• 法国家乐福官方网站被中国黑客攻击，首页写着中国万岁

• 提议关闭社会网吧政协委员公司网站被黑• 2009 年黑客入侵花期银行，席卷千万美元

引起股票大跌• 2010 年上半年， 59.2% 的网民使用网络的

过程中遇到了病毒和木马攻击

典型的网络安全事件• 1983 年 414 黑客 6 名少年黑客控制 60 多台电脑• 1988 年 “蠕虫”病毒的发明 罗伯特一莫里斯 造成 6000 多个系统

瘫痪（ 1/10 ） 损失 1500 万 -1 亿美元• 1995 年 凯文 ·米特尼克 被称为世界上“头号电脑黑客”闯入多台

电脑 偷窃 2 万个信用卡号和复制软件，曾闯入“北美空中防务指挥系统”；破译“太平洋电话公司”在南加州通信网络的“改户密码”等，损失 8000 万美元

• 2000 年 雅虎，亚马逊，微软等网络遭到攻击，受害公司损失近10 亿美元

• 2003 年 “蠕虫王”病毒，利用 SQL Server 的漏洞进行传播，导致全球范围互联网瘫痪， 经济损失达 12 亿

• 2007 年， 超过 9400 万用户的 visa 和 mastercard 信用卡信息被窃取

常见的攻击方式• 病毒• 木马• 拒绝服务和分布式拒绝服务攻击• 欺骗• 邮件炸弹• 口令破解• 社会工程

攻击工具• 标注的 Tcp/ip工具• 端口扫描和漏洞扫描• 网络包分析• 口令破解工具• 木马