Benson Wu, 2005 1 Research Roadmap on network security: from practical firewall to anti-spam/spy ware PhD Candidate: Ming-Wei (Benson) Wu, 吳吳吳 Dept. of Electrical Engineering National Taiwan University [email protected]http:// www.ee.ntu.edu.tw/~benson
20
Embed
Research Roadmap on network security : from practical firewall to anti-spam / spyware
Research Roadmap on network security : from practical firewall to anti-spam / spyware. PhD Candidate: Ming-Wei (Benson) Wu, 吳明蔚 Dept. of Electrical Engineering National Taiwan University [email protected] http://www.ee.ntu.edu.tw/~benson. Questions to Answer. Changes in Security - PowerPoint PPT Presentation
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Benson Wu, 2005 1
Research Roadmap on network security:
from practical firewall to anti-spam/spyware
PhD Candidate: Ming-Wei (Benson) Wu, 吳明蔚Dept. of Electrical Engineering
Spyware Definition: a generic term referring to a class of software program
s that could violate and potentially jeopardize people privacy and security concerns
Examples: Gator, Cydoor, Aureate, Comet Cursor and Web3000 could be found in many free applications (Kazaa, Bearshare, iMesh and Limewire) Read the EULA (End-user license agreement)
How serious? nearly 70% spyware penetration in campus environment (Saroiu et al., 2004)
Impact: credit card numbers could be stolen keystrokes could be captured browser settings could be modified users could be profiled …following spyware often comes with Trojan, virus and worms
Benson Wu, 2005 18
Anti-spyware: Rootkits as an example
Definition: software that comprise tools to erase traces of the intrusion from audit logs have "backdoors" that allow easy access hide the rootkit itself from administrators
Types: User-mode rootkit
replacing system binaries with trojaned ones Kernel-mode rootkit (with Linux Kernel Module support)
insert a module that overrides kernel syscalls Runtime kernel patchings
writing to /dev/kmem (with or without the LKM support) Tools for Rootkit Detection