MIT course "Computer Systems Security". Lecture 22: MIT Information Security, Part 1

Massachusetts Institute of Technology. Lecture course # 6.858. "Security of computer systems". Nikolai Zeldovich, James Mykens. year 2014

Computer Systems Security is a course on the development and implementation of secure computer systems. Lectures cover threat models, attacks that compromise security, and security methods based on the latest scientific work. Topics include operating system (OS) security, capabilities, information flow control, language security, network protocols, hardware protection and security in web applications.

Lecture 1: "Introduction: threat models" Part 1 / Part 2 / Part 3
Lecture 2: "Control of hacker attacks" Part 1 / Part 2 / Part 3
Lecture 3: "Buffer overflow: exploits and protection" Part 1 / Part 2 / Part 3
Lecture 4: "Separation of privileges" Part 1 / Part 2 / Part 3
Lecture 5: "Where Security Errors Come From" Part 1 / Part 2
Lecture 6: "Opportunities" Part 1 / Part 2 / Part 3
Lecture 7: "Sandbox Native Client" Part 1 / Part 2 / Part 3
Lecture 8: "Model of network security" Part 1 / Part 2 / Part 3
Lecture 9: "Web Application Security" Part 1 / Part 2 / Part 3
Lecture 10: "Symbolic execution" Part 1 / Part 2 / Part 3
Lecture 11: "Ur / Web programming language" Part 1 / Part 2 / Part 3
Lecture 12: "Network Security" Part 1 / Part 2 / Part 3
Lecture 13: "Network Protocols" Part 1 / Part 2 / Part 3
Lecture 14: "SSL and HTTPS" Part 1 / Part 2 / Part 3
Lecture 15: "Medical Software" Part 1 / Part 2 / Part 3
Lecture 16: "Attacks through the side channel" Part 1 / Part 2 / Part 3
Lecture 17: "User Authentication" Part 1 / Part 2 / Part 3
Lecture 18: "Private Internet browsing" Part 1 / Part 2 / Part 3
Lecture 19: "Anonymous Networks" Part 1 / Part 2 / Part 3
Lecture 20: “Mobile Phone Security” Part 1 / Part 2 / Part 3
Lecture 21: “Data Tracking” Part 1 / Part 2 / Part 3
Lecture 22: MIT Information Security Part 1 / Part 2 / Part 3

Mark Silis: Thank you Nicholas for the invitation, we were very pleased to come here today to talk with all of you. I brought one of my senior managers who oversees the Internet and network security, Dave LaPort, to tell you about some technical details of what we are doing. I'm going to cover more general issues.
')
Do not hesitate to ask questions at any time, ask about everything that interests you, do not hesitate to join the battle. I think I was sitting exactly where you guys are sitting almost 20 years ago. Really, Nikolay? Nikolay and I were much younger then. And I probably was much thinner then, and I had a little more hair.

So, watching the MIT infrastructure and control zones, you can see all sorts of interesting things. Some of what we are going to talk about, and a lot of what we do, concerns interesting issues. As you know, there are plenty of such problems in our institute.



I think it's great that we manage an open network, but there are both good and bad sides to this. We do not have a firewall on the campus with a sufficient degree of coverage, so almost everything is open. If you want to run a computer in your dorm room, or right here in the hall, or anywhere else on campus, then you have almost unlimited access to the Internet, which is rather unusual compared to other universities. . True, you know that you cannot go online while sitting here at a lecture, but this is not the norm. From a security point of view, so free access to the Internet brings a number of problems.

Of course, it is good that we are open to the whole world, to anyone, anywhere, from anywhere, from any country and any part of the planet. But if from there they want to reach out to your device while you are sitting here in this room, be it your phone in your pocket or the laptop on which you are typing while sitting here, then they will be able to do it. Nothing will stop them from doing this, right?

This is a bit scary. A couple of years ago we conducted an experiment, just taking a new Apple laptop out of the box and connecting it to the network. He registered via DHCP and remained online for 24 hours. We ran TCP dumps, so that we could take an inventory of what went into the computer for a 24-hour period, just to find out what we would find there. Then we combined the results in the form of IP addresses with their graphic display in Google Earth using the GeoIP viewer to see how it looks on the map.

We found out that during one only 24-hour period, the laptop of the carefree host who had registered on the Internet publicly received incoming connections from computers from all countries of the world, except for two. Only 24 hours, one owner, all countries of the world, except two. It is strong, is not it? Does anyone want to guess which two countries have not tried to connect to this laptop?

Audience: North Korea?

Mark Sailis: right, one of those countries was North Korea. China? No, China is very involved in these compounds. Perhaps it was some kind of military department, I don’t know, but it was very actively trying to contact our computer.



Audience: Antarctica?

Mark Sailis: Exactly, Antarctica. For this answer you get a Gold Star today. It is excellent.

So for a single 24-hour period, we exposed ourselves to a variety of threats, potential attacks, and the effects of malware. And it all fell on one computer user. There are approximately 150,000 different devices located throughout the MIT campus, and all of them can be compromised. This happens every day throughout the day, and it's pretty scary.

Want to get scared even more? A few months ago, Dave and I attended a meeting on emergency shutdowns. Do any of you remember the power outage a year or a year and a half ago? It was an exciting event, right?

I was here during a big power outage about 20 years ago, when the entire city of Cambridge was left without light. So, it was really great. Except that it was about 100 degrees (38 ° C), but it was a suitable excuse to go to Boston and watch a movie in a movie theater.

But the one thing that happened because of this was of interest to us. After the meeting, the guys from the equipment department came to us, and they said that because of this blackout, they had to spend the last four or five months reprogramming all their devices throughout the campus. You know, they use SCADA systems connected to air conditioning, lighting and heating in the rooms, door locks and so on. This is understandable, because we have a technological institute where there must be a lot of such systems. I am sure that they presented themselves in complete safety, but they had problems with the constant disconnection of devices from the network, connection to the Internet, and so on. Talking with them, we cleaned the onion layer by layer, constantly revealing new and new details.
We asked what they had in mind when talking about connecting equipment to the network. Well, they answer, all our devices communicate via the Internet. We said that in this case they should have systems that guarantee the stable operation of the equipment during various accidents, a separate control system, an autonomous network, and so on.

They looked at us with empty eyes and answered: “Aha, so this is what it is! So, the equipment seller told us about these things ”!

This affects one of the interesting problems of the “Internet of things”, the era in which we are entering deeper and deeper. When I was younger, people using the Internet knew what they were doing; they had to understand the specific things about networking. Today, anyone can use the Internet without thinking about how it works. People grew out of old standards. It's like when you approach a rocket on a merry-go-round and notice that it has become much smaller, but in reality it’s just you who grew up.

So, talking with these guys further, we learned that they have almost everything you could think of when connecting to the Internet. All that was needed.



Interestingly, the Massachusetts Institute of Technology launched the Energy Initiative five to seven years ago when Susan Hockfield was president. One of the requirements for the equipment department was the deployment of a real “Internet of things” on campus to create a dynamic management of the building life support systems. For example, if the audience is not used, the lights go out, the temperature of the heating system goes down, and so on. And this technology works across campus.

They deployed a giant management network, just a giant one. It is several times larger than our local Internet institute network. I think they control about 400,000 different points, from which they monitor the entire campus, from 75,000 to 100,000 objects.

So Dave, wide-eyed, asks them: “How do you protect all this, guys?”. They say something like: “well, we called you guys to check it all together”. And they start checking - they request an IP address via a web form, connect to it and say: “well, you see, everything works”!

We look at it and say: “But this is all connected with the open Internet, how does the network secure here?”, And we get an answer, from which our pressure rises a bit: “Well, it's safe because you guys are talking about take care! ". That is, in their opinion, it is safe because someone cares about it.

Here the expression of our faces changes again and we ask what they mean by security? “Well, we have a corporate firewall! We have already dealt with him and realized that everything is completely safe! ”

My next question was: “Can you show me where this firewall is? Because I do not know this! ”The answer was:“ Well, because everyone is doing it! ”

So, going back to what I said earlier, I will repeat - we are working in a fairly open environment. And we have always believed, and this is the MIT philosophy, that we believe in defense and security “through the stack.” We do not want security implementation to depend on any one part of the infrastructure; security must be ensured at every level. You do not just do it through the infrastructure, you provide security through the application, do it in different places. This is not at all how the “Internet of things” is created from the point of view of SCADA. And it scares a little.

This is one of the things we are dealing with, in addition to the fact that we are dealing with people like you who come up with technically advanced dirty tricks, which is why Dave and I have to jump in the middle of the night. You know, the Internet is becoming a kind of utility that is used for everything that happens on campus. And it really changed the trends that we have to worry about in terms of threats, security issues and everything else.
Now you know that when the Internet disappears or a network problem occurs, it causes inconvenience to you as students, because air conditioners stop working or heating is lost. So the threats have really changed.

Therefore, we are dealing with a wide range of things, we act as a network provider for a campus supplying services to people like you, and we also provide outsourcing services. If you combine this with our open network philosophy, you will understand why this approach creates threats that we constantly have to worry about.



People are used to relying on the Internet and expect it to work without interruption. When the power outage occurred, the first questions were, why did the Internet stop working? We answered: "because there is no electricity." But some students said that because the network is taken from the battery in the phones, where does the electricity in the outlet? I had to explain that this is not the case; this is analog telephone technology. "So what, what's the difference?" Well, guys, you really know a lot!

So people expect that all the problems at the level of security, resiliency and everything else must be addressed by the service provider. I like people who are fully confident that all problems can be solved at the provider level, but, unfortunately, this confidence is far from the real state of affairs.

Therefore, we spend most of our time trying to preserve the efficiency and maximum security of the institute's Internet environment. Dave will talk about this in a bit more detail and cite as an example interesting stories about the things we deal with. But we have a really interesting job, and I think that problems are becoming more and more difficult. The fact is that the Internet is expanding.

For example, “Internet of things” is a very fashionable word. How many of you have heard of this until today? Go to a Cisco or similar site, where they try to sell you expensive equipment with this phrase. There is a phenomenon when almost everything is connected to the Internet or has an IP address. Unfortunately, many people who write these systems are not as diligent as the people who studied at the Massachusetts Institute of Technology, so they create all sorts of interesting problems.



The real problem is that when you look at security from a system level, you see a mosaic of thousands of small pieces, and this is very hard. Even we have to deal with external Internet service providers, we have to deal with our own clients, we have to do business with application providers. This is a huge system of problems to worry about in order to ensure complete security, and at times it is a very difficult task.

Now I will ask Dave to talk a bit about the things we face in our work. Do you have any questions for me?

Audience: Have you seen any apt campaigns attacking MIT directly?

Mark Sailis: Yes, we saw that. It's interesting, and Dave will talk about it, that the most difficult thing in our work is to see the attack. If I tell you the story about one laptop, and we have 100 or 150 thousand devices that have their IP address in the institute network / 8, then it is as difficult as finding a needle in a haystack. Therefore, it is very difficult to detect the target APT attack in all this wide traffic flow.

Now we have advanced tools that can help solve the problem, we will talk about this in a minute. We also see a desire to help us from law enforcement agencies, the federal system, which provide us with useful instructions regarding countering certain types of threats. One of the things that helps us to look confidently into the future is the research that is carried out in this area by our institute. This is one of our main tasks. Federal funding sources that provide such research do not set strict rules about how we should do this.
When you come across research grants, whether private or government grants, NSF, NIH, you will see that their requirements are rather vague. For example, one of the requirements for receiving a grant is the obligation to comply with such data policy, according to which all the results of your research should be saved. MIT does just that, we say, “fine, we will, and we will take care of that,” and sign the document. How we save data is our sole concern. How do grantors check compliance with this requirement? If the government comes to you one day and says, “hey, where is the research data?”, Just point out the teacher and say: “Talk to him”!

We see that the government in some cases says: “Look, we are investing a lot of money in this research, because we don’t want to spend money on conducting such research in another country”. Representatives of federal agencies or financial organizations come to us and say that since they have a whole industry, they need to create additional security departments, and at the same time, MIT acts as an incubator for an incredible number of brilliant people.

For the administration as a whole, we serve as a kind of hosting company, right? We develop this activity. We provide them with laboratory facilities, or an internet connection, or all sorts of things for research. However, this is basically a federal environment in which people work autonomously, so we have different requirements for ensuring the security of activities of the most diverse nature occurring within the walls of our institute. And therein lies the complexity of our work.

Returning to the APT problem, I would say that a huge amount of intellectual capital is concentrated in our institute. Here there is a huge amount of interesting things that are very interesting for people outside our country.

What country do you think is responsible for stealing intellectual property more than any other country in the world? Does anyone take a guess?



Audience: this is a dangerous proposition.
Mark Silis: No, no, I ask quite seriously. This shocked me, because the answer is quite unexpected. , , . - ?

: ?

: , .

: ?

: , .

: ?

: , , , .

: ?

: . , . , ? , , , . , . , . , , , . , ? , , , ? , , . , . ?

: IP-?

: , , ! () , . , Kerberos, Active Directory, Touchstone, SAML iVP, . Retention policies, , . - , , , – . , . . 30 .

: MIT CA, ? MIT . ? ( )

: -, .



: , , - ? - Linux?

: , . , 1990-. MIT , SSL , PKI. , , , 1998 , PKI - , , 20 .

– tamper-resistant hardware, «», . .

: CA?

: CA USB- , , , , , - , .

, CA, , , . , , MIT. , , . . , .

: , « » ?

: , . , , , , , , , . , , , , .

, , . , , .

: MIT ?

: . , , ? , , : « , »? . , , .

«» , , , . , . , : „ , ». ! — . : “, . ? , , , ! »?

, 200 000 , .

, 10, 15, 20, 30 , , . , — , .
, , , MIT . « » . MIT, , , . , ? , . . , , , , , . .

: , - -, , Touchstone ?



: , , , , – . 30 , , . , . - GeoIP, , , 30 , , , , .

. , , . , , , - . , . , .

: , MIT ? ? ?

: , , , , . . UDP-, , , . , , .

: MIT?

: , - 100 120 . , 2,5 , 35 40 .

: TOR MIT?

: ? You what? Of course not!

: ?

: , MIT — , . , . — -, , , . MIT. , : „, exit-node, », - . – . , , .

, . « », . MIT . , , ? . , . , , . , MIT 125 .

, , . MIT TOR – exit-node SIPI, CSAIL. , . .

, . , . , -, . , .

: , . — . , , mit.net, .



, . - , , , .

Security Operations Team, , MIT. , , , , mit.net.

, , , , . , , .
Security Operations Team. , . . 3 .

, , - . - . . .

29:10

MIT course "Computer Systems Security". 22: « MIT», 2


.

Thank you for staying with us. Do you like our articles? Want to see more interesting materials? Support us by placing an order or recommending to friends, 30% discount for Habr users on a unique analogue of the entry-level servers that we invented for you: The whole truth about VPS (KVM) E5-2650 v4 (6 Cores) 10GB DDR4 240GB SSD 1Gbps from $ 20 or how to share the server? (Options are available with RAID1 and RAID10, up to 24 cores and up to 40GB DDR4).

VPS (KVM) E5-2650 v4 (6 Cores) 10GB DDR4 240GB SSD 1Gbps until January free of charge if you pay for a period of six months, you can order here .

Dell R730xd 2 times cheaper? Only we have 2 x Intel Dodeca-Core Xeon E5-2650v4 128GB DDR4 6x480GB SSD 1Gbps 100 TV from $ 249 in the Netherlands and the USA! Read about How to build an infrastructure building. class c using servers Dell R730xd E5-2650 v4 worth 9000 euros for a penny?