Welcome to Scribd!

Skip carousel

Vulnerability, Attack, Defense: Split Tunneling Cross-Site Request Forgery and You

Uploaded by

Shahab Mirzadeh

0% found this document useful (0 votes)

36 views18 pages

Split Tunneling

Original Title

Split Tunneling

Copyright

Available Formats

PPS, PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Split Tunneling

Copyright:

Available Formats

Download as PPS, PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

36 views18 pages

Vulnerability, Attack, Defense: Split Tunneling Cross-Site Request Forgery and You

Uploaded by

Shahab Mirzadeh

Split Tunneling

Copyright:

Available Formats

Download as PPS, PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 18

Search inside document

Vulnerability, Attack, Defense

Split Tunneling
Cross-Site Request Forgery
And You
Mary Henthorn
OIT Senior Technology Analyst
February 8, 2007

Thoughts for Today

The Vulnerability

An Attack

Split Tunneling
Cross-Site Request Forgery

The Defense

You!

Split Tunneling Vulnerability

What?

When?

Why

Virtual Private Network

Secure path between server and client

usually described as a tunnel

Split Tunnel

Connection to an outside system

Can use client as agent to deliver
payload

Split Tunnels Happen

Client device connects to:

Internet
Network application
Local devices
Local network

Why Have Split Tunnels?

Performance
Bandwidth conservation
Multi-tasking habits
Access to local network
Access to printers
Internet Connection Sharing (ICS)
VPN as a Band-Aid

An Attack

VPN as a Band-Aid
Doesnt completely isolate sessions

Cross-Site Request Forgery

Can defeat VPN

Facilitated by Split Tunneling
Facilitated by XSS vulnerabilities
Can be delivered by worms
Can be delivered by botnets

Fast - Resilient

Complexity depends on target application

CSRF by Any Other Name

CSRF
XSRF
Injection, code injection
Session riding
Hostile linking
CSRF pronounced sea surf
One click attack
Confused deputy attack

CSRF

Attacker tricks client (agent) into sending

the malicious request

CSRF Attack

Study target application

Forge the attack
Make attack available to agent
Let agent deliver attack
Veni, vidi, vici., Samy

Code that Picks the Lock

You! Good Network Defender!

Educate users
Apply security patches and updates
Use anti-virus protection
Use firewalls
Keep browser security high
Develop safe applications
Alternate access to services

Best Defense No Split Tunneling

Cisco
Nortel
Citrix
UC Davis
Thomas Shinder ISA Server
Thomas Berger Univ. of Salzburg

Defense-in-Breadth

Defense-in-Depth as implemented

On or off
Expect 100%
Even 90% can be costly

Synergistic Security

Multiple complimentary controls

Each < 100%
Combination increases security

Split-Tunneling, Good Practice

Educate users
Client security
Firewalls
Risk vs. Cost
Multiple solutions

Vulnerabilities = Attacks

Vulnerabilities and Attacks: Msc. Vuong Thi Nhung Faculty of Information Technology Hanoi University
Document50 pages
Vulnerabilities and Attacks: Msc. Vuong Thi Nhung Faculty of Information Technology Hanoi University
rooney ngô
No ratings yet
Security of Communication Networks, InDP3 (IST, IRES, RSM)
Document27 pages
Security of Communication Networks, InDP3 (IST, IRES, RSM)
AhmedAzri
No ratings yet
Ethical Hacking Associate Information Security Threats Attacks
Document13 pages
Ethical Hacking Associate Information Security Threats Attacks
Wilber Ccacca Chipana
No ratings yet
7.2 Threats in Networks: Network Security / G. Steffen 1
Document22 pages
7.2 Threats in Networks: Network Security / G. Steffen 1
chandrasekharab
No ratings yet
8.1 Web Security Considerations
Document3 pages
8.1 Web Security Considerations
frank ansari
No ratings yet
CCNAS Chapter 1 CCNA Security 1
Document10 pages
CCNAS Chapter 1 CCNA Security 1
Sergiy Kalmuk
No ratings yet
Data Centre Security Design
Document8 pages
Data Centre Security Design
chamunorwa
No ratings yet
6
Document6 pages
6
Arnav Guddu
No ratings yet
Hacking
Document12 pages
Hacking
Jason Weng SHeng
No ratings yet
CCNA Security Chapter 1 Exam
Document6 pages
CCNA Security Chapter 1 Exam
rockynaruto
0% (1)
Chapter 4 Network Security
Document10 pages
Chapter 4 Network Security
alextaweke
No ratings yet
Module 3
Document63 pages
Module 3
Ritu Parna
No ratings yet
Network Vulnerabilities and Attacks
Document51 pages
Network Vulnerabilities and Attacks
vuvietduc1991
No ratings yet
What Exactly A Computer Network Is?
Document21 pages
What Exactly A Computer Network Is?
nikhilesh walde
100% (6)
An Approach For Detecting and Preventing DoS Attacks by Open Source Firewall System
Document10 pages
An Approach For Detecting and Preventing DoS Attacks by Open Source Firewall System
IJAFRC
No ratings yet
DoS Attacks and Prevention
Document18 pages
DoS Attacks and Prevention
zohaib mukhtar
No ratings yet
Computer Network and Security: 1) What Is Security Threat? List Out Threats and Explain Any One in Detail
Document27 pages
Computer Network and Security: 1) What Is Security Threat? List Out Threats and Explain Any One in Detail
Parshw Patel
No ratings yet
Threats in Network: Anonymity Many Points of Attack Sharing Complexity of System
Document14 pages
Threats in Network: Anonymity Many Points of Attack Sharing Complexity of System
Jack Kimani
No ratings yet
Active Attack Passive Attack: Disabling Unused Services
Document5 pages
Active Attack Passive Attack: Disabling Unused Services
Mohamad Mansour
No ratings yet
Network Security Part 1
Document85 pages
Network Security Part 1
amolmh
No ratings yet
Denial of Service: Written and Presented By: Craig Schweitzer
Document17 pages
Denial of Service: Written and Presented By: Craig Schweitzer
siddley2
No ratings yet
Lesson 04 - Wireless LAN Security
Document86 pages
Lesson 04 - Wireless LAN Security
Z Oureel
No ratings yet
Unit - 3
Document29 pages
Unit - 3
Walter
No ratings yet
Soc Analyst Interview Questions Answers 1708265148
Document31 pages
Soc Analyst Interview Questions Answers 1708265148
phenhomenal ecommerce
No ratings yet
EH
Document3 pages
EH
amii.vikrant
No ratings yet
Challenges in Securing Windows
Document14 pages
Challenges in Securing Windows
anon-442802
No ratings yet
Running Head: Security Attack On Systems and Web Servers 1
Document8 pages
Running Head: Security Attack On Systems and Web Servers 1
kim kim
No ratings yet
"MY APPS"-Android Application Security Software Using Grid Security Infrastructure (GSI)
Document51 pages
"MY APPS"-Android Application Security Software Using Grid Security Infrastructure (GSI)
Prabu Rajsekar
No ratings yet
Kim Jong Jong-Il and Me. DEFCON 18 Miller Cyberwar
Document85 pages
Kim Jong Jong-Il and Me. DEFCON 18 Miller Cyberwar
Christina Horvath
No ratings yet
Introduction to Internet Security
Document45 pages
Introduction to Internet Security
Karim Ghaddar
No ratings yet
VPN Security Mechanisms
Document11 pages
VPN Security Mechanisms
Baronremora
No ratings yet
PMfirewalls
Document23 pages
PMfirewalls
shakti9667
No ratings yet
Running Head: Security Attack On Systems and Web Servers 1
Document6 pages
Running Head: Security Attack On Systems and Web Servers 1
kim kim
No ratings yet
5 Cisco
Document16 pages
5 Cisco
abhiraj1234
No ratings yet
Dos 4 PDF
Document8 pages
Dos 4 PDF
Sonika
No ratings yet
Byzantine Attack
Document16 pages
Byzantine Attack
shyamala87
No ratings yet
ICT 5301 Lecture5
Document33 pages
ICT 5301 Lecture5
voccubd
No ratings yet
Report Kuno
Document36 pages
Report Kuno
ferdinand mayol
No ratings yet
Chapter 04 - Network Security
Document25 pages
Chapter 04 - Network Security
Jaye 99
No ratings yet
Demystifying Denial of Service Attacks
Document11 pages
Demystifying Denial of Service Attacks
Adarsh Saxena
No ratings yet
Cisco CCNA Security, Chapter 1 Exam. Cisco CCNA Security, Chapter 1 Exam. Cisco CCNA Security, Chapter 1 Exam
Document54 pages
Cisco CCNA Security, Chapter 1 Exam. Cisco CCNA Security, Chapter 1 Exam. Cisco CCNA Security, Chapter 1 Exam
Alexa Jahen
No ratings yet
Mid Term Exam / Fall 2022 Question No 1
Document6 pages
Mid Term Exam / Fall 2022 Question No 1
usama hanif
No ratings yet
CITS1003 6 Vulnerabilities
Document34 pages
CITS1003 6 Vulnerabilities
Phyo Min
No ratings yet
Defending Against Spoofed Ddos Attacks With Path Fingerprint
Document16 pages
Defending Against Spoofed Ddos Attacks With Path Fingerprint
ebilma2
No ratings yet
AS Chapter 7 Additional Cyber Security (Go Through (4-6 Marks Question Preparation) )
Document66 pages
AS Chapter 7 Additional Cyber Security (Go Through (4-6 Marks Question Preparation) )
asheralt3791
No ratings yet
Server Side Web Applications Attacks
Document25 pages
Server Side Web Applications Attacks
Basharat Ali
No ratings yet
Cyber and Network Security Tools
Document19 pages
Cyber and Network Security Tools
ayush
No ratings yet
Security Threat - Exercise
Document6 pages
Security Threat - Exercise
Arya Tresna
No ratings yet
E-Security: A Challenge!
Document17 pages
E-Security: A Challenge!
Sunil Pillai
No ratings yet
IoT Security Challenges Across Perception, Network and Application Layers
Document5 pages
IoT Security Challenges Across Perception, Network and Application Layers
muhammad
No ratings yet
Firewalling Techniques: Prabhaker Mateti
Document23 pages
Firewalling Techniques: Prabhaker Mateti
masxali
No ratings yet
Security in WSN
Document53 pages
Security in WSN
vipanarora
No ratings yet
Symptoms of Dos Attack
Document3 pages
Symptoms of Dos Attack
Deandryn Russell
No ratings yet
Fortiddos 2013 Upb-1
Document33 pages
Fortiddos 2013 Upb-1
jramongv
No ratings yet
Nischita Paudel N4
Document5 pages
Nischita Paudel N4
Nissita Pdl
No ratings yet
Connectivity
Document16 pages
Connectivity
munzeerlubna4
No ratings yet
Wireless Network Security: Partha Dasgupta and Tom Boyd
Document11 pages
Wireless Network Security: Partha Dasgupta and Tom Boyd
Ahmad_wahyu
No ratings yet
HACKING WITH KALI LINUX WIRELESS PENETRATION
From Everand
HACKING WITH KALI LINUX WIRELESS PENETRATION
EDDIE ARNOLD
No ratings yet
CISA EXAM-Testing Concept-Firewall
From Everand
CISA EXAM-Testing Concept-Firewall
Hemang Doshi
Rating: 2.5 out of 5 stars
2.5/5 (2)
The Browser Hacker's Handbook
From Everand
The Browser Hacker's Handbook
Wade Alcorn
No ratings yet
Dns Tcpdump Wireshark
Document3 pages
Dns Tcpdump Wireshark
Shahab Mirzadeh
No ratings yet
Brain Bee Info Booklet
Document60 pages
Brain Bee Info Booklet
jon1262
No ratings yet
Brain Facts
Document71 pages
Brain Facts
David Wang
100% (1)
Active Directory and Pci
Document26 pages
Active Directory and Pci
Shahab Mirzadeh
No ratings yet
A Developer's Guide To Complying With PCI DSS 3.0 Requirement 6
Document10 pages
A Developer's Guide To Complying With PCI DSS 3.0 Requirement 6
ahsan_tps
No ratings yet
Namaz
Document31 pages
Namaz
Shahab Mirzadeh
No ratings yet
2 - Mike Meyer Stein - Smart Cards
Document10 pages
2 - Mike Meyer Stein - Smart Cards
Shahab Mirzadeh
No ratings yet
M2M@ETSI
Document27 pages
M2M@ETSI
Shahab Mirzadeh
No ratings yet
Spot Developers Guide
Document54 pages
Spot Developers Guide
Shahab Mirzadeh
No ratings yet