Transcript Lecture 9
Security and Networks Advanced Network Security Peter Reiher August, 2014 Advanced Network Security Lecture 9 Page 1 Outline • Network characteristics that affect security • Threats to network security Advanced Network Security Lecture 9 Page 2 Some Important Network Characteristics for Security • Degree of locality • Media used • Protocols used Advanced Network Security Lecture 9 Page 3 Degree of Locality • Some networks are very local – E.g., an Ethernet – Benefits from: • Physical locality • Small number of users and machines • Common goals and interests • Other networks are very non-local – E.g., the Internet backbone – Many users/sites share bandwidth Advanced Network Security Lecture 9 Page 4 Network Media • Some networks are wires, cables, or over telephone lines – Can be physically protected • Other networks are satellite links or other radio links – Physical protection possibilities more limited Advanced Network Security Lecture 9 Page 5 Protocol Types • TCP/IP is the most used – But it only specifies some common intermediate levels – Other protocols exist above and below it • In places, other protocols replace TCP/IP • And there are lots of supporting protocols – Routing protocols, naming and directory protocols, network management protocols – And security protocols (IPSec, ssh, ssl) Advanced Network Security Lecture 9 Page 6 Implications of Protocol Type • The protocol defines a set of rules that will always be followed – But usually not quite complete – And they assume everyone is at least trying to play by the rules – What if they don’t? • Specific attacks exist against specific protocols Advanced Network Security Lecture 9 Page 7 Threats To Networks • Wiretapping • Impersonation • Attacks on message – Confidentiality – Integrity • Denial of service attacks Advanced Network Security Lecture 9 Page 8 Wiretapping • Passive wiretapping is listening in illicitly on conversations • Active wiretapping is injecting traffic illicitly • Packet sniffers can listen to all traffic on a broadcast medium – Ethernet or 802.11, e.g. Advanced Network Security Lecture 9 Page 9 Requirements for Wiretapping • The wiretapper must get access to the network data • Either by listening on one of the network links (or routers, switches, etc.) • Or by rerouting the data through something he controls • Wiretapping on wireless often just a matter of putting up an antenna – If you are in the right physical place Advanced Network Security Lecture 9 Page 10 Impersonation • A packet comes in over the network – With some source indicated in its header • Often, the action to be taken with the packet depends on the source • But attackers may be able to create packets with false sources Advanced Network Security Lecture 9 Page 11 Levels of Impersonation • Layered protocols imply multiple identities for a packet – Its incoming link – Its original source node – The connection it is part of – The user who sent it • Different techniques used to authenticate each layer Advanced Network Security Lecture 9 Page 12 Link Authentication • Usually trivial • Receiving machine gets reliable local information about what interface got it • That interface is usually connected to one link • Nearly impossible to fake • Though wireless “links” are not very exclusive Advanced Network Security Lecture 9 Page 13 Source Node Authentication • IP packets contain source node identity – In typical IP, it’s not authenticated – Attacker can fill in any address he wants – Commonly called IP spoofing – The Internet doesn’t check • No authentication information typically tied to an IP address Advanced Network Security Lecture 9 Page 14 Connection Authentication • Depends on protocol • Typical TCP connections not formally authenticated – Some weak authentication possible – E.g., evidence that sender saw the last response packet • Other protocols can be better (TLS) or worse (UDP) Advanced Network Security Lecture 9 Page 15 User Authentication • Authenticated the session/user/application layers • Usually done cryptographically • Most commonly leveraging PK – But only for setup – Proper use of ongoing symmetric crypto regarded as later authentication – I.e., if I know the right symmetric key, I must have the right private key, too Advanced Network Security Lecture 9 Page 16 Violations of Message Confidentiality • Other problems can cause messages to be inappropriately divulged • Misdelivery can send a message to the wrong place – Clever attackers can make it happen • Message can be read at an intermediate gateway or a router • Sometimes an intruder can get useful information just by traffic analysis Advanced Network Security Lecture 9 Page 17 Message Integrity • Even if the attacker can’t create the packets he wants, sometimes he can alter proper packets • To change the effect of what they will do • Typically requires access to part of the path message takes Advanced Network Security Lecture 9 Page 18 Denial of Service • Attacks that prevent legitimate users from doing their work • By flooding the network • Or corrupting routing tables • Or flooding routers • Or destroying key packets Advanced Network Security Lecture 9 Page 19 How Do Denial of Service Attacks Occur? • Basically, the attacker injects some form of traffic • Most current networks aren’t built to throttle uncooperative parties very well • All-inclusive nature of the Internet makes basic access trivial • Universality of IP makes reaching most of the network easy Advanced Network Security Lecture 9 Page 20 Basic Defensive Mechanisms • • • • • Cryptography Filtering Rate limits Padding Routing control Advanced Network Security Lecture 9 Page 21 Cryptography • Obvious values in maintaining message confidentiality • Also value for integrity and authentication • Some limitations based on performance costs • We’ll discuss this in more detail later Advanced Network Security Lecture 9 Page 22 Filtering • Selectively dropping some packets • Either to get rid of stuff that is likely to cause problems • Or to reduce the overall rate of traffic flowing through a point • Basic approach – examine each packet and drop those with some characteristic Advanced Network Security Lecture 9 Page 23 What Do We Filter On? • Packet header information – Like source or destination address – Or protocol • Packet content signatures – Requires deep packet inspection • Key issue with filtering is speed • Fast filtering usually limited in sophistication Advanced Network Security Lecture 9 Page 24 Where Do You Filter? • Near edges of the network, typically – E.g., firewalls – Many practical limits on what can be done here • Typically little or no filtering is done by core routers – Packets being handled too fast – Backbone providers don’t want to filter – Damage great if you screw it up Advanced Network Security Lecture 9 Page 25 Rate Limits • Many routers can place limits on the traffic they send to a destination • Ensuring that the destination isn’t overloaded – Popular for denial of service defenses • Limits can be defined somewhat flexibly • Related approaches: – Priority queuing – Traffic shaping Advanced Network Security Lecture 9 Page 26 Shortcomings of Rate Limits • Rate limiting does not imply intelligence in what gets dropped • At the speeds it’s working at, not really possible • Rate limits based on IP addresses can be cheated on by spoofing Advanced Network Security Lecture 9 Page 27 Padding • Sometimes you don’t want intruders to know what your traffic characteristics are • Padding adds extra traffic to hide the real stuff • Fake traffic must look like real traffic – Usually means encrypt it all • Must be done carefully, or clever attackers can tell the good stuff from the noise Advanced Network Security Lecture 9 Page 28 Routing Control • Use ability to route messages to obtain security effects • Route questionable messages to defensive sites • Don’t route sensitive messages through “unsafe” parts of the network Advanced Network Security Lecture 9 Page 29 Routing Control For Privacy • Use ability to control message routing to conceal the traffic in the network • Used in onion routing to hide who is sending traffic to whom – For anonymization purposes • Routing control also used in some network defense – To hide real location of a machine – E.g., SOS DDoS defense system Advanced Network Security Lecture 9 Page 30