Transcript ppt
Security
Computer Networks
Spring 2000
John Kristoff
1
What to Protect
Confidentiality
snooping
encryption
Integrity
deletion, changes
backups
Authentication
are who you say you are
Nonrepudiation
no denying it
Access Control
don’t touch that!
Availability
denial of service attacks
Spring 2000
John Kristoff
2
Most Importantly
Protect your reputation
Spring 2000
John Kristoff
3
Good Books
Network Security: PRIVATE
Communication in a PUBLIC World.
Kaufman, Perlman and Speciner.
Cryptography and Network Security:
Principles and Practice. Stallings.
Spring 2000
John Kristoff
4
Where to Put the
Protection?
Spring 2000
John Kristoff
5
Host Based Security
Recall End-to-End Argument
Security is ultimately a host problem
Key idea: protect the DATA
End hosts are in control of data
Users are in control of end hosts
Users can and often will do dumb things
Result: very difficult to protect all hosts
Spring 2000
John Kristoff
6
Network Based Security
Should augment host based security
Useful for
Protecting groups of users from others
Prohibiting certain types of network usage
Controlling traffic flow
Difficult to inspect traffic
encryption can hide bad things
tunneling can mislead you
Spring 2000
John Kristoff
7
Perimeter Security
Boundary between a trusted internal
network and a hostile external network
Spring 2000
John Kristoff
8
Internal Security
Most often ignored
Most likely the problem
Disgruntled employee
Curious, but dangerous employee
Clueless and dangerous employee
Spring 2000
John Kristoff
9
Security by Obscurity
Is no security at all.
However
It’s often best not to advertise unnecessarily
It’s often the only layer used (e.g.
passwords)
Probably need more security
Spring 2000
John Kristoff
10
Layered Defenses
The belt and suspenders approach
Multiple layers make it harder to get
through
Multiple layers take longer to get through
Basic statistics and probability apply
If Defense A stops 90% of all attacks and Defense B stops 90%
of all attacks, you might be able to stop up to 99% of all attacks
Trade-off in time, money and convenience
Spring 2000
John Kristoff
11
Physical Security
Trash bins
Social engineering
It’s much easier to trust a face than a
packet
Protect from the whoops
power
spills
the clumsy
software really can kill hardware
Spring 2000
John Kristoff
12
Packet Filtering Firewalls
Apply rules to incoming/outgoing packets
Based on
Addresses
Protocols
Ports
Application
Other pattern match
Spring 2000
John Kristoff
13
Packet Filtering Firewall
Illustrated
Spring 2000
John Kristoff
14
Example Firewall: ipchains
-A input -s 192.168.0.0/255.255.0.0 -d 0.0.0.0/0.0.0.0 -j DENY
-A input -s 172.0.0.0/255.240.0.0 -d 0.0.0.0/0.0.0.0 -j DENY
-A input -s 10.0.0.0/255.0.0.0 -d 0.0.0.0/0.0.0.0 -j DENY
-A input -s 224.0.0.0/224.0.0.0 -d 0.0.0.0/0.0.0.0 -j DENY
-A input -s 0.0.0.0/0.0.0.0 -d a.b.c.d/255.255.255.255 22:22 -p 6 -j ACCEPT
-A input -s 0.0.0.0/0.0.0.0 -d a.b.c.d/255.255.255.255 1024:65535 -p 6 ! -y -j ACCEPT
Spring 2000
John Kristoff
15
Example Firewall: Cisco
Router Filters
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
Spring 2000
100
100
100
100
100
100
100
100
100
100
100
100
100
100
deny
deny
deny
deny
deny
deny
deny
permit
permit
deny
deny
deny
permit
deny
ip 192.168.0.0 0.0.255.255 any
ip 172.0.0.0 0.15.255.255 any
ip 10.0.0.0 0.255.255.255 any
ip 0.0.0.0 0.255.255.255 any
ip 127.0.0.0 0.255.255.255 any
ip 224.0.0.0 31.255.255.255 any
ip 1.2.0.0 0.0.255.255 any
tcp any host 1.2.3.4 eq domain
udp any host 1.2.3.4 eq domain
tcp any host 1.2.3.5 eq telnet log
tcp any host 1.2.3.6 eq syn log
ip any host 1.2.3.4
ip any 1.2.0.0 0.0.255.255
ip any any
John Kristoff
16
Encryption
Make a readable message unreadable
Math intensive
Plain text versus cipher text
Algorithms and keys
public
private
key size
Spring 2000
John Kristoff
17
Encryption?
#include<stdlib.h>
#include<stdio.h>
main(I,O,O0,OO,l)
int I,O0,OO,l;
char **O;
{
return !!I>=I?!I>=I?!!~I>=~I?!~I>=~I?!OO?!I:OO%2?
OO=main(I,O,O0,OO>>!!OO,l),
OO=main(I-!I-!!I,O,OO,OO,l),
OO=main(I-!I-!!I,O,O0,OO,l),
!(OO-!I||I)?l-1:OO
:(OO=main(I,O,O0,OO>>!!OO,l),
!(OO-l+!I||I)?l-1:main(I-!I-!!I,O,OO,OO,l))
:(O0+OO)%l
:main(I-I/I-I/I,O,O0,OO+OO/OO,
main(0,O,O0,OO,I-I-I)+I+1?1:printf("%d ",I-I-I)+fflush(stdout))
:main(I-I-I-I-I,O,I+I-I+I,I,0)
:main(~!!I-!!I,O,atoi(1[O]),1,atoi(0[O]));
}
Spring 2000
John Kristoff
18
Shared Secret Key
Each party knows a secret
The secret is used to decrypt the cipher
text
Book: Ulysses
Page: 7
Line: 23
Word: 4
Must know the book and keep it a secret
Spring 2000
John Kristoff
19
Shared Secret Key
Illustrated
Spring 2000
John Kristoff
20
Public Key Cryptography
Public Key
Everyone can use it to encrypt messages to
you
Private Key
Only you know this key and only it decrypts
messages encrypted with your public key
Keyring
Spring 2000
John Kristoff
21
Public Key Illustrated
Spring 2000
John Kristoff
22
Denial of Service (DoS)
Prevents or impairs standard service
SYN flooding
SMURF attacks
Distributed Denial of Service (DDoS)
Most effective when source address can
be spoofed
Difficult problem to solve
Spring 2000
John Kristoff
23
Example Denial of Service
Illustrated
Spring 2000
John Kristoff
24
Example Distributed Denial
of Service Illustrated
Spring 2000
John Kristoff
25
Buffer Overflows and Weak
Validation of Input
Key idea: overwriting the something on
the stack
Popular exploits with CGI scripts
Regular users can gain root access
If exploit on TCP/UDP service, remote
root can be accomplished
Spring 2000
John Kristoff
26
Session Hijacking
If you can predict sequence numbers and
spoof the source address, you might be
able to pretend to be one end of the
session. It helps if you can keep one end
of the session busy while you’re hijacking.
Spring 2000
John Kristoff
27
Session Hijacking
Illustrated
Spring 2000
John Kristoff
28
Password Cracking
Very common today
If attacker can get a hold of the password
file, they can go offline and process it
Recall
passwords are a form of obscurity
multiple defenses may be needed
A good password selection strategy
Spring 2000
John Kristoff
29
Viruses and Worms
Programs written with the intent to
spread
Worms are very common today
Often email based (e.g. ILOVEYOU)
Viruses infect other programs
Code copied to other programs (e.g. macros)
All require the code to be executed
Proves users continue to do dumb things
SpringSometimes
2000
John Kristoff
software
is at fault too
30
Example: Securing Routers
!
version 12.0
service tcp-keepalives-in
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
clock timezone cst -6
clock summer-time cdst recurring
no ip source-route
no ip finger
no ip bootp server
!
interface FastEthernet1/0
description backbone router
ip address a.b.c.d 255.255.255.0
ip access-group 100 in
no ip unreachables
no ip directed-broadcast
no cdp enable
Spring 2000
John Kristoff
31
Example: Securing Routers
[continued]
router rip
passive-interface Serial1/0
network a.b.0.0
distribute-list 1 in Serial2/0
logging
logging
logging
logging
logging
history warnings
trap debugging
facility local7
source-interface Loopback0
a.b.c.d
access-list
access-list
access-list
access-list
access-list
Spring 2000
1 deny
any
10 permit a.b.c.0 0.0.0.255
10 deny
any
100 permit tcp a.b.0.0 0.0.255.255 any eq telnet log
100 deny
ip any any log
John Kristoff
32
Example: Securing Routers
[continued]
snmp-server community password RO 10
snmp-server location computing center
snmp-server contact Network Administrator
banner motd^C
This host is to be used by authorized personnel only!^C
!
line vty 0 4
exec-timeout 0 5
access-class 100 in
password 7 823442561E01034A12
login
transport input telnet ssh
!
ntp source Loopback0
ntp server a.b.c.d
end
Spring 2000
John Kristoff
33
Example: Securing UNIX
Remove unnecessary UDP/TCP servers
Startup scripts in /etc/rc.d directories
/etc/inetd.conf
Use secure versions of servers
ssh
tcpwrappers
Many useful tools available
Tripwire, IP Filter, ipchains, lsof, tcpwrappers, etc...
Spring 2000
John Kristoff
34
Example: Securing
Windows
Disable file/printer sharing
Use virus protection software
Keep current on latest service packs
Disable unnecessary protocols
Spring 2000
John Kristoff
35
Network Address
Translation
NAT is a hack!
Provides some level of security, but with a
great deal of cost
If security is the only goal, avoid NAT
NAT has been required for sites with IP
address allocation problems
RSIP may get NAT users back on track
Spring 2000
John Kristoff
36
NAT Illustrated
Spring 2000
John Kristoff
37
Virtual Private Networks
Spring 2000
John Kristoff
38
Key Idea
A session between two endpoints that is
secured from eavesdroppers and all
threats on the network in between,
usually through the use of encryption
technology.
Spring 2000
John Kristoff
39
Why Is This Worthwhile?
Cost, Cost, Cost!
Ability to make use of a public, insecure
network, rather than building your own
private, secure network
Spring 2000
John Kristoff
40
Challenges
Increased overhead
Complexity
Performance
Quality
Management
Spring 2000
John Kristoff
41
Oh, and One More Thing
Spring 2000
John Kristoff
42
Some Terms/Technology
Thrown Around with VPNs
IPsec
PPP/PPTP/L2TP/L2F
CHAP, PAP
Encapsulation
Tunneling
AAA
RADIUS/TACACS/TACACS+
Firewalls
Spring 2000
John Kristoff
43
Security Tools
ssh
TripWire
tcpwrappers
IP Filter, ipchains
nmap
tcpdump, windump
syslog
ntp
Spring 2000
snort
logcheck, swatch
crack, l0pftcrack
kerberos
PGP
kerberos
S/MIME
SSL
John Kristoff
44
Final Thoughts
Network Address Translation
Think about long term implications
Security as a end-to-end problem
Java, Javascript and ActiveX
Certificates
Intrusion Detection
Spring 2000
John Kristoff
45