Transcript ppt

Computer Networks
Security
Autumn 2000
John Kristoff
1
Internet/Telco Comparison
Ñ
Telephone System
Ñ central authority
Ñ network in control
Ñ billing records per
connection
Ñ legal issues well
understood
Ñ provisions for law
enforcement
(wiretapping)
Autumn 2000
Ñ
Internet
Ñ no central authority
Ñ end systems in control
Ñ no central knowledge
of connections
Ñ no per-packet billing
Ñ legal issues not well
understood
Ñ anonymity is easy
John Kristoff
2
Internet Security Stinks
Ñ Hosts are hard to secure
Ñ Bad defaults
Ñ Poor software
Ñ Fixes rarely applied
Ñ Average user/administrator is clueless
Ñ An overly secure system is not useful
Ñ It’s difficult to coordinate among sites
Autumn 2000
John Kristoff
3
What to Protect
Ñ Confidentiality
Ñ snooping
Ñ encryption
Ñ Integrity
Ñ deletion, changes
Ñ backups
Ñ Availability
Ñ denial of service attacks
Autumn 2000
Ñ Authentication
Ñ are who you say you are
Ñ Nonrepudiation
Ñ no denying it
Ñ Access Control
Ñ don’t touch that!
Ñ Reputation
Ñ Ensure your good name
John Kristoff
4
Where to Put the
Protection?
Autumn 2000
John Kristoff
5
Physical Security
Ñ Trash bins
Ñ Social engineering
Ñ It’s much easier to trust a face than a
packet
Ñ Protect from the whoops
Ñ
Ñ
Ñ
Ñ
power
spills
the clumsy
software really can kill hardware
Autumn 2000
John Kristoff
6
Host Based Security
Ñ Recall End-to-End Argument
Ñ Security is ultimately a host problem
Ñ Key idea: protect the DATA
Ñ End hosts are in control of data
Ñ Users are in control of end hosts
Ñ Users can and often will do dumb things
Ñ Result: very difficult to protect all hosts
Autumn 2000
John Kristoff
7
Internal Security
Ñ Most often ignored
Ñ Most likely the problem
Ñ Disgruntled employee
Ñ Curious, but dangerous employee
Ñ Clueless and dangerous employee
Autumn 2000
John Kristoff
8
Security by Obscurity
Ñ Is no security at all.
Ñ However
ÑIt’s often best not to advertise unnecessarily
ÑIt’s often the only layer used (e.g. passwords)
Ñ Probably need more security
Autumn 2000
John Kristoff
9
Network Based Security
Ñ Should augment host based security
Ñ Useful for
Ñ Protecting groups of users from others
Ñ Prohibiting certain types of network usage
Ñ Controlling traffic flow
Ñ Difficult to inspect traffic
Ñ encryption can hide bad things
Ñ tunneling can mislead you
Good book: Network Security: PRIVATE Communication in a PUBLIC World. Kaufman, Perlman and Speciner.
Autumn 2000
John Kristoff
10
Layered Defenses
Ñ The belt and suspenders approach
Ñ Multiple layers make it harder to get
through
Ñ Multiple layers take longer to get through
Ñ Basic statistics and probability apply
Ñ If Defense A stops 90% of all attacks and Defense B stops 90%
of all attacks, you might be able to stop up to 99% of all attacks
Ñ Trade-off in time, money and convenience
Autumn 2000
John Kristoff
11
Perimeter Security
Ñ Boundary between a trusted internal
network and a hostile external network
Autumn 2000
John Kristoff
12
Firewall Solutions
Ñ They help, but not a panacea
Ñ A network response to a host problem
ÑPacket by packet examination is tough
Ñ Don’t forget internal users
Ñ Need well defined borders
Ñ Can be a false sense of security
Ñ Careful not to break standard protocol
mechanisms!
Autumn 2000
John Kristoff
13
Packet Filtering Firewalls
Ñ Apply rules to incoming/outgoing packets
Ñ Based on
ÑAddresses
ÑProtocols
ÑPorts
ÑApplication
ÑOther pattern match
Autumn 2000
John Kristoff
14
Packet Filtering Firewall
Illustrated
Autumn 2000
John Kristoff
15
Screened Subnet
Autumn 2000
John Kristoff
16
Example Firewall: ipchains
-A input -s 192.168.0.0/255.255.0.0 -d 0.0.0.0/0.0.0.0 -j DENY
-A input -s 172.0.0.0/255.240.0.0 -d 0.0.0.0/0.0.0.0 -j DENY
-A input -s 10.0.0.0/255.0.0.0 -d 0.0.0.0/0.0.0.0 -j DENY
-A input -s 224.0.0.0/224.0.0.0 -d 0.0.0.0/0.0.0.0 -j DENY
-A input -s 0.0.0.0/0.0.0.0 -d a.b.c.d/255.255.255.255 22:22 -p 6 -j ACCEPT
-A input -s 0.0.0.0/0.0.0.0 -d a.b.c.d/255.255.255.255 1024:65535 -p 6 ! -y -j ACCEPT
Autumn 2000
John Kristoff
17
Example Firewall: Cisco
Router Filters
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
access-list
Autumn 2000
100
100
100
100
100
100
100
100
100
100
100
100
100
100
deny
deny
deny
deny
deny
deny
deny
permit
permit
deny
deny
deny
permit
deny
ip 192.168.0.0 0.0.255.255 any
ip 172.0.0.0 0.15.255.255 any
ip 10.0.0.0 0.255.255.255 any
ip 0.0.0.0 0.255.255.255 any
ip 127.0.0.0 0.255.255.255 any
ip 224.0.0.0 31.255.255.255 any
ip 1.2.0.0 0.0.255.255 any
tcp any host 1.2.3.4 eq domain
udp any host 1.2.3.4 eq domain
tcp any host 1.2.3.5 eq telnet log
tcp any host 1.2.3.6 eq syn log
ip any host 1.2.3.4
ip any 1.2.0.0 0.0.255.255
ip any any
John Kristoff
18
Application Level Gateway
Autumn 2000
John Kristoff
19
Encryption
Ñ Make a readable message unreadable
Ñ Math intensive
Ñ Plain text versus cipher text
Ñ Algorithms and keys
Ñpublic
Ñprivate
Ñkey size
Autumn 2000
John Kristoff
20
Shared Secret Key
Ñ Each party knows a secret
Ñ The secret is used to decrypt the cipher
text
ÑBook: Ulysses
ÑPage: 7
ÑLine: 23
ÑWord: 4
Ñ Must know the book and keep it a secret
Autumn 2000
John Kristoff
21
Shared Secret Key
Illustrated
Autumn 2000
John Kristoff
22
Public Key Cryptography
Ñ Public Key
ÑEveryone can use it to encrypt messages to
you
Ñ Private Key
ÑOnly you know this key and only it decrypts
messages encrypted with your public key
Ñ Keyring
Autumn 2000
John Kristoff
23
Public Key Illustrated
Autumn 2000
John Kristoff
24
Exploits Overview
Ñ Passwords
Ñ hacking and sniffing
Ñ System specific
Ñ NT, UNIX, NetWare, Linux
Ñ Application specific
Ñ web browser, ftp, email, finger
Ñ Protocol specific
Ñ spoofing, TCP hijacking, ICMP redirects, DNS
Ñ Denial of Service
Ñ PING of death, trinoo, tribe flood
Autumn 2000
John Kristoff
25
The Process
Ñ Reconnaissance
Ñ Scanning
Ñ Exploit Systems
Ñ Keep access with backdoors/trojans
Ñ Use system
ÑOften as a springboard
Ñ Cover any tracks
Autumn 2000
John Kristoff
26
Buffer Overflows and Weak
Validation of Input
Ñ Key idea: overwriting the something on
the stack
Ñ Popular exploits with CGI scripts
Ñ Format strings
Ñ Regular users can gain root access
Ñ If exploit on TCP/UDP service, remote
root can be accomplished
Autumn 2000
John Kristoff
27
Network Mapping
Ñ
Ñ
PING
DNS mapping (don’t need zone transfer)
Ñ dig +pfset=0x2020 -x 10.x.x.x
Ñ
Ñ
rpcinfo -p <hostname>
nmap <http://www.insecure.org/nmap/>
Ñ very nice!
Ñ
Microsoft Windows is NOT immune
Ñ nbtstat, net commands
Ñ
Just look around the ‘net!
Autumn 2000
John Kristoff
28
Session Hijacking
If you can predict sequence numbers and
spoof the source address, you might be
able to pretend to be one end of the
session. It helps if you can keep one end
of the session busy while you’re hijacking.
Autumn 2000
John Kristoff
29
Session Hijacking
Illustrated
Autumn 2000
John Kristoff
30
Password Cracking
Ñ Very common today
Ñ If attacker can get a hold of the password
file, they can go offline and process it
Ñ Recall
Ñpasswords are a form of obscurity
Ñmultiple defenses may be needed
Ñ Given enough time, passwords alone are
probably not safe
Autumn 2000
John Kristoff
31
Viruses and Worms
Ñ Programs written with the intent to spread
Ñ Worms are very common today
ÑOften email based (e.g. ILOVEYOU)
Ñ Viruses infect other programs
ÑCode copied to other programs (e.g. macros)
Ñ All require the code to be executed
ÑProves users continue to do dumb things
ÑSometimes software is at fault too
Autumn 2000
John Kristoff
32
Denial of Service (DoS)
Ñ Prevents or impairs standard service
Ñ SYN flooding
Ñ SMURF attacks
Ñ Distributed Denial of Service (DDoS)
Ñ Most effective when source address can
be spoofed
Ñ Difficult to differeniate between valid
traffic
Autumn 2000
John Kristoff
33
Example Denial of Service
Illustrated
Autumn 2000
John Kristoff
34
Example Distributed Denial
of Service Illustrated
Autumn 2000
John Kristoff
35
DoS Solutions
Ñ Ingress/Egress filtering
Ñ ICMP Traceback
Ñ Packet Marking
Ñ Rate-limiting
Ñ Difficult to solve completely!
Autumn 2000
John Kristoff
36
Network Address
Translation
Ñ Removes end-to-end addressing
Ñ Standardized in RFC 1918
Ñ NAT has been bad for the Internet
Ñ Provides relatively no security with a great
deal of cost - this slide shouldn't be here
Ñ NAT has been required for sites with IP
address allocation problems
Ñ NAT may be used for IPv6 transition
Autumn 2000
John Kristoff
37
NAT Illustrated
Autumn 2000
John Kristoff
38
Virtual Private Networks
Autumn 2000
John Kristoff
39
Key Idea
A session between two endpoints that is
secured from eavesdroppers and all
threats on the network in between,
usually through the use of encryption
technology.
Autumn 2000
John Kristoff
40
Why Is This Worthwhile?
Ñ Cost, Cost, Cost!
ÑAbility to make use of a public, insecure
network, rather than building your own
private, secure network
Autumn 2000
John Kristoff
41
Challenges
Ñ Increased overhead
Ñ Complexity
Ñ Performance
Ñ Quality
Ñ Management
Autumn 2000
John Kristoff
42
Oh, and One More Thing
Autumn 2000
John Kristoff
43
Other Areas of Interest
Ñ IP multicast
Ñ Routing protocols
Ñ Privacy issues
Ñ IPsec
Ñ Intrusion Detection Systems (IDS)
Autumn 2000
John Kristoff
44
References
bugtraq mailing list (see http://www.securityfocus.com)
http://www.cert.org
http://www.cerias.purdue.edu
http://www.first.org
http://packetstorm.securify.com
http://www.research.att.com/~smb/
http://cm.bell-labs.com/who/ches/
http://www.denialinfo.com
http://www.cs.georgetown.edu/~denning/
http://www.washington.edu/People/dad/
http://www.sans.org
http://theory.lcs.mit.edu/~rivest/
http://networks.depaul.edu/security/
Autumn 2000
John Kristoff
45