Transcript Chapter8
Firewalls
firewall
isolates organization’s internal net from larger
Internet, allowing some packets to pass,
blocking others.
public
Internet
administered
network
firewall
Network Security
7-1
Firewalls: Why
Prevent denial of service attacks:
Denial-of-Service (DoS) attack:
• Send many fake requests to congest link or consume
server resource (CPU, memory)
SYN flooding:
• attacker sends many SYNs to victim; victim has to
allocate connection resource; victim has no resource
left for real connection requests any more.
• Usually with spoofed source IP address
Prevent illegal modification/access of internal data.
e.g., attacker replaces CIA’s homepage with
something else
Network Security
7-2
Firewalls: Why
Allow only authorized access to inside network
Set of authenticated users
Set of authorized IP addresses
Two types of firewalls:
application-level
• Checking application level data
packet-filtering
• Checking TCP or IP packets only
Network Security
7-3
Packet Filtering
Should arriving
packet be allowed
in? Departing packet
let out?
internal network connected to Internet via
router firewall
router filters packet-by-packet, decision to
forward/drop packet based on:
source IP address, destination IP address
TCP/UDP source and destination port numbers
ICMP message type
TCP SYN and ACK bits
Network Security
7-4
Packet Filtering
Example 1: block incoming and outgoing
datagrams with IP protocol field = 17 and with
either source or dest port = 23.
All incoming and outgoing UDP flows and telnet
connections are blocked.
Example 2: Block inbound TCP segments with
SYN=1.
Prevents external clients from making TCP
connections with internal clients, but allows
internal clients to connect to outside.
Example of Windows XP
service pack 2 firewall
(control panelsecurity centerwindows firewall)
Network Security
7-5
Stateless packet filtering: more examples
Policy
Firewall Setting
No outside Web access.
Drop all outgoing packets to any IP
address, port 80, 443
No incoming TCP connections,
except those for institution’s
public Web server
130.207.244.203 only.
Drop all incoming TCP SYN packets to
any IP except 130.207.244.203, port
80,443
Prevent Web-radios (UDP based)
from eating up the available
bandwidth.
Drop all incoming UDP packets - except
DNS and router broadcasts.
Prevent your network from being
used for a smurf DoS attack.
Drop all ICMP packets going to a
“broadcast” address (eg
130.207.255.255).
Prevent your network from being
tracerouted
Drop all outgoing ICMP TTL expired
traffic
Network Security
7-6
A Real Example: Lab setup when I
was a PhD student
DMZ
Gateway: a cheap Linux machine runs Iptables
Web server: Linux machine runs Apache web server
Main server: Linux machine runs SSH, Sendmail
(SMTP and IMAPS)
Allow a specific machine outside to print to main
server’s printer
Network Security
7-7
DMZ
Traffic Allowance Policy:
(1). Internet ==> LAN
To Main Server: SSH, SMTP,IMAP+SSL, LPD request from a
trusted IP.
(2). Internet ==> DMZ Web Server ---- SSH, Web request.
(3). Internet ==> Gateway ---- SSH only (for admin)
(4). DMZ Web Server==> LAN, Internet
SSH to Internet and only to Main Server in LAN;
DNS request; WWW/FTP request to Internet.
(5). LAN ==> Internet, DMZ WebServer ---- SSH, DNS,
WWW/FTP, SMTP, RealPlay.
Network Security
7-8
DMZ
HTTP forwarding from Internet to DMZ web server (port 80)
iptables -t nat -A PREROUTING -p tcp --sport
$UNPRIVPORTS -d $out.IP --dport 80 -j DNAT --todestination $DMZ_SERVER
iptables -A FORWARD -o $eth2 -p tcp --sport
$UNPRIVPORTS -d $DMZ_SERVER --dport 80 -m state -state NEW -j ACCEPT
SMTP from internal mail server to external Mail Server
iptables -A FORWARD -i $eth1 -o $eth0 -p tcp -s $LAN_MAINSERVER -sport $UNPRIVPORTS --dport 25 -m state --state NEW -j ACCEPT
Allow Telnet to outside from LAN
iptables -A FORWARD -i $LAN_IF -o $EXT_IF -p tcp --sport
$UNPRIVPORTS --dport 23 -m state --state NEW -j ACCEPT
Network Security
7-9
Application gateways
Filters packets on
gateway-to-remote
host telnet session
host-to-gateway
telnet session
application data as well
as on IP/TCP/UDP fields.
Example: allow select
internal users to telnet
outside.
application
gateway
router and filter
1. Require all telnet users to telnet through gateway.
2. For authorized users, gateway sets up telnet connection to
dest host. Gateway relays data between 2 connections
3. Router filter blocks all telnet connections not originating
from gateway.
Example: block user access to know porn websites
Check if the Web URL is in a “black-list”
Network Security 7-10
Let me demonstrate how a real
wireless router provides:
NAT
Access
Control, security
Firewall
Network Security
7-11
Limitations of firewalls and gateways
IP spoofing: router can’t
know if data “really”
comes from claimed
source
SYN flood attack
UDP traffic
client software must
know how to contact
application gateway.
e.g., must set IP address
of proxy in Web browser
Speed constraint on
high-bandwidth link
Application-level firewall is
time consuming
filters often use all or
nothing policy for UDP
Usually most incoming UDP
ports are blocked
The trouble caused to
real-time Internet video
Network Security 7-12
Limitations of firewalls and gateways
tradeoff: degree of communication with
outside world, level of security
Trend --- remote office
Blurred boundary between inside <-> outside
Employee laptop threat
many highly protected sites still suffer
from attacks
Network Security 7-13
Internet security threats
Mapping:
before attacking: “case the joint” – find out
what services are implemented on network
Use ping to determine what hosts have
addresses on network
Port-scanning: try to establish TCP connection
to each port in sequence (see what happens)
nmap (http://www.insecure.org/nmap/) mapper:
“network exploration and security auditing”
Countermeasures?
Network Security 7-14
Internet security threats
Mapping: countermeasures
record traffic entering network
look for suspicious activity (IP addresses, pots
being scanned sequentially)
Firewall to block incoming TCP/SYN to ports or
computers not providing the services
Block ping traffic
Network Security 7-15
Internet security threats
Packet sniffing:
broadcast media
promiscuous NIC reads all packets passing by
can read all unencrypted data (e.g. passwords)
e.g.: C sniffs B’s packets
C
A
src:B dest:A
payload
B
Countermeasures?
Network Security 7-16
Internet security threats
Packet sniffing: countermeasures
all hosts in orgnization run software that
checks periodically if host interface in
promiscuous mode.
one host per segment of broadcast media
(switched Ethernet at hub)
C
A
src:B dest:A
payload
B
Network Security 7-17
Internet security threats
IP Spoofing:
can generate “raw” IP packets directly from
application, putting any value into IP source
address field
receiver can’t tell if source is spoofed
e.g.: C pretends to be B
C
A
src:B dest:A
Countermeasures?
payload
B
Network Security 7-18
Internet security threats
IP Spoofing: ingress filtering
routers should not forward outgoing packets
with invalid source addresses (e.g., datagram
source address not in router’s network)
great, but ingress filtering can not be mandated
for all networks
C
A
src:B dest:A
payload
B
Network Security 7-19
Internet security threats
Denial of service (DOS):
flood of maliciously generated packets “swamp”
receiver
Distributed DOS (DDOS): multiple coordinated
sources swamp receiver
e.g., C and remote host SYN-attack A
C
A
SYN
SYN
SYN
SYN
SYN
B
Countermeasures?
SYN
SYN
Network Security 7-20
Internet security threats
Denial of service (DOS): countermeasures
filter out flooded packets (e.g., SYN) before
reaaching host
• Cooperation with source routers
• Detect spoofed SYN based on TTL values
traceback to source of floods (most likely an
innocent, compromised machine)
C
A
SYN
SYN
SYN
SYN
SYN
B
SYN
SYN
Network Security 7-21
Secure e-mail
Assumption: Public keys are pre-distributed securely
E.g: through CA, or pre-established like SSH
Alice wants to send confidential e-mail, m, to Bob.
KS
m
.
KS( )
KS(m )
+
KS
Alice:
+
.
K B( )
+
Internet
+
KB(KS )
KB
generates random symmetric private key, KS.
encrypts message with KS (for efficiency)
also encrypts KS with Bob’s public key.
sends both KS(m) and K+B(KS) to Bob.
Network Security 7-22
Secure e-mail
Alice wants to send confidential e-mail, m, to Bob.
KS
m
K (.)
S
+
KS
+
.
K B( )
+
KS(m )
KS(m )
+
KB(KS )
.
KS( )
-
Internet
+
KB(KS )
KB
m
KS
-
.
K B( )
-
KB
Bob:
uses his private key to decrypt and recover KS
uses KS to decrypt KS(m) to recover m
Network Security 7-23
Secure e-mail (continued)
• Alice wants to provide sender authentication
message integrity.
+
-
KA
m
H(.)
-
.
KA( )
-
-
KA(H(m))
KA(H(m))
+
Internet
m
KA
+
.
KA( )
m
H(m )
compare
.
H( )
H(m )
• Alice digitally signs message.
• sends both message (in the clear) and digital signature.
Network Security 7-24
Secure e-mail (continued)
• Alice wants to provide secrecy, sender authentication,
message integrity.
-
KA
m
.
H( )
-
.
KA( )
-
KA(H(m))
+
KS
.
KS( )
+
m
KS
+
.
K B( )
+
Internet
+
KB(KS )
KB
Alice uses three keys: her private key, Bob’s public
key, newly created symmetric key
Network Security 7-25
Pretty good privacy (PGP)
Internet e-mail encryption
scheme, de-facto standard.
uses symmetric key
cryptography, public key
cryptography, hash
function, and digital
signature as described.
provides secrecy, sender
authentication, integrity.
inventor, Phil Zimmerman,
was target of 3-year
federal investigation.
A PGP signed message:
---BEGIN PGP SIGNED MESSAGE--Hash: SHA1
Bob:My husband is out of town
tonight.Passionately yours,
Alice
---BEGIN PGP SIGNATURE--Version: PGP 5.0
Charset: noconv
yhHJRHhGJGhgg/12EpJ+lo8gE4vB3mqJ
hFEvZP9t6n7G6m5Gw2
---END PGP SIGNATURE---
Network Security 7-26
Secure sockets layer (SSL)
provides transport layer security to any TCP-based
application using SSL services.
e.g., between Web browsers, servers for e-commerce (shttp)
security services:
server authentication, data encryption, client authentication
(optional)
Application
TCP
socket
Application
TCP
SSL sublayer
TCP
IP
IP
TCP API
SSL
socket
TCP enhanced with SSL
Network Security 7-27
Secure sockets layer (SSL)
transport layer
security to any TCPbased app using SSL
services.
used between Web
browsers, servers for
e-commerce (shttp).
security services:
server authentication
data encryption
client authentication
(optional)
server authentication:
SSL-enabled browser
includes public keys for
trusted CAs.
Browser requests
server certificate,
issued by trusted CA.
Browser uses CA’s
public key to extract
server’s public key from
certificate.
check your browser’s
security menu to see
its trusted CAs.
Network Security 7-28
SSL (continued)
Encrypted SSL session:
Browser generates
symmetric session key,
encrypts it with server’s
public key, sends
encrypted key to server.
Using private key, server
decrypts session key.
Browser, server know
session key
All data sent into TCP
socket (by client or server)
encrypted with session key.
SSL: basis of IETF
Transport Layer
Security (TLS).
SSL can be used for
non-Web applications,
e.g., IMAP.
Client authentication
can be done with client
certificates.
Not widely used since
too many clients
Network Security 7-29
SSL: three phases
1. Handshake:
Bob establishes TCP
connection to Alice
authenticates Alice
via CA signed
certificate
creates, encrypts
(using Alice’s public
key), sends master
secret key to Alice
nonce exchange not
shown
create
Master
Secret
(MS)
decrypt using
KAto get MS
Network Security 7-30
SSL: three phases
2. Key Derivation:
Alice, Bob use shared secret (MS) to generate 4
keys:
EB: Bob->Alice data encryption key
EA: Alice->Bob data encryption key
MB: Bob->Alice MAC key
MA: Alice->Bob MAC key
encryption and MAC algorithms negotiable between
Bob, Alice
why 4 keys?
Different keys by each person
Different keys for encryption and integrity checking
Network Security 7-31
SSL: three phases
3. Data transfer
TCP byte stream
block n bytes together
b1b2b3 … bn
d
.
MB
H( )
d
H(d)
.
H( )
SSL record
format
Type Ver Len
d
H(d)
d
H(d)
EB
SSL
seq. #
compute
MAC
encrypt d,
MAC, SSL
seq. #
(why ssl#?)
unencrypted encrypted using EB
Network Security 7-32
IPsec: Network Layer Security
network-layer secrecy:
sending host encrypts the
data in IP datagram
TCP and UDP segments;
ICMP and SNMP
messages.
network-layer authentication
destination host can
authenticate source IP
address
two principal protocols:
authentication header
(AH) protocol
encapsulation security
payload (ESP) protocol
for both AH and ESP, source,
destination handshake:
create network-layer
logical channel called a
security association (SA)
each SA unidirectional.
uniquely determined by:
security protocol (AH or
ESP)
source IP address
32-bit connection ID
Network Security 7-33
Authentication Header (AH) Protocol
provides source
authentication, data
integrity, no
confidentiality
AH header inserted
between IP header,
data field.
protocol field: 51
intermediate routers
process datagrams as
usual
IP header
AH header
AH header includes:
connection identifier
authentication data:
source- signed message
digest calculated over
original IP datagram.
next header field:
specifies type of data
(e.g., TCP, UDP, ICMP)
data (e.g., TCP, UDP segment)
Network Security 7-34
IEEE 802.11 security
Packet sniffing is unavoidable
War-driving: drive around Bay area, see what 802.11 networks
available?
More than 9000 accessible from public roadways
85% use no encryption/authentication
packet-sniffing and various attacks easy!
Wired Equivalent Privacy (WEP): authentication as in protocol
ap4.0 (require shared symmetric key)
host requests authentication from access point
access point sends 128 bit nonce
host encrypts nonce using shared symmetric key
access point decrypts nonce, authenticates host
Network Security 7-35
IEEE 802.11 security
Wired Equivalent Privacy (WEP): data encryption
Host/AP share 40 bit symmetric key (semipermanent)
Host appends 24-bit initialization vector (IV) to
create 64-bit key
• IV is equivalent to a “nonce”
64 bit key used to generate stream of keys, kiIV
(using RC4 stream cipher)
IV
ki used to encrypt i-th byte, di, in frame:
ci = di XOR kiIV
IV and encrypted bytes, ci sent in frame
Network Security 7-36
802.11 WEP encryption
IV
(per frame)
KS: 40-bit
secret
symmetric
key
plaintext
frame data
plus CRC
key sequence generator
( for given KS, IV)
k1IV k2IV k3IV … kNIV kN+1IV… kN+1IV
d1
d2
d3 …
dN
CRC1 … CRC4
c1
c2
c3 …
cN
cN+1 … cN+4
802.11
IV
header
WEP-encrypted data
plus CRC
Figure 7.8-new1:
802.11encryption
WEP protocol
Sender-side
WEP
Network Security 7-37
802.11 WEP Security Concern
40 bits in encryption is too short
RC4 is not properly used in 802.11
A more secure protocol is just
standardized, 802.11i
Network Security 7-38
Breaking 802.11 WEP encryption
security hole:
24-bit IV, one IV per frame, -> IV’s eventually reused
IV transmitted in plaintext -> IV reuse detected
attack:
Trudy causes Alice to encrypt known plaintext d1 d2
d3 d4 …
IV
Trudy sees: ci = di XOR ki
Trudy knows ci di, so can compute kiIV
IV
IV
IV
Trudy knows encrypting key sequence k1 k2 k3 …
Next time IV is used, Trudy can decrypt!
Network Security 7-39
Network Security (summary)
Basic techniques…...
cryptography (symmetric and public)
authentication
message integrity
key distribution
…. used in many different security scenarios
secure email
secure transport (SSL)
IP sec
802.11 security
Network Security 7-40