Transcript what are the three "core/key skills"?

COMP3123
Internet Security
Richard Henson
University of Worcester
November 2010
Week 7: Communications:
Securing LAN–LAN data using
VPNs and secure protocols

Objectives:
 Relate Internet security problems to the TCP/IP
protocol stack
 Explain Internet security solutions that use the
principles of a VPN
 Explain Internet security solutions at OSI levels
above IP routing
Security and the OSI layers


Actually 7 layers in original OSI model…
Unix TCP/IP leaves out level 1 (physical) level
2 (data link), and level 5 (session)
TELNET
FTP
SMTP
NFS
TCP (transport)
DNS
UDP
IP (network)
SNMP
TCP/IP and the Seven Layers
screen

 lower layers are required to interface
with IP to create/convert electrical
signals
 upper layers interface with TCP to
produce the screen display
TCP
IP

hardware
TCP (Transport Control Protocol)
and IP (Internet Protocol) only
make up part (layers 3 & 4) of the
seven layers
Each layer interface represents
a potential security problem…
Intranets

Definition:
 An in-house Web site that serves the employees
of the enterprise. Although intranet pages may
link to the Internet, an intranet is not a site
accessed by the general public.


Achieved by organisations using http to
share data in a www-compatible format
Implemented as:
 single LAN with a web server
 several interconnected LANs
» cover a larger geographic area
» use secure user authentication
» use secure data transmission system
Extranets

Definition:
 organisational web sites for employees and existing
customers rather than the general public

An extension of the Intranet to cover selected trusted
“links”
 e.g. for an organisation the “trusted” links might be to
customers and business partners
 uses the public Internet as its transmission system, but
requires passwords to gain access

Can provide access to:




paid research
current inventories
internal databases
OR virtually any information that is private and not published
for everyone
Issues in creating an Extranet


As with the Intranet, use of public networks
means that security must be handled through
the appropriate use of secure authentication
and transmission technologies…
Private leased lines between sites do not
need to use http, etc.
 therefore more secure, but expensive (BALANCE)

If using the Internet…
 can use client-server web applications across
different sites
 BUT security issues need resolving
Securing Authentication
through Extranets

Kerberos and trusted domains…
Windows 2000 Solution:

Potential security problem…
several TCP ports used for e.g. Kerberos
authentication when establishing a
session…

Solution:
firewall configured to allow relevant ports
to be opened only for “trusted” hosts
Securing Sharing of Data
through Extranets

An Extranet client uses the web server &
browser for user interaction
 standard level 7 www protocol to display html
data

Raw HTML data will pass through the firewall
to the Internet
 could be “sensitive” for the organisation…

Under IETF guidance, developers came up
with RFCs for a secure version of http…
 standardised as http-s (secure http)
The Internet generally uses IP
- HOW can data be secured?
2010: more than 600 million hosts!
Securing the Extranet

Problem:
 IP protocol sends packets off in different directions according to:
» destination IP address
» routing data
 packets can be intercepted/redirected

Solution:
 secure level 7 application layer www protocols developed
» https: ensure that pages are only available to authenticated users
» ssh : secure download of files
» sftp: as above
 secure level 4 transport (TLS) protocol to restrict use of IP
navigation to only include secure sites

Protection against interception at lower OSI layers
 Virtual Private Networks: use of level 2 & 3
SSH (Secure Shell)

Designed 1995, University of Helsinki, for
secure file transfer SSH-1
 server listens on TCP port 22
 runs on a variety of platforms

Enhanced version SSH-2
 using the PKI
 including digital certificates
 RFC 4252 – recent, 2006

By contrast, Telnet and FTP:
 can use authentication
 BUT DO NOT use encrypted text…
Secure http (http-s)

IETF set up WTS (Web Transaction Security)
in 1995 to:
 look at proposals for a secure version of http
 ensure secure embedding of any emerging
protocol with HTML

Proposals agreed in 1999
 defined as:
» RFC #2659 – secure HTML documents
» RFC #2660 – the secure protocol itself
More about Secure http

Modification of http:
 works with Netscape’s SSL/TLS and the PKI
 ensures security of HTML data sent through the
Internet

When a browser requests a web page…
 normally, just downloaded
 HOWEVER, if the page is held on a HTTP-S
server it must be downloaded using the https
protocol
» will ONLY be downloaded and displayed if its URL has
been authenticated and certificated

Authentication handled by a PKI-affiliated
body (e.g. Verisign)
 therefore considered to be very secure
SSL (Secure Sockets Layer)

Developed by Netscape in 1995
 so browsers could participation in secure Internet
transactions
 soon became most commonly used protocol for ecommerce transactions
 still not been accessed by hackers (so far…)

Excellent upper layer security:
 RSA public key en/decryption of http packets at
the session layer (OSI 5) before sending/after
receiving between Internet hosts
 PKI-compatibility means that digital certificates are
supported as well
Extending SSL

SSL standard submitted by Netscape to
IETF for further development
 working party set up in 1996
 worked with Netscape to standardise SSL v3.0
» RFC draft same year
 agreed standard RFC #2246: TLS (Transport
Layer Security)

TLS was the result of IETF development of
components of Netscape’s SSL lower down
the OSI layers
» SSL – level 5
» TLS – level 4
Secure HTTP, SSL and TLS

Together, HTTPS/SSL/TLS can provide
a secure interface between TCP (level
4) and HTML (level 7)
very secure conduit for message transfer
across the Internet…
VPNs: restricted use of the
Physical Internet
VPN shown in green
VPNs
(Virtual Private Networks)

Two pronged defence:
 physically keeping the data away from unsecured
servers…
» several protocols available for sending packets along a
pre-defined route
 data encapsulated and encrypted so it appears to
travel as if on a point-point link but is still secure
even if intercepted

Whichever protocol is used, the result is a
secure system with pre-determined pathways
for all packets
Principles of VPN protocols

The tunnel - where the private data is
encapsulated

The VPN connection - where the private
data is encrypted
Principles of VPN protocols

To emulate a point-to-point link:
 data encapsulated, or wrapped, with a header
» provides routing information
» allows packets to traverse the shared public network to its
endpoint

To emulate a private link:
 data encrypted for confidentiality

Any packets intercepted on the shared
public network are indecipherable without
the encryption keys…
Potential weakness of the VPN


Once the data is encrypted and in the tunnel it is very secure
BUT
 to be secure, it MUST be encrypted and tunnelled throughout its
whole journey
 if any part of that journey is outside the tunnel…
» e.g. network path to an outsourced VPN provider
» obvious scope for security breaches
Using a VPN as part of an
Extranet
Using a VPN for point-to-point
Using a VPN to connect a
remote computer to a Secured
Network
VPN-related protocols offering
even greater Internet security

Two possibilities are available for
creating a secure VPN:
Layer 3:
» IPsec – fixed point routing protocol
Layer 2 “tunnelling” protocols
» encapsulate the data within other data before
converting it to binary data:


PPTP (Point-point tunnelling protocol)
L2TP (Layer 2 tunnelling protocol)
IPsec

First VPN system
 defined by IETF RFC 2401
 uses ESP (encapsulating security protocol) at the IP
packet level

IPsec provides security services at the IP layer
by:
 enabling a system to select required security protocols
(ESP possible with a number of encryption protocols)
 determining the algorithm(s) to use for the chosen
service(s)
 putting in place any cryptographic keys required to
provide the requested services
More about IPSec in practice

Depends on PKI for authentication
 both ends must be IPSec compliant, but not the
various network systems that may be between
them…

Can therefore be used to protect paths
between
 a pair of hosts
 a pair of security gateways
 a security gateway and a host

Can work with IPv4 and IPv6
PPTP

Sponsored by Microsoft
 proposal submitted for consideration by IETF

Extension of PPP
 Uses PPP authentication and Microsoft’s own
encryption
 allow organisations to extend their own corporate
network by using private “tunnels” over public
Internet
 effectively using WAN as a single large LAN

Claimed to provide a secure connection over
public networks
 but not universally accepted as secure…
L2TP

Microsoft hybrid of:
 their own PPTP
 CISCO’s L2F (layer 2 forwarding)

With L2TP, IPSec is optional:
 like PPTP:
» it can use PPP authentication and access controls (PAP
and CHAP!)
» It uses NCP to handle remote address assignment of
remote client
 as no IPSec, no overhead of reliance on PKI
Implementation of
Secure HTTP

Like http, http-s is a client-server protocol
Server end:
» PKI-compliant Web Server configured to provide
https access
» valid server certificate to authenticate server to
client
Client end
» browser needs to be able to identify &
authenticate secure http traffic:


URL header https://
“lock” sign at bottom of screen
Configuring a Web Server
for https…


Any properly configured web server will offer
unsecured links to many www pages (http)
A secure web server can ADDITIONALLY
offer secure links to specified folders (https)
 BUT… it must first acquire that PKI server
certificate from e.g. Verisign or an affiliate…
 the server certificate needs to be viewable by a
client browser to verify trust in the web page
provider
IIS Configuration to support
SSL and https

A “wizard” drives the whole process
 need administrator access to IIS in “webserver”
mode
 access the “directory security” tab
 click on “server certificate”…
» and the process begins

Once IIS has downloaded & installed that
server certificate, developments of a secure
website can begin in specific folders
Web Server Configuration
for client-end https

IF the webserver is properly configured for
https…
 IS username/password protected
 HAS a Server Certificate…
» viewable by client browsers not revoked or out of date

THEN, via username/password authentication
 browser will allow https access via the web
 “lock” symbol appears below the web page display
» click on “lock” symbol for server certificate details

Otherwise, a “not authorised” message will be
displayed
The Server Certificate

Both encryption and identity checking require
the owner of the server to obtain and install a
Digital SSL (Server) Certificate
 more expensive than a personal certificate
 Verisign again a suitable source…

SSL Certificate has to be:
 downloaded from source website
 installed onto the relevant web server
 authenticated by a named individual
(administrator?) at the server end
Ways to “sign” an SSL Certificate

Three possibilities:
 Commercial
» usually recognised silently by browsers, with no pop-up or alert
 Self-signing
» almost always produce an alert on the browser
» shows the identity asserted (but not proved) by the server
owner
» the user is likely to be offered the option to recognise this
certificate in future (effectively silencing the alert)
 Organisation-signed
» also likely to result in an alert that names the organisation
» an organisation with an existing relationship with most of its
users can instruct them to configure their browsers to silently
recognise certificates signed by their own organisation