Transcript Lecture 9
Security and Networks
Advanced Network Security
Peter Reiher
August, 2014
Advanced Network Security
Lecture 9
Page 1
Outline
• Network characteristics that affect
security
• Threats to network security
Advanced Network Security
Lecture 9
Page 2
Some Important Network
Characteristics for Security
• Degree of locality
• Media used
• Protocols used
Advanced Network Security
Lecture 9
Page 3
Degree of Locality
• Some networks are very local
– E.g., an Ethernet
– Benefits from:
• Physical locality
• Small number of users and machines
• Common goals and interests
• Other networks are very non-local
– E.g., the Internet backbone
– Many users/sites share bandwidth
Advanced Network Security
Lecture 9
Page 4
Network Media
• Some networks are wires, cables, or
over telephone lines
– Can be physically protected
• Other networks are satellite links or
other radio links
– Physical protection possibilities
more limited
Advanced Network Security
Lecture 9
Page 5
Protocol Types
• TCP/IP is the most used
– But it only specifies some common
intermediate levels
– Other protocols exist above and below it
• In places, other protocols replace TCP/IP
• And there are lots of supporting protocols
– Routing protocols, naming and directory
protocols, network management protocols
– And security protocols (IPSec, ssh, ssl)
Advanced Network Security
Lecture 9
Page 6
Implications of Protocol Type
• The protocol defines a set of rules that will
always be followed
– But usually not quite complete
– And they assume everyone is at least
trying to play by the rules
– What if they don’t?
• Specific attacks exist against specific
protocols
Advanced Network Security
Lecture 9
Page 7
Threats To Networks
• Wiretapping
• Impersonation
• Attacks on message
– Confidentiality
– Integrity
• Denial of service attacks
Advanced Network Security
Lecture 9
Page 8
Wiretapping
• Passive wiretapping is listening in illicitly
on conversations
• Active wiretapping is injecting traffic
illicitly
• Packet sniffers can listen to all traffic on a
broadcast medium
– Ethernet or 802.11, e.g.
Advanced Network Security
Lecture 9
Page 9
Requirements for Wiretapping
• The wiretapper must get access to the
network data
• Either by listening on one of the network
links (or routers, switches, etc.)
• Or by rerouting the data through something
he controls
• Wiretapping on wireless often just a matter
of putting up an antenna
– If you are in the right physical place
Advanced Network Security
Lecture 9
Page 10
Impersonation
• A packet comes in over the network
– With some source indicated in its
header
• Often, the action to be taken with the
packet depends on the source
• But attackers may be able to create
packets with false sources
Advanced Network Security
Lecture 9
Page 11
Levels of Impersonation
• Layered protocols imply multiple
identities for a packet
– Its incoming link
– Its original source node
– The connection it is part of
– The user who sent it
• Different techniques used to
authenticate each layer
Advanced Network Security
Lecture 9
Page 12
Link Authentication
• Usually trivial
• Receiving machine gets reliable local
information about what interface got it
• That interface is usually connected to
one link
• Nearly impossible to fake
• Though wireless “links” are not very
exclusive
Advanced Network Security
Lecture 9
Page 13
Source Node Authentication
• IP packets contain source node identity
– In typical IP, it’s not authenticated
– Attacker can fill in any address he
wants
– Commonly called IP spoofing
– The Internet doesn’t check
• No authentication information
typically tied to an IP address
Advanced Network Security
Lecture 9
Page 14
Connection Authentication
• Depends on protocol
• Typical TCP connections not formally
authenticated
– Some weak authentication possible
– E.g., evidence that sender saw the
last response packet
• Other protocols can be better (TLS) or
worse (UDP)
Advanced Network Security
Lecture 9
Page 15
User Authentication
• Authenticated the session/user/application
layers
• Usually done cryptographically
• Most commonly leveraging PK
– But only for setup
– Proper use of ongoing symmetric crypto
regarded as later authentication
– I.e., if I know the right symmetric key, I
must have the right private key, too
Advanced Network Security
Lecture 9
Page 16
Violations of Message
Confidentiality
• Other problems can cause messages to be
inappropriately divulged
• Misdelivery can send a message to the
wrong place
– Clever attackers can make it happen
• Message can be read at an intermediate
gateway or a router
• Sometimes an intruder can get useful
information just by traffic analysis
Advanced Network Security
Lecture 9
Page 17
Message Integrity
• Even if the attacker can’t create the
packets he wants, sometimes he can
alter proper packets
• To change the effect of what they will
do
• Typically requires access to part of the
path message takes
Advanced Network Security
Lecture 9
Page 18
Denial of Service
• Attacks that prevent legitimate users
from doing their work
• By flooding the network
• Or corrupting routing tables
• Or flooding routers
• Or destroying key packets
Advanced Network Security
Lecture 9
Page 19
How Do Denial of Service
Attacks Occur?
• Basically, the attacker injects some form of
traffic
• Most current networks aren’t built to
throttle uncooperative parties very well
• All-inclusive nature of the Internet makes
basic access trivial
• Universality of IP makes reaching most of
the network easy
Advanced Network Security
Lecture 9
Page 20
Basic Defensive Mechanisms
•
•
•
•
•
Cryptography
Filtering
Rate limits
Padding
Routing control
Advanced Network Security
Lecture 9
Page 21
Cryptography
• Obvious values in maintaining
message confidentiality
• Also value for integrity and
authentication
• Some limitations based on
performance costs
• We’ll discuss this in more detail later
Advanced Network Security
Lecture 9
Page 22
Filtering
• Selectively dropping some packets
• Either to get rid of stuff that is likely to
cause problems
• Or to reduce the overall rate of traffic
flowing through a point
• Basic approach – examine each packet
and drop those with some
characteristic
Advanced Network Security
Lecture 9
Page 23
What Do We Filter On?
• Packet header information
– Like source or destination address
– Or protocol
• Packet content signatures
– Requires deep packet inspection
• Key issue with filtering is speed
• Fast filtering usually limited in
sophistication
Advanced Network Security
Lecture 9
Page 24
Where Do You Filter?
• Near edges of the network, typically
– E.g., firewalls
– Many practical limits on what can be done here
• Typically little or no filtering is done by
core routers
– Packets being handled too fast
– Backbone providers don’t want to filter
– Damage great if you screw it up
Advanced Network Security
Lecture 9
Page 25
Rate Limits
• Many routers can place limits on the traffic
they send to a destination
• Ensuring that the destination isn’t
overloaded
– Popular for denial of service defenses
• Limits can be defined somewhat flexibly
• Related approaches:
– Priority queuing
– Traffic shaping
Advanced Network Security
Lecture 9
Page 26
Shortcomings of Rate Limits
• Rate limiting does not imply
intelligence in what gets dropped
• At the speeds it’s working at, not really
possible
• Rate limits based on IP addresses can
be cheated on by spoofing
Advanced Network Security
Lecture 9
Page 27
Padding
• Sometimes you don’t want intruders to
know what your traffic characteristics are
• Padding adds extra traffic to hide the real
stuff
• Fake traffic must look like real traffic
– Usually means encrypt it all
• Must be done carefully, or clever attackers
can tell the good stuff from the noise
Advanced Network Security
Lecture 9
Page 28
Routing Control
• Use ability to route messages to obtain
security effects
• Route questionable messages to
defensive sites
• Don’t route sensitive messages through
“unsafe” parts of the network
Advanced Network Security
Lecture 9
Page 29
Routing Control For Privacy
• Use ability to control message routing to
conceal the traffic in the network
• Used in onion routing to hide who is
sending traffic to whom
– For anonymization purposes
• Routing control also used in some network
defense
– To hide real location of a machine
– E.g., SOS DDoS defense system
Advanced Network Security
Lecture 9
Page 30