View
659
Download
0
Category
Preview:
DESCRIPTION
Citation preview
CS457/546a 1
Chapter 7 roadmap
7.1 What is network security?7.2 Principles of cryptography7.3 Authentication7.4 Integrity7.5 Key Distribution and certification7.6 Access control: firewalls7.7 Attacks and counter measures7.8 Security in many layers
CS457/546a 2
Firewalls
isolates an organization’s internal network from larger external network, allowing some packets to pass, blocking others
firewall
administerednetwork
externalnetwork
firewall
CS457/546a 3
Firewalls: Why?
Prevent denial of service attacks: SYN flooding: attacker establishes many bogus
TCP connections, no resources left for “real” connections.
Prevent illegal modification/access of internal data. e.g., attacker replaces CIA’s homepage with
something elseAllow only authorized access to inside network (set of
authenticated users/hosts)Prevent insider attacks on critical systems:
Critical systems (human resources, payroll, etc.) can be hidden behind their own firewalls to prevent attacks from the inside.
CS457/546a 4
Firewalls: Policies
There are two main approaches to setting firewall policies regulating information flow.
Default Permit: Conditions are specified that will result in data
being blocked; any host or protocol not covered by these conditions will pass through by default.
Simpler to use, easy to configure, and more dangerous.
Default Deny: The particular protocols allowed through and the
hosts that may pass data or be contacted are specified; all others are denied.
Tends to be more secure.
CS457/546a 5
Firewall Components: Chokes/Packet Filters
Computers or devices (such as routers) that restrict the flow of packets between the internal and external networks.
These filter packet-by-packet, making the decision to forward/drop packets based on: source IP address, destination IP address TCP/UDP source and destination port numbers ICMP message type TCP SYN and ACK bits
Should arriving packet be allowed
in? Departing packet let out?
CS457/546a 6
Firewall Components: Chokes/Packet Filters
Example 1: Block incoming and outgoing datagrams with IP protocol field = 17 or with either source or destination port = 23. All incoming and outgoing UDP flows and
telnet connections are blocked. Example 2: Block inbound TCP segments with
ACK=0. Prevents external clients from making TCP
connections with internal clients, but allows internal clients to connect to outside.
CS457/546a 7
Firewall Components: Gates/Gateways
Specifically designated programs, devices, or computers within the firewall’s perimeter that receive and handle connections to and from the external network.
For security and reliability, users should not have accounts on a gateway computer.
Several kinds of programs can run on gateways: Network client software such as telnet, ftp and netscape.
Users get external access by logging on to the gateway and using this software. (Again, not recommended!)
Proxy servers that forward requests through the firewall from the internal network to the external one.
Network servers for receiving e-mail, serving web pages, and so on.
CS457/546a 8
Firewall Components: Gates/Gateways
Example: allow select internal users to telnet outside.
host-to-gatewaytelnet session
gateway-to-remote host telnet session
applicationgateway
router and filter
1. Require all telnet users to telnet through gateway.2. For authorized users, gateway sets up telnet
connection to destination host. Gateway relays data between the 2 connections.
3. Router packet filter blocks all telnet connections not originating from gateway.
CS457/546a 9
Dual-ported Host Firewalls
The first Internet firewalls were Unix hosts with two network ports – one for the internal network, and one for the external network.
In this firewall, the dual-ported host functions as both a choke and a gate. Service is provided to internal users by either
network clients or proxy servers. Packet forwarding between network ports is
disabled to protect the internal network.
internalnetwork
externalnetwork
firewall
CS457/546a 10
Packet Filtering Firewalls
A simple firewall can be built be a single choke, using the packet filtering options on a router to block packets as needed between the external and internal networks.
These firewalls are cheap and simple. Most firewalls built into cable/DSL routers
are of this variety. How powerful are they though?
internalnetwork
externalnetwork
firewall
CS457/546a 11
Screened Host Firewalls This is a more secure firewall built using
a choke and a gateway computer. The gate is a specially chosen computer running
network servers and proxy servers. Only external packets destined for the gateway
are allowed through the choke. All internal packets destined for the external
network must first pass through a proxy server on the gateway, or they are filtered by the choke.
internalnetwork
externalnetwork
firewall
gateway
CS457/546a 12
Screened Subnet Firewalls For even higher security, two chokes and a
gateway can be used to build a firewall. The external choke and gateway are configured
as in a screened host firewall. The second choke is a failsafe – if an attacker
gains access to the gate, the internal choke prevents further attacks against the internal network.
Additional gateways can be added to the perimeter network between the chokes for other services.internal
network
externalnetwork
firewall
gateway
perimeternetwork
CS457/546a 13
Limitations of Firewalls IP spoofing: a firewall
can’t know if data really comes from the claimed source, so intruders maystill be let in.
If multiple applications need special treatment, each has its own gateway.
Client software must know how to contact the gateway. For example, users must
set the IP address of a proxy in their web browsers.
Filters often use an all or nothing policy for UDP.
Tradeoff: degree of communication with outside world, level of security
The more exceptions and specializations needed for a firewall, the harder it is to configure and get to work properly … big troubles!
Many highly protected sites still suffer from attacks, so are firewalls really the solution?
CS457/546a 14
Chapter 7 roadmap
7.1 What is network security?7.2 Principles of cryptography7.3 Authentication7.4 Integrity7.5 Key Distribution and certification7.6 Access control: firewalls7.7 Attacks and counter measures7.8 Security in many layers
CS457/546a 15
Internet Security Threats
Mapping: Before attacking: you “case the joint” – find
out what services are implemented on network.
Use ping to determine what hosts have addresses on network.
Port-scanning: try to establish TCP connection to each port in sequence (see what happens).
nmap (http://www.insecure.org/nmap/) mapper: “network exploration and security auditing”.
Countermeasures?
CS457/546a 16
Mapping: countermeasures Record and log traffic entering network. Look for suspicious activity (IP addresses,
pots being scanned sequentially). A lot of network equipment can do this automatically now.
Have firewalls block ICMP packets and ping no longer works.
Put a default deny policy in place on all firewalls. If port numbers are blocked there, the network cannot be mapped from the outside.
Internet Security Threats
CS457/546a 17
Internet Security ThreatsPacket sniffing:
A problem for broadcast media. Promiscuous NIC reads all packets passing by. Can read all unencrypted data (e.g. passwords). e.g.: C sniffs B’s packets
A
B
C
src:B dest:A payload
Countermeasures?
CS457/546a 18
Internet Security ThreatsPacket sniffing: countermeasures
All hosts in organization run software that checks periodically if host interface is in promiscuous mode.
Ensure all hosts in network require super-user privileges to put an interface in promiscuous mode. Place one host per segment of broadcast media (switched Ethernet at hub). Encrypt all sensitive data (use ssh for remote logins).
A
B
C
src:B dest:A payload
CS457/546a 19
Internet Security ThreatsTraffic analysis:
An attacker acquires sensitive information without learning message content or sniffing whole packets.
Bad things can come from innocent-looking information. e.g.: C can learn what B’s work patterns are, that B is carrying out transactions with A, and
so on.
A
B
C
src:B dest:A payload
Countermeasures?
CS457/546a 20
Internet Security ThreatsTraffic analysis: countermeasures
Use some form of traffic padding. Fake traffic is inserted into the network to mask the real traffic.
If you have spare network capacity, why not use it? Traffic padding can make other attacks harder too … how can you tell which data to
attack and attempt to compromise when it is not all real?
A
B
C
src:B dest:A payload
CS457/546a 21
Internet Security ThreatsIP Spoofing:
Can generate “raw” IP packets directly from an application, putting any value into an IP packet’s source address field.
Receiver can’t tell if source is spoofed. e.g.: C pretends to be B
A
B
C
src:B dest:A payload
Countermeasures?
CS457/546a 22
Internet Security ThreatsIP Spoofing: ingress filtering
Routers should not forward outgoing packets with invalid source addresses (e.g., datagram source address not in router’s network).
Great, but ingress filtering can not be mandated for all networks.
A
B
C
src:B dest:A payload
CS457/546a 23
Internet Security ThreatsDenial of service (DOS):
A flood of maliciously generated packets “swamp” receiver. Distributed DOS (DDOS): multiple coordinated sources swamp
receiver. e.g., C and remote host SYN-attack A.
A
B
C
SYN
SYNSYNSYN
SYN
SYN
SYN
Countermeasures?
CS457/546a 24
Internet Security ThreatsDenial of service (DOS): countermeasures
filter out flooded packets (e.g., SYN) before reaching host: throw out good with bad traceback to source of floods (most likely an innocent, compromised machine) use a dedicated hardware appliance to filter excessive packets or process
connection attempts
A
B
C
SYN
SYNSYNSYN
SYN
SYN
SYN
CS457/546a 25
Backups and Comparison Copies Making copies of data being transmitted or stored
can be very useful for security purposes. If data is damaged or destroyed, it can be restored. If data is modified, a comparison copy can detect
when and how it was changed, and restore it as well.
Backups can be to disk, tape, CD, DVD, or even paper.
Backups can be either full or incremental. The backup copies themselves must be secured!
• Protect them from overwriting.• Store them safely off-site under lock and key to
prevent theft and possible damage.• Encrypt them to protect the contents.• Verify that the backups actually work properly!
Other Good Ideas
CS457/546a 26
Auditing and Logging Auditing refers to the process of monitoring to
ensure that security mechanisms in place work and that any indications of misbehaviour are recorded.
Logging is used to record what is happening:• User activity (logging in, logging out, unsuccessful login
attempts, commands executed, and so on).• Use of administrator or super-user privileges (e.g. su).• Network traffic of various protocols at different periods.
Logging can be used to produce audit trails tracing the history of the network or individuals using it.
Logs are susceptible to modification attacks (to cover up attacks, falsely implicate others, and so on).
• Record logs to different physically secure machines or possibly even printers.
• Encrypt logs as they are written.
Other Good Ideas
CS457/546a 27
Chapter 7 roadmap
7.1 What is network security?7.2 Principles of cryptography7.3 Authentication7.4 Integrity7.5 Key Distribution and certification7.6 Access control: firewalls7.7 Attacks and counter measures
7.8 Security in many layers7.8.1. Secure email7.8.2. Secure sockets7.8.3. IPsec8.8.4. 802.11 WEP
CS457/546a 28
Secure E-Mail
Alice: Generates random symmetric private key, KS. Encrypts message with KS (for efficiency, as discussed before). Also encrypts KS with Bob’s public key. Sends both KS(m) and KB(KS) to Bob.
Alice wants to send confidential e-mail, m, to Bob.
KS( ).
KB( ).+
+ -
KS(m
)
KB(KS )+
m
KS
KS
KB+
Internet
KS( ).
KB( ).-
KB-
KS
mKS(m
)
KB(KS )+
CS457/546a 29
Secure E-Mail
Bob: Uses his private key to decrypt and recover KS. Uses KS to decrypt KS(m) to recover his message m.
Alice wants to send confidential e-mail, m, to Bob.
KS( ).
KB( ).+
+ -
KS(m
)
KB(KS )+
m
KS
KS
KB+
Internet
KS( ).
KB( ).-
KB-
KS
mKS(m
)
KB(KS )+
CS457/546a 30
Secure E-Mail (Continued)
Alice wants to provide sender authentication and message integrity.
Alice digitally signs a digest of the message. Sends both message (in the clear) and the digitally signed digest.
H( ). KA( ).-
+ -
H(m )KA(H(m))-
m
KA-
Internet
m
KA( ).+
KA+
KA(H(m))-
mH( ). H(m )
compare
CS457/546a 31
Secure E-Mail (Continued)
Alice wants to provide secrecy, sender authentication, and message integrity.
Alice uses three keys: her private key, Bob’s public key, and the newly created symmetric key.
H( ). KA( ).-
+
KA(H(m))-
m
KA-
m
KS( ).
KB( ).+
+
KB(KS )+
KS
KB+
Internet
KS
CS457/546a 32
Pretty Good Privacy (PGP)
Internet e-mail encryption scheme, de-facto standard.
Uses symmetric key cryptography, public key cryptography, hash function, and digital signature as described.
Provides secrecy, sender authentication, integrity.
Inventor Phil Zimmerman, was the target of a 3-year federal investigation for violating U.S. export restrictions on cryptographic software.
---BEGIN PGP SIGNED MESSAGE---Hash: SHA1
Bob:My husband is out of town tonight. Passionately yours, Alice
---BEGIN PGP SIGNATURE---Version: PGP 5.0Charset: noconvyhHJRHhGJGhgg/
12EpJ+lo8gE4vB3mqJhFEvZP9t6n7G6m5Gw2
---END PGP SIGNATURE---
A PGP signed message:
CS457/546a 33
Secure Sockets Layer (SSL)
Transport layer security to any TCP-based application using SSL services.
Used between Web browsers, servers for e-commerce (shttp).
Security services: Server authentication. Data encryption. Client authentication
(optional).
Server authentication: SSL-enabled browser
includes public keys for trusted CAs.
Browser requests server certificate, issued by trusted CA.
Browser uses CA’s public key to extract server’s public key from certificate.
Check your browser’s security menu to see its trusted CAs.
CS457/546a 34
SSL (Continued)
Encrypted SSL session: Browser generates
symmetric session key, encrypts it with server’s public key, sends encrypted key to server.
Using private key, server decrypts session key.
Only the browser and server know session key. All data sent into TCP
socket (by client or server) encrypted with session key.
SSL: basis of IETF Transport Layer Security (TLS).
SSL can be used for non-Web applications, e.g., IMAP.
Client authentication can be done with client certificates which have also been issued by CAs.
CS457/546a 35
IPsec: Network Layer Security
Network-layer secrecy: Sending host encrypts the
data in IP datagram. TCP and UDP segments;
ICMP and SNMP messages. Network-layer authentication
Destination host can authenticate source IP addresses.
Two principle protocols: Authentication header
(AH) protocol Encapsulation security
payload (ESP) protocol
For both AH and ESP protocols, the source and destination handshake: Create network-layer
logical channel called a security association (SA).
Each SA unidirectional. Uniquely determined by:
Security protocol (AH or ESP).
Source IP address. 32-bit connection ID.
CS457/546a 36
Authentication Header (AH) Protocol
Provides source authentication, data integrity, but not confidentiality.
AH header inserted between IP header, data field.
IP protocol field: 51 Intermediate routers
process datagrams as usual.
AH header includes: Connection identifier. Authentication data:
source-signed message digest calculated over original IP datagram.
Next header field: specifies type of data (e.g., TCP, UDP, ICMP).
Sequence number to prevent playback attacks.
IP header data (e.g., TCP, UDP segment)AH header
CS457/546a 37
Encapsulation Security Payload (ESP) Protocol
Provides secrecy, host authentication, and data integrity.
Packet data and the ESP trailer are encrypted.
Next header field is in the ESP trailer.
Sequence number and connection identifier are in the ESP header.
ESP authentication field is similar to AH authentication field.
IP protocol field: 50.
IP header TCP/UDP segmentESP
headerESP
trailerESP
authent.
encryptedauthenticated
CS457/546a 38
IPsec: SA and Key Management
To successfully deploy IPsec, a scalable and automated SA and key management scheme is needed.
Several protocols have been defined. The Internet Key Exchange (IKE) algorithm,
which is the default key management protocol for IPsec.
The Internet Security Association and Key Management Protocol (ISKMP) defines procedures for setting up and tearing down SAs and working with keys.
CS457/546a 39
IEEE 802.11 Security
War-driving: drive around the community and see what 802.11 wireless networks are available. In 2001, in the San Francisco Bay area alone,
more than 9000 were accessible from public roadways.
85% used no encryption/authentication! Packet-sniffing and various attacks would be easy!
Wired Equivalent Privacy (WEP): authentication as in protocol ap4.0 Host requests authentication from access point. Access point sends 128 bit nonce. Host encrypts nonce using shared symmetric key. Access point decrypts nonce, authenticates host.
CS457/546a 40
IEEE 802.11 Security
Wired Equivalent Privacy (WEP): data encryption Host and access point share 40 bit symmetric
key (semi-permanent). Host appends 24-bit initialization vector (IV) to
create 64-bit key. 64 bit key used to generate stream of keys, ki
IV.
kiIV used to encrypt ith byte, di, in frame:
ci = di XOR kiIV
IV and encrypted bytes, ci sent in frame.
CS457/546a 41
802.11 WEP Encryption
IV (per frame)
KS: 40-bit secret
symmetric key k1
IV k2IV k3
IV … kNIV kN+1
IV… kN+1IV
d1 d2 d3 … dN
CRC1 … CRC4
c1 c2 c3 … cN
cN+1 … cN+4
plaintext frame data
plus CRC
key sequence generator ( for given KS, IV)
802.11 header IV
WEP-encrypted data plus CRC
Figure 7.8-new1: 802.11 WEP protocol Sender-side WEP encryption
CS457/546a 42
Breaking 802.11 WEP Encryption
Security Hole: 24-bit IV, one IV per frame, -> IV’s eventually reused IV transmitted in plaintext -> IV reuse detected Attack:
Trudy causes Alice to encrypt known plaintext d1 d2 d3 d4 …
Trudy sees: ci = di XOR kiIV
Trudy knows ci di, so can compute kiIV
Trudy knows encrypting key sequence k1IV k2
IV k3IV …
Next time IV is used, Trudy can decrypt!
CS457/546a 43
802.11b Security At Western Wireless users at Western are forced to
authenticate themselves securely before accessing the network. This prevents outsiders from easily getting “inside”
access to the campus network. Once a wireless device contacts an access
point, access is restricted until a web browser is opened and redirected to a secure login page. You can then provide your UWO user id and
password to authenticate with the network. Once authenticated, access is opened up and
you are allowed fuller access of network services.
CS457/546a 44
802.11b Security At Western
Western does not currently use WEP-based encryption, and does not plan to. How could you safely share a secret WEP key
between 20,000-30,000 users? You can’t! Besides, as we just saw, WEP might not be very
safe. Western is looking at more advanced wireless
encryption protocols under development, and will be rolling them out soon.
In the mean time, use higher-level security protocols as much as possible (such as SSL, SSH, and so on). Many insecure unencrypted protocols are blocked,
so you cannot use them anyways!
CS457/546a 45
Network Security Summary
Basic techniques…... cryptography (symmetric and public) authentication message integrity key distribution
…. used in many different security scenarios secure email secure transport (SSL) IPsec 802.11 WEP
Recommended