View
218
Download
4
Tags:
Embed Size (px)
Citation preview
Addressing Network Security Addressing Network Security IssuesIssues
Not A Second Too EarlyNot A Second Too Early
Fengmin GongFengmin Gong
Advanced Networking ResearchAdvanced Networking ResearchMCNCMCNC
www.mcnc.org/HTML/ITD/ANR/ANR.htmlwww.mcnc.org/HTML/ITD/ANR/ANR.html
January 12, 1999January 12, 1999
The Message...
Security issues can no longer be ignoredSecurity issues can no longer be ignored Network security issues are critical to every Network security issues are critical to every
information infrastructureinformation infrastructure There are short-term and long-term There are short-term and long-term
solutions, but all are importantsolutions, but all are important Integrated approaches must be taken in Integrated approaches must be taken in
order to be successfulorder to be successful
Security & Security Attacks
SecuritySecurity is a state of well-being of is a state of well-being of information and infrastructures in which the information and infrastructures in which the possibility of successful yet un-detected possibility of successful yet un-detected theft, tamper-with, and disruption of theft, tamper-with, and disruption of information and services is kept lowinformation and services is kept low
A A security attacksecurity attack is any action that threatens is any action that threatens this state of well-beingthis state of well-being
Where Is Our Network Going?
More bandwidth - DWDM, 128xOC-192More bandwidth - DWDM, 128xOC-192 More sophisticated services - guaranteed QoS, More sophisticated services - guaranteed QoS,
RSVP/DiffServ, UNI4.0/PNNIRSVP/DiffServ, UNI4.0/PNNI More integrated service capabilities - E-More integrated service capabilities - E-
commerce, voice/video over IP and/or ATMcommerce, voice/video over IP and/or ATM More ubiquitous access - ADSL, Cable More ubiquitous access - ADSL, Cable
modem, WLAN, LEOS constellationsmodem, WLAN, LEOS constellations Better (killer?) application-enabling Better (killer?) application-enabling
technologies - WWWtechnologies - WWW
Security Implications?
Abundant vulnerabilities - weak design, Abundant vulnerabilities - weak design, “feature-rich” implementation, & “feature-rich” implementation, & compromised componentscompromised components
Heterogeneous networking technologies Heterogeneous networking technologies adds to security complexityadds to security complexity
Higher-speed communication puts more Higher-speed communication puts more info at risk in a given time periodinfo at risk in a given time period
Ubiquitous access increases risk exposureUbiquitous access increases risk exposure
Consequence of Attacks
Theft of confidential informationTheft of confidential information Unauthorized use ofUnauthorized use of
network bandwidthnetwork bandwidth computing resourcecomputing resource
Spread of false informationSpread of false information Disruption of legitimate servicesDisruption of legitimate services
All attacks are related and dangerous!All attacks are related and dangerous!
Close-Knit Attack Family
who toimpersonate
sniff forcontent
traffic analysis- who is talking
re-targetjam/cut it
capture &modify
pretend
re-target
I need tobe Bill
Passive attacks Active Attacks
Security Mechanisms Security mechanismsSecurity mechanisms implement functions implement functions
that help that help preventprevent, , detectdetect, and , and respondrespond to to security attackssecurity attacks
Security functions are typically made Security functions are typically made available to users as a set of available to users as a set of security security services services through APIs or integrated through APIs or integrated interfacesinterfaces
Cryptography underlies all security Cryptography underlies all security mechanismsmechanisms
Type Of Security Services
ConfidentialityConfidentiality: protection of any : protection of any information from being exposed to un-information from being exposed to un-intended entitiesintended entities information contentinformation content identity of parties involvedidentity of parties involved where they are, how they communicate, how where they are, how they communicate, how
often etc.often etc.
Security Services - cont’d
AuthenticationAuthentication: assurance that an entity of : assurance that an entity of concern or the origin of a communication is concern or the origin of a communication is authentic - it’s what it claims to be or fromauthentic - it’s what it claims to be or from
IntegrityIntegrity: assurance that the information has : assurance that the information has not been tampered withnot been tampered with
NonrepudiationNonrepudiation: offer of evidence that a : offer of evidence that a party is indeed the sender or a receiver of party is indeed the sender or a receiver of certain informationcertain information
Security Services - cont’d
Access controlAccess control: facilities to determine and : facilities to determine and enforce who is allowed access to what enforce who is allowed access to what resources, hosts, software, network resources, hosts, software, network connections etc.connections etc.
Detection & ResponseDetection & Response: facilities for : facilities for detecting security attacks, generating detecting security attacks, generating indications/warning, and recovering from indications/warning, and recovering from attacksattacks
Security Services - cont’d
Security managementSecurity management: facilities for : facilities for coordinating service requirements, coordinating service requirements, mechanism implementations, and operation, mechanism implementations, and operation, throughout enterprises and across the throughout enterprises and across the internetworkinternetwork security policysecurity policy trust model - representation & communicationtrust model - representation & communication trust management - trust relationship & risk trust management - trust relationship & risk
assessmentassessment
Mail-Related Vulnerabilities
Anonymous email via UNIX sendmail program talking SMTP (mail gateway hijack)
Unauthorized access using UNIX /bin/mail -d to steal others' mailboxes or gain root privilege
Long named attachment exploit in Microsoft’s Outlook & Outlook Express 98 and Netscape Mail (Communicator 4.05)
IP Spoofing & SYN Flood X establishes a TCP connection with B
assuming A’s IP address
AA BB
XX
(1) SYN(1) SYNFloodFlood
(2) predict B’s(2) predict B’sTCP seq. behaviorTCP seq. behavior
SYN
(seq
=m),s
rc=A
SYN
(seq
=m),s
rc=A
(3)(3)
(4)(4)SYN(seq=n)ACK(seq=m+1)SYN(seq=n)ACK(seq=m+1)
(5)
(5)
AC
K(s
eq=n
+1)
AC
K(s
eq=n
+1)
Smurf Attack
Generate Generate pingping stream (ICMP Echo Req) to stream (ICMP Echo Req) to a network a network broadcast addressbroadcast address with a with a spoofedspoofed source IPsource IP set to a victim host set to a victim host
Every host on the ping target network will Every host on the ping target network will generate a ping reply (ICMP Echo Reply) generate a ping reply (ICMP Echo Reply) stream, all towards the victim hoststream, all towards the victim host
Amplified ping reply stream can easily Amplified ping reply stream can easily overwhelm the victim’s network connectionoverwhelm the victim’s network connection
DNS-Related Vulnerabilities
Reverse query Reverse query buffer overrunbuffer overrun in BIND in BIND Releases 4.9 (4.9.7 prior) and Releases 8 Releases 4.9 (4.9.7 prior) and Releases 8 (8.1.2 prior)(8.1.2 prior) gain root accessgain root access abort DNS serviceabort DNS service
MS DNS for NT 4.0 (service pack 3 and MS DNS for NT 4.0 (service pack 3 and prior)prior) crashes on crashes on chargen chargen streamstream telnettelnet ntbox ntbox 1919 | | telnettelnet ntbox ntbox 5353
Cryptographic Issues
Secure & efficient cryptographic algorithmsSecure & efficient cryptographic algorithms RC4, IDEARC4, IDEA RSA, DSARSA, DSA
Secure cryptographic key storage & usageSecure cryptographic key storage & usage Crypto token / smart cardCrypto token / smart card
Secure & efficient key distributionSecure & efficient key distribution RSA basedRSA based Diffie-Hellman phonebook modeDiffie-Hellman phonebook mode
Public key infrastructurePublic key infrastructure
Design Issues - Positioning
How/where should security services be How/where should security services be implemented?implemented? Embedding in network protocols only: e.g., Embedding in network protocols only: e.g.,
IPSEC, SSL/TLS, or DNS-SECIPSEC, SSL/TLS, or DNS-SEC Integrating into every applications: e.g., SSH, Integrating into every applications: e.g., SSH,
PGP or PEMPGP or PEM Implemented in a separate service API, GSS-Implemented in a separate service API, GSS-
API or Crypto APIAPI or Crypto API Combinations of all aboveCombinations of all above
Design Issues - Trust
Authentication underlies any trust Authentication underlies any trust You have certain level of trust and expectation You have certain level of trust and expectation
for a given entity (person, organization)for a given entity (person, organization) Authenticity gives assurance for the Authenticity gives assurance for the
relationship between the relationship between the object of concernobject of concern and and an an entityentity
Authenticity also serves as legal evidence of Authenticity also serves as legal evidence of such relationship between the object and the such relationship between the object and the entityentity
Design Issues - Third-Party Mediation Mediator helps to reduce the complexity of Mediator helps to reduce the complexity of
“cold-start” trust relationship from order “cold-start” trust relationship from order nn22 to to nn
Third-party reference - CA or KDCThird-party reference - CA or KDC Trusted by all as a witnessTrusted by all as a witness Issues certificate/ticket for Issues certificate/ticket for
object/entity/capability bindingsobject/entity/capability bindings
Specific Roadblocks Fast & efficient algorithmsFast & efficient algorithms
Security vs. speed tradeoff : Security vs. speed tradeoff : RSA <secure, flexible, slow> vs. DES <less secure, RSA <secure, flexible, slow> vs. DES <less secure,
less flexible, fast>less flexible, fast>
Fine granularity authentication is not affordable Fine granularity authentication is not affordable (protection vs. speed tradeoff)(protection vs. speed tradeoff)
Integrity protection for multi-part structured Integrity protection for multi-part structured messages?messages?
Ubiquitous service availabilityUbiquitous service availability Dynamic key distribution requires Dynamic key distribution requires
authenticity/integrity servicesauthenticity/integrity services
Network Specific Security Issues Attack channel - network-borne! Attack channel - network-borne! Attack targets - network Attack targets - network
management/control information:management/control information: Steal of serviceSteal of service Steal of user dataSteal of user data Injection of disrupting data/control packetsInjection of disrupting data/control packets Interception and modification of data/control Interception and modification of data/control
packetspackets Compromising network entities, routers & Compromising network entities, routers &
switchesswitches
Best Approaches to Protect Information Infrastructure? PreventionPrevention - - the best ‘medicine’the best ‘medicine’
System and protocol designs contain no System and protocol designs contain no security vulnerabilitiessecurity vulnerabilities
Implementations verifiably secure with respect Implementations verifiably secure with respect to the design specto the design spec
No bugs in either hardware or softwareNo bugs in either hardware or software All systems are properly configured to avoid All systems are properly configured to avoid
any security holesany security holes Everyone practice secure networking...Everyone practice secure networking...
Best Approaches to Protect Information Infrastructure... Effective preventionEffective prevention remains a niceremains a nice dreamdream DetectionDetection - - the first step to protection when the first step to protection when
a security breach happensa security breach happens breaches due to hardware and software failures breaches due to hardware and software failures
(faults and bugs)(faults and bugs) breaches due to user error (system breaches due to user error (system
administrator and end user etc.)administrator and end user etc.) breaches caused by malicious attackersbreaches caused by malicious attackers
Best Approaches to Protect Information Infrastructure... ResponseResponse - Yes, we’ve got to do something! - Yes, we’ve got to do something!
source isolationsource isolation intrusion containmentintrusion containment damage controldamage control system reconstitutionsystem reconstitution intention and trend analysisintention and trend analysis system security (re)assessmentsystem security (re)assessment detection & response reconfigurationdetection & response reconfiguration system hardeningsystem hardening
Network Security Areas...
Network System SecurityNetwork System Security
QoS Security
QoS Security
Network Infrastructure
Network Infrastructure
Firewall Technology
Firewall Technology
Communication Middleware
Communication Middleware
Network Management Protocol
Network Management Protocol
Network Control Protocol
Network Control Protocol
Secure Routing ProtocolsSecure Routing Protocols
End-to-End Security
End-to-End Security
There are many security attacks that will not be detectableThere are many security attacks that will not be detectablewithout coordination involving end applications and networkwithout coordination involving end applications and networknodes - global coordination and integrated mechanisms!nodes - global coordination and integrated mechanisms!
State-Of-The-Art
Virus detection - very good successVirus detection - very good success Application with integrated privacy Application with integrated privacy
protectionprotection PGP, SSH, Netscape browser, sftpPGP, SSH, Netscape browser, sftp
Access or boundary controlAccess or boundary control Firewalls of all trade - effective mostly at Firewalls of all trade - effective mostly at
stopping the ignorant & the novice, also stopping the ignorant & the novice, also annoying the innocentannoying the innocent
State-Of-The-Art ... Security infrastructureSecurity infrastructure
Kerberos - effective for many enterprise needsKerberos - effective for many enterprise needs SNMPv3, GSS-API, DNS-SECSNMPv3, GSS-API, DNS-SEC IPSEC/ISAKMP/IPKI - far-reaching impact, very IPSEC/ISAKMP/IPKI - far-reaching impact, very
promisingpromising Intrusion detection systemsIntrusion detection systems
Commercial systems - very good at detecting replayed Commercial systems - very good at detecting replayed known attacks but hopeless with new attacksknown attacks but hopeless with new attacks
Standards (format/protocol) are lackingStandards (format/protocol) are lacking Many active research effort underway - DARPA/ITO, Many active research effort underway - DARPA/ITO,
CIDF, IETF IDWGCIDF, IETF IDWG