Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
Internet Security
● Internet security is difficult● Internet protocols were not originally designed for security● The protocols are full of security holes. In all levels of the stack:
– ARP - L2 hijacking
– IP - spoofing, fragments, broadcast,
– UDP - stateless – easy to spoof
– TCP - hijacking sessions, denying service
– DNS – contaminating DNS caches
– Dynamic routing – false RIP messages
– Tunneling - bypass firewall rules
Attack Examples
● Spoofing – forging someone else’s address● Dictionary attack – getting passwords● Port scanning – finding open services● Sniffing – listening on internal traffic● Denial of service attacks (DOS)● Distributed DOS (DDOS)● Man-in-the-middle● Virus● Trojan horse ● Worm● Ping of death - killer packets
Address spoofing
● Forge addresses– L2 / IP addr / UDP ports / Names – Easy to do
● ARP & L2 spoofing redirects ARP caches and learning tables– Hijacking of sessions
● blind spoofing : return traffic goes to wrong host– attacking of the spoofed source
● man-in-the middle– pretend to be other host
● DNS– forging DNS RR entries
Denial of service – DOS/DDOS● Prevent normal use of a service
– TCP syn attack at TCP connection setup
– routing attacks – make networks unaccessable
– web defacing
– mail attacks
– fragment attacks
● Distributed DOS (DDOS)
– use many hosts to launch a DOS
– smurf: use ping to directed multicast and spoofed src
Aspects of security (Forouzan)
● Privacy
– Message readable only by receiver and sender
– Unreadable by others
● Authentication
– The receiver is certain of the sender’s identity
– No imposter
● Integrity
– Message receives exactly as it was sent.
– No changes during transmission.
● Nonrepudiation
– A receiver can prove that message came from a specific sender.
Secret key encryption
● Secret-key encryption/decryption
– symmetric encryption
– same key used at both parties
● Advantage
– Efficient algorithms: good for large messages
● Disadvantages
– Lots of keys: n(n-1)/2
– Key distribution
● KDC – Key Distribution Center● Examples
– Data Encryption Standard (DES)
– Advanced Encryption Standard (AES)
Public key encryption
● Disadvantages
– Algorithm complexity
– Public key needs verification
● Certification Authority (CA)● Example:
– Rivest, Shamir, Adleman (RSA)
● Use two keys
– Public key – available to all
– Private key – secret
● Advantages
– No shared keys
– Fewer keys
Digital Signature
● For authentication, integrity and nonrepudiation● Signing the document – digital signature● Approach 1: Public-key encryption (RSA) for signing the
whole document– Use own private key to encrypt, public key to decrypt
● Approach 2: Signing a digest of the document– Use a secure hash function (one-way)
– SHA-1, MD5
Sender signing the digest
● Sender produces a digest using hashing
● Digest is encrypted using its private key signed digest
● Singed digest appended to message
Receiver verifies signature ● Receiver extracts signed digest
– decrypts it using sender’s public key
● Produces a digest using hashing● Verification by comparing the two
Application/Transport layer security
● Security can be implemented in different layers of the IP stack– Application/Transport/Networking
● Kerberos– Authentication and key distribution
● PGP – Pretty Good Privacy– Digital signature using hashing and public-key encryption– combined secret-/public-key encryption for privacy
● SSH – Secure Shell– A ”secure version” of rlogin– Numerous functions
● SSL – Secure Socket Layer – (https:)– IETF version: TLS – Transport Layer Security– Confidential pipe between browser and web server– Server authentication
● S/MIME – Mail security
Security in the IP layer: IPsec
● A sender and receiver agree on a set of security schemes, – Security Association (SA) – a cleartext index (SPI)– SA includes: encryption algorithm, keys, lifetime, addresses
● IPsec implemented in the IP header– Part of IP stack, network layer
● IPsec consists of two protocols– Privacy: Encapsulation Security Payload (ESP) – Authentication, etc: Authentication Header (AH)
● IPsec has two modes– Tunnel mode useful for VPNs– Transport mode – end-to-end
● Dynamic key management – ISAKMP – Internet SA and Key Management Protocol– IKE – Internet Key Exchange
IPsec Transport Mode
● End-to-end security– Only end-host is trusted
● Security Association (SA) between H1 and H2.
Internet
Security Associat ion
IPsec Transport m ode
H2H1
IPsec Tunnel Mode
● Security Association (SA) between R1 and R2.– Cleartext packet to H1/H2.– H1 - R1 and R2-H2 trusted
● IPsec headers encapsulate the packet
Internet
Security Associat ion
H2H1 R2R1
Authentication Header - AH
● AH supports a digital signature– digest produced by hash function– addresses integrity, authentication, non-repudiation
● Some AH header fields:– SA index, message digest, sequence number (may not re-occur),
originaldatagram
AH hdr
IP hdr TCP hdr Payload
IP hdr TCP hdr Payload
AH hdrIP hdr TCP hdr Payload
transportmode
tunnelmode
IP hdr
New proto: 51
New hdr
authenticated
authenticated
Encapsulation Security Payload - ESP● ESP encrypts the payload of an IP datagram
– But ESP also has authentication– ESP addresses privacy, but also authentication, etc.
● In tunnel mode, the whole datagram is encrypted● Some ESP header fields:
– SA index, sequence number (may not re-occur), padding
originaldatagram
ESP hdr ESP trailer ESP auth
IP hdr TCP hdr Payload
IP hdr TCP hdr Payload
ESP hdr ESP trailer ESP authIP hdr TCP hdr Payload
transportmode
tunnelmode
IP hdr
New proto: 50
New hdr
encryptedauthenticated
encryptedauthenticated
Automatic key distribution – IKE/ISAKMP
● Basic IPsec requires manual key configurations. But keys are long and difficult to administer:
– We need key distribution protocols – ”automatic keying”
● Also, sequence numbers in ESP/AH do not wrap around
– New keys need to be used after 232 messages
For further information see:● Internet Security Association and Key Management Protocol
(ISAKMP)● The Internet Key Exchange (IKE/IKEv2)
Firewalls
● Keeping the bad guys out● Prevent unauthorized access● Forward some packets and blocks others● But the roles are not always clear● What do we mean by secure?
InternetInt ranet
Ext ranet
Servers(DMZ)
?
Packet-filter firewall
● A router with filtering capabilities● The firewall uses packet-filters (ACLs) to drop or pass traffic● Stateful inspection
– keep state of every TCP/UDP flow and allow reverse traffic
– traffic from inside ”opens” the firewall for incoming traffic dynamically
● Example:
– permit out on eth0 from 77.2.3.0/24 to any proto tcp keep state
– permit inout on eth0 proto icmp
– deny default
unt rustedInternet
t rustedInt ranet
Firewall routerwith packet filtering
Example rules
● ICMP– allow all output, filter input (path MTU discovery)
● TCP– allow connections created from inside, block all other input
● UDP– block all input and output,...
● H.323/SIP– use the phone?
● WWW– allow all output/proxy, block all input, put web server in DMZ
● DNS– block internal info from outside
● SSH– allow all input and output
Free from Cheswick et al ”Firewalls and Internet Security”
Proxy firewall / Application-level gateway
● Better application-level understanding than packet-filtering● An ALG is a firewall program that runs in user-space – at the
application level– typically in combination with packet-filtering
● Two separate TCP connections– one from a client to the ALG; one from the ALG to the server– The ALG terminates the connections
● Disadvantages– slower: more memory and processing– one proxy per new application: web, sip, ftp, ...
unt rustedInternet
t rustedInt ranet
Applicat ion-levelgateway
Demilitarized Zone
● A DMZ contains server accessible from the Internet– but the intranet is not accessible from the outside– two levels of defence: defence in depth– If a server is attacked, the intranet is still safe
● Can be combined with application proxies
untrustedInternet
t rustedInt ranet
Servers / Proxies
DMZ
OuterBarrier
InnerBarrier
Firewall Design Criteria
● There is no absolute security
– It is always a question of economics
● Defense in depth
– place several firewalls after each other
● Weakest link
– The strength of your security system is bounded by the weakness of your weakest link
● Least privilege
– Give the smallest amount of privilege possible
● Fail safe
– Even if everything is going wrong, the security system should not leave any security hole in the system.
● Keep it simple!