Post on 21-Dec-2015
transcript
Autumn 2000 John Kristoff 2
Internet/Telco Comparison
Telephone System central authority network in control billing records per
connection legal issues well
understood provisions for law
enforcement (wiretapping)
Internet no central authority end systems in
control no central knowledge
of connections no per-packet billing legal issues not well
understood anonymity is easy
Autumn 2000 John Kristoff 3
Internet Security Stinks
Hosts are hard to secure Bad defaults Poor software Fixes rarely applied Average user/administrator is clueless An overly secure system is not useful Its difficult to coordinate among sites
Autumn 2000 John Kristoff 4
What to Protect
Confidentiality snooping encryption
Integrity deletion, changes backups
Availability denial of service
attacks
Authentication are who you say you
are
Nonrepudiation no denying it
Access Control dont touch that!
Reputation Ensure your good name
Autumn 2000 John Kristoff 6
Physical Security
Trash bins Social engineering Its much easier to trust a face than
a packet Protect from the whoops
power spills the clumsy software really can kill hardware
Autumn 2000 John Kristoff 7
Host Based Security
Recall End-to-End Argument Security is ultimately a host problem Key idea: protect the DATA End hosts are in control of data Users are in control of end hosts Users can and often will do dumb things Result: very difficult to protect all hosts
Autumn 2000 John Kristoff 8
Internal Security
Most often ignored Most likely the problem Disgruntled employee Curious, but dangerous employee Clueless and dangerous employee
Autumn 2000 John Kristoff 9
Security by Obscurity
Is no security at all. However
Its often best not to advertise unnecessarily
Its often the only layer used (e.g. passwords)
Probably need more security
Autumn 2000 John Kristoff 10
Network Based Security
Should augment host based security Useful for
Protecting groups of users from others Prohibiting certain types of network usage Controlling traffic flow
Difficult to inspect traffic encryption can hide bad things tunneling can mislead you
Good book: Network Security: PRIVATE Communication in a PUBLIC World. Kaufman, Perlman and Speciner.
Autumn 2000 John Kristoff 11
Layered Defenses
The belt and suspenders approach Multiple layers make it harder to get
through Multiple layers take longer to get through Basic statistics and probability apply
If Defense A stops 90% of all attacks and Defense B stops 90% of all attacks, you might be able to stop up to 99% of all attacks
Trade-off in time, money and convenience
Autumn 2000 John Kristoff 12
Perimeter Security
Boundary between a trusted internal network and a hostile external network
Autumn 2000 John Kristoff 13
Firewall Solutions
They help, but not a panacea A network response to a host problem
Packet by packet examination is tough Dont forget internal users Need well defined borders Can be a false sense of security Careful not to break standard
protocol mechanisms!
Autumn 2000 John Kristoff 14
Packet Filtering Firewalls
Apply rules to incoming/outgoing packets
Based on Addresses Protocols Ports Application Other pattern match
Autumn 2000 John Kristoff 17
Example Firewall: ipchains
-A input -s 192.168.0.0/255.255.0.0 -d 0.0.0.0/0.0.0.0 -j DENY
-A input -s 172.0.0.0/255.240.0.0 -d 0.0.0.0/0.0.0.0 -j DENY
-A input -s 10.0.0.0/255.0.0.0 -d 0.0.0.0/0.0.0.0 -j DENY
-A input -s 224.0.0.0/224.0.0.0 -d 0.0.0.0/0.0.0.0 -j DENY
-A input -s 0.0.0.0/0.0.0.0 -d a.b.c.d/255.255.255.255 22:22 -p 6 -j ACCEPT
-A input -s 0.0.0.0/0.0.0.0 -d a.b.c.d/255.255.255.255 1024:65535 -p 6 ! -y -j ACCEPT
Autumn 2000 John Kristoff 18
Example Firewall: Cisco Router Filters
access-list 100 deny ip 192.168.0.0 0.0.255.255 anyaccess-list 100 deny ip 172.0.0.0 0.15.255.255 anyaccess-list 100 deny ip 10.0.0.0 0.255.255.255 anyaccess-list 100 deny ip 0.0.0.0 0.255.255.255 anyaccess-list 100 deny ip 127.0.0.0 0.255.255.255 anyaccess-list 100 deny ip 224.0.0.0 31.255.255.255 anyaccess-list 100 deny ip 1.2.0.0 0.0.255.255 anyaccess-list 100 permit tcp any host 1.2.3.4 eq domainaccess-list 100 permit udp any host 1.2.3.4 eq domainaccess-list 100 deny tcp any host 1.2.3.5 eq telnet logaccess-list 100 deny tcp any host 1.2.3.6 eq syn logaccess-list 100 deny ip any host 1.2.3.4access-list 100 permit ip any 1.2.0.0 0.0.255.255access-list 100 deny ip any any
Autumn 2000 John Kristoff 20
Encryption
Make a readable message unreadable
Math intensive Plain text versus cipher text Algorithms and keys
public private key size
Autumn 2000 John Kristoff 21
Shared Secret Key
Each party knows a secret The secret is used to decrypt the cipher
text Book: Ulysses Page: 7 Line: 23 Word: 4
Must know the book and keep it a secret
Autumn 2000 John Kristoff 23
Public Key Cryptography
Public Key Everyone can use it to encrypt
messages to you Private Key
Only you know this key and only it decrypts messages encrypted with your public key
Keyring
Autumn 2000 John Kristoff 25
Exploits Overview
Passwords hacking and sniffing
System specific NT, UNIX, NetWare, Linux
Application specific web browser, ftp, email, finger
Protocol specific spoofing, TCP hijacking, ICMP redirects, DNS
Denial of Service PING of death, trinoo, tribe flood
Autumn 2000 John Kristoff 26
The Process
Reconnaissance Scanning Exploit Systems Keep access with backdoors/trojans Use system
Often as a springboard Cover any tracks
Autumn 2000 John Kristoff 27
Buffer Overflows and Weak Validation of Input
Key idea: overwriting the something on the stack
Popular exploits with CGI scripts Format strings Regular users can gain root access If exploit on TCP/UDP service, remote
root can be accomplished
Autumn 2000 John Kristoff 28
Network Mapping
PING DNS mapping (dont need zone transfer)
dig +pfset=0x2020 -x 10.x.x.x rpcinfo -p <hostname> nmap <http://www.insecure.org/nmap/>
very nice! Microsoft Windows is NOT immune
nbtstat, net commands Just look around the net!
Autumn 2000 John Kristoff 29
Session Hijacking
If you can predict sequence numbers and spoof the source address, you might be able to pretend to be one end of the session. It helps if you can keep one end of the session
busy while youre hijacking.
Autumn 2000 John Kristoff 31
Password Cracking
Very common today If attacker can get a hold of the
password file, they can go offline and process it
Recall passwords are a form of obscurity multiple defenses may be needed
Given enough time, passwords alone are probably not safe
Autumn 2000 John Kristoff 32
Viruses and Worms
Programs written with the intent to spread Worms are very common today
Often email based (e.g. ILOVEYOU) Viruses infect other programs
Code copied to other programs (e.g. macros) All require the code to be executed
Proves users continue to do dumb things Sometimes software is at fault too
Autumn 2000 John Kristoff 33
Denial of Service (DoS)
Prevents or impairs standard service SYN flooding SMURF attacks Distributed Denial of Service (DDoS) Most effective when source address
can be spoofed Difficult to differeniate between valid
traffic
Autumn 2000 John Kristoff 36
DoS Solutions
Ingress/Egress filtering ICMP Traceback Packet Marking Rate-limiting Difficult to solve completely!
Autumn 2000 John Kristoff 37
Network Address Translation
Removes end-to-end addressing Standardized in RFC 1918 NAT has been bad for the Internet Provides relatively no security with a
great deal of cost - this slide shouldn't be here
NAT has been required for sites with IP address allocation problems
NAT may be used for IPv6 transition
Autumn 2000 John Kristoff 40
Key Idea
A session between two endpoints that is secured from eavesdroppers and
all threats on the network in between, usually through the use of
encryption technology.
Autumn 2000 John Kristoff 41
Why Is This Worthwhile?
Cost, Cost, Cost! Ability to make use of a public, insecure
network, rather than building your own private, secure network
Autumn 2000 John Kristoff 42
Challenges
Increased overhead Complexity Performance Quality Management
Autumn 2000 John Kristoff 44
Other Areas of Interest
IP multicast Routing protocols Privacy issues IPsec Intrusion Detection Systems (IDS)
Autumn 2000 John Kristoff 45
References
bugtraq mailing list (see http://www.securityfocus.com)http://www.cert.orghttp://www.cerias.purdue.eduhttp://www.first.orghttp://packetstorm.securify.comhttp://www.research.att.com/~smb/http://cm.bell-labs.com/who/ches/http://www.denialinfo.comhttp://www.cs.georgetown.edu/~denning/http://www.washington.edu/People/dad/http://www.sans.orghttp://theory.lcs.mit.edu/~rivest/http://networks.depaul.edu/security/