Upload
kimi
View
27
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Network Security. Today’s Universities C ampus P erimeter Security. Anti-virus system. Firewalls. 100 %. Anti-virus system. Remote access VPN, using IPSEC. Access control. 96.2 %. Firewalls. Content filtering. Remote access VPN, using IPSEC. Intrusion Detection System. 78.8 %. - PowerPoint PPT Presentation
Citation preview
Network Security
Today’s Universities CampusPerimeter Security
Anti-virus system Firewalls Remote access VPN, using IPSEC Access controlContent filteringIntrusion Detection System Remote access VPN using SSL Other
Anti-virus system
Firewalls
Remote access VPN, using IPSEC
Access control
Content filtering
Intrusion Detection System
Remote access VPN using SSL
Other *
100 %
96.2 %
78.8 %
78.8 %
55.8 %
57.7 %
25 %
11.5 %
* Other includes packet shapers, proxy servers and smart-card authentication.
Security challenges for remote offices
53.8 % 51.9 %
42.3 %
36.5 %
21.2 %
Lack of personnel/expertise Complexity
Solution costs are too highLack of one-stop shopping from vendors
Management costs are too high
Agenda
NAT – the most common and quite effective zero-mainetnance firewall
PacketFilters and RealFirewalls SSL/TLS: transport layer security
Easy to use CA infrastructure SSH
IPSec: network layer security (VPN) Difficult to deploy Transport or Tunnel mode
Use of Private Addresses
Routers in the public Internet will not route packets whose destination are private addresses 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16
However, it is possible for routers in a private network to route packets with private addresses
The same private addresses can be reused in different private networks
NAT Basics Network Address
Translator (NAT) Defined in RFC
3022 Standard application
map private IP address range
10.0.0.0 – 10.255.255.255
172.16.0.0 – 172.31.255.255
192.168.0.0-192.168.255.255
to public IP address range
Network Address Port Translation (NAPT or
Masquerading)
NAPT Basics Network
Address Port Translator
Can map multiple private IP addresses and ports to one public IP address and ports
NAT Internals
NAT modifies headers in IP and TCP/UDP IP header
Source (outgoing) or destination (incoming) IP address
IP header checksum TCP/UDP header
Source (outgoing) or destination (incoming) TCP/UDP port
TCP/UDP checksum
NAT
Fields modified in IP and TCP header:
tos total lengthlenvsnidentification
TTL protocol header checksumsource IP address
destination IP address
flgs fragment offset
options (optional)
data
destination port
options (optional)
data (optional)
source portsequence number
acknowledgement numberwindow size
urgent pointerTCP checksumhlen rsv flags
IP header TCP Header
NAT
Some protocols include IP address in data portion of IP datagram
Example is FTP: FTP uses 2 connections
Control connection for login, commands Data connection for data transfer
FTP client tells FTP server how to open the data connection -- supplies IP address and port
These are in data section of IP datagram; not protocol headers, so NAT translation becomes application-specific
NAT - ALG’s
Application Layer Gateways (or ALG’s) sit on NAT gateway to translate IP and port information in data
Must have separate ALG for each application to be translated
Common applications which need ALG: FTP, DNS, SNMP, H.323 (Voice over IP) USNET-NAT has an FTP ALG
Further complications possible besides IP/Port translation
NAT ALG for FTP
FTP ALG must: Translate IP address in data portion Set up NAT router to accept incoming connection Modify TCP (or UDP) checksum Check for data length changes - if even one
segment length changes, modify TCP sequence and ACK numbers for remainder of session
RFC 3022
Example NAT Configuration
Ethernet
10.0.0.50www.google.com216.239.57.99
Router Running NATISP Router
Internet
198.198.50.0
Types of NAT I
Static NAT maintains a fixed mapping from private addresses to global
addresses, which must be configured manually. Dynamic NAT
Global IP address is issued for each “session” TCP/IP: NAT router checks for SYN/FIN flags
Types of NAT II
1. Full Cone
2. Restricted Cone
3. Port Restricted Cone
4. Symmetric
Network Address Translation
NAT is a major problem for media communications
NAT:
Full Cone
Any computer can send back data to an open port.
Restricted Cone
Any computer can send back data to an open port AFTER we send data to their IP.
Port Restricted Cone
Same as restricted cone but we need to first send data to their IP AND the port that will be allowed to send back.
Symmetric
Internet Security Threats I
Packet Sniffing Broadcast media e.g. Ethernet, wireless comms Promiscuous NIC reads all packets passing by Can read all unencrypted data (e.g. passwords) E.g. C sniffs B’s packets
Internet Security Threats II
IP Spoofing Can generate “raw” IP packets directly from application, putting
any value into IP source address field Receiver can’t tell if source is spoofed E.g.: C pretends to be (trusted host) B
Internet Security Threats III Denial of service (DOS)
Flood of maliciously generated packets “swamp” to receiver Distributed DOS (DDOS): multiple coordinated sources swamp
one receiver E.g.: C and remote host SYN-attack A
No real defense against this attack!!
Types of firewalls
Packet filters Standard packet filter Stateful packet filter
Proxy gateways Network Address Translation (NAT) Intrusion Detection Logging
Components of firewall
Firewall Example
Firewall
Internet
HTTP-Server(only port 80 open)
File-Server(not accessiblefrom outside)And NAT
Gateway
Packet Filtering Block or allow packets based on rules. Filtering based on packet headers and interface it
arrives on. Example – Inbound telnet open not allowed.
Filtering Strategies That which is not explicitly permitted is prohibited. That which is not explicitly prohibited is permitted.
Session and protocol tracking Fragmented IP packets Packets violating the L4-L7 protocol
Proxy Servers Proxy services sit between user on the inside and
server on the outside. Instead of talking directly, user and server talk through proxy.
Ethernet
www.google.com216.239.57.99
Internet
Proxy Server
Firewall DualhomedHost
Network Address Translation
Network Address Translation (NAT) allows a network to use one set of addresses internally and a different set when dealing with external networks.
It helps conceal internal network and force connections to go through choke point.
Router does the extra work required for address translation.
Threat
Alice Bob
Eve
•Alice and Bob want to communicate•Eve is eavesdropping (intercept, delete, add messages)
What is Network Security?
Secrecy: Only sender and intended receiver should be able to “understand” message
Authentication: Sender and receiver want to confirm identity of each other
Message Integrity: Sender and receiver want to ensure that message has not been altered without detection
Taxonomy of Network Security
Secure Communication
SymmetricCryptography(e.g., DES)
AsymmetricCryptography(e.g., RSA)
MessageDigests(e.g., MD5)
Cryptographic Security Technologies En-/Decryption/Signing of E-Mail
e.g. PrettyGoodPrivacy (PGP) En-/Decryption of Shell Communication
e.g. SecureShell (SSH) En-/Decryption on Protocol Level
e.g. SSL (TCP), IPSec (IP)
Basic crypto applications
Algorithms: DES, AES, 3DES Used for actual reversible encryption “non-entropic”, reversible operations Requires a unique “secret key” for the encryptor and
decryptor Hashes: SHA-1, MD5
Used to generate a unique mathematical “summary value” for a given dataset
“Entropic”, non-reversible operation Used to authenticate a data set Can be combined with a “secret key” value to create a
custom Hash- ensures that your hash was created by someone you trust.
Symmetric Key Distribution
• Key distribution• Public key via trusted Certificate
Authorities• Symmetric key?
• Diffie-Helman Key Exchange• Public key, then symmetric key (e.g. SSL)
Secure Socket Layer (SSL) SSL works at transport layer. Provides security to any TCP-
based app using SSL services. SSL: used between WWW browsers, servers for E-commerce
(shttp, scp). SSL security services:
server authentication data encryption client authentication (optional)
Server authentication: SSL enabled browser includes public keys of trusted CAs. Browser requests servercertificate, issued by trusted CA. Browser uses CA’s public key to extract server’s public key from
certificate. Visit your browser’s security menu to see its trusted CAs.
SSL and TLS
SSL designed by Netscape TLS IETF standard
compromise between SSL and a Microsoft protocol SSL and TLS provide applications:
Encryption Server authentication (Optional) client authentication
SSL programming libraries are pretty easy to use
SSL Protocol Architecture
TCP
SSL Record Protocol
SSL Handshake
Protocol
SSL Alert
Protocol
HTTP, other apps
SSL Change Cipher Spec
Protocol
SSL Handshake
Pretty complicated why HTTPS websites seem sooooooo slow.
Server (and client) authentication Negotiation of:
Encryption algorithm MAC algorithm Encryption key
Must be done before any data transmission
SSL/TLS and IPSec
How does SSL differ?
SSL is based on PKI, which uses public/private key pairs- using entirely different math
Designed to enable secure transfer of data (like a temporary crypto key) to someone you don’t necessarily trust
IKE/IPSec does not use PKI, as it is inherently less safe- and designed for e-commerce use
Actually, PKI-like key exchange is used in some limited ways in IKE, but the core of IPSec is not based on public/private key exchange
IPSec Overview
What is IKE and IPSEC? Generally speaking, IKE is a method for securely
exchanging encryption ciphers that will be used in a later encrypted session
IPSec is an overall term used to describe encrypted data communication over IP, using the keys exchanged with IKE
Remember, the problem is not just encrypting the messages- it’s keeping your keys safe in the long term This is accomplished by renegotiating keys often in IPSec- this
compartmentalizes the encryption and data exchange This means that secret keys must be exchanged often
IPSec Architecture
IPSec
There are three parts to IPSec: AH- authentication header- provides session security at a
“sophisticated” level by checking data integrity and protecting against “replay” attacks (protocol 51)
ESP- encapsulating security payload- provides the bulk data encryption method (protocol 50)
IKE- handles the exchange of secret keys used in the prior two categories (udp port 500)
NOTE: IKE generally cannot be NATted, as the IP addresses used by each participating gateway are tracked, and NAT looks like a replay attack
The guts of key exchange
Sending Gateway determines a packet needs to be encrypted Sending Gateway opens an IKE session with the Receiving
gateway- this step defines the IKE SA Diffie-Hellman key exchange uses hashing of a certificate or
shared secret to authenticate each gateway, and sets up a public/private data exchange channel
Sending and Receiving Gateways exchange protocol settings, algorithm settings, and secret keys using PKI
A new IPSec SA is defined for the ESP tunnel, and data begins to be transferred
New term: Selector- a logical construct similar to a route, that allows the gateway to determine if an inbound packet is to be encrypted and passed over a particular SA
Quick Mode IKE
Hash type, SA type (ESP), IP information (encryption domains/selectors)
ACK HASH
return HASH
Hash type, SA type (ESP), IP information (encryption domains/selectors)
More details: You don’t really have to use IKE:
Enter many large ugly numbers Keep track of them and keep them secret Pass them from site to site Change them secretly
Have fun!
IPSec in Tunnel Mode
New IP HeaderESP Head
IP DATAIP Header
IP DATAOld IP Head ESP trailerESP Auth
Authenticated and Encrypted
What does the header look like?
Here’s a picture:
Security Parameter IndexSequence NumberInitialization VectorEncrypted IP Header
UDP header (or whatever)DATA
DataTrailer: padding, pad ln
ESP Authentication
NEW IP HEADER
Padding
ESP Header
Encap. Header
ESP Header
ESP Header
ESP Trailer
Why padding? Some Algorithms (DES) require specific block sizes for “Cipher Block Chaining”, which speeds encryption.
IPsec Transport mode• ESP protocol provides network-layer
secrecy, source host authentication and data integrity
• TCP/UDP segment is surrounded by header and trailer fields• DES-CBC encryption of TCP/UDP segment +
trailer• Trailer lists the Protocol of the segment (TCP, or
UDP, or …). Hidden from observers.
• Normal IP routing using IP header. Destination sees protocol=50 and decrypts ESP packet
IPsec – no encryption• AH protocol provides source authentication
and data integrity, but not secrecy• Insert an AH header between IP header
(indicated by Protocol = 51)• Next Header field indicates whether segment is
TCP, UDP, etc.• Authentication Data field contains a digital
signature, or signed message digest calculated over the original IP datagram• Provides source authentication• Provides datagram integrity tamper check• Digital signature could be DES, MD5, or SHA -
negotiated
Tunnel and Transport Mode
Authentication Header (AH) Authenticates the sender
Encapsulating Security Payload (ESP) Data encryption Can be done in two ways:
Transport mode: only the transport layer segment is encrypted
Tunnel mode encrypt the entire IP datagram put it inside another IP datagram
IPsec (7)
• Some implications:• Virtual Private Networks (VPN’s) are created and
connected using IPsec• Create IPsec gateways that
tunnel/encapsulate across the insecure Internet = “Virtual”
• IPsec provides confidentiality = “Private”
IPsecgateway
IPdest
IPsource
IPsecgateway
Secure Tunnel overInsecure IP routing
Secure Intranet Secure Intranet
SSH = Secure Shell. Initially designed to replace insecure rsh, telnet utilities. Secure remote administration (mostly of Unix systems). Extended to support secure file transfer and e-mail. Latterly, provide a general secure channel for network
applications. SSH-1 flawed, SSH-2 better security (and different
architecture). SSH provides security at Application layer.
Only covers traffic explicitly protected. Applications need modification, but port-forwarding eases
some of this (see later). Built on top of TCP, reliable transport layer protocol.
SSH Overview
SSH Overview
SSH Communications Security (SCS). www.ssh.com. Founded by Tatu Ylonen, writer of SSH-1. SSH is a trademark of SCS.
Open source version from OpenSSH. IETF Secure Shell (SECSH) working group.
Standard for SSH in preparation. www.ietf.org/html.charters/secsh-charter.html.
Long-running confusion and dispute over naming.
SSH-2 Architecture
SSH-2 adopts a three layer architecture: SSH Transport Layer Protocol.
Initial connection. Server authentication (almost always). Sets up secure channel between client and server.
SSH Authentication Protocol Client authentication over secure transport layer channel.
SSH Connection Protocol Supports multiple connections over a single transport layer
protocol secure channel. Efficiency (session re-use).
SSH-2 Architecture
SSH Transport Layer Protocol
SSH Authentication Protocol
TCP
SSH Connection Protocol
Applications
Server (nearly) always authenticated in transport layer protocol.
Client (nearly) always authenticated in authentication protocol. By public key (DSS, RSA, SPKI, OpenPGP). Or simple password for particular application over secure
channel. Establishment of a fresh, shared secret.
Shared secret used to derive further keys, similar to SSL/IPSec. For confidentiality and authentication in SSH transport layer
protocol. Secure ciphersuite negotiation.
Encryption, MAC, and compression algorithms. Server authentication and key exchange methods.
SSH-2 Security Goals
Key establishment through Diffie-Hellman key exchange. Variety of groups supported.
Server authentication via RSA or DSS signatures on nonces (and other fields).
HMAC-SHA1 or HMAC-MD5 for MAC algorithm. 3DES, RC4, or AES finalists (Rijndael/Serpent). Pseudo-random function for key derivation. Small number of ‘official’ algorithms with simple
DNS-based naming of ‘private’ methods.
SSH-2 Algorithms
SSH-1 versus SSH-2
Many vulnerabilities have been found in SSH-1 . SSH-1 Insertion attack exploiting weak integrity mechanism
(CRC-32) and unprotected packet length field. SSHv1.5 session key retrieval attack (theoretical). Man-in-the-middle attacks (using e.g. dsniff). DoS attacks.
Overload server with connection requests. Buffer overflows.
But SSH-1 widely deployed. And SSH-1 supports:
Wider range of client authentication methods (.rhosts and Kerberos).
Wider range of platforms.
SSH Port Forwarding
Without SSH or port forwarding.
UM User’smachine
LS Loginserver
MO Mail outserver
MI Mail inserver
Src: UM Dest: LS Port: 23
Src: UM Dest: MI Port: 113
Src: UM Dest: MO Port: 25
SSH Port Forwarding
Recall: TCP port number ‘identifies’ application. SSH on local machine:
Intercepts traffic bound for server. Translates standard TCP port numbers.
E.g. port 113 port 5113. Sends packets to SSH-enabled server through SSH secure
channel. SSH-enabled server:
Receives traffic. Re-translates port numbers.
E.g. port 5113 port 113. Forwards traffic to appropriate server using internal network.
SSH Port Forwarding
UM User’smachine
LSSSH-enabled
loginserver
MO Mail outserver
MI Mail inserver
Src: UM Dest: LS Port: 23
With SSH and port forwarding.
Src: UM Dest: MI Port: 113Src: UM Dest: LS Port: 5113Src: LS Dest: MI Port: 113
Src: UM Dest: MO Port: 25Src: UM Dest: LS Port: 5025Src: LS Dest: MO Port: 25
Anonymous ftp for software updates, patches... No client authentication needed, but clients want to be sure of
origin and integrity of software. Secure ftp.
E.g.upload of webpages to webserver using sftp. Server now needs to authenticate clients. Username and password may be sufficient, transmitted over
secure SSH transport layer protocol. Secure remote administration.
SysAdmin (client) sets up terminal on remote machine. SysAdmin password protected by SSH transport layer protocol. SysAdmin commands protected by SSH connection protocol.
Guerilla Virtual Private Network. E.g. use SSH + port forwarding to secure e-mail
communications.
SSH Applications
6.3 Comparing IPSec, SSL/TLS, SSH
All three have initial (authenticated) key establishment then key derivation. IKE in IPSec Handshake Protocol in SSL/TLS (can be
unauthenticated!) Authentication Protocol in SSH
All protect ciphersuite negotiation. All three use keys established to build a
‘secure channel’.
Comparing IPSec, SSL/TLS, SSH Operate at different network layers.
This brings pros and cons for each protocol suite. Recall `Where shall we put security?’ discussion. Naturally support different application types, can all be
used to build VPNs. All practical, but not simple.
Complexity leads to vulnerabilities. Complexity makes configuration and management harder. Complexity can create computational bottlenecks. Complexity necessary to give both flexibility and security.
Comparing IPSec, SSL/TLS, SSHSecurity of all three undermined by: Implementation weaknesses. Weak server platform security.
Worms, malicious code, rootkits,… Weak user platform security.
Keystroke loggers, malware,… Limited deployment of certificates and infrastructure to support
them. Especially client certificates.
Lack of user awareness and education. Users click-through on certificate warnings. Users fail to check URLs. Users send sensitive account details to bogus websites (“phishing”) in
response to official-looking e-mail.
What is a VPN
Public networks are used to move information between trusted network segments using
shared facilities like frame relay or atm
A VIRTUAL Private Network replaces all of the above utilizing the public Internet Performance and availability depend on your ISP and the Internet
VPN Implementations
VPN as your Intranet
VPN Components
Technologies
Application Layer: SSL
Tunnel vs Transport
Transport Implemented by the end point systems Real address to real address Cannot ‘go through’ other networks
Tunnel Encapsulation of the original IP packet in another
packet Can ‘go through’ other networks End systems need not support this Often PC to a box on the ‘inside’
PPTP: Free from Microsoft
PPTP: Security
10.0.0.1
10.0.0.4
10.0.0.3
10.0.0.2
web servera
b
c
NAT
204.x.1.10
Internet
Outgoing PPTP Client Through NAT
VPN Comparisons