Upload
maria-watson
View
214
Download
0
Tags:
Embed Size (px)
Citation preview
Security Problems in theSecurity Problems in theTCP/IP Protocol SuiteTCP/IP Protocol Suite
Presented by:Presented by:
Sandra Daniels, JosSandra Daniels, Joséé Nieves, Nieves, Debbie Rasnick, Gary TusingDebbie Rasnick, Gary Tusing
Article by: S. M. BellovinArticle by: S. M. BellovinAT&T Bell LaboratoriesAT&T Bell Laboratories
April, 1989 April, 1989
TCP/IP Protocol SuiteTCP/IP Protocol Suite
Widely usedWidely used Developed under DODDeveloped under DOD Serious security flawsSerious security flaws
Topics to be DiscussedTopics to be Discussed
Problems and defensesProblems and defenses Handshake sequence numbers Handshake sequence numbers RoutingRouting AuthenticationAuthentication Service protocolsService protocols
Comprehensive defensesComprehensive defenses ConclusionConclusion
TCP Sequence Number TCP Sequence Number
TCP HandshakeTCP Handshake C C →→ S: SYN (ISNc) S: SYN (ISNc) S S →→ C: SYN (ISNs), ACK (ISNc) C: SYN (ISNs), ACK (ISNc) C C →→ S: ACK (ISNs) S: ACK (ISNs) C C →→ S: data S: data
And/orAnd/or S S →→ C: data C: data
Mechanism Mechanism
ISNs variable incremented by constant ISNs variable incremented by constant (once per second) and by half that (once per second) and by half that amount each time a connection is amount each time a connection is initiated. ISNs a number precisely the initiated. ISNs a number precisely the round-trip between the client and server round-trip between the client and server
ISNs predictable, can be guessed by ISNs predictable, can be guessed by intruderintruder
No authentication except IP addressNo authentication except IP address
ProblemProblem
ISNs not true random numberISNs not true random number Easy to calculate or predictEasy to calculate or predict Can be used to spoof trusted hostCan be used to spoof trusted host Easy and cheap for IntruderEasy and cheap for Intruder
11
DefensesDefenses
Don’t use netstat protocolDon’t use netstat protocol Generate ISNs some other wayGenerate ISNs some other way
RandomizationRandomization
Use cryptographic algorithm with keyUse cryptographic algorithm with key Randomize increments instead of Randomize increments instead of
basing them on predictable or basing them on predictable or measurable factormeasurable factor
Defenses (cont.)Defenses (cont.)
USE DES to generate ISNsUSE DES to generate ISNs
Good LoggingGood Logging
Alerting mechanismsAlerting mechanisms
RoutingRoutingISSUESISSUES
Routing mechanisms Routing mechanisms can be abused can be abused Denial of Service – Denial of Service –
confusing routing confusing routing tablestables
Source RoutingSource Routing Reverse the TCP route Reverse the TCP route
on a request (if one is on a request (if one is used). used).
The attacker may be The attacker may be able to identify an IP able to identify an IP address and network address and network in the source domain, in the source domain, the first step gaining the first step gaining control of a hostcontrol of a host
POSSIBLE DEFENSESPOSSIBLE DEFENSES
Hard to defend Hard to defend Possibilities:Possibilities:
Local net rejects all Local net rejects all external packets external packets claiming to be from claiming to be from the local net (not the local net (not practical and extreme)practical and extreme)
Analyze source route Analyze source route and accept it only if and accept it only if trusted gateways are trusted gateways are listed (again, hardly listed (again, hardly practical)practical)
RIP AttacksRIP AttacksISSUESISSUES
RIP – Routing Information RIP – Routing Information Protocol (widely used)Protocol (widely used) Routing information Routing information
received is often received is often unchallengedunchallenged
Intruder can send bogus Intruder can send bogus routing information and routing information and thus re-direct packets to thus re-direct packets to a non-trusted entity, a non-trusted entity, network, or host network, or host (impersonating)(impersonating)
Hard to authenticate RIP Hard to authenticate RIP packetspackets
Bogus routing Bogus routing information disseminates information disseminates to other routersto other routers
POSSIBLE DEFENSESPOSSIBLE DEFENSES
Establishing a “paranoid” Establishing a “paranoid” gatewaygateway One that filters packets One that filters packets
based on source or based on source or destination address only, destination address only, not on the routenot on the route
Would have to make RIP Would have to make RIP more skeptical of the more skeptical of the routes that the router is routes that the router is willing to acceptwilling to accept
EGPEGPISSUESISSUES
Protocol for Protocol for communications communications between core routersbetween core routers
Impersonation of a Impersonation of a real gateway when real gateway when such is down is not such is down is not hard with this routing hard with this routing protocolprotocol Broadcast a route Broadcast a route
directing others to an directing others to an offline router, while offline router, while impersonating that impersonating that routerrouter
POSSIBLE DEFENSESPOSSIBLE DEFENSES
Always make Always make exterior gateways be exterior gateways be on the core network on the core network so that attacker has so that attacker has a harder time a harder time impersonating the impersonating the offline routeroffline router
ICMPICMPISSUESISSUES
The Internet Control The Internet Control Message Protocol is Message Protocol is used for echo used for echo requests from remote requests from remote hosts (connectivity)hosts (connectivity) ICMP attacks are ICMP attacks are
difficult because of difficult because of ICMP packet’s ICMP packet’s simplicitysimplicity
Yet, ICMP packets can Yet, ICMP packets can be used to:be used to:
Redirect routes (such Redirect routes (such as with RIP)as with RIP)
DoS attacksDoS attacks
POSSIBLE DEFENSESPOSSIBLE DEFENSES
Again, “paranoia”Again, “paranoia”
Restrict routing Restrict routing changes to specified changes to specified connections, not in connections, not in response to ICMP response to ICMP Redirect messagesRedirect messages
Check that an ICMP Check that an ICMP packet is tied up to a packet is tied up to a particular connection particular connection onlyonly
Authentication ServerAuthentication Server
Used instead of address-based authenticationUsed instead of address-based authentication
Nothing more than a Trusted Host that will Nothing more than a Trusted Host that will mediate our connections and establish mediate our connections and establish trusted identitiestrusted identities
Should not rely solely on TCP/IP for Should not rely solely on TCP/IP for authentication; should use some other authentication; should use some other algorithmalgorithm
Services WithinServices Withinthe Suitethe Suite
FingerFinger EmailEmail
POPPOP PCMAILPCMAIL
DNSDNS FTPFTP SNMPSNMP Remote BootingRemote Booting
FingerFinger
Problem: Gives away too much Problem: Gives away too much information to hackersinformation to hackers
Solution: Disable serviceSolution: Disable service
POPPOP
Problem: Conventional passwords are Problem: Conventional passwords are vulnerablevulnerable
Solution: One-time passwords using Solution: One-time passwords using cryptographic keycryptographic key
PCMAILPCMAIL
Problem: Same as POP, but also Problem: Same as POP, but also supports password-change command supports password-change command with unencrypted passwordswith unencrypted passwords
Solution?Solution?
DNSDNS
Problem: Sequence number attack Problem: Sequence number attack leading to spying on traffic/capturing leading to spying on traffic/capturing passwordspasswords
Solution: Run domain servers on Solution: Run domain servers on highly secure machines and use highly secure machines and use authentication on domain server authentication on domain server responsesresponses
DNS cont…DNS cont…
Problem: Recursive zone transfer Problem: Recursive zone transfer requests to download entire databaserequests to download entire database
Solution: Employ “refused” error code Solution: Employ “refused” error code for any requests from unidentified for any requests from unidentified serversservers
Also, Kerberos tickets can be used to Also, Kerberos tickets can be used to authenticate DNS queriesauthenticate DNS queries
FTPFTP
Problem: Use of simple passwords for Problem: Use of simple passwords for authenticationauthentication
Solution: One-time passwordsSolution: One-time passwords
Problem: Anonymous FTPProblem: Anonymous FTP Solution: Be careful with sensitive Solution: Be careful with sensitive
data (such as encrypted passwords)data (such as encrypted passwords)
SNMPSNMP
Problem: In the wrong hands, can Problem: In the wrong hands, can divulge too much informationdivulge too much information
Solution: Protect this service Solution: Protect this service (through authentication)(through authentication)
Remote BootingRemote Booting
Problem: Boot process can be Problem: Boot process can be subverted and new kernel with subverted and new kernel with altered protection mechanism can be altered protection mechanism can be substitutedsubstituted
Solution: Ensure boot machine uses Solution: Ensure boot machine uses random number for UDP source port random number for UDP source port and use 4-byte transaction IDand use 4-byte transaction ID
Comprehensive DefensesComprehensive Defenses
AuthenticationAuthentication EncryptionEncryption Trusted SystemsTrusted Systems
AuthenticationAuthentication
One of the overall problems is TCP/IP One of the overall problems is TCP/IP reliance on IP source address for reliance on IP source address for authenticationauthentication
Too easy to spoof IP addressToo easy to spoof IP address Needs some form of cryptographic Needs some form of cryptographic
authenticationauthentication Needham-Schroeder algorithm Needham-Schroeder algorithm
Needham-Schroeder Needham-Schroeder algorithmalgorithm
Relies on each host sharing a key with Relies on each host sharing a key with an authentication serveran authentication server
Versions exists for both private-key and Versions exists for both private-key and public-key cryptosystemspublic-key cryptosystems
Host wanting to communicate request Host wanting to communicate request key from authentication server & passes key from authentication server & passes a sealed version along to destinationa sealed version along to destination
At conclusion of dialog, each side has At conclusion of dialog, each side has verified id of otherverified id of other
Needham-Schroeder Needham-Schroeder algorithmalgorithm
Allows pre-authenticated connections Allows pre-authenticated connections that are safethat are safe
DNS provides ideal base for DNS provides ideal base for authentication systemsauthentication systems
Key distribution responses must be Key distribution responses must be authenticated and/or encryptedauthenticated and/or encrypted
EncryptionEncryption
Can defend against most problemsCan defend against most problems
Disadvantages:Disadvantages: ExpensiveExpensive SlowSlow Hard to administerHard to administer Uncommon in civilian sectorUncommon in civilian sector
EncryptionEncryption
Two types:Two types: Link Level includingLink Level including Multi-points link encryptionMulti-points link encryption
End-to-end encryptionEnd-to-end encryption
Major benefitsMajor benefits Implied authentication they provideImplied authentication they provide Provide privacyProvide privacy
Link Level EncryptionLink Level Encryption
Encrypting each packet as it leaves the Encrypting each packet as it leaves the hosthost
Excellent to protect confidentialityExcellent to protect confidentiality Works well against physical intrusionWorks well against physical intrusion
Weaknesses:Weaknesses: Broadcast packets are difficult to secureBroadcast packets are difficult to secure Implies trust of gatewaysImplies trust of gateways
Blacker Front EndBlacker Front End(BFE)(BFE)
A multi-point link encryption device for A multi-point link encryption device for TCP/IPTCP/IP
Looks to host as an X.25 DDN interfaceLooks to host as an X.25 DDN interface Sits between host and actual DDN lineSits between host and actual DDN line Receives call with new destination, Receives call with new destination,
contacts Access Control Center for contacts Access Control Center for permission and Key Distribution Center permission and Key Distribution Center for cryptographic keysfor cryptographic keys
BFEBFE
If local host is denied permission to If local host is denied permission to talk to remote host, appropriate talk to remote host, appropriate diagnostic code is returneddiagnostic code is returned
Special Emergency Mode when link to Special Emergency Mode when link to KDS or ACC is not workingKDS or ACC is not working
Permission checking can protect Permission checking can protect against DNS attacksagainst DNS attacks
Totally unauthorized host does not Totally unauthorized host does not receive sensitive datareceive sensitive data
BFEBFE
Also translates original “Red” IP Also translates original “Red” IP address to encrypted “Black” address to encrypted “Black” address using a translation table address using a translation table supplied by ACCsupplied by ACC
Foils traffic analysis which are bane Foils traffic analysis which are bane of all multi-point link encryptionof all multi-point link encryption
End-to-end encryptionEnd-to-end encryption
Above the TCP levelAbove the TCP level To secure conversations regardless of To secure conversations regardless of
number of hopsnumber of hops Or quality of links Or quality of links Appropriate for centralized network Appropriate for centralized network
management applicationsmanagement applications Key distribution/management greater Key distribution/management greater
problem (more pairs involved)problem (more pairs involved)
End-to-end encryptionEnd-to-end encryption
Encryption and decryption done before Encryption and decryption done before initiation or after termination of TCP initiation or after termination of TCP processing, host level software must processing, host level software must handle translations resulting in extra handle translations resulting in extra overhead for each conversationoverhead for each conversation
Vulnerable to denial of service attacksVulnerable to denial of service attacks
Trusted SystemsTrusted Systems
Hosted and routers rated B2 or Hosted and routers rated B2 or higher immune to attacks described higher immune to attacks described herehere
C2 level systems are susceptibleC2 level systems are susceptible B1 are vulnerable to some but not all B1 are vulnerable to some but not all
attacksattacks
ConclusionsConclusions1. Relying on IP source address for 1. Relying on IP source address for
Authentication is dangerousAuthentication is dangerous2. Second broad class of problems deals with 2. Second broad class of problems deals with
sequence number attacks sequence number attacks (unpredictable and unseen)(unpredictable and unseen)
3. Hosts should not be giving away 3. Hosts should not be giving away information gratuitously (finger and netstat)information gratuitously (finger and netstat)
4. Intelligent use of default routes4. Intelligent use of default routes5. Use verifiable point-to-point routing 5. Use verifiable point-to-point routing
protocols instead of broadcast-based routingprotocols instead of broadcast-based routing6. Network control mechanisms must be 6. Network control mechanisms must be
guardedguarded