network security. today’s universities campus perimeter security anti-virus system firewalls...
Post on 27-Dec-2015
224 Views
Preview:
TRANSCRIPT
Today’s Universities CampusPerimeter Security
Anti-virus system Firewalls Remote access VPN, using IPSEC Access controlContent filteringIntrusion Detection System Remote access VPN using SSL Other
Anti-virus system
Firewalls
Remote access VPN, using IPSEC
Access control
Content filtering
Intrusion Detection System
Remote access VPN using SSL
Other *
100 %
96.2 %
78.8 %
78.8 %
55.8 %
57.7 %
25 %
11.5 %
* Other includes packet shapers, proxy servers and smart-card authentication.
Security challenges for remote offices
53.8 % 51.9 %
42.3 %
36.5 %
21.2 %
Lack of personnel/expertise Complexity
Solution costs are too highLack of one-stop shopping from vendors
Management costs are too high
Agenda
NAT – the most common and quite effective zero-mainetnance firewall
PacketFilters and RealFirewalls SSL/TLS: transport layer security
– Easy to use– CA infrastructure – SSH
IPSec: network layer security (VPN)– Difficult to deploy– Transport or Tunnel mode
Use of Private Addresses
Routers in the public Internet will not route packets whose destination are private addresses– 10.0.0.0/8, – 172.16.0.0/12, – 192.168.0.0/16
However, it is possible for routers in a private network to route packets with private addresses
The same private addresses can be reused in different private networks
Port Restricted Cone
Same as restricted cone but we need to first send data to their IP AND the port that will be allowed to send back.
SIP IP Phone
SIP IP Phone
Location Service
SIP Proxy
SIP Proxy
DNS Server
Media Transport
1
2
3
4
5
6
A request is sent (SIP INVITE) to ESTABLISH a
session
DNS Query for the IP Address of the SIP Proxy of the Destination
Domain The INVITE is forwarded
The Location Service is being queries to check that the destination IP address
represents a valid registered device, and for its IP
Address
The request is forwarded to the End-Device
Destination device returns its IP Address to the
originating device and a media connection is opened
Typical Call Setup
SIP Signaling and NAT
SIP itself is usually not the problem. The UAC/proxy/etc just send back SIP
packets based on the “rport“ tag (the received data)
SIP signaling intervals need to be shorter than NAT timeout time.
Simple NAT Scenario(Bob sending data)
Bob
Public Internet
Alice
Private address space
Data
NSIS signaling (Reserve Mode)
Application-level signaling
NSISNAT
NSIS signaling (Create Mode)
NAT Limitations
Applications with IP-address content– Need AGL (Application Level Gateway)
Applications with inter-dependent control and and data sessions
Translation of fragmented FTP control packets
NAT device can be a target for attacks
Packet Filtering
Packet filtering – Access Control Lists
• source/destination IP address• source/destination TCP/UDP port• protocol (TCP, UDP, ICMP, GRE,...)• IP/TCP header bits (fragmentation, QoS, Established)
Session filtering– Dynamic Packet Filtering– Stateful Inspection– Smart packet filtering– Context Based Access Control
IPSec
Security at the network layer Can hide data and destination ports Don’t have to rewrite applications Using security gateways in tunnel mode,
can be done without reconfiguring hosts.
Tunnel and Transport Mode Authentication Header (AH)
– Authenticates the sender Encapsulating Security Payload (ESP)
– Data encryption– Can be done in two ways:
• Transport mode: only the transport layer segment is encrypted
• Tunnel mode– encrypt the entire IP datagram– put it inside another IP datagram
SSL and TLS
SSL designed by Netscape TLS IETF standard
– compromise between SSL and a Microsoft protocol
SSL and TLS provide applications:– Encryption– Server authentication– (Optional) client authentication
SSL programming libraries are pretty easy to use
SSL Handshake
Pretty complicated– why HTTPS websites seem sooooooo slow.
Server (and client) authentication Negotiation of:
– Encryption algorithm– MAC algorithm– Encryption key
Must be done before any data transmission
SSL/TLS Overview
SSL = Secure Sockets Layer.– unreleased v1, flawed but useful v2, good v3.
TLS = Transport Layer Security.– TLS1.0 = SSL3.0 with minor tweaks (see later).– Defined in RFC 2246.– Open-source implementation at
http://www.openssl.org/. SSL/TLS provides security ‘at TCP layer’.
– Uses TCP to provide reliable, end-to-end transport.– Applications need some modification.– In fact, usually a thin layer between TCP and HTTP.
SSL/TLS Basic Features
SSL/TLS widely used in Web browsers and servers to support ‘secure e-commerce’ over HTTP.– Built into Microsoft IE, Netscape, Mozilla, Apache, IIS,
…– The (in)famous browser lock.
SSL architecture provides two layers:– SSL Record Protocol
• Provides secure, reliable channel to upper layer.
– Upper layer carrying:• SSL Handshake Protocol, Change Cipher Spec. Protocol, Alert
Protocol, HTTP, any other application protocols.
SSL Protocol Architecture
TCP
SSL Record Protocol
SSL Handshake
Protocol
SSL Alert
Protocol
HTTP, other apps
SSL Change Cipher Spec
Protocol
TLS: Transport Layer Security
formerly known as SSL: Secure Sockets Layer
Addresses issues of privacy, integrity and authentication
– What is it?– How does it address the issues?– How is it used
What is TLS?
Protocol layer Requires reliable transport layer (e.g.
TCP) Supports any application protocols
IPTCPTLS
HTTP Telnet FTP LDAP
TLS: Privacy
Encrypt message so it cannot be read Use conventional cryptography with
shared key– DES, 3DES– RC2, RC4– IDEA
AMessage Message
B$%&#!@
TLS:Key Exchange
Need secure method to exchange secret key
Use public key encryption for this– “key pair” is used - either one can encrypt
and then the other can decrypt– slower than conventional cryptography– share one key, keep the other private
Choices are RSA or Diffie-Hellman
TLS: Integrity
Compute fixed-length Message Authentication Code (MAC)– Includes hash of message– Includes a shared secret– Include sequence number
Transmit MAC with message
TLS: Integrity
Receiver creates new MAC– should match transmitted MAC
TLS allows MD5, SHA-1
A BMessage’
MAC’
MAC
=?
Message
MAC
TLS: Authentication
Verify identities of participants Client authentication is optional Certificate is used to associate identity
with public key and other attributes
ACertificate
B
Certificate
TLS: Overview
Establish a session – Agree on algorithms– Share secrets– Perform authentication
Transfer application data– Ensure privacy and integrity
TLS: Architecture
TLS defines Record Protocol to transfer application and TLS information
A session is established using a Handshake Protocol
TLS Record Protocol
Handshake Protocol
Alert Protocol
ChangeCipher Spec
TLS: Handshake
Negotiate Cipher-Suite Algorithms– Symmetric cipher to use– Key exchange method– Message digest function
Establish and share master secret Optionally authenticate server and/or
client
Handshake Phases
Hello messages Certificate and Key Exchange
messages Change CipherSpec and Finished
messages
X.509 Certificate Issues
Certificate Administration is complex– Hierarchy of Certification Authorities– Mechanisms for requesting, issuing,
revoking certificates X.500 names are complicated Description formats are cumbersome
(ASN.1)
X.509 Alternative: SDSI
– SDSI: Simple Distributed Security Infrastructure (Rivest, Lampson)
• Merging with IETF SPKI: Simple Public-Key Infrastructure in SDSI 2.0
• Eliminate X.500 names - use DNS and text• Everyone is their own CA• Instead of ASN.1 use “S-expressions” and
simple syntax• Name and Authorization certificates
TLS “Alternatives”
S-HTTP: secure HTTP protocol, shttp://
IPSec: secure IP SET: Secure Electronic Transaction
– Protocol and infrastructure for bank card payments
SASL: Simple Authentication and Security Layer (RFC 2222)
SSH = Secure Shell.– Initially designed to replace insecure rsh, telnet utilities.– Secure remote administration (mostly of Unix systems).– Extended to support secure file transfer and e-mail.– Latterly, provide a general secure channel for network
applications.– SSH-1 flawed, SSH-2 better security (and different
architecture). SSH provides security at Application layer.
– Only covers traffic explicitly protected.– Applications need modification, but port-forwarding
eases some of this (see later).– Built on top of TCP, reliable transport layer protocol.
SSH Overview
SSH Overview
SSH Communications Security (SCS).– www.ssh.com.– Founded by Tatu Ylonen, writer of SSH-1.– SSH is a trademark of SCS.
Open source version from OpenSSH. IETF Secure Shell (SECSH) working group.
– Standard for SSH in preparation.– www.ietf.org/html.charters/secsh-charter.html.
Long-running confusion and dispute over naming.
SSH-2 Architecture
SSH-2 adopts a three layer architecture: SSH Transport Layer Protocol.
– Initial connection. – Server authentication (almost always).– Sets up secure channel between client and server.
SSH Authentication Protocol– Client authentication over secure transport layer channel.
SSH Connection Protocol– Supports multiple connections over a single transport
layer protocol secure channel.– Efficiency (session re-use).
SSH-2 Architecture
SSH Transport Layer Protocol
SSH Authentication Protocol
TCP
SSH Connection Protocol
Applications
Server (nearly) always authenticated in transport layer protocol.
Client (nearly) always authenticated in authentication protocol.– By public key (DSS, RSA, SPKI, OpenPGP). – Or simple password for particular application over secure
channel. Establishment of a fresh, shared secret.
– Shared secret used to derive further keys, similar to SSL/IPSec.
– For confidentiality and authentication in SSH transport layer protocol.
Secure ciphersuite negotiation.– Encryption, MAC, and compression algorithms.– Server authentication and key exchange methods.
SSH-2 Security Goals
Key establishment through Diffie-Hellman key exchange.– Variety of groups supported.
Server authentication via RSA or DSS signatures on nonces (and other fields).
HMAC-SHA1 or HMAC-MD5 for MAC algorithm. 3DES, RC4, or AES finalists (Rijndael/Serpent). Pseudo-random function for key derivation. Small number of ‘official’ algorithms with simple
DNS-based naming of ‘private’ methods.
SSH-2 Algorithms
SSH-1 versus SSH-2
Many vulnerabilities have been found in SSH-1 .– SSH-1 Insertion attack exploiting weak integrity mechanism
(CRC-32) and unprotected packet length field.– SSHv1.5 session key retrieval attack (theoretical).– Man-in-the-middle attacks (using e.g. dsniff).– DoS attacks.
• Overload server with connection requests.• Buffer overflows.
But SSH-1 widely deployed. And SSH-1 supports:
– Wider range of client authentication methods (.rhosts and Kerberos).
– Wider range of platforms.
SSH Port ForwardingWithout SSH or port forwarding.
UM User’smachine
LS Loginserver
MO Mail outserver
MI Mail inserver
Src: UM Dest: LS Port: 23
Src: UM Dest: MI Port: 113
Src: UM Dest: MO Port: 25
SSH Port Forwarding
Recall: TCP port number ‘identifies’ application. SSH on local machine:
– Intercepts traffic bound for server.– Translates standard TCP port numbers.
• E.g. port 113 port 5113.
– Sends packets to SSH-enabled server through SSH secure channel.
SSH-enabled server:– Receives traffic.– Re-translates port numbers.
• E.g. port 5113 port 113.
– Forwards traffic to appropriate server using internal network.
SSH Port Forwarding
UM User’smachine
LSSSH-enabled
loginserver
MO Mail outserver
MI Mail inserver
Src: UM Dest: LS Port: 23
With SSH and port forwarding.
Src: UM Dest: MI Port: 113Src: UM Dest: LS Port: 5113Src: LS Dest: MI Port: 113
Src: UM Dest: MO Port: 25Src: UM Dest: LS Port: 5025Src: LS Dest: MO Port: 25
Anonymous ftp for software updates, patches...– No client authentication needed, but clients want to be sure of
origin and integrity of software. Secure ftp.
– E.g.upload of webpages to webserver using sftp.– Server now needs to authenticate clients.– Username and password may be sufficient, transmitted over
secure SSH transport layer protocol. Secure remote administration.
– SysAdmin (client) sets up terminal on remote machine.– SysAdmin password protected by SSH transport layer protocol.– SysAdmin commands protected by SSH connection protocol.
Guerilla Virtual Private Network.– E.g. use SSH + port forwarding to secure e-mail
communications.
SSH Applications
6.3 Comparing IPSec, SSL/TLS, SSH
All three have initial (authenticated) key establishment then key derivation. – IKE in IPSec– Handshake Protocol in SSL/TLS (can be
unauthenticated!)– Authentication Protocol in SSH
All protect ciphersuite negotiation. All three use keys established to build a
‘secure channel’.
Comparing IPSec, SSL/TLS, SSH Operate at different network layers.
– This brings pros and cons for each protocol suite.– Recall `Where shall we put security?’ discussion.– Naturally support different application types, can all be
used to build VPNs. All practical, but not simple.
– Complexity leads to vulnerabilities.– Complexity makes configuration and management
harder.– Complexity can create computational bottlenecks.– Complexity necessary to give both flexibility and security.
Comparing IPSec, SSL/TLS, SSHSecurity of all three undermined by: Implementation weaknesses. Weak server platform security.
– Worms, malicious code, rootkits,… Weak user platform security.
– Keystroke loggers, malware,… Limited deployment of certificates and infrastructure to support
them.– Especially client certificates.
Lack of user awareness and education.– Users click-through on certificate warnings.– Users fail to check URLs.– Users send sensitive account details to bogus websites (“phishing”) in
response to official-looking e-mail.
Secure Protocols – Last Words
A (mis)quote from Eugene Spafford:
“Using encryption on the Internet is the equivalent of arranging an armored car to deliver credit-card information from someone living in a cardboard box to someone living on a park bench.”
What is a VPN
Public networks are used to move information between trusted network segments using
shared facilities like frame relay or atm
A VIRTUAL Private Network replaces all of the above utilizing the public Internet Performance and availability depend on your ISP and the Internet
Tunnel vs Transport
Transport– Implemented by the end point systems– Real address to real address– Cannot ‘go through’ other networks
Tunnel– Encapsulation of the original IP packet in another
packet– Can ‘go through’ other networks– End systems need not support this– Often PC to a box on the ‘inside’
10.0.0.1
10.0.0.4
10.0.0.3
10.0.0.2
web servera
b
c
NAT
204.x.1.10
Internet
Outgoing PPTP Client Through NAT
top related