ifost security workshop (2004)
TRANSCRIPT
-
8/13/2019 Ifost Security Workshop (2004)
1/83
Ifost Security Workshop
cThe Institute for Open Systems Technologies
-
8/13/2019 Ifost Security Workshop (2004)
2/83
Contents
1 External Threats v
1.1 Using a Remote Vulnerability . . . . . . . . . . . . . . vi
1.2 So whats the problem? . . . . . . . . . . . . . . . . . . viii
1.3 How big is the problem? . . . . . . . . . . . . . . . . . ix
1.4 Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . xii
2 Internal Threats xiii
2.1 Background . . . . . . . . . . . . . . . . . . . . . . . . . xiv
2.2 sudo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv
2.3 Other Root-sharing Techniques . . . . . . . . . . . . . xviii
2.4 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . xix
3 Casing the Joint xx
3.1 nmap . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi
3.2 Scanning Exercise . . . . . . . . . . . . . . . . . . . . . xxiii
4 Mapping out a network xxiv
4.1 Some Common Protocols . . . . . . . . . . . . . . . . . xxv
4.2 Identifying vulnerabilities . . . . . . . . . . . . . . . . . xxvii
4.3 Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . xxx
ii
-
8/13/2019 Ifost Security Workshop (2004)
3/83
Internet Security
4.4 nessus . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxi
4.5 sara . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxii
4.6 nessusand saraexercise . . . . . . . . . . . . . . . . xxxiv
4.7 How to protect yourself . . . . . . . . . . . . . . . . . . xxxvi
5 Minimum levels of sanity xxxvii
5.1 Network sniffing . . . . . . . . . . . . . . . . . . . . . . xxxviii
5.2 ngrep . . . . . . . . . . . . . . . . . . . . . . . . . . . . xl
5.3 ssh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xli
5.4 TCP/IP Security Exercises . . . . . . . . . . . . . . . . xlii
6 More fun with ssh xliii
6.1 Replacing r* commands . . . . . . . . . . . . . . . . . . xliv
6.2 Going password-less . . . . . . . . . . . . . . . . . . . . xlv
6.3 Front-end passwords . . . . . . . . . . . . . . . . . . . xlvii6.4 X-windows forwarding . . . . . . . . . . . . . . . . . . . xlix
6.5 Port forwarding . . . . . . . . . . . . . . . . . . . . . . . l
6.6 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . li
7 Secure Sockets Layer Web Servers lii
7.1 Background . . . . . . . . . . . . . . . . . . . . . . . . . liii
7.2 How does HTTPS work? . . . . . . . . . . . . . . . . . . liv
7.3 OpenSSL . . . . . . . . . . . . . . . . . . . . . . . . . . lv
7.4 Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . lvi
7.5 Getting / Compiling Apache-SSL . . . . . . . . . . . . lvii
7.6 Configuring Apache+SSL . . . . . . . . . . . . . . . . . lviii
7.7 Why does the browser still complain? . . . . . . . . . . lx
iii
-
8/13/2019 Ifost Security Workshop (2004)
4/83
Internet Security
7.8 Other things to know . . . . . . . . . . . . . . . . . . . lxi
8 Firewalls lxii
8.1 HP-UX Instructions . . . . . . . . . . . . . . . . . . . . lxiii
8.2 How to use it . . . . . . . . . . . . . . . . . . . . . . . . lxv
8.3 Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . lxvi
9 Pretty Good Privacy lxvii
9.1 What is PGP? . . . . . . . . . . . . . . . . . . . . . . . . lxviii
9.2 Where do I get it? . . . . . . . . . . . . . . . . . . . . . lxix
9.3 Very first . . . . . . . . . . . . . . . . . . . . . . . . . . lxx
9.4 The second thing to do . . . . . . . . . . . . . . . . . . lxxii
9.5 Sharing with others . . . . . . . . . . . . . . . . . . . . lxxiii
9.6 Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . lxxiv
9.7 Verifying things . . . . . . . . . . . . . . . . . . . . . . . lxxv
9.8 Assert your confidence . . . . . . . . . . . . . . . . . . lxxvi
9.9 Actually using it . . . . . . . . . . . . . . . . . . . . . . lxxvii
9.10Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . lxxviii
9.11Other things . . . . . . . . . . . . . . . . . . . . . . . . lxxix
9.12Too painful! . . . . . . . . . . . . . . . . . . . . . . . . . lxxx
9.13 What else? . . . . . . . . . . . . . . . . . . . . . . . . . lxxxi
iv
-
8/13/2019 Ifost Security Workshop (2004)
5/83
Chapter 1
External Threats
v
-
8/13/2019 Ifost Security Workshop (2004)
6/83
Internet Security
1.1 Using a Remote Vulnerability
http://server/../../subdir/some/fileis bad
http://server/scripts../../some/program isvery, very bad
Many versions of Windows supports Unicode
There are Unicode alternatives for /
IIS 4 and 5 do not check for them unless patched (17Oct 2000)
Notes. . .
While this example is quite out of date, it illustrates how quite com-
mon pieces of software can be trivially insecure.
A web server should only give out files in a restricted subdirectory.Obviously, if someone requests somedirectory/../../something ,
the correct thing to do is either ignore it, give an error or refuse togo above the top level.
The quickest way to do this is just to check the the sequence ofcharacters in a row.
WinNT supports Unicode filenames, and so there are many varia-tions in its character set to represent the / that separates directoryheirarchies, such as %c1%1c, %c0%9vand many others.
Microsoft released a patch on 17 Oct 2000 to correct this. Butmany system administrators have not applied these patches.
So any hacker wanting to break in merely has to know where theIIS installation is relative to the the system32 directory, and canrun arbitrary commands with the privileges of the web server. Forexample:
http://target/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir
http://target/scripts/..%c0%9v../winnt/system32/cmd.exe?/c+dir
vi
-
8/13/2019 Ifost Security Workshop (2004)
7/83
Internet Security
http://target/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir
http://target/scripts/..%c0%qf../winnt/system32/cmd.exe?/c+dir
http://target/scripts/..%c1%8s../winnt/system32/cmd.exe?/c+dir
http://target/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir
http://target/scripts/..%c1%pc../winnt/system32/cmd.exe?/c+dir
Here we are just running cmd.exe /c dir. Nastier would be some-thing like cmd.exe /c del c:*.*or similar.
vii
-
8/13/2019 Ifost Security Workshop (2004)
8/83
Internet Security
1.2 So whats the problem?
Vendors release patches but system administrators dontapply the patches. . .
Never heard/misheard the announcement?
Cant implement it because of change control?
Couldnt be bothered?
Its not their job?
No administrator is responsible for the system?
Notes. . .
There are many reasons why systems get left unpatched. It is veryhard to know in general, but these are some of the reasons thathave been uncovered in post-hack analysis.
viii
-
8/13/2019 Ifost Security Workshop (2004)
9/83
Internet Security
1.3 How big is the problem?
Hundreds of defaced web-sites each day
Many more compromised systems used for launchingattacks
Notes. . .
The administrators of the attrition mirror (www.attrition.org/mirror/attrition )
get informed by hackers whenever most hacks occur. They thenmirror the site in its hacked form.
It is a very humbling experience seeing the number of web sitesdefaced every day. A good guide to see which vendors are takingsecurity seriously is their statistics pages where they show thechanging proportions of hacking over time. After a vulnerabilityis announced in a given operating system they next few monthsalmost always show a rise in defacements.
Combine this with the internet operating system counter (now a
little out of date, as it was last taken in April 1999) to get an ideaof the relative safety of running each different operating systemas a web server. Or you could use the Netcraft web server survey(http://www.netcraft.com/).
Many systems are used as launching places for further attacks.Numerically, this probably constitutes are large portion of non-defacement break-ins. Heres a message from May 2001 that wassent on the attrition mailing list:
HTML Version w/ Full List of IPs:http://attrition.org/security/commentary/worm01.html
On Tuesday, May 8, Attrition staff received email con-taining a list of 8836 IP addresses that were said to be
victims of the sadmind/IIS Worm. For details on thisworm, you can read a little more about it on the CERTweb site which actually managed to release a timely ad-visory:
http://www.cert.org/advisories/CA-2001-11.html
ix
-
8/13/2019 Ifost Security Workshop (2004)
10/83
Internet Security
To expand on the advisory, this Worm will write to four
different files if it succesfully compromises a remote sys-tem:
files (each 289 bytes):
default.asp
default.htm
index.asp
idnex.htm
Of the 8836 IPs we received, 2247 of them resolved.From here, we broke the list down into a few major typesof machines/names; ADSL boxes, Cable Modems, DHCPservers, DNS machines, DSL boxes, Mail hosts, personalmachines, regular servers (that we would normally con-sider mirror material) and in-addr addresses. The fol-lowing list shows a quick breakdown by numbers, as wellas how many of each we confirmed as defaced:
Count Type Defaced276 adsl not tested129 cable not tested
12 dhcp 12 (100%)59 dns 26 (44%)
150 dsl 100 (66%)358 hostnames 188 (52%)160 in-addr not tested213 mail 79 (37%)890 personal not tested
2247 total
We have taken two copies of the defacements and listedseveral of the hosts.
http://attrition.org/mirror/attrition/2001/05/09/www.bruceflint.com/Mass with hostnames and dns
http://attrition.org/mirror/attrition/2001/05/09/mail.ogd.com/Mass with mail
Given that we do not know the date of the list, the ratherlarge percentage that were compromised, and the sourceof the list, it is believed that all of the IPs were com-promised and defaced at one point or another. For that
x
-
8/13/2019 Ifost Security Workshop (2004)
11/83
Internet Security
reason we are including the full list of (sorted) IPs with
the HTML version of this commentary. It can be found athttp://attrition.org/security/commentary/ shortly after
you receive this mail.
xi
-
8/13/2019 Ifost Security Workshop (2004)
12/83
Internet Security
1.4 Exercise
Pick a favourite company (e.g. Microsoft, IBM,Hewlett-Packard)
Use http://defaced.alldas.de/ to find out whether any of their web sites have been defaced
Use http://www.netcraft.com/ to find out whatthey were running (then and now)
Go to www.securityfocus.com, pick a product andfind some recent vulnerabilities.
Notes. . .
Try not to be too alarmed by what you find. . .
xii
-
8/13/2019 Ifost Security Workshop (2004)
13/83
Chapter 2
Internal Threats
xiii
-
8/13/2019 Ifost Security Workshop (2004)
14/83
Internet Security
2.1 Background
The folklore says:
90% of misuse is from inside the organisation
90% of those are from a system admin
Notes. . .
There does not appear to be any study to back up the above num-bers, but they sound reasonable.
A large proportion of security incidents are performed by staff em-ployed by the company affected. Many of these do not get reported.
A large proportion of this large proportion are incidents in whichthe damage was done by a system administrator. Sometimes thetemptations offered by being able to read and write any file get toodifficult to resist!
Protecting a system againstits own administratorsis usually com-pletely inpractical. Companies often just have to trust adminis-trators to do the right thing. Where this is necessary is oftenin heavily controlled computing environments for example, on-line gambling companies in Australia have to provide good evidencethat they are not making changes to an audited system. To do thisthey often share half of the root password with a government offi-cial (the admins know half, the government knows the other half).Usually changes are done in the presence of other officials.
Implementing schemes such as the above are probably too difficult
and too costly for any normal organisation. As a result, it willbe impossible to adequately protect against a system admin gonerogue.
Proportion By whom Can protect?81% system admin no9 % other internal maybe, local
10 % external usually, remote
xiv
-
8/13/2019 Ifost Security Workshop (2004)
15/83
Internet Security
2.2 sudo
Enables selective root access
Logs all commands to syslog
Allows you to disable root login altogether!
Free, open source, supportable, widely-used
Notes. . .
There are other ways of giving superuser privileges. One of themost popular is sudo. The source can be downloaded from www.courtesan.com/sudo.Pre-compiled HP-UX versions in software distributor package for-mat are available from hpux.cs.utah.edu.
sudoconsists of (essentially) two components: a configuration file(/etc/sudoers) defining what commands are allowed to be run,and by which users; and the set-user-id binary (sudo) which usersinvoke.
To show some of the power of it, here is an example from its manpage.
# sudoers file.
#
#
# Host alias specification
Host Alias HUB=houdini: REMOTE=merlin,kodiakthorn,spirit
Host Alias SERVERS=houdini,merlin, kodiakthorn,spirit Host Alias
CUNETS=128.138.0.0/255.255.0.0 Host Alias CSNETS=128.138.243.0,
128.138.204.0,128.138.205.192
The are four host aliases. The first actually contains two aliases.It sets HUB to be houdini and REMOTE to the three machinesmerlin, kodiakthorn and spirit. Similarly, SERVERS is set to themachines houdini, merlin, kodiakthorn and spirit. The CSNETSalias will match any host on the 128.138.243.0, 128.138.204.0,or 128.138.205.192 nets. The CUNETS alias will match any hoston the 128.138.0.0 (class B) network. Note that these are networkaddresses, not ip addresses. Unless an explicate netmask is given,
xv
-
8/13/2019 Ifost Security Workshop (2004)
16/83
-
8/13/2019 Ifost Security Workshop (2004)
17/83
Internet Security
steve CSNETS=(operator) /usr/op commands/
FULLTIME Full-time sysadmins in the FULLTIME alias may runany command on any host as any user without a password.
%wheel Any user in the UN*X group wheel may run any commandon any host.
PARTTIME Part-time sysadmins in the PARTTIME alias may runany command except those in the SHELLS and SU aliases onany host.
+interns Any user in the netgroup interns may run any commandexcept those in the SHELLS and SU aliases on any host thatis in the openlabs netgroup.
britt The user britt may run commands in the SHUTDOWN aliason the REMOTE machines and commands in the LPCS aliason any machine.
jimbo The user jimbo may su to any user save root on the ma-chines on CUNETS (which is explicately listed as a class B
network).nieusma The user nieusma may run commands in the SHUT-
DOWN alias as well as /etc/reboot on the SERVER machinesand any command except those in the SHELLS alias on theHUB machines.
jill The user jill may run /usr/sbin/shutdown -h now or /usr/sbin/shutdown-r now as well as the commands in the MISC alias on houdini.
markm The user markm may run any command on the HUB ma-chines except /usr/sbin/shutdown, /sbin/halt, and commandslisted in the MISC alias.
davehieb The user davehieb may run any command on merlin asany user in the Runas Alias OP (ie: root or operator). He mayalso run /sbin/halt on the SERVERS and any command onkodiakthorn (no password required on kodiakthorn).
steve The user steve may run any command in the /usr/op commands/directory as user operator on the machines on CSNETS.
xvii
-
8/13/2019 Ifost Security Workshop (2004)
18/83
Internet Security
2.3 Other Root-sharing Techniques
qsu
Set-uid root shell executable only by wheel group
OS-specific tricks (such as sam -r)
Notes. . .
These are just a few thoughts.
xviii
-
8/13/2019 Ifost Security Workshop (2004)
19/83
Internet Security
2.4 Exercises
1. Set up sudo
2. Look at the syslog messages from legitimate opera-tions
3. What happens for illegitimate use?
Notes. . .
xix
-
8/13/2019 Ifost Security Workshop (2004)
20/83
Chapter 3
Casing the Joint
xx
-
8/13/2019 Ifost Security Workshop (2004)
21/83
Internet Security
3.1 nmap
www.insecure.org/nmap
Shows what ports are open
Can do some remote host identification
Is veryheavily used
Ported to WinNT in July 2000
Notes. . .
For totally mindless use, trynmap -A hostnameif it is new enough(past version 3.5) to do version identification. If it is older than this,trynmap -O hostname
Most sites would be scanned with nmap at least 4 to 5 times perday. Cable modem users are choice targets (they are usually runat home and not administered with security in mind) and can easily
be scanned up to 30 or 40 times a day.This means that while intrusion detection systems can pick up onthis kind of scan, there are so many false positives that it is hardto pick out a determined hacker from a casual one.
From the nmap man page
Nmap is designed to allow system administrators and curious in-dividuals to scan large networks to determine which hosts are upand what services they are offering. nmapsupports a large numberof scanning techniques such as: UDP, TCP connect(), TCP SYN (halfopen), ftp proxy (bounce attack), Reverse-ident, ICMP (ping sweep),FIN, ACK sweep, Xmas Tree, SYN sweep, and Null scan. See theScan Types section for more details. nmap also offers a numberof advanced features such as remote OS detection via TCP/IP fin-gerprinting, stealth scanning, dynamic delay and retransmissioncalculations, parallel scanning, detection of down hosts via par-allel pings, decoy scanning, port filtering detection, direct (non-
xxi
-
8/13/2019 Ifost Security Workshop (2004)
22/83
Internet Security
portmapper) RPC scanning, fragmentation scanning, and flexible
target and port specification.
Significant effort has been put into decent nmap performance fornon-root users. Unfortunately, many critical kernel interfaces (suchas raw sockets) require root privileges. nmapshould be run as root
whenever possible.
The result of running nmap is usually a list of interesting ports onthe machine(s) being scanned (if any). Nmapalways gives the portswell known service name (if any), number, state, and protocol.
The state is eitheropen, filtered, or unfiltered. Open means that
the target machine will accept() connections on that port. Filteredmeans that a firewall, filter, or other network obstacle is coveringthe port and preventing nmapfrom determining whether the port isopen. Unfiltered means that the port is known bynmapto be closedand no firewall/filter seems to be interfering with nmaps attemptsto determine this. Unfiltered ports are the common case and areonly shown when most of the scanned ports are in the filtered state.
Depending on options used, nmap may also report the followingcharacteristics of the remote host: OS in use, TCP sequencability,usernames running the programs which have bound to each port,the DNS name, whether the host is a smurf address, and a fewothers.
xxii
-
8/13/2019 Ifost Security Workshop (2004)
23/83
Internet Security
3.2 Scanning Exercise
To use nmapand netcat
Notes. . .
Scan some machine(s) in the network, and identify what operatingsystem it is running, and what network services they offer.
The manpage may be helpful.
xxiii
-
8/13/2019 Ifost Security Workshop (2004)
24/83
Chapter 4
Mapping out a network
xxiv
-
8/13/2019 Ifost Security Workshop (2004)
25/83
Internet Security
4.1 Some Common Protocols
SMTP
POP3
IMAP
telnet
HTTP
Notes. . .
Most of these standard protocols are text-based, and can be ac-cessed using an ordinary telnet program. They often give away
version numbers when you work on them with low-level tools.
telnet jayanya.ifost.org.au smtp
220 jayanya.ifost.org.au ESMTP Sendmail 8.9.3/8.9.3; Wed, 26 Jul2000 18:52:51 +1000
HELO mail.golf.com250 jayanya.ifost.org.au Hello mail.golf.com [172.1.2.3] (may be forged),pleased to meet you
MAIL FROM: [email protected] [email protected]... Sender ok
RCPT TO: [email protected] [email protected]... Recipient ok
DATA354 Enter mail, end with . on a line by itself
Subject: Hello Greg...
Care for a game this afternoon?.250 SAA04289 Message accepted for delivery
QUIT221 jayanya.ifost.org.au closing connection
xxv
-
8/13/2019 Ifost Security Workshop (2004)
26/83
Internet Security
Proto Used for Commands
SMTP E-mail HELO MAIL RCPT DATAQUIT VRFY EXPN
POP3 E-mail USER PASS LIST RETRQUIT
HTTP WWW GET /index.html
xxvi
-
8/13/2019 Ifost Security Workshop (2004)
27/83
Internet Security
4.2 Identifying vulnerabilities
Find out what computers there are
Find out what services there are
Get any version numbers, see if there are knownproblems
Try fuzzing
Notes. . .
Finding what computers there are:
1. From DNS, get NS, MX and A records
2. Tryhost -a domainin case they allow zone transfers
3. Try www.netcraft.com and search for other websites in thatdomain
4. Send an email to someone in the domain (or just aim for abounce message) and look at the Received from headers.This can help find mail servers even if their primary MX isfiltered through a third party virus and spam filter.
5. Do a broadcastpingon each network
6. Try whois ipaddress and look for the inetnum field, whichshould be the whole netblock that IP address came from.
7. Do a traceroute on some addresses you know about and
see what ISP they use. Then try one address below and oneaddress above and see if it goes through the same port on thesame router (suggesting that they are on the same site for thesame organisation). Keep going until you run into somethingthat is definitely someone elses network.
8. nmap -O -sV
9. If you have IPv6, try ping6 -awith any of the a, A, c, l, s, g,which might turn up some IPv4 addresses as well.
xxvii
-
8/13/2019 Ifost Security Workshop (2004)
28/83
Internet Security
10. Use snmpwalk, and look for atTable.afEntry.atNetAddress ipAd-
drEntry, ipAdEntAddr (assuming you can guess a communityname).
11. Try asking someone in the organisation.
To remotely find out what software is installed, and what their ver-sion numbers are:
1. Most mail servers identify their version when you first connect
2. If its sendmail, VRFY root, try other users
3. Identify web server version from the HTTP header also lookfor headers for application servers, PHP and mod perl, andany other third party component.
4. News servers (if there are any) often give their vendor and ver-sion number when you connect to them
5. Send spurious web requests to any web-based applications,and compare the error messages with posts on mailing listsfor that application.
6. Identify any other server software version. Often its as simpleas looking for an about field.
7. You might get the installed software from snmpwalkcommuni-tyname system
8. Try asking someone in the organisation. There may well be acanonical list if they have been following ITIL practices.
9. If you are looking at desktops, the organisation might be run-ning a network management tool which might be able to re-port this information immediately.
There are many lists of security vulnerabilities:
http://www.securityfocus.com/bid has a quite compre-hensive list
xxviii
-
8/13/2019 Ifost Security Workshop (2004)
29/83
Internet Security
CERT (www.cert.org) used to be useful, but is now usually
far too out-of-date
The SANS newsletters http://www.sans.org/newsletters/
The vendors web page.
Fuzzing can sometimes find problems in bespoke software whichhasnt been subjected to a rigorous security review. Simply put,
whenever there is the possibility of input somewhere, send longstreams of random data. Nulls, apostrophes, invalid unicode char-
acters are all good candidates. Odd error messages, services crash-ing, half-finished web pages or other out-of-the-norm activity sug-gests that the software may be vulnerable to buffer over-runs orterm-injection (e.g. SQL injection).
xxix
-
8/13/2019 Ifost Security Workshop (2004)
30/83
Internet Security
4.3 Exercise
To see what you can find out
Notes. . .
Pretend you have never seen this network before. Map out as muchof it as you can, and identify what software is running.
xxx
-
8/13/2019 Ifost Security Workshop (2004)
31/83
Internet Security
4.4 nessus
www.nessus.org
Tests a large number of security flaws
Can quite easily crash the target system
Hasplugins(*.nasl files) updated regularly
Notes. . .
From the man page
The Nessus Security Scanner is a security auditing tool made upof two parts: a server, and a client. The server, nessusd(8) isin charge of the attacks, whereas the client nessus provides aninterface to the user. It comes in two flavours, with and withoutGUI (grephical user interface) support.
As an X11 client, nessus is based on the Gimp ToolKit (GTK) andneeds no arguments upon start up.
xxxi
-
8/13/2019 Ifost Security Workshop (2004)
32/83
Internet Security
4.5 sara
www-arc.com/sara
Based on SATAN
Performs a large number of tests.
Notes. . .
From the introductory documents
What is SARA?
SARA is the Security Auditors Research Assistant. It is a dervedwork of SATAN (Security Administrator Tool for Analyzing Networks)developed by Dan Farmer and Wietse Venema. SATAN can be foundat www.porcupine.org/satan. It enhances SATAN by providing
1. an improved user interface,
2. up to date vulnerability tests, and
3. a commercially supported product, SARA Pro.
The SARA developers cannot emphasize enough that without theSATAN foundation, SARA would not exist. SATAN is the basis ofthe security engine, program architecture, and documentation.
In its simplest (and default) mode, it gathers as much informa-tion about remote hosts and networks as possible by examiningsuch network services as finger, NFS, NIS, ftp and tftp, rexd, andother services. The information gathered includes the presence of
various network information services as well as potential securityflaws usually in the form of incorrectly setup or configured net-
work services, well-known bugs in system or network utilities, orpoor or ignorant policy decisions. It can then either report on thisdata or use a simple rule-based system to investigate any potentialsecurity problems. Users can then examine, query, and analyzethe output with an HTML browser, such as Mosaic or Netscape.
xxxii
-
8/13/2019 Ifost Security Workshop (2004)
33/83
Internet Security
While the program is primarily geared towards analyzing the se-
curity implications of the results, a great deal of general networkinformation can be gained when using the tool - network topology,network services running, types of hardware and software beingused on the network, etc.
However, the real power of SARA comes into play when used inexploratory mode. Based on the initial data collection and a userconfigurable ruleset, it will examine the avenues of trust and de-pendency and iterate further data collection runs over secondaryhosts. This not only allows the user to analyze her or his own net-
work or hosts, but also to examine the real implications inherentin network trust and services and help them make reasonably ed-ucated decisions about the security level of the systems involved.
xxxiii
-
8/13/2019 Ifost Security Workshop (2004)
34/83
Internet Security
4.6 nessus and sara exercise
To see nessusin action
To see sarain action
Notes. . .
If nessus is not already compiled, compile it. You may needthe gtkand gliblibraries for HP-UX these can be found athpux.cs.utah.edu and installed with swinstall.
Run nessus-adduser. When asked for rules, just putdefaultaccept on a line on its own.
Run nessusd -D
If you have a graphical terminal:
Start up the nessusinterfaceClick on login
Select a target, and start the attack
If you dont have a graphical terminal:
Run nessus server port username targets output
servershould be the name of the machine you rannessus-D on; the port defaults to 1241; username is the user-name you specified before; targetsis a plain text file list-ing computers one to a line; output is the file you wantthe output to go into.
This will take some time, often 20-30 minutes or evenlonger. There appears to be no way of getting it to reportits progress on the command line.
The output will be in .nsrformat, which is vaguely read-able. If run with the -T option, other formats can begenerated.
xxxiv
-
8/13/2019 Ifost Security Workshop (2004)
35/83
Internet Security
If you have the ANSI C compiler or gcc on your HP-UX sys-
tem, you should be able to compile sara. Simply type makehpux. When it is finished, run ./sara. . . this should start upnetscape viewing a funny port number.
xxxv
-
8/13/2019 Ifost Security Workshop (2004)
36/83
Internet Security
4.7 How to protect yourself
Keep up-to-date
Shut down anything unnecessary
Notes. . .
There are no magic tricks, crackers are probably working with thesame information that you have available to you. When a security
vulnerability is announced, fix it immediately, and no cracker willhave a chance to exploit it.
You can make your job easier by shutting down unnecessary ser-vices. See section??.
xxxvi
-
8/13/2019 Ifost Security Workshop (2004)
37/83
Chapter 5
Minimum levels of sanity
xxxvii
-
8/13/2019 Ifost Security Workshop (2004)
38/83
Internet Security
5.1 Network sniffing
Sniffing Picking up other computers traffic as it is broad-cast on ethernet
Switch spoofing Forcing a switch to send you other com-puters data
Notes. . .
Hubbed, bridged or single-wire segments are easy to sniff. Mostethernet cards can be put into promiscuousmode which lets themreceive all packets, regardless of whether they are destined for thiscomputer or not. This is fun, because most common protocols sendsecret passwords as plain text (!) which can be sniffed.
Here are a few programs that do this:
telnet
ftp
Any web browser using HTTP
Any mail client using POP or IMAP (which is nearly everything)
Any network management system using SNMP (nearly every-thing)
CVS
Most instant messaging systems
Meeting Maker
Citrix ICA,
Symantec pcAnywhere
Oracle SQL*Net, Sybase and Microsoft SQL Server
xxxviii
-
8/13/2019 Ifost Security Workshop (2004)
39/83
Internet Security
Theres a common misconception that switched networks arent
vulnerable to this. They are, but it is harder. There are two tech-niques: first try faking packets from an absurd number of sourceMAC addresses, which cause a switch to run out of memory andfall back to being a hub; or by switch spoofing. The sequence iscomplicated.
1. Find out the MAC address of the machine you want to inter-cept traffic to. Lets call it 11.12.13.14 with MAC address0x123456789a
2. Pick another MAC address that is not being used. Say0x5555544444.
3. Send an ARP flush broadcast (alert other systems that a failoverhas taken place, and that a new system is providing the for11.12.13.14.
4. Other systems who need to send data will then have to re-request. You then immediately respond by announcing thatthe new MAC address is 0x5555544444. Of course your victim
will also respond, but if youre quick, youll get in first. Repeatthis whenever any computer does an ARP request broadcast.
If youre too slow, just got back to step 3, and try again. Even-tually11.12.13.14will have a busy period, and youll be ableto get in first.
5. You will now receive traffic for that address. Record it, andthen strip off the header saying 0x5555544444and replace it
with a header saying 0x123456789a, and the victim will benone the wiser.
Note that there is no reason why you cant do this against the entire
network simultaneously. You will be noticed by a network manage-ment tool doing a periodic configuration check suddenly severalmachines will have changed MAC addresses, which would be causefor alarm. But used sparingly and with a regular reset back to thereal values, theres a reasonable chance that such a ploy can re-main undetected for a long time.
xxxix
-
8/13/2019 Ifost Security Workshop (2004)
40/83
Internet Security
5.2 ngrep
Among many network sniffers, ngrep is one of thesimplest.
Download it from http://www.packetfactory.net/Projects/ngrep/
Notes. . .
Heres a simple way to get passwords from telnetusers anywhere
on your network ngrep port 23.
dsniffby Dug Song (www.monkey.org/ dugsong/dsniff is a verymuch more sophisticated sniffer, and can decode passwords fromIMAP, POP, telnetand a variety of other protocols.
From the ngrep man page
ngrepstrives to provide most of GNU greps common features, ap-
plying them to the network layer. ngrep
is a pcap-aware tool thatwill allow you to specify extended regular expressions to matchagainst data payloads of packets. It currently recognizes TCP andUDP across ethernet, ppp and slip interfaces, and understands
bpf filter logic in the same fashion as more common packet sniffingtools, such as tcpdump(8)and snoop(1). (Ornettl on HP-UX).
xl
-
8/13/2019 Ifost Security Workshop (2004)
41/83
Internet Security
5.3 ssh
Encrypts all login traffic
Encrypts and simplifies remote X-windows traffic
Can do port forwarding
Can do copying and remote execution
www.openssh.com
Notes. . .
OpenSSH is under a very free license. There is also a commer-cial equivalent, (confusingly called just SSH) from DataFellows(www.ssh.fi).
There are links on the OpenSSH web site for secure shell clientsfor MS-Windows, MacOS and Java.
Teraterm Pro with the TTSSH extension is the most common for
MS-Windows desktops to use SSH. Its free. Visithp.vector.co.jp/authors/VA002416and www.zip.com.au/roca/ttssh.html.
Download it, use it, and turn offtelnetas soon as you can.
xli
-
8/13/2019 Ifost Security Workshop (2004)
42/83
Internet Security
5.4 TCP/IP Security Exercises
To see some TCP/IP protocol problems and fixes
Notes. . .
1. telnetfrom one system to another
2. sshfrom one system to another
3. On a third computer, run ngrep port 23 to watch all trafficon the network on port 23 (the telnetport number). Can yousee anyone logging in, and giving their password?
4. Again, run ngrep port 22to watch all ssh traffic. Can youmake out anything at all?
xlii
-
8/13/2019 Ifost Security Workshop (2004)
43/83
Chapter 6
More fun with ssh
xliii
-
8/13/2019 Ifost Security Workshop (2004)
44/83
Internet Security
6.1 Replacing r* commands
r* command s* commandremsh / rsh ssh
rlogin sloginrcp scp
Notes. . .
And all the other arguments are the same. . . . Note thatremshandrcp will only work if .rhosts is set up; secure shell will just askfor a password.
xliv
-
8/13/2019 Ifost Security Workshop (2004)
45/83
Internet Security
6.2 Going password-less
sshd checks the target users home directory for.ssh/authorized keys
ssh checks the source home directory for.ssh/identity
If an public key in authorized keysmatches the pri-vate key in identity, no login is required
Notes. . .
Setting this up is quite straightforward. The program that does allthe magic is ssh-keygen. There are many options to it (read theman page), but if you run it with no arguments, it will create:
1. .ssh/identity
2. .ssh/identity.pub
You will be asked for a file name to store it in (the default is thefiles above).
You will then be asked for a pass-phrase. You dont need to give one(just press return). If you want to add a pass-phrase later you cando so with ssh-keygen -l(which can also change a pass-phrasedidentity into a non-pass-phrased).
The .ssh/identity.pub file is a single-line, plain text file. (Thefollowing is spread out over multiple lines for readability.
1024 35 1460382080852295179426933454708 250768573286057954897008764048562
268860578538159683162040288584340939787 2341682715452896840404274801742254
183943516979414013456015981186483651934 2927402562129860396276091337941355
065194248915227916485012840512348309633 0269258076489080430619362053279940
55941 [email protected]
Append that line onto the .ssh/authorized keys file of any ac-count you wish to log in to.
xlv
-
8/13/2019 Ifost Security Workshop (2004)
46/83
Internet Security
e.g.
ssh other.ifost.org.au cat >> .ssh/authorized keys < .ssh/identity.pu
xlvi
-
8/13/2019 Ifost Security Workshop (2004)
47/83
Internet Security
6.3 Front-end passwords
If you have a pass-phrase, you will be asked for itevery time
. . . unless SSH AUTH SOCK and SSH AGENT PID are set
The ssh-agentholds the passphrase
Notes. . .
From the ssh-agentman page
The idea is that the agent is run in the users local PC,laptop, or ter- minal. Authentication data need not bestored on any other machine, and authentication passphrasesnever go over the network. However, the con- nection tothe agent is forwarded over SSH remote logins, and theuser can thus use the privileges given by the identities
anywhere in the net- work in a secure way.
If you do have a pass-phrase on your identity, you will be askedfor it every time you perform any kind of s* command. This ismost annoying. So you start a single ssh-agent and all your sshprocesses can communicate with it.
If run with no arguments, ssh-agentwill do two things:
1. Fork into the background
2. Print out shell commands
Here is the output from running ssh-agent:
SSH AUTH SOCK=/tmp/ssh-PQV30761/agent.30761; export
SSH AUTH SOCK;
SSH AGENT PID=27189; export SSH AGENT PID;
echo Agent pid 27189;
xlvii
-
8/13/2019 Ifost Security Workshop (2004)
48/83
Internet Security
We need make sure all those variables are set for the remainder
of our login session, so we do it during login. In your .xsession,.dtprofile, .profile or .bash profile (whatever is appropri-ate), but the following two lines:
eval $(ssh-agent)ssh-add
From thessh-addman page
ssh-add adds RSA or DSA identities to the authentica-tion agent, ssh- agent(1). When run without arguments,it adds the file $HOME/.ssh/identity. Alternative filenames can be given on the command line. If any filerequires a passphrase, ssh-add asks for the passphrasefrom the user.
. . .
If ssh-add needs a passphrase, it will read the passphrase
from the current terminal if it was run from a termi-nal. If ssh-add does not have a terminal associated withit but DISPLAY and SSH ASKPASS are set, it will exe-cute the program specified by SSH ASKPASS and openan X11 window to read the passphrase. This is partic-ularly useful when calling ssh-add from a .Xsession orrelated script. (Note that on some machines it may benecessary to redirect the input from /dev/null to makethis work.)
(Which neglects to mention that if $SSH ASKPASS is not set, but$DISPLAY is, that is will use the path to ssh-askpass that wascompiled in. This is a graphical pass-phrase reader.)
xlviii
-
8/13/2019 Ifost Security Workshop (2004)
49/83
Internet Security
6.4 X-windows forwarding
X-windows connections are forwarded if sshd confighasX11Forwarding yesand. . .
ssh confighas ForwardX11 yes
or the user uses ssh -X
Notes. . .
How it works the DISPLAY environment variable gets set on thetarget host to being something unusual (e.g. target:10). The sshdthen makes a fake tiny X-server listening on service :10, which itencrypts and sends back to the source system. The source systemthen pretends to be an ordinary X-windows program, and displaysthem graphically.
No more need forxhost + insecure!
No more need forxauth complicated!
No problems running X-windows programs through a mas-querading firewall!
xlix
-
8/13/2019 Ifost Security Workshop (2004)
50/83
Internet Security
6.5 Port forwarding
Any TCP service can be forwarded
Securely connect to a POP server
Securely gateway connections to another
Notes. . .
This is best explained by examples:
ssh -L5110:localhost:110 mailserver sleep 45
Set up a tunnel so that when I point my mail reader to my own com-puter on port5110, that it will be tunnelled to mailserver, whereit will become a connection to localhost(on the mailserver) to port110. Since there is no way of sniffing traffic at either end, I cansend passwords as plain text without fear.
ssh -g -R5023:myserver:23 firewall sleep 86400
Make something listen on the computer called firewall on port5023. The-g option allows anyone to connect to it. When someonedoes, there will be a connection established from where I ran sshto the computer called myserver (in my network) on port 23. i.e.
This could be put into a cronjob to connect to a branch office sothat they could use telnet across the greater internet to get into
the office computers.
l
-
8/13/2019 Ifost Security Workshop (2004)
51/83
Internet Security
6.6 Exercises
1. Set up your SSH identity. Experiment.
2. Modify your passphrase, and set up ssh-agent
3. Test out running X-windows programs remotely.
4. (Bonus) Remove your servers identity (usually/etc/ssh host*key). Restart the server. What hap-pens when you next login?
Notes. . .
The last exercise shows how secure shell protects against man-in-the-middle attacks and other such similar tricks.
li
-
8/13/2019 Ifost Security Workshop (2004)
52/83
Chapter 7
Secure Sockets Layer WebServers
lii
-
8/13/2019 Ifost Security Workshop (2004)
53/83
Internet Security
7.1 Background
Developed by Netscape, now an RFC
Secures the connection against eavesdropping
Does not secure the server
Notes. . .
liii
-
8/13/2019 Ifost Security Workshop (2004)
54/83
Internet Security
7.2 How does HTTPS work?
Client connects,
Systems exchange fresh public keys
Systems agree on a symmetric (fast) protocol (e.g.3DES)
Server presents certificate
Client accepts or rejects
(Client presents certificate)
Notes. . .
liv
-
8/13/2019 Ifost Security Workshop (2004)
55/83
Internet Security
7.3 OpenSSL
A library for developing applications with
A program for managing keys and certificatesopenssl action ...
Often openssl action-in. . . -out . . .
Notes. . .
OpenSSL is a cryptography toolkit implementing the Secure Sock-ets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) net-
work protocols and related cryptography standards required bythem.
The openssl program is a command line tool for using the variouscryptography functions of OpenSSLs crypto library from the shell.It can be used for
Creation of RSA, DH and DSA key parameters
Creation of X.509 certificates, CSRs and CRLs
Calculation of Message Digests
Encryption and Decryption with Ciphers
SSL/TLS Client and Server Tests
Handling of S/MIME signed or encrypted mail
lv
-
8/13/2019 Ifost Security Workshop (2004)
56/83
Internet Security
7.4 Terms
Certificate Request A document giving who I am infor-mation
Key Some big semi-prime numbers in a file
Certificate A certificate request signed by someone(maybe yourself)
Notes. . .
lvi
-
8/13/2019 Ifost Security Workshop (2004)
57/83
Internet Security
7.5 Getting / Compiling Apache-SSL
Distributed as patches to Apache
Requires OpenSSL to be already installed
Notes. . .
1. Download OpenSSL-0.9.6 from http://www.openssl.org/
2. Download apache-1.3.19 from http://www.apache.org/
3. Download apache-1.3.19+ssl1.42 from http://www.apache-ssl.org/
4. Download GNU patch from http://hpux.cs.utah.edu/hppd/hpux/Sysadmin/paInstall it. Set your PATH so that it gets found before /usr/bin/patch
5. gunzip -c apache-1.3.19.tar.gz tar -xvf -
6. cd apache-1.3.19.tar.gz
7. gunzip -c ../apache-1.3.19+ssl-1.42.tar.gz tar -xvf -
8. ./FixPatch /opt/openssl
9. ./configure prefix=/opt/apache
10. make
11. make install
12. cd src
13. vi MakefileFor some reason, the configuration is a little bit wonky. SSL APPisnt set correctly. Set it to be /opt/openssl/lib/openssl
14. ln -s /opt/apache/conf/httpsd.conf /opt/apache/conf/httpd.conf
lvii
-
8/13/2019 Ifost Security Workshop (2004)
58/83
Internet Security
7.6 Configuring Apache+SSL
Get some randomness. Shake well.
openssl req -new > mycompany.csr
openssl rsa -in privkey.pem -outmycompany.key
openssl x509 -in mycompany.csr -outmycompany.cert -req -signkey mycompany.key
-days 365
Notes. . .
1. PATH=/opt/openssl/lib
2. Set up the random seed file. Replace Garbage characterswith some random junk. echo "Garbagecharacters" > $HOME/.rnd
3. Create the SSL key and request:openssl req -new > mycompany.csr
You will destroy the passphrase in the next step; answer thequestions appropriately. For common name, put in the nameof your server, e.g. www.myco.com
4. Step two - remove the passphrase from the key (optional):
openssl rsa -in privkey.pem -out mycompany.key
5. Convert the request into signed certificate:
openssl x509 -in mycompany.csr -out mycompany.cert -req
-signkey mycompany.key -days 365
6. mkdir /opt/apache/certificates
7. mv *.cert *.key /opt/apache/certificates
8. Edit httpsd.conf, and add uncomment the lines for SSLCer-tificateFile (the.certfile) and SSLCertificateKeyFile (the.keyfile):
lviii
-
8/13/2019 Ifost Security Workshop (2004)
59/83
Internet Security
9. Try it out! Run /opt/apache/bin/httpsd
10. Visit https://your-server/
lix
-
8/13/2019 Ifost Security Workshop (2004)
60/83
Internet Security
7.7 Why does the browser still complain?
Your.csrfile is just what you put in?
Why should anyone believe you?
So get your.csrsigned by someone else
Notes. . .
You send the .csr file to a certificate authority. (This could beyour neighbour if you wish, but Thwaite or Verisign might be moretrustworthy). They will then vouch for the accuracy of the entriesin the .csr file. And if the browser is configured to trust certifi-cates signed by that certificate authority, then the browser can beconfident of your.csrfile.
Assuming the certificate authority is using OpenSSL (which theyprobably are), and assuming they have got their key in my.CA.keyand their certificate in my.CA.cert, they would take your.csrandrun:
openssl x509 -req -in mycompany.csr -out mycompany.cert -signkey my.CA.key -CA my.CA.cert -CAkey my.CA.key -CAcreateserial-days 365
(Bold font is just for readability.)
This produces a file called mycompany.cert, which they will sendback to you. You can now replace the old self-signed mycompany.certthat you had before with this one signed by a reputable authority.
The authoritys .cert
file is public knowledge (as are all .cert
files, so grab a copy of that as well, and put the following lines inhttpsd.conf:
SSLCACertificateFile /path/to/certs/my.CA.cert
SSLVerifyClient 2
lx
-
8/13/2019 Ifost Security Workshop (2004)
61/83
Internet Security
7.8 Other things to know
Session cache
openssl manpages
Notes. . .
The session cacheoption was set in the httpsd.conf.
SSL uses a session key to secure each connection. When the con-nection starts, certificates are checked and a new session key isagreed between the client and server (note that because of the joysof public key encryption, this new key is only known to the clientand server). This is a time-consuming process, so Apache-SSL andthe client can conspire to improve the situation by reusing ses-sion keys. Unfortunately, since Apache uses a multiprocess exe-cution model, theres no guarantee that the next connection fromthe client will use the same instance of the server. In fact, it israther unlikely. Thus, it is necessary to store session information
in a cache that is accessible to all the instances of Apache-SSL.This is the function of the gcache program. It is controlled bythe SSLCacheServerPath, SSLCacheServerPort, and SSLSession-CacheTimeout directives.
The OpenSSL man pages are structured strangely. If you wantto know about what you can put after beginning the commandopenssl x509, look in the x509man page. You will probably needto configure your MANPATH or /etc/man.confto find this.
lxi
-
8/13/2019 Ifost Security Workshop (2004)
62/83
Chapter 8
Firewalls
lxii
-
8/13/2019 Ifost Security Workshop (2004)
63/83
Internet Security
8.1 HP-UX Instructions
Its a little complicated. . .
Notes. . .
You will need HP-UX 11 with patch bundle December 1998, 99OP,or 11.ACE.
Before proceeding, if you already have a version of IP Filter installedon your system, remove it with kminstall -d ipf and then useswremove to remove the installed base.
The first step is to install PHNE 22397. (Additional note: whichhas been obsoleted. Most recently patched systems will havethis patch or its successor.)
After this, you MUST reboot so that the new kernel is in place whenyou proceed to install later components.
Next, you need to download and install pfil. This is a STREAMS
interface for packet filtering that removes the need for packet fil-tering code to be written as a STREAMS module. This can be down-loaded from ftp://coombs.anu.edu.au/pub/net/ip-filter/pfil-1.11.tar.gz .
Unpack this and type make in the pfil directory. Once compelte,type make install to kick off the installation.
Having got this far, you now need to download the latest IP Filterpackage and compile/install that. The source code for IP Filter can
be obtained from: http://coombs.anu.edu.au/avalon/ip fil4.0alpha18.tar.gz.This should be unpacked into the same directory as pfil is. The
directory layout will look like this:
/directory/ip fil4.0alpha18
/directory/pfil
(Additional note: that it, you will need to make a symbolic link to
pfil-1.11).
lxiii
-
8/13/2019 Ifost Security Workshop (2004)
64/83
Internet Security
This complete, do a make hpux in the ip fil4.0alpha18 directory,
followed by a make install-hpux. You will need to reboot for it tobecome active.
(Additional note: if you get an error unable to include ip trafcon.h
inparse.c, simply delete the offending line.)
(Additional note: you will be asked at the end to runswinstall -s
/var/spool/sw/IPF.v4.0a.depot -x reinstall=true IPF-RUN.
I have no idea whether this is necessary or not. I did it.)
lxiv
-
8/13/2019 Ifost Security Workshop (2004)
65/83
Internet Security
8.2 How to use it
Examples are in /opt/ipf/examples
Man pages are in /opt/ipf/man
Configuration files in /etc/opt/ipf
Notes. . .
Note that it does not start up by default, since there are no sym-links into the run-script directories.
Quick start guide:
1. Put some lines into /etc/opt/ipf/ipf.confsuch as
block in on lan0 from any to any port = 23
block in on lan0 proto icmp from any to any
2. Run /sbin/init.d/ipfboot start
3. Explore the examples in sequential order
4. Make changes to your config files. Check that all works cor-rectly with /sbin/init.d/ipfboot stop ; /sbin/init.d/ipfbootstart
(There are better ways, but this will always work!)
lxv
-
8/13/2019 Ifost Security Workshop (2004)
66/83
Internet Security
8.3 Exercise
1. Make your system un-ping-able
2. Stop your neighbour from reaching you with telnetorssh
3. If your system has two interfaces, enable masquerad-ing
Notes. . .
To do these, you will need ipf installed and working.
lxvi
-
8/13/2019 Ifost Security Workshop (2004)
67/83
Chapter 9
Pretty Good Privacy
lxvii
-
8/13/2019 Ifost Security Workshop (2004)
68/83
Internet Security
9.1 What is PGP?
The most widely used email encryption software
Digital signature technology
A way of keeping a document secret
A web of user identifications
Notes. . .
lxviii
-
8/13/2019 Ifost Security Workshop (2004)
69/83
Internet Security
9.2 Where do I get it?
Network Associates (commercial version)
www.PGPi.org (international freeware)
www.gnupg.org(GNU Public License)
Notes. . .
We will be talking about the GNU Privacy Guard version as it isactively maintained, and freely available. It is available for MS-
Windows and most versions of Unix.
lxix
-
8/13/2019 Ifost Security Workshop (2004)
70/83
Internet Security
9.3 Very first
Create a key
gpg --gen-key
Notes. . .
The first time you run it, it will fail, but it will create a .gnupg
directory in your home directory.When you run it again, you wil be asked several questions:
What sort of key? (sign only, sign and encrypt). If you arelikely to have your encryption key subpoenaed (e.g. to un-encrypt documents for a court case or police investigation),
you might want to separate out your signature and encryp-tion keys.
Normally you can use the defaults.
What encryption key size to use? (768, 1024, 2048 Youcan choose others.) The default, 1024, should be sufficient foralmost any purpose. If you are wanting to archive somethingfor a few decades (until the advent of quantum computing),
you might want to go higher.
How long will it be valid for? Up to you. You can revoke akey later, so theres no particular reason not to have a goodcouple of years of life in a key.
Your identity name, email address, comment. If you areknown regularly by a nickname, the comment is a good placeto store it. Leaving the comment blank is common.
A passphrase.
It will then generate a random private and public key pair. Someversions of Unix support a /dev/random device which it will use otherwise it will just use a pseudo-random number generator.
lxx
-
8/13/2019 Ifost Security Workshop (2004)
71/83
Internet Security
To create good random numbers for the key parameters, GnuPG
needs to gather enough noise (entropy) from your system. If yousee no progress during key generation you should start some otheractivities such as mouse moves or hitting on the CTRL and SHIFTkeys.
Generate a key ONLY on a machine where you have direct physicalaccess dont do it over the network or on a machine used also byothers - especially if you have no access to the root account.
When you are asked for a passphrase use a good one which youcan easy remember. Dont make the passphrase too long because
you have to type it for every decryption or signing; but, AND THISIS VERY IMPORTANT use a good one that is not easily to guess
because the security of the whole system relies on your secret keyand the passphrase that protects it when someone gains access to
your secret keyring. A good way to select a passphrase is to figureout a short nonsense sentence which makes some sense for youand modify it by inserting extra spaces, non-letters and changingthe case of some characters - this is really easy to remember espe-cially if you associate some pictures with it.
lxxi
-
8/13/2019 Ifost Security Workshop (2004)
72/83
Internet Security
9.4 The second thing to do
gpg gen-revoke your user id
Notes. . .
By the way, whenevergpg asks for a user id, it can be expressed asan email, ordinary name, 8-hex-digit key or a minimal match forany of these. You can see them with gpg --list-keys.
You should create a revocation certificate in case someone getsknowledge of your secret key or you forgot your passphrase
gpg --gen-revoke your user id | lp
Run this command and store the revocation certificate away. Theoutput is always ASCII armored, so that you can print it and (hope-fully never) re-create it if your electronic media fails.
Keep in mind that anyone getting hold of this can make a nuisanceof themselves by revoking your certificate for you.
lxxii
-
8/13/2019 Ifost Security Workshop (2004)
73/83
Internet Security
9.5 Sharing with others
Theres not much point unless you can share with oth-ers...
gpg --export --armor > file.yourname
gpg --import file.someone-else
Notes. . .
Now to exchange your public key put it into a file somewhere: gpg--export --armor > file.yourname
And the other person can then import that to their keyring withgpg --import file.someone-else
lxxiii
-
8/13/2019 Ifost Security Workshop (2004)
74/83
Internet Security
9.6 Exercise
To start
Notes. . .
1. Install GnuPG
2. Create your public-private keypair
3. Export your public key and put it somewhere for everyone else
4. Collect all the files that everyone else in the class has gener-ated, and import them one by one.
lxxiv
-
8/13/2019 Ifost Security Workshop (2004)
75/83
Internet Security
9.7 Verifying things
gpg --fingerprint
Notes. . .
Because anyone can claim that a public key belongs to her wemust have some way to check that a public key really belongs tothe owner. This can be achieved by comparing the key during a
phone call. Sure, it is not very easy to compare a binary file byreading the complete hex dump of the file - GnuPG (and nearlyevery other program used for management of cryptographic keys)provides other solutions.
gpg --fingerprint username
prints the so called fingerprint of the given username which is asequence of hex bytes (which you may have noticed in mail sigsor on business cards) that uniquely identifies the public key - dif-ferent keys will always have different fingerprints. It is easy to
compare fingerprints by phone and I suggest that you print yourfingerprint on the back of your business card. To see the finger-prints of the secondary keys, you can give the command twice; butthis is normally not needed.
Heres mine by the way, you can see it on the bottom of my busi-ness card.
46D9 518A 5B68 5665 42B3
FAE2 E54E CE5A 5A39 51C7
lxxv
-
8/13/2019 Ifost Security Workshop (2004)
76/83
Internet Security
9.8 Assert your confidence
Just importing a key doesnt make it right.gpg --edit-key their user id
Notes. . .
If you are confident that a public key does belong to a particularperson, you will need to tell gpg that it is safe and reliable to use
that key for that person.Run gpg --edit-key [email protected] (or any other userhandle you have for them. You will end up interacting with a funnymenu. Locally sign their key by typing lsign. When this is done,savethe result.
lxxvi
-
8/13/2019 Ifost Security Workshop (2004)
77/83
Internet Security
9.9 Actually using it
gpg armor encrypt sign recipienttheir user id file-to-encrypt
gpg decryptfile
Notes. . .
The --armor option keeps things as ASCII text. There will be afile created called file-to-encrypt.asc. It should look something likethis:
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.0.5 (OpenBSD)
Comment: For info see http://www.gnupg.org
hQIOAwWI0D/ykGGjEAf9ELITEBsNGdWLF+XHfmwcAS1KYbrgTb4CQ6Ou19WrfPc1
nn+OyeKKEC1vi5Ta3COZOAz/PYz3kzgW9rbA3+B0kSGoFdjWeHhCyOpM/qk5o/xj
uABFkFc1BZ8IjZu5E0gmK0AzIFHcb5MQ5wcCoWUeBKLfMpU9ZWgwSo7sR46oI914
oqp/8QtrET0mLaFIwV1XMR+LKakZ9FGiWm+1TYJsXFugI5m6pirTn3hbaT2VLoWs
tsOXUR/fcV5rSpt7ah6Rpxvg65jsauEYFHquWnyd1mkY8xdXNGonAchxTzjqYKvw
4Xk0mpzzbaKC71cLoXgg/cc0L7C+soDofKVuYbUX4wf+O9kmzHF8RMK9lqucMBSK
FseT/E/8LjHZxt9LUB6cSS9a38N+AEk6AX6WStKIIWMjXlnBT7zyHwW5Lxk1/E0w
e9Gqh+v1stUrf9xskkkgKwS5+Dc0k95OvuYCZbHrOLkZtzsSpajumHVqBn3HavcZ
OVeFQHqQEfAGiPQO3I2zgO4cuVsalVwoNm+eIeoHl+1a8Lv3eqdCqQwiDClJ6YZl
bz+gpmqZY4fmQdc0+SIK5rmxqZRU83nqdf6LYhFJRiS/Xs1Y9B2TQwwQ/Y04dhXB
C0uWp+1A1WEC6xTzADOaehwlczuQLjY6AYrS0EkrvRqQ5ScER5JkFxKwY3lGSllr
PdKZAX1iPRqreT0JgxPddeSfQFB2YEW/2jwU0Mr5RXp4VT9FSL6jrtTngMhouOSS
OCKp1d9ueu2L4uqocD4Lc9PVzJe27Xq77pdLfEyNvgVmY5v9LWBB48iNHnPxxzYv
UFEbeWC+G6q7m0UmZJVttUWamzDea6/sWXLFgrEaaGisTyDvvTN12guJhbsQgDrj
81zcdQxbT3O5q9Ff
=j7u3
-----END PGP MESSAGE-----
lxxvii
-
8/13/2019 Ifost Security Workshop (2004)
78/83
Internet Security
9.10 Exercise
To see the effects of locally signed addresses.
Notes. . .
1. Pick a user on your keychain. Write a short little note to them,and encrypt it using their public key. You will be asked for
your passphrase, and also be warned that there is no path oftrust to them.
2. Give the resultant.ascfile to them. (Perhaps via email).
3. Your partner will have given you a.ascfile. Decrypt it.
4. Now go and talk to them and confirm that when youdo gpg--fingerprint of their key that it gives the same fingerprintthattheyhave for their key.
5. If there is some doubt, get them to give you a new export of
their public key. If youre happy, locally sign their key (gpg--edit-key, then lsign).
6. Now send them another message. You wont be asked aboutthe path of trust this time.
lxxviii
-
8/13/2019 Ifost Security Workshop (2004)
79/83
Internet Security
9.11 Other things
gpg --export-secret-keys > my-private-key
gpg --import private-key
Notes. . .
If you are moving between identical versions of PGP software, orones that are otherwise compatible, you could just copy your.gnupgdirectory. But if you want to keep the same key on another plat-form, or using different software, you may need to export them.
Obviously, keep the file very carefully!
lxxix
-
8/13/2019 Ifost Security Workshop (2004)
80/83
Internet Security
9.12 Too painful!
There are front-ends to email systems that use GPG.
XFMail
Kmail
mutt
. . .
Notes. . .
And an interesting little project is www.winpt.org, which is a GPGentry into the MS-Windows taskbar.
lxxx
-
8/13/2019 Ifost Security Workshop (2004)
81/83
Internet Security
9.13 What else?
Introducers
Notes. . .
From the GPG documentation
If you dont know the owner of the public key you are in trouble.Suppose however that friend of yours knows someone who knowssomeone who has met the owner of the public key at some com-puter conference. Suppose that all the people between you and thepublic key holder may now act as introducers to you. Introducerssigning keys thereby certify that they know the owner of the keysthey sign. If you then trust all the introducers to have correctlysigned other keys, you can be be sure that the other key really
belongs to the one who claims to own it..
There are 2 steps to validate a key:
1. First check that there is a complete chain of signed keys fromthe public key you want to use and your key and verify eachsignature.
2. Make sure that you have full trust in the certificates of all theintroduces between the public key holder and you.
Step 2 is the more complicated part because there is no easy way
for a computer to decide who is trustworthy and who is not. GnuPGleaves this decision to you and will ask you for a trust value (herealso referenced as the owner-trust of a key) for every key needed tocheck the chain of certificates. You may choose from:
I dont know - then it is not possible to use any of the chainsof certificates, in which this key is used as an introducer, to
validate the target key. Use this if you dont know the intro-ducer.
lxxxi
-
8/13/2019 Ifost Security Workshop (2004)
82/83
-
8/13/2019 Ifost Security Workshop (2004)
83/83
Internet Security
Normally you want to sign only one user ID because GnuPG uses
only one and this keeps the public key certificate small. Becausesuch key signatures are very important you should make sure thatthe signatories of your key sign a user ID which is very likely tostay for a long time - choose one with an email address you havefull control of or do not enter an email address at all. In futureGnuPG will have a way to tell which user ID is the one with anemail address you prefer - because you have no signatures on thisemail address it is easy to change this address. Remember, yoursignatories sign your public key (the primary one) together with oneof your user IDs - so it is not possible to change the user ID later
without voiding all the signatures.
Tip: If you hear about a key signing party on a computer conferencejoin it because this is a very convenient way to get your key certified(But remember that signatures have nothing to to with the trust
you assign to a key).