• Like
  • Save
Network Security
Upcoming SlideShare
Loading in...5
×
 

Network Security

on

  • 10,307 views

Material of a talk I gave in Raahe, Finland, September 2006

Material of a talk I gave in Raahe, Finland, September 2006

Statistics

Views

Total Views
10,307
Views on SlideShare
10,104
Embed Views
203

Actions

Likes
28
Downloads
0
Comments
2

8 Embeds 203

http://www.ustudy.in 154
http://ustudy.in 24
http://fightpc.blogspot.com 10
http://www.slideshare.net 9
http://diaweb.usal.es 3
http://keene.blackboard.com 1
http://fightpc.blogspot.it 1
http://fightpc.blogspot.com.br 1
More...

Accessibility

Categories

Upload Details

Uploaded via as OpenOffice

Usage Rights

CC Attribution License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel

12 of 2

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Network Security Network Security Presentation Transcript

  • Computer Security 101
      • Dr. Miguel Sanchez
      • Department of Computer Engineering
      • Polytechnic University of Valencia, Spain
      • [email_address]
  • Outline
    • Information Security Concepts
    • Wireless Networks (in)Security
    • The attacker's tool kit
  • Risks
    • It is important to properly identify the risks. Without that, it's impossible to think of an effective way of shielding your system against
    • Risks are somehow subjective and change over time:
      • you may not care about anyone accessing your car's ABS status till you have a crash
      • information can be devastating or useless depending on the circumstances
  • Computer Security
    • Physical access
      • steal, destroy
    • Operating System
      • log-in, file access
    • Networked systems
      • remote access
    • Systems on the 'Net
      • botnets
  • Non-networked System
    • User's physical-access control
      • can I get in the computer's room?
    • Operating System access control
      • do I have a user/password?
    • Boot control
      • can I restart the system to boot from other media?
    • Patched Operating System
      • can I use a local OS (or application) vulnerability?
  • The user/pass dilemma
    • Many systems require users to provide a valid user name and password
    • Such information may be stolen
      • people write it down on post-it under the keyboard
    • Others can figure it out too!!
      • predictable user names
      • dictionary of passwords | brute force
    • It may be zeroed if boot is permitted
  • What is a strong password?
    • Number of characters (password length)
      • fifteen characters is a good start
    • Set of characters (the larger, the better)
      • CAPS, lower case, numbers, symbols, (hex?)
    • Randomness (not easily guessable)
      • avoid dictionary words, mix caps and symbols
    • Only for one system
      • do not use the same password for several systems
    • Limited time span (just in case  )
  • Networked Systems
    • It is like putting your safe on the street:
      • anybody can try to pick it
    • Physical access is no longer a requirement:
      • as far as the network is working
    • Firewalls may help here:
      • but they are not a silver bullet
    • Intrusion Detection Systems can help too
    • System logs can be paramount for lawsuit
  • Network technologies
    • Dial-up
    • GPRS/3G
    • Ethernet
    • Wi-Fi
    • etc
    • Each network may have its own access control policies
    • Users may get connected to a local network or to the Internet
  • Meet Alice and Bob
    • Most literature uses them as the good guys
      • Alice and Bob are the valid users communicating through the network
    • And the bad ones are ...
      • Eve can eavesdrop the communication only (passive attacker)
      • Trudy may even change exchanged messages on the fly (active attacker)
    ALICE BOB EVE TRUDY
  • User Authentication
    • Authentication : To establish the authenticity of, prove genuine, to confirm
    • Alice wants to send a message to Bob
    • Bob wants to be sure the message comes from Alice
    • Alice needs to authenticate to Bob
    • How can this be done?
    Who?
  • Authentication case
    • Alice and Bob are not sure they are alone ...
    ALICE EVE TRUDY BOB
  • Different approaches
    • Alice tells Bob it is her
      • but Eve or Trudy could do the same
    • Alice tells Bob it is her and sends her password as a proof of identity
      • Both Eve and Trudy just learned Alice's password, they can later do the same (now they know it too)
    • Alice tells Bob it is her and sends her password encrypted as a proof of identity
      • Eve and Trudy may not decrypt it nor they need to
  • Doing it right
    • Alice tells Bob it is her
    • Bob chooses a random number, N, and sends it back to Alice
    • Alice encrypts N with a key (known only to Alice and Bob) and sends it back to Bob
    • Bob checks the received value with his own calculation, if they match Alice has proved Bob it is her
      • or somebody else who also knew the key 
  • Confidentiality
    • Confidentiality : spoken, written, acted on, etc., in strict privacy or secrecy; secret
    • Sometimes, like in the authentication example, we need to keep eavesdroppers away
    • Encryption has been used to do this
    • Encrypt : To alter (a file, for example) using a secret code so as to be unintelligible to unauthorized parties.
    • There are many ciphers out there
  • Message Integrity
    • Alice is sending a message to Bob.
    • Is Bob receiving exactly what Alice is sending?
    ALICE TRUDY BOB
  • Integrity
    • Integrity : a sound, unimpaired, or perfect condition
    • Active attackers may change message contents.
    • Adding a message integrity code (MIC) to our data will enable receiver to verify received message integrity
      • but ... Trudy may change it !!!
  • Ensuring Message Integrity
    • MIC is a known function of the message
      • MIC = f ( message )
      • Bob compares received and calculated check
      • although message is plain text, MIC needs protection (encrypt check or add secret)
    ALICE BOB message + MIC verify MIC MIC is a 1-way function
  • Message Encryption
    • An [encrypted] equivalent message is created
    • A secret is used in the process
    • Encrypted message is transmitted
  • Encryption algorithms
    • Many of them. Two basic types:
      • secret key
      • public key
    • Public key algorithms are a very recent idea, while secret key ones were used since long ago
    Caesar DES AES RC4 Enigma Navajo RSA
  • Secret Key Ciphers
    • Only Alice and Bob know the secret key required to decipher the message
    ALICE BOB EVE ???
  • Basic Ciphers
    • Two basic building blocks:
    1 1 1 1 0 0 0 0 0 1 1 0 0 0 1 0 substitution look-up table SUBSTITUTION 1 1 1 1 0 0 0 0 0 1 0 0 1 1 0 1 TRANSPOSITION
  • Substitution ciphers
    • One symbol of plain text is replaced by another symbol
    • They can be mono-alphabetic
      • one look-up table
    • Or poly-alphabetic
      • several look-up tables used alternatively
    • The Caesar cipher is one of the oldest known
  • Caesar's still being used ... ... wrote notes using an encryption scheme similar to the one used by Julius Caesar more than 2,000 years ago ...
  • Some common ciphers
    • Data Encryption Standard (DES, 1975)
      • 64 data bits, 56 key bits
    • International Data Encryption Algorithm (IDEA, 1991)
      • 64 data bits, 128 key bits
    • Advanced Encryption Standard (AES, 2001)
      • 128 data bits, 128 (or 192 or 256 ) key bits
    ciphertext = f ( data , key )
  • Algorithms secrecy
    • Most encryption algorithms are public
    • Public scrutiny can help pinpointing faults
    • Keys are kept secret by interested parties
      • i.e. digital TV broadcasting smartcards
    • Ciphers use a combination of:
      • substitutions & transpositions
      • arithmetic & logic functions
  • Distribution of the keys
    • How do Alice and Bob agree on the keys they are about to use?
    • What if Alice and Bob have never met before?
    • What if the key exchange is eavesdropped?
    ALICE BOB EVE
  • Public Key Cryptography
    • Proposed by W. Diffie and M. Hellman in 1976
    • Why do not keep the key public?
      • so the key distribution problem disappears
    • But ... public algorithm + public key = nil
    • It is a new system
    private key (secret)
  • Public Key algorithms
    • It is not symmetric
      • encryption and decryption are different
    • Private and public keys are related and different for each one
    • Each user publishes his public key and keeps secret his private key
    • Private key cannot be obtained from public key
    • Module-N arithmetic is one of the foundations
      • large numbers are difficult to deal with (>10 100 )
  • RSA algorithm
    • Public key are two numbers e and n
    • Private key is number d (n is already public)
    • Message (m) encryption is done by:
      • c = m e mod n
    • And decryption is done by:
      • m = c d mod n
    • e , d and n are chosen to meet some rules
      • you really do not want to know 
  • RSA details
    • Each user has his own pair of keys (private, public)
    • Alice will use Bob's public key to cipher a message intended to him
    • Bob will decipher Alice's message by using his own private key. Only Bob can do this.
    private key (secret) ALICE BOB
  • Digital signature
    • It is a side-effect of RSA algorithm:
      • if we use the opposite keys it still works
    • It allows message sender authentication
    • Anyone can verify Alice sent the message
      • No one can fake a signed message from Alice
    public key ALICE BOB Warning: Anyone can decipher this special ciphertext.
  • Message digest
    • Digital signatures use to be applied to a [shorter] message digest
    • Hash-functions are used to get a fixed-length digest from an arbitrarily long message
    • Some common Hash-functions are:
      • SHA, SHA-1, MD4, MD5
    • Problem of hash-collision
      • documented attacks to all of them !!! (SHA-256 and SHA -256 safe yet)
    SHA1("The quick brown fox jumps over the lazy dog") = 2fd4e1c67a2d28fced849ee1bb76e7391b93eb12
  • Public Key Distribution problem
    • Err ... It was not supposed to be gone?
    • Bob has no way to tell whether it is Alice or not
    BOB EVE public key Bob, This is Alice. Let me send you my public key
  • Identity certificates
    • A third-party is used to validate anybody's identity claim
      • Providing a strong security for that party is crucial
    • A certificate is a digitally-signed document that binds a user identity with a public key
      • It's signed by the third-party (Certification Authority)
    ALICE + fa54a1234
  • Certificates in your browser
  • Crypto wars
    • Why public key cryptography did not wipe out secret key cryptography?
      • public key algorithms are computationally expensive (slow)
      • secret key algorithms can be implemented on cheap hardware:
        • wire speed
    • Actually, a combination of both types of encryption is mostly used
  • What layer Security is on?
    • It can and (it will appear) at different layers of the TCP/IP communication architecture. For example:
      • Physical-layer: spread spectrum
      • Link-layer: WEP
      • Network-layer: IPSec
      • Transport-layer: Secure Socket Layer (SSL)
      • Application-layer: Secure Shell (SSH)
  • Wi-Fi security
    • Ethernet does not cipher transmitted packets (wired network)
    • Wi-Fi networks may encrypt transmitted data (wireless network)
    • Risks of Wi-Fi:
      • EVE: eavesdropping
      • TRUDY: man-in-the-middle attacks
    • Encryption is needed to secure Wi-Fi network
      • attackers do not need access to premises !!!
  • Brief history of Wi-Fi security
    • It was not initially considered a requirement
    • It was decided later to include optional encryption:
      • Wired Equivalent Privacy (WEP)
    • WEP design was seriously flawed
      • software tools to exploit flaws were released
    • Wi-Fi Alliance (and IEEE 802.11) worked on a fix:
      • Wi-Fi Protected Access (WPA1 & WPA2) and 802.11i
  • What is WEP?
    • It offers:
      • user Authentication
      • traffic Encryption
    • Based on RC4 patented algorithm
      • RC4 used as stream cipher
    • Valid users share a secret key
      • scalability problem
  • RC4 algorithm
    • It creates a pseudo-random sequence of bytes that depends on the key (initial state)
    i := 0 j := 0 while GeneratingOutput: i := (i + 1) mod 256 j := (j + S[i]) mod 256 swap(S[i],S[j]) output S[(S[i] + S[j]) mod 256]
  • RC4 in WEP
    • IV: Initial vector
    IV RC4 WEP key IV ciphered packet original packet checksum
  • Risks in WEP
    • Let Z = RC4(IV,k) = {K} RC4 output sequence
    • Encryption is done by C = P  Z
    • And decryption by P = C  Z
    • But an attacker may learn Z = P  C
      • Which is bad if Z is used more than once
      • IV should avoid this, but ... IV wraps around !!!
  • WEP authentication
    • It uses the “secure” scheme we presented before
    • Eve can obtain a sample of P and C
      • so she can calculate Z
    • Later, she can use Z to encrypt the random number she gets and be authenticated
      • Eve do not know the WEP key!
    • It was soon abandoned ...
  • More authentication problems
    • Same key is used for encryption and authentication
    • Access points are not authenticated
      • rogue access points
    • Authentication only happens at the beginning
    • Authentication is not robust (as we mentioned)
      • no reply protection
  • WEP encryption blues
    • Several papers since 2000 to 2001 signalled WEP flaws
    • FMS paper was the last nail in WEP's coffin
      • more key bits will not help either
    • When implemented in software, FMS attack allows automatic extraction of the secret key just eavesdropping encrypted network traffic
      • AirSnort, aircrack, ...
  • Countermeasures?
    • MAC-based access control lists
    • SSID broadcast can be disabled
    • Application or transport layer encryption
      • lots of data still leaks to eavesdroppers
    • Avoidance of “weak keys”
      • requires firmware upgrade
    • Still, WEP offers no help against session replay
    • WEP cannot guarantee integrity either
  • How bad is it?
    • WEP is no longer a secure method for Wi-Fi networks
    • Some FBI guys shown at a conference a network break-in in a few minutes
      • traffic may be “stimulated” to speed things up
    • It still requires some time and determination from attackers before they get in
      • it depends mostly on the attacker's skill
    • WEP is better than no encryption (at first)
  • Life after WEP
    • WPA was a trade-off
      • Industry did not want to tell customers to scrap existing hardware
      • WPA was designed to be a firmware/driver upgrade
    • WPA may use RC4 (but the right way this time)
      • all the holes were patched
    • WPA may use either RC4 (TKIP) or AES (CCMP) encryption
    • WPA can work with a secret key (PSK) or with an authentication server (802.1x)
  • 802.1x corporate network + Internet Authentication network 802.1x
    • Mutual authentication possible (optional)
  • Virtual Private Networks
    • VPNs may be a solution when you need to use WEP
      • Nintendo DS anyone?
    • VPN server may easily become the bottleneck
    • Lower network performance
      • increased delay and jitter
    • Can be done cheaply
    Network VPN server
  • WPA-PSK users beware!
    • While WPA is considered safe
    • PSK relies on a pass-phrase
      • it purposely avoids the term password
    • If yours is a few characters then it can be attacked
  • Meet the bad guys
    • Different people with different motivations:
      • disgruntled employee (revenge)
      • hacker would-be (intelligence challenge)
      • mobster (cash)
      • free-loader (save)
    • Your data or your network may be targeted
  • Attacker's tools
    • Network traffic sniffer/recorder (ethereal)
    • Network scanner (nmap)
    • Wireless network scanner (kismet)
    • WEP cracking software (aircrack)
    • Vunerability scanner (Nessus)
    • Operating System and application faults (mail lists)
    • Users (social engineering)
  • What is a sniffer?
    • It is a software that records the traffic on your network (lots of info will be revealed!!)
    • The attacker needs to connect to the network to do this
    • Some protocols do not encrypt data exchange
    • It can be done from a compromised system
    • Your switched network is not as safe as you think:
      • ARP poisoning
  • Sample Ethereal screenshot
  • What is ARP poisoning?
    • Attacker sends specially crafted (spoofed) ARP replies
    • Alice and Bob will write wrong information on their ARP tables
    • Alice and Bob will send their traffic to Trudy unsuspectingly through the switch
    • The attacker will forward Alice's and Bob's traffic to each other to keep things smooth
      • man-in-the-middle attack over a switched net
  • What is a network scanner?
    • It is a program that pings each possible address of a network
      • I t registers any received answer
      • It may check which services are available on each detected system
      • It may guess the OS of each system
  • What is a Wi-Fi scanner?
    • A program that listens all the channels to detect Wi-Fi networks operating nearby
    • It may also use special probe messages
    • NetStumbler : most popular for Windows (iStumbler for OSX)
    • Kismet for Linux
  • What is a WEP cracker?
    • A program that, given a large piece of recorded Wi-Fi traffic, can recover the WEP key
    • It does so by reducing the key search space because of WEP vulnerabilities
    • Airodump/aircrack can be used on several platforms to record and later break some WEP networks
    • Success is probabilistic, not 100% guaranteed
      • unauthorised access is illegal in some countries
  • What is a security scanner?
    • A program that checks known vulnerabilities against a set of systems, reporting the results to the user
    • It may be used by both the good (admin) and the bad guys. Some experts recommend its use on a daily basis:
      • have you ever installed Windows XP (pre-SP2) while connected to the Internet open wide?
  • What is a security mail list?
    • There are many forums on the Internet where people exchange information about computer security
    • Full Disclosure -- An unmoderated high-traffic forum for disclosure of security information. Fresh vulnerabilities sometimes hit this list many hours before they pass through the Bugtraq moderation queue. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. Unfortunately 80% of the posts are worthless drivel, so finding the gems takes patience
  • What is social engineering?
    • It is a popular but silly (IMHO) term
    • Social engineering is just fooling people:
      • you call them on the phone pretending to be anybody else
      • you set-up certain scenarios where others fall for it
      • you dress up so you can trigger a given reaction
    • It use to exploit the wrong assumptions made on the other end
    • It allows attackers to collect inside information
  • What can we do then?
    • There is not a single golden rule, but if you need one: trust nobody
    • A reasonable level of security can be achieved using supported software: do not delay patches
    • Default configurations may be insecure: check
    • Watch your people: 75% inside attackers
    • Do not put all the eggs on the same box
    • ... and ... do I need to remind you to do back-ups?
  • Anything else?
    • The question is not if but when your system is going to be hacked?
    • Attackers may want your computer for lots of reasons (maybe your data is not one of them)
    • If you plan what to do when your system is hacked then you will know what to do:
      • Log files are crucial here
    • If you do not know what attackers did, strongly consider reporting to the authorities ( before they knock to your door )
  • Isn't my FW/AV/... the fix?
    • No, it is not.
    • Firewalls and Anti-virus software are useful components of your security strategy
      • but they are not enough
      • nowadays most trojans, worms and viruses enter via email
    • Corporate email AV scanning is good, too
    • Please, do not hide file name extensions
  • Thank you
      • It could be longer ...
      • but you all have to go.
      • Don't you?