2. IPSec Architecture
•Set of security services offered by IPSec include
• Connectionless integrity
• Data origin authentication
• Protection against replay attacks
• Confidentiality
• Limited traffic flow confidentiality
•The services can be used alone or in combination
•Security is provided for protection of the IP and/or
upper layer protocols(tcp, udp)
•IPSec can be thought of as a software or hardware
module that is implemented in either a host or a
security gateway (router or firewall)
3. IPSec Architecture
•IPSec module is used to manage security for
individual connections to other modules
• Security Policy Database (SPD) provides specifications of
the security services to be applied to each packet
• Security Association Database (SAD) contains the
security parameters (encryption algorithms, mode used,
initialization data, session keys) used to enforce a specific
policy
• A connection from one module to another is created
through a security association (SA) that corresponds to
an entry in the SAD
• An SA is a uni-directional connection that defines the
type of security services and mechanisms used between
two modules
5. IPSec Protocols
•The protocols used to provide security are the
Authentication Header (AH) and Encapsulating
Security Payload (ESP)
•Each protocol can be used in one of two modes
• Transport mode – used to protect upper layer payloads
of an IP packet (tcp, udp)
• Tunnel mode – used to protect an entire IP packet
including its payload (VPN)
•Transport mode is used as an SA between two
hosts
•Tunnel mode is used as an SA between two
gateways or a host and gateway
6. IPSec Protocols
• Transport Mode (upper level protocols)
Protected
IP IPsec Payload
Protected
Outer
IP
IPsec Payload
Inner IP
• Tunnel Mode (entire IP packet)
7. IPSec Protocols
• AH is used to provide
• Connectionless integrity and data origin authentication (integrity)
• Optional anti-replay service
• ESP is used to provide
• Confidentiality and (integrity) connectionless integrity and data origin
authentication
• Connectionless integrity and data origin authentication (integrity)
• Limited traffic flow confidentiality
• Optional anti-replay service
8. IPSec Protocols
•Integrity Algorithm (AH, ESP)
• Hashed Message Authentication Code (160 bit key)
•Confidentiality Algorithm (ESP)
• AES CBC mode (128 bit key – 256 bit key)
•Transport Mode Protection
•AH - Integrity
• Immutable sections of the IP header, the AH header, and
the upper level data
•ESP - Integrity
• The ESP header, the upper level data, and the ESP trailer
•ESP – Confidentiality
• The upper level data, and the ESP trailer
9. IPSec Protocols
• Transport Mode (AH)
Integrity & Authentication
IP
Header
AH
Upper Level
Data
• Transport Mode (ESP)
Integrity & Authentication
IP
Header
ESP
Upper Level
Data
ESP
Trailer
Encryption
10. IPSec Protocols
• Tunnel Mode Protection
• AH - Integrity
• Immutable sections of the outer IP header, the AH header, and the entire
inner IP packet
• ESP - Integrity
• The ESP header, the entire inner IP packet, and the ESP trailer
• ESP – Confidentiality
• The entire inner IP packet, and the ESP trailer
11. IPSec Protocols
• Tunnel Mode (AH)
Integrity & Authentication
Outer
IP
AH
Upper Level
Data
Inner IP
• Tunnel Mode (ESP)
Integrity & Authentication
Outer
IP
ESP
Upper Level
Data
Inner IP
ESP
Trailer
Encryption
12. SSL (Secure Socket Layer)
• TCP: provides a reliable end-to-end service.
• TCP & SSL: provides a reliable & secure end-to-end service.
• HTTPS: HTTP over SSL (or TLS)
• Typically on port 443 (regular http on port 80)
• SSL originally developed by Netscape
• subsequently became Internet standard known as TLS (Transport Layer
Security)
• SSL has two layers of protocols
14. SSL Record Protocol Services
• SSL Record Protocol provides two services.
• Message integrity
• using a MAC with a shared secret key
• similar to HMAC but with different padding
• hash functions: MD5, SHA-1
• Message confidentiality
• using symmetric encryption with a shared secret key
• Encryption algorithms: AES, IDEA, RC2-40, DES-40, DES, 3DES, RC4-40, RC4-
128
16.
Similar to HMAC, using MD5 or SHA-1.
HMAC ( ) ( )
The SSL MAC is
MAC_write_secret pa
computed as:
(
(
d_2
MAC_write_sec seq_num
ha
ret pad_
sh hash
has
1
h
hash
SSL MAC
k k opad k ipad
m m
SSLCompression.type
SSLCompression.length
SSLCompression.fragmen ))
t
17. SSL Handshake Protocol
•Allows server & client to:
• authenticate each other
• to negotiate encryption & MAC algorithms and keys
•Comprises a series of messages exchanged in
phases:
1.Establish Security Capabilities (to agree on
encryption, MAC, and key-exchange algorithms)
2.Server Authentication and Key Exchange
3.Client Authentication and Key Exchange
4.Finish
19. client_hello
server_hello
Client Server
client_hello: contains a c
Phase1: Establish Security Capabilities
and
a list of in decreasing order of preference.
server
lient.random
cipher suites
server.rando
_hello: contains a and
a single selected
m
cipher by the s
suit er
e ver.
20. Each indicates a key exchange algorithm,
a cipher algorithm, and a MAC algorithm.
About 30 cipher suites have been defined,
each represente
cip
d by a 2-octet numbe
her suite
r.
Cipher Suite
Users can define their own cipher suites.
Downgrade attack: the adversary removes strong cipher
suites from client_hello.
21. certificate ( , )
server_hello_don
Client Server
RSA Key Exchange with an encryption key
n e
e
client_key _exchange
The message contains the server's
encryption ke
certificate
client_key_excha
y info.
The message contains a 48-byte
e
r
ng
p
( , )
encrypted wi
e_master_secret th RSA .
n e
22. certificate ( , )
server_key_
Client Server
RSA Key Exchange with a signature key
n e
exchange ( , )
server_hello_done
client_key _exchange
certificat
The contains the server's RSA-signature info.
The serve
e
r ge
n e
nerates a temporary RSA encryption key
pair, and sends the public key info (hashed and signed) to
the client in the server_key_exchange.
23. Client Authentication
• The server may request a certificate from the client.
• The client will send a certificate message or a no_certificate alert.
24. Introduction To IDSs
• Intrusion Detection Systems (IDSs) will be obsolete very
soon (if they aren't already). In it's place is something
much more capable, an Intrusion Prevention System
(IPS).
• IPSs are not a new technology, they are simply an
evolved version of IDS.
• IPSs combine IDSs and improved firewall technologies,
they make access control decisions based on application
content, rather than IP address or ports as traditional
firewalls had done.
• Because IDS and IPS technologies offer many of the
same capabilities, administrators can usually disable
prevention features in IPS products, causing them to
function as IDSs.
24
25. Definitions
•Intrusion detection: is the process of monitoring the
events occurring in a computer system or network and
analyzing them for signs of possible intrusions
(incidents).
•Intrusion detection system (IDS): is software that
automates the intrusion detection process. The primary
responsibility of an IDS is to detect unwanted and
malicious activities.
•Intrusion prevention system (IPS): is software that has
all the capabilities of an intrusion detection system and
can also attempt to stop possible incidents.
25
26. • Recording information related to observed events.
Information is usually recorded locally, and might also be
sent to separate systems such as centralized logging
servers, security information and event management
(SIEM) solutions, and enterprise management systems.
• Notifying security administrators of important
observed events. This notification, known as an alert, may
take the form of audible signals, e-mails, pager
notifications, or log entries. A notification message
typically includes only basic information regarding an
event; administrators need to access the IDPS for
additional information.
• Producing reports. Reports summarize the monitored
events or provide details on particular events of interest.
26
27. • An IDPS might also alter the settings for when certain
alerts are triggered or what priority should be assigned to
subsequent alerts after a particular threat is detected.
• IPSs respond to a detected threat by attempting to
prevent it from succeeding. They use several response
techniques:
• The IPS stops the attack itself. Examples:
Terminate the network connection or user session that is
being used for the attack. Block access to the target (or
possibly other likely targets) from the offending user
account, IP address, or other attacker attribute. Block all
access to the targeted host, service, application, or other
resource.
27
28. • The IPS changes the security environment. The IPS
could change the configuration of other security controls
to disrupt an attack. Such as reconfiguring a network
device (e.g., firewall, router, switch) to block access
from the attacker or to the target, and altering a host-
based firewall on a target to block incoming attacks.
Some IPSs can even cause patches to be applied to a host
if the IPS detects that the host has vulnerabilities.
• The IPS changes the attack’s content. Some IPS
technologies can remove or replace malicious portions of
an attack to make it benign. An example is an IPS
removing an infected file attachment from an e-mail and
then permitting the cleaned email to reach its recipient.
28
29. •Most IDPSs also offer features that compensate for
the use of common evasion techniques. Evasion is
modifying the format or timing of malicious activity so
that its appearance changes but its effect is the same.
Attackers use evasion techniques to try to prevent
IDPSs from detecting their attacks.
•For example: an attacker could encode text characters
in a particular way, knowing that the target understands
the encoding and hoping that any monitoring IDPSs do
not. Most IDPSs can overcome common evasion
techniques by duplicating special processing
performed by the targets. If the IDPS can “see” the
activity in the same way that the target would, then
evasion techniques will generally be unsuccessful at
hiding attacks.
29
30. Classes of detection methodologies:
•Signature-based: compares known threat signatures to
observed events to identify incidents.
• This is very effective at detecting known threats but
largely ineffective at detecting unknown threats and
many variants on known threats.
• Signature-based detection cannot track and understand
the state of complex communications, so it cannot detect
most attacks that comprise multiple events. Examples:
• A telnet attempt with a username of “root”, which is a
violation of an organization’s security policy
• An e-mail with a subject of “Free pictures!” and an
attachment filename of “freepics.exe”, which are
characteristics of a known form of malware
30
31. •Anomaly-based detection: sample network activity to
compare to traffic that is known to be normal.
•When measured activity is outside baseline parameters
or clipping level, IDPS will trigger an alert.
•Anomaly-based detection can detect new types of
attacks.
•Requires much more overhead and processing capacity
than signature-based .
•May generate many false positives.
31
32. •For example: a profile for a network might show that
Web activity comprises an average of 13% of network
bandwidth at the Internet border during typical
workday hours. The IDPS then uses statistical methods
to compare the characteristics of current activity to
thresholds related to the profile, such as detecting
when Web activity comprises significantly more
bandwidth than expected and alerting an administrator
of the anomaly. Profiles can be developed for many
behavioral attributes, such as the number of e-mails
sent by a user, the number of failed login attempts for a
host, and the level of processor usage for a host in a
given period of time.
32
33. • Stateful protocol analysis: A key development in IDPS
technologies was the use of protocol analyzers.
• Protocol analyzers can natively decode application-layer
network protocols, like HTTP or FTP. Once the
protocols are fully decoded, the IPS analysis engine can
evaluate different parts of the protocol for anomalous
behavior or exploits against predetermined profiles of
generally accepted definitions of benign protocol activity
for each protocol state.
• Problems with this type include that it is often very
difficult or impossible to develop completely accurate
models of protocols, it is very resource-intensive, and it
cannot detect attacks that do not violate the
characteristics of generally acceptable protocol behavior.
33