Network Security (N. Dulay & M. Huth) Introduction (1.1) November 2nd 1988? ** Something interesting happened on this date Any ideas?

Network Security (N. Dulay & M. Huth)

Introduction (1.1)

November 2nd 1988? **

Something interesting happened on this date

Any ideas?


Introduction (1.2)

Internet Worm Launched**

Moved relentlessly across network connections from computer-to-computer

Within 12 hours, first Berkeley Univ then Purdue Univ distributed patches to stop spread.

Computers affected 2,000-3,000 maybe more

Even those computers not affected had to be tested !

Cost? Estimated between $1M and $100M. A great deal of time and resources expended.


Introduction (1.3)

Who did it? **

Robert T Morris Jr. (Student at Cornell Univ.)

Claimed it was an experimental program that had a bug :-)

2yrs later -> 3yr probation, $10K fine, 400 hours community service.


Introduction (1.4)

Net Effect?**

Birth of a multi-million pound industry£££££


Introduction (1.5)

C430 Network SecurityC430 Network Security

Michael Huth

[email protected]

www.doc.ic.ac.uk/~mrh/430/

IntroductionIntroduction


Introduction (1.6)

Cryptography & Network Security (3rd ed)

William Stallings, Prentice-Hall International, 2002

Detailed, academic, best overall book for course

Practical Cryptography

Niels Ferguson, Bruce Schneier, Wiley 2003 Superb introduction to cryptographic building blocks.


Introduction (1.7)

Applied Cryptography (2nd ed)

Bruce Schneier, John Wiley, 1996 Wide-ranging introduction, Parts I and II very readable.

Handbook of Applied Cryptography

Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone , CRC Press, 1996 (Fifth printing Oct 2001)

Cryptography encyclopaedia. Fabulous resource. All chapters available for download at

http://www.cacr.math.uwaterloo.ca/hac/


Introduction (1.8)

Others

RSA Lab’s: Cryptography FAQ http://www.rsasecurity.com/rsalabs/faq/

Nigel Smart: Cryptography, McGraw-Hill, 2002 John Viega & Gary McGraw: Building Secure Software,

Addison-Wesley Professional Computing Series, 2002. Michael Huth: Secure Communicating Systems, Cambridge

Univ. Press, 2001 Bruce Schneier: Secrets and Lies, John Wiley, 2000. Peter Wayner: Disappearing Cryptography, 2nd ed, Morgan

Kaufmann, 2002. Simon Singh: The Code Book, Fourth Estate 1999 Sarah Flannery: In Code: A Mathematical Journey,

Profile Books, 2000 Neal Stephenson: Cryptonomicon, Heinemann, 1999 Cryptogram newsletter:

http://www.counterpane.com/crypto-gram.html


Introduction (1.9)

Course Topics

Classical cryptography Symmetric-key

cryptography Public-key cryptography Digital signatures Protocols: Authentication

Key management Access Control Wireless & Mobile

Security

Coursework:

Details will be announced within the next two weeks, probably one assessed coursework


Introduction (1.10)

Assets, Threats, Risk, Countermeasures, Aftercare

Assets Threats

Risks

Countermeasures

Aftercare

Policies

ProactiveSecurity

Management


Introduction (1.11)

Expectancy & Impact of Network Security

Expectancy Impact

HIGH HIGH Prevent

HIGH LOW Contain & Control

LOW HIGH Contingency Plans, Insurance

LOW LOW Live with?


Introduction (1.12)

Network Security Model - 1

Msg MsgChannel

Max

Alice Bob

Traffic Analysis, Covert Channels


Introduction (1.13)

Network Security Model - 2

SecretInfo

SecretInfo

? ?

Msg Msg

Channel

Trusted Third Party

Adversary

Distrib Secret Info, Arbitrate


Introduction (1.14)

Network Access Model

ProcessorMemory

I/OFiles

ProcessesInternal Net

Security Controls

HostAdversary

Software

Human

Channel

Internal Adversaries?


Introduction (1.15)

Key Security Properties

Confidentiality

Authentication

Integrity

Non-repudiation

Availability

Access Control


Introduction (1.16)

INTERCEPTIONUnauthorised party gains access to data

Confidentiality (Secrecy)

Protect transmitted data

Protect against traffic analysis

Timeliness


Introduction (1.17)

FABRICATIONInsertion of “counterfeit” messages

Authentication

Assurance that message is from proper source

Protect from third party masquerade

Mutual Authentication


Introduction (1.18)

Integrity

Message is received as sent

Modification

Also interested in replay, re-ordering, deletion, delay

MODIFICATIONGain access and “tampers” with messages


Introduction (1.19)

Availability

Complete loss of availability

Reduction/Degradation in availability

INTERRUPTIONLoss of communication (cut the cable)

DENIAL OF SERVICE Noisy comms (physical noise, spurious messages)


Introduction (1.20)

Non-repudiation

Prevents parties from denying they sent or received a message; ie. concerned with protecting against legitimate protocol participants, not with protection from external source

Receiver can verify and prove who sent a message

Sender can verify and prove who received a message

REPUDIATION ATTEMPTParty anonymously publishes his or her message/key(s) and falsely claims that they were stolen.


Introduction (1.21)

Access Control

Limit & control access to host system/services

Limit & control access to networks

Authenticate each party so that access rights can be assigned

More fine-grained solutions, e.g. Digital Rights Management

REPLAYRecord a legitimate message e.g. a login, and replay later

Auditing Service


Introduction (1.22)

Passive Attacks

Message Contents Traf f ic Analysis

I nterception

Only monitors channel (threat to confidentiality) Difficult to Detect -> Incentive to Prevent Countermeasures?


Introduction (1.23)

Active Attacks

I nterruptionDenial of Service(AVAI LABI LI TY)

Modif ication(I NTEGRI TY)

FabricationMasquerade

(AUTHENTI CI TY)

Modification of, or creation of a false data stream Hard to Prevent -> Incentive to Detect and Recover REPLAYS are a very powerful form of active attack where a

message is intercepted (passive attack) and then replayed to gain access or to break a protocol. E.g. fake interfaces at bank teller machines.


Introduction (1.24)

Reading

Stallings. Chapter 1 - Introduction


Introduction (1.25)

The Internet Worm

Michael Huth

[email protected]



Introduction (1.26)

when & how

date: 2nd november 1988

________________________

sendmail (with debug mode enabled)

fingerd (vaxen only)

rexec

rsh

accounts with obvious passwords

accounts with a passwords in a 432 word dictionary

accounts with passwords in /usr/dict/words

accounts with trusted machines ( .rhosts )

accounts attacked


Introduction (1.27)

machines attacked

certain sun’s and vax’s

machines in /etc/hosts.equiv

machines in .rhosts

machines in cracked account’s .forward files

machines in cracked account’s .rhosts files

machines listed as network gateways in routing tables

machines at guessed LAN addresses

gain privileged access

destroy or attempt to destroy any data

leave time bombs behind

attack specific well-known or privileged accounts such as root

what it did not do


Introduction (1.28)

rsh

tried to connect as current user

tried 3 locations for rsh: /usr/ucb/rsh, /usr/bin/rsh, /bin/rsh

successful access if attacked host trusts user and host.trust defined by /etc/host.equiv or remote users .rhosts file

if successful transferred worm bootstrap program

tried to connect with users and passwords already “discovered” on local host

requested /bin/sh as command to execute

if successful transferred worm bootstrap program

rexec


Introduction (1.29)

sendmail flaw

debug mode allowed execution of a named program as the mail recipient. program would run with input coming from attacking host

recipient program stripped off mail headers and passed body to a command interpreter

body was a script which "created" a worm bootstrap program to pull in rest of worm from attacking host

both vax and sun worm binaries were tried

fingerd used a library routine (gets) which allocated a buffer on the stack. gets performed no bound checking

worm overflowed stack buffer, and setup a fake stack frame

causing a small new piece of vax code to run on procedure return

code exec’ed bourne shell with input (worm bootstrap program) coming from attacking host

fingerd bug


Introduction (1.30)

worm bootstrap

c source program

compiled with c compiler on attacked host

transferred main worm code (binaries) from attacking host

both vax and sun binaries tried

on execution detached itself from parent process

erased argument list

deleted executing binary

used resource limit functions to prevent a core dump

used sh for compiled name

forked every 3 minutes, child continued, parent exited

xor’ed all constant strings with hex 81

self protection


Introduction (1.31)

Network Security

Michael Huth

[email protected]


Tutorial 1


Introduction (1.32)

Assets

Personal Data, Passwords, CC, Files, Data, Configuration Data, Medical Data

Money, Revenue stream CPU time, Network

bandwidth, Filespace, Availability of Net

Access to services Hardware .... Minimise downtime

Intellectual Property Reputation, Public Image Privacy Staff morale Anonymity


Introduction (1.33)

Assets **

Data including archives Computers, Disks, Tapes CPU time, Storage, Net

capacity Comms (routers, switches,

firewalls, modems, patch panels, bandwidth), Phones, Faxes

Air-conditioning systems/alarm systems, Physical Security

Manuals, guides Printouts: reports, letters,

emails, contracts Configuration information Passwords

Staff Safety and health of

personnel Privacy of users Public image and

reputation Customer/client goodwill Share price Intellectual property Domain name


Introduction (1.34)

Threats

Hardware errorsTerroristsTheft, Malicious, MicrosoftIndustrial espionage,

GovernmentMalicious softwarePiratingPassword crackingDenial of Service MasqueradeMisuse of resourcesSocial engineeringReverse engineering

Acts of God, Fire, Earthquakes,

Disaffected employees Human error Illness & Injury Economic downturns


Introduction (1.35)

Threats

Unreliable software, bugs Viruses, worms, trojan

horses, bombs, trap doors, spoofs, artificial life-forms, password crackers, Cryptanalysis, Microsoft

Disgruntled, blackmailed, bribed, greedy employees or ex-employees

Hackers Government agencies,

military spies, industrial spies, criminals, terrorists

ISPs, Backbone Providers BIGGEST THREAT?

Illness, flu epidemic, death, strikes,

Resignations, badly-trained staff

Loss of phone/network services

Loss of utilities (water, electricity), Garbage

Lightning, flood, fire, ... Bombs, ransom demands Vendor bankruptcy Bad press, fringe groups Legal action Faulty computers/equipment Bad practice, mis-

configuration


Introduction (1.36)

Countermeasures

Anti-virus software Backups Firewalls CERT Security Policies Physical security Disaster recovery Intrusion detection

Systems Hardware dongles Patches Cryptography Access control Increasing bandwidth

Good pay, food, computers, gym

Train users Patents, copyrights,

lawyers Contracts Background people Insurance


Introduction (1.37)

Countermeasures

Protect buildings, equipment and people from unauthorised access, natural disasters

Use fibre optic cabling, Shield equipment & cabling

Use reliable H/W & S/W, Shredder Keep backups & standby systems Use “good” cryptography Use firewalls, simulated attacks Use good password admin, virus

checkers, intrusion detection s/w, auditing software, biometrics

Isolate network Counter-intelligence, Ethical

hackers, Security guards, Lawyers

Employ trustworthy staff, background checks

Train/educate staff Keep staff happy Insure Good legal backup Take security seriously

(planning, administration, risk assessment, cost/benefit analysis, paranoia level)

Splendid Isolation

EXPECTANCY & IMPACT


Introduction (1.38)

Policies

Set of well-defined, consistent and implementable rules (security requirements). Policies should be general and change little over time.

Consider an online auction company such as E-bay which allows most users to buy and sell goods online. Sellers can post details of their goods on E-Bay’s web site and interested buyers can bid for the goods.

What policies might the users of the system want applied?

What policies might E-Bay want applied?


Introduction (1.39)

Rank the Security functions below

Confidentiality AuthenticationIntegrity Availability

Bank ? ? ? ?

Military ? ? ? ?

University ? ? ? ?

1 = Most Important 4 = Least Important


Introduction (1.40)

An access control is violated, what next?

E.g. a password is broken and web pages for Amazon.com are replaced

Network Security (N. Dulay & M. Huth) Introduction (1.1) November 2nd 1988? ** Something interesting happened on this date Any ideas?

Documents

cryptography network

huth introduction

introduction slide

network connections

superb introduction

wideranging introduction

disappearing cryptography

cryptography encyclopaedia