Network Security Protecting An Organizations Network.

Network Security

Protecting An Organization’s Network

A Note About Security

Humans are usually the most susceptible point in any security scheme

A worker who is malicious, careless, or unaware of an organization’s information policy can compromise the best security• William Stallings

A Note About Security

If your site has multiple access points, the overall security of the site is only as strong as the security of the least secure access point• Thus, you must ensure that all points of

access are secure

• Again, frequently the weakest link is people• This includes such access points as E-Mail, their

personal web sites, etc.

A Note About Security

A recent demonstration found that 24% of passwords could be determined, by:• Searching dictionaries of names, places, and other

words

• Using the username

• Using information about the user, such as their first name

A much higher percentage would result if variations of the above were used• e.g. marge123

Security Terminology

Authentication: The process of determining the identify of a client or other entity

Encryption: The process of obfuscating data so that it cannot be examined in its current form

Public key: An object used in the encryption process that is publicly available

Private key: An object used in the encryption process that is kept private within an organization

Authentication: IPSec

Uses IP datagrams to provide security features such as authentication

Authentication is provided for each datagram• An IP datagram, such as those used for TCP

connections will be assigned an authentication header (AH)

Authentication: IPSec

IPH TCPH TCP Data

IPH TCPH TCP DataAH

A normal TCP datagram:

A TCP datagram with IPSec authentication information:

Authentication Headers

Each authentication header contains authentication information that relates the sender of the message to the message data• If this data were static, it would be fairly simple to

‘forge’ datagrams with another entity’s authentication information

• Clearly this data must be dynamic, relating to the data in the message, and difficult to reproduce by another entity

Authentication Headers

Data

Sequence Number

Security Parameters Index

Unused

Payload Length

Next Header

Data for the security scheme

A unique number for each packet

The security scheme used

Reserved for future use

Length of the entire header

Points to the TCP header

?

4

4

2

1

1

Authentication Data

The data portion of the authentication header is where we place authentication information

This authentication must be difficult to forge• IPSec (and many other schemes) use

message digests for this purpose

Message Digests

A message digest is a small piece of information created by examining a larger piece of information• In this case, the larger bit of information is the data of

the datagram Sound familiar?

• It should, a checksum is very similar to a digest

• A digest normally is a larger entity so there is a higher degree of detecting changes

Various algorithms are used to create digests• E.g. SHA-1, MD5

Authentication Information

A well-known algorithm is used to generate the digest

So how is that valid authentication information?• Its not, the digest ensures the data received is

the same as the data sent

• The digest is encrypted using the sender’s private key

Public Key Encryption

Public key encryption (encrypting with pairs of public and private keys) will be discussed at a later time

Suffice it to say, that either:• The sender encrypts the data using the receiver’s

public key, and the receiver decrypts the data using its own private key

• The sender encrypts the data using its own private key, and the receiver decrypts the data using the sender’s public key

Public Key Encryption

A

A’s Private

Key

B’s Public

Key

B

B’s Private

Key

A’s Public

Key

Public Key Encryption

A

A’s Private

Key

B’s Public

Key

B

B’s Private

Key

A’s Public

Key

Public Key Encryption

A

A’s Private

Key

B’s Public

Key

B

B’s Private

Key

A’s Public

Key

Public Key Encryption

A

A’s Private

Key

B’s Public

Key

B

B’s Private

Key

A’s Public

Key

Public Key Encryption

Clearly, each key can be used to encrypt, and each key can be used to decrypt• Thus public key encryption is bi-directional

The private key is used to encrypt when the receive wants to ensure the data comes from the correct recipient• No-one else would have the private key

The public key is used to encrypt when the data must not be seen by external entities• Only the private key can be used to decrypt

Authentication Information

The private key of the sender is used to encrypt the message digest• Since only the sender would have the private key, the

resulting encrypted digest is unique

• Since the digest would change with even a minor change to the data, the encrypted ensures data has not been tampered with

Thus this combination of digests and public key encryption ensures data integrity and provides authentication

Encryption in IPSec

IPSec also supports encryption• In IPSec, it is called Encapsulating Security

Payload (ESP)

The operation is similar to how IPSec handles authentication, except that the datagram’s data portion is encrypted• The ESP header describes the technique

used for encryption

Encryption in IPSec

Since the sender normally would use its private key to encrypt datagrams, additional authentication is not normally required

Encryption schemes also normally include methods for ensuring data integrity

VPNs

Recall that virtual private networks uses encryption to keep their data secure between sites

VPNs frequently use IPSec’s ESP feature to accomplish this

The external router for each site would employ IPSec ESP on incoming and outgoing datagrams

VPNs

The advantage of using IPSec to implement VPNs is that it is a well-known technology• Thus it may be used, assuming the ubiquitous

nature of IPSec on the Internet

Web Security

Securing the World Wide Web

The Need

The World Wide Web requires certain access points• If your site is to have a world wide web server, it

requires at least one port that external entities may connect to

• e.g. 80 (HTTP), 443 (HTTPS), etc.

• If users on your site will access the web through a client, it requires ports to do so

• This may be through a single machine, called an HTTP proxy server

The Threats There are four kinds of web-related threats:

• Integrity threats: Data and/or system files are modified or destroyed

• Confidentiality threats: Private data is examined by the intruder

• Denial of Service: Web service is disrupted, preventing other clients from using it

• Authentication: The identify of an entity is forged, making it seem like a request or command is coming from someone else

• Unchecked code attacks: User-supplied data is assumed to be benign, but when used it could be code which is executed (e.g. Javascript or SQL)

Integrity Threats

Data integrity can be compromised in several ways:• Files stored on the server are modified

• Memory, containing data, is modified

• Network messages are modified

The result is the loss of data, or some compromised data• This compromised data may include such things as

password files, malicious shell scripts, etc.

Integrity Threats

The common theme to all of these threats is that data is changed

Checksums/digests make it possible to ensure data is not changed• If data is changed, the checksum/digest will indicate

the change

• That may not prevent loss of data alone, but it will (at least) alert administrators (or automatic sentry programs) of the change

Example: Nimbda virus

Nimbda Virus

Nimbda virus exploited a vulnerability in Internet Information Server (a web server) to modify files• The outgoing web page was modified

• Actually, Nimbda virus is also an example of a denial of service attack

It is used as an example here, because of its widespread effect and notoriety

Confidentiality Threats

The types of confidentiality threats are:• Reading files from the server

• Reading contents of a server’s memory

• Reading network messages The results are:

• Invasion of privacy

• Lost data (packets read are typically not placed back on the network)

Confidentiality Threats

Encryption prevents any data from being interpreted• Encryption allows only owners of the right

‘key’ to unlock the contained data

• Datagrams might be examined and removed from the network, but timeouts would allow that information to arrive, eventually

Example: Packet sniffers, Spyware

Packet Sniffers

Packet sniffers allow anyone on a network to intercept any datagram passing through a machine

Instead of passing the datagram along, first the packet sniffers read the packet’s data

Examples: SpyNet, CommView, Ethereal

Denial of Service Attacks

Sometimes called overload attacks, there are a few types:• Overloading a server with connections or

requests

• Overloading the threads of a server

• Overloading the network connection to a server (buffer overload)

• Overloading a disk

• Overloading memory

Denial of Service Attacks

Overloading a server can cause the service to become unavailable (thus ‘denial of service’)

Example: Nimbda virus• Once Nimbda virus infiltrates a site (using an integrity

attack), each incoming request executes a program (part of the virus)

• This program attacks a number of other sites, trying to install the virus there

• Eventually, the attacks themselves can cause denial of service (DoS), even on machines where the Nimbda virus could not install itself

Denial of Service Attacks

DoS attacks can be reduced/avoided in a variety of ways:• Routers can filter out duplicate packets

• Reduce the effect of a request

• Attempt to recognize ‘bogus’ attacks and eliminate any unnecessary processing as a result

• Require authenticated access wherever possible• Although, authentication itself may be a target of DoS

However, there is no way to make DoS attacks impossible at this time

Authentication Attacks

Sometimes used in combination with integrity attacks• Where data is modified and the identity of the sender

is forged, so that the data is accepted Authentication attacks typically involve users

modifying source IP addresses (and things like IPSec authentication headers) to forge their identities• Although the authentication schemes used by IPSec

now make this difficult

Authentication Attacks

Authentication can be accomplished using techniques such as those used by IPSec• Including a message digest, encrypted with

the sender’s private key allows the receiver to validate the identity of the sender

Examples: Using a packet sniffer, modifying the packets, placing them back on the network

Unchecked Code Attacks

User-supplied data should always be validated• Positive validation: Checking to make sure the

data meets your expectationse.g. the expected format of an E-Mail address

• Negative validation: Checking for code, special characters and other enablers which might indicate that something malicious is in the user data

e.g. a <script> tag

Unchecked Code Attacks Imagine a form that asks for an E-Mail address

• Please enter your E-Mail address and password to log into our site

Imagine that when the form submission fails, the printed the E-Mail address in the browser for verification• Are you sure [email protected] the correct E-Mail

address? Now imagine that the user types in some nasty

JavaScript code (<script>…</script>)• The code will be put into the response page, and

possibly executed

Guarding Against Attacks

For each type of attack, I have suggested a few examples of technologies that can be used to prevent the attacks

Of course, none of these solutions is fool proof• Recall the comment about the weakest link in the

chain

• e.g. A private key falls into the wrong person’s hands

• e.g. A certificate is sent unencrypted via E-Mail

Guarding Against Attacks

The combination of the following techniques may represent a security scheme for a given site:• Message digests

• Guards against integrity attacks

• Encrypting the digest with a private key• Guards against authentication attacks

• Encrypting the message with a public key• Guards against confidentiality attacks

• Employing duplicate-removing routers, and requiring authenticated access wherever possible• Guards against DoS attacks

• User input validation• Guards against unchecked code attacks

Guarding Against Attacks One fact is always true about site security:

• An ounce of prevention is worth a pound of cure Frankly if attacks can be avoided or halted before they

occur, we will not need to deal with the side-effects of intrusions

The Code Red worm gives an example:• The security hole was discovered by a popular security site,

and a patch was created by them many months in advance• The security hole was made public by this site

• Many clones of the Code Red worm were created given this new information, which also flourished on unpatched sites

• Microsoft subsequently released an official patch for IIS more than 2 months before the code red worm became prevalent

Another Attack Categorization The previous scheme categorized attacks by their

purpose Another possibility is to categorize attacks by how

messages propagate:• Interruption: Messages are removed from the network, so

they are never received

• Interception: Messages are read from the network without interrupting the message reaching its destination

• Modification: Messages are removed from the network and replaced by another, modified version

• Fabrication: Messages are created, usually in order to appear to come from a different source, for a different purpose

Encryption and Authentication

In Depth

Authentication and Encryption

These two technologies are frequently inter-related• Both can be closely related to private keys

There are really two categories of encryption techniques:• Conventional (single-key) encryption: The same

key (shared by both sides) is used to encrypt and decrypt the data

• Public key encryption: One key is used for encryption (usually the private key), and another for decryption (usually the public key)

Single Key Encryption

Somehow, a shared key must be distributed between both programs

Single key encryption algorithms must be symmetric:• They must provide a means to use the same

key to decrypt and encrypt the data

• Usually this means there are two (reverse) algorithms

Single Key Encryption

To ensure security, the key exchange must occur in some secure way

If someone intercepts the key, the encrypted message can be decrypted• Assuming they have the decryption algorithm

This separation of encryption algorithm from the key is an advance in cryptography• Encryption algorithms in the 30’s and 40’s involved

only an encryption algorithm

Terminology

Plaintext: Data prior to the encryption process• Or data after the decryption process

Ciphertext: Data after the encryption process Cipher: An encryption algorithm Secret key: A piece of data used by the

encryption algorithm to generate ciphertext• The secret key is also used by the decryption

algorithm to generate plaintext

Encryption Algorithms: Ancient Encryption methods (not applied to data per se, but to

spoken or telegraph/written messages) usually involved the replacement of common parts of the messages with other characters/words• One common example is the replacement of letters with

some other letter in the alphabet

• This scheme was used by Julius Caesar, and as such it is called the Caesar Cipher

Later, these schemes employed some changing factor• Such as a table containing mappings between letters

• This table represents a changeable key that both parties must know

Caesar Cipher Problems

If the relationship between ciphertext letters and plaintext letters follows some pattern (as they did in Caesar’s method), the key can be easily determined

One way to combat these problems is to convert groups of letters at a time

Thus AB might translate to XY, but AC might translate to WV (not XV or something like that)

The Playfair Cipher

The Playfair cipher was created to convert groups of two letters at a time• Thus each translation occurs on two letters, so there are

262 (or 676) combinations

• This method is more difficult to crack since all 676 combinations must be found to be able to crack all messages

• However, if a partial list of mappings is known, it may reveal the message (or part of it), which will reveal more mappings

• mee? me a? ??e barn => meet me at the barn

The Playfair Cipher

The details of the Playfair cipher are irrelevant to this discussion, since the key can easily be determined

This scheme does, however, remove some of the structure of the message (e.g. word groupings), which is a good idea• For example, we cannot examine the ciphertext, looking

for commonly used letters, to determine which represent common letters in the plaintext (such as R,S,T,E)

We need to maximize this effect in order to make it more difficult to determine the key

Encryption Algorithms: Single Key

Keys have to be complicated enough that the encryption algorithm could be well-known and the ciphertext is still relatively secure

While overly simplistic, the Caesar Cipher (as well as other ancient algorithms) represents a symmetric algorithm, as required by single key encryption• One shortcoming is that the key can easily be determined

through iteration

• Ciphertext should never be enough information to determine the secret key

Algorithms which do not suffer from this include:• DES (Data Encryption Standard), IDEA (International Data

Encryption Algorithm), BlowFish, RC5, RC2, CAST-128

DES Algorithm

DES is a complicated algorithm, the details of which are not important here

Suffice it to say that DES is more secure than the other (ancient) algorithms discussed here

However, DES is vulnerable to brute-force attacks• Attacks where various key values are tried until the

message appears to be decrypted

DES Algorithm

One solution for this, is to apply the DES algorithm multiple times• If the code breaker finds one of the keys, it will be hard

for him/her to realize it, since the output will be ciphertext again

• Applying DES twice makes it difficult to break using brute force, however techniques exist for cracking double DES

• Thus, an alternative to DES is triple DES, where DES is applied three times• Thus the two parties must share 3 different keys

• This scheme is called Triple-DES or 3DES

Key Distribution Single key encryption relies on the secrecy of

the key in order to work There are a few ways to transfer secret keys:

• The key is generated by A, and delivered (physically) to B• For example, a floppy disk may be used for this

purpose• Once one key is securely transferred to B, A or B

could send the other a new key, by encrypting the new key using the old key

• The keys are generated simultaneously using the same (private) algorithm and some shared data

Key Generation

Generating a secret key is fairly simple, random sequences of characters are usually sufficient

However, care must be taken to avoid pseudo-randomly generated keys• These can be identified and keys may be found using

prediction algorithms

• Computers are incapable of generating truly random numbers, but algorithms which generate very difficult to predict sequences can be used above easy to predict ones

Public Key Cryptography

Cryptography Using Keys Which Are Publicly

Distributed

Public Key Cryptography

Public key cryptography involves ciphers that use different keys for encryption than decryption

PKC uses a key pair:• A public key, which is made publicly available

• A private key, which is kept secret

• Since there are two keys, the private key need never be transferred, so there is less likelihood of it being discovered

Key Pairs In some systems, keys have a sort of symmetry

• Either key can decrypt data encrypted with the other key

• e.g. RSA encryption Thus if the private key is used to encrypt, anyone with the

public key can decrypt the data• This does not keep data private

• However, only the owner of the true private key could have generated the encrypted data

If the public key is used to encrypt, only someone who has the private key can decrypt the data• This keeps the data private

• However, it is possible for anyone to replace the data with other encrypted data

Key Pairs

Thus there are two uses for PKC:• Encryption using the private key for authentication

• Encryption using the public key for data encryption

Key pairs must be carefully generated to support this symmetry• The details of generating key pairs is usually specific

to each PKC technique

• e.g. RSA

RSA

The RSA PKC scheme is very popular, and is used by many technologies:• PGP (Pretty Good Privacy): An implementation of an

encryption scheme (typically used for E-Mail) One useful feature of the RSA algorithm is that

it uses variable sized keys• Larger keys can be used where additional security is

required

• Smaller keys can be used for short periods (too short for the private key to be ‘broken’) and where computation and/or network bandwidth is a concern

RSA

428 bit RSA keys can be cracked by old desktop PC in less than 1 year• Info: Athlon XP 1900+ CPU (~4000 MIPS)

So why the heck do banks (and other sites that use SSL) use only 128 bit encryption?• Firstly, the US government will not allow larger keys

• They mandate that because they must be able to crack private keys when necessary

• Secondly, SSL-enabled browsers generates these keys for each SSL session• Sessions typically last minutes or hours, not months

A Problem

RSA (and other PKC schemes) suffer from one problem, similar to the distribution of the secret key in SKC:• How do we export public keys?

At first glance, this may seem like an easy problem• Public keys need not be hidden, since little damage

can be done with them

• The danger is not with reading the public key, but replacing it (i.e. an integrity attack on the public key)

A Problem

If a 3rd party replaced the public key with their own, they could use their own private key to decrypt data and for authentication• Thus the site would grant full access to the 3rd

party Obviously we want to avoid this

• We need to distribute public keys in such a way as to eliminate this possibility

Public Key Distribution

Secure public key distribution really boils down to one problem:• How do we know that the public key we

receive is really from who we think?

The answer is simple: certificates• Certificates provide a way of distributing

public keys, while also providing source authentication

Certificates

Certificates are quite simple:• They are an encrypted version of your public key

Certificates are encrypted using the private key of a certification authority (CA)• Public keys of CAs are well known

• In fact, the public keys of several CAs are built into browsers for SSL

• Since the public key of a CA is well known, we do not need to transfer it (and thus run the risk of it being tampered with)• The CA public key can be used to decrypt the certificate,

and thus extract the public key of the owner of the certificate

Certification Authorities CAs job is to create certificates The certificate (i.e. public key) of at least one well-known CA is

installed into browsers• For other (non-browser) uses of PKC, the certificate/public key of a

CA must be known If the incoming certificate is issued by (encrypted using the

private key of) a different CA, the certificate can still be verified• The public key of the certificate’s CA can be downloaded (they are

also publicly available), and used to extract the public key in the certificate

• The CA’s public key is contained in a certificate authorized by another CA

• Eventually, through a chain of certificates, the certificate can be validated, and the public key extracted

SSL

A Common Scheme

Secure Socket Layer (SSL)

SSL was designed to create a communication model similar to that available through TCP

However, SSL employs additional security techniques, such as encryption• Thus SSL gives the appearance of normal

socket communication, while providing security features

SSL

SSL can use several different encryption algorithms, including IDEA, DES, 3DES

However, due to the streaming nature of TCP, normally uses one of the schemes that encrypts a stream byte by byte: RC4• This includes key sizes of 40 (RC4-40) and

128 bits (RC4-128)

SSL Operation

SSL begins when clients connect to servers• This stage is marked by each side exchanging hello

messages Next, certificates are exchanged

• The server sends its certificate to the client, followed by the client sending its certificate to the server

Then, the two agree upon an encryption algorithm and parameters• Now, it is possible for the client and server to exchange

information using the agreed encryption algorithm and the certificates (which contain public keys)

E-Mail Security

E-Mail Security

There are two aspects to E-Mail security:

1. E-Mail privacyUsing encryption (or some other means) to keep

data contained in E-Mail private

2. Virus protectionSince E-Mail is a simple portal through which any

entity may send messages, those messages must not affect the user’s system or the network

E-Mail Privacy

The most common way to ensure data privacy through E-Mail is to use PGP

PGP: Pretty Good Privacy• A freeware tool that uses single key cryptography

(and public key cryptography) to encrypt text

• It uses public key cryptography for digital signatures (obviously)

• The tool allows users to choose the encryption method: 3DES, IDEA (SKC), RSA (PKC)

E-Mail Virus Protection

Microsoft recently release a “patch” for Outlook, which Outlook 2002 (shipped with Office XP) had already preinstalled• This patch essentially prevents receiving any files

which are suspect (.EXE, .COM, etc.)

Other (better) solutions are to have virus checkers virus scan all incoming files• Norton Antivirus, McAfee, PC-cillin, and others

already perform these scans, if configured to do so

Malicious Programs A program with 2 goals; to propagate itself to other machines,

and to do some harm to this machine, possibly:• Trap door: A modification that allows a secret entry point to a

system (accidental or purposeful; by an employee?)

• Logic bomb: Code hidden within a seemingly harmless program that will activate when certain conditions are met (e.g. a time elapses)

• Trojan horse: A program that appears to be useful, but actually has some unwanted behaviour

• Virus: A program that propagates itself by embedding its own code into other executable programs

• Worm: A program that uses network connections to propagate

• Bacteria: A program that does no harm, except propagate