VL7 iSeries Security 2 - Freie Universität Security_2.pdf · – CAST-128 (RFC 2451) – RC5 (RFC 2451) – IDEA (RFC 2451) – Blowfish (RFC 2451) – 3DES (RFC 2451) – RC4 –

Architecture and Operation of Commercial Application Systems FU Berlin

SoSe 2005 1

© Copyright IBM Corporation 2005Material may not be reproduced in whole or in part without the prior written permission of IBM.

Lecture 7

iSeries Security – Part 2

Thomas [email protected]


7.1 Security ImplementationOverview


SoSe 2005 2


Layered implementation of security

To achieve the highest level of protection, security should be implemented in layers.

Corporate Security

Use

r edu

catio

n

Secu

rity

polic

ies

Physical Security

Network Security

System Security

ApplicationSecurity

SSL, exitprograms

Lock

s, a

cces

s co

ntro

l

UPS

, bac

kup

com

ms

lines

Fire

wal

l, VP

N g

atew

ay

Intr

usio

n de

tect

ion

LAN

inte

rfac

e

Obj

ect a

cces

s

User profile

Should meet security goals

Authentication

Authorization

Integrity

of

Confidentiality

Audit/Logging


i5/OS Security Services Overview

Application (Telnet, FTP, etc)

Transport (TCP, UDP)

Network (IP)

Data Link (Ethernet, Token Ring, PPP)

Physical (Hardware, Network Adapter)

SSL/TLS

Physical Locks

L2TP

VPN

RADIUS

Journaling/AuditingExit Programs

IP Filtering

Digital Certificates

Kerberos

The iSeries server offers security in various layers!

OpenSSH


SoSe 2005 3


Encryption Methods

Symmetric keys Same key is used for encryption and decryption

Asymmetric keys- Public Key Cryptography Standard (PKCS)Encryption and decryption use different keys, a public key and a private key

Encrypt Decrypt7l$wP0^8a'!yUdSLjh^7GVda;0ydh.

Encrypt F9kT*&Ukf987xdf1k*(&uk4789kds0

Decrypt kjk^jd7k%TNw6f7lWlqY#D=l46j0R@9+

Private

Decrypt

EncryptEncrypt

Public

Minnesota in winter is freezing cold, North Carolina is much warmer....




i.e. RSA

i.e. DES, 3DES, AES, RC4


Example: Signing an e-mail

I will invite you for

one glass of beer !Hash

Algorithm

Hash (message digest)

w#43ldk(&edww*%d3D24fm

e-mail text

Asymmetric EncryptionAlgorithmPrivate

y6^54fa#30(867^mKfAq@gsd

Electronic signature

I will invite you for

one glass of beer !

y6^54fa#30(867^mKfAq@gsd

Signed e-mail Sender

ReceiverAsymmetric EncryptionAlgorithm Public

w#43ldk(&edww*%d3D24fm

Hash (message digest)Hash

Algorithm

Hash (message digest)

w#43ldk(&edww*%d3D24fm Compare

Signing an e-mail involves hashing and encryption


SoSe 2005 4


7.2 iSeries Network Layer Security


Data in a network are subject to be stolenor manipulated anytime – on purpose or unintentionally


SoSe 2005 5


Protecting data in a network

Internet

Branch office

CorporateNetwork

Branch office

Supplier

VPN tunnel

VPN tunnelVPN tunnel

SSL / TLSSSH tunnel

Several technologies are available that provide:

Authentication Integrity Confidentiality


i5/OS VPN Capabilities• Implements the IPSec protocol framework

– Compatible with all major players in the market• Provides host-to-host, host-to-gateway, gateway-to-gateway, and

gateway-to-host connection support• Supported protocols involved are

Authentication Header (AH), Encapsulation Security Payload (ESP), Internet Key Exchange (IKE), sub-protocol IP Compression (IPCOMP)

• pre-shared key or RSA authentication

Applications

TCP/UDP(Transport)

IP(Internetwork)

Data Link

IPSec

IKE

L2TP

• VPN set up through configuration wizard


SoSe 2005 6


VPN Requirements• Data Origin Authentication

– Verifies that each datagram was originated by the claimed sender• Data Integrity

– Verifies that the contents of the datagram were not changed in transit, either deliberately or due to random errors

• Data confidentiality– Conceals the clear text of a message, typically by using encryption

• Replay Protection– Assures that an attacker can not intercept a datagram and play it back

at some other time• Key Management

– Assures that your VPN policy can be implemented throughout the extended network with little or no manual configuration

• Performance and Availability– Assures that the VPN does not hinder your business operations, but

rather, grows with as your business grows. Also assures that your VPN can accommodate future technologies as they become available

• Interoperability– Assures that your VPN uses standards based technologies in order to

maintain interoperability with other VPN vendors


IPSecurity (IPSec) Protocols• Authentication Header (AH)

– Provides data origin authentication, data integrity, and replay protection– Uses hashed message authentication codes (HMAC) based on shared

secrets– Does not encrypt datagram content– IANA assigned IP protocol number 51

• Encapsulating Security Payload (ESP)– Provides data confidentiality (except for transform NULL)– Encrypts payload of IP packet by using cryptographic keys– Optionally provides data origin authentication, data integrity, and replay

protection– IANA assigned IP protocol number 50

• Internet Key Exchange (IKE) protocol– Dynamically generates and refreshes cryptographic keys– Rekeying occurs while VPN connection is running– Two phase approach protects keys and data


SoSe 2005 7


Authentication Header (AH)Overview• Provides origin authentication for entire IP

datagram• Provides data integrity and replay protection• IANA assigned IP protocol number 51• IETF standard (RFC 2402)• Uses hashed message authentication codes

(HMAC) based on cryptographic keys• Does not encrypt datagram content• Two modes: Tunnel and Transport


AH Transforms supported in i5/OS• Transforms Supported with AH

– Mandatory Authentication Transforms• HMAC-MD5-96 (RFC 2403)• HMAC-SHA-1-96 (RFC 2404)

– Optional Authentication Transforms• DES-MAC

– Obsolete Authentication Transforms• Keyed-MD5 (RFC 1828)


SoSe 2005 8


Encapsulating Security Payload (ESP)Overview• Encrypts payload of IP packet using cryptographic keys

– Next Header field actually identifies the protocol carried in the payload

• Optional data origin authentication, data integrity, and replay protection– Less cryptographic processor power to detect & reject

packets whose contents have been changed– Reject at IP layer, rather than higher up in the stack

• IANA assigned IP protocol number 50• IETF standard (RFC 2406)


ESP Transforms supported in i5/OSTransforms Supported with ESP (i5/OS supported transforms in bold)• Mandatory Encryption Transforms

– DES_CBC (RFC 2405)– NULL (RFC 2410)*

• Optional Encryption Transforms– CAST-128 (RFC 2451)– RC5 (RFC 2451)– IDEA (RFC 2451)– Blowfish (RFC 2451)– 3DES (RFC 2451)– RC4– AES

• Mandatory Authentication Transforms– HMAC-MD5-96 (RFC 2403)– HMAC-SHA-1-96 (RFC 2404)– NULL (RFC 2410)*

• Optional Authentication Transforms– DES-MAC

*NULL cannot be used for encryption and authentication at the same time


SoSe 2005 9


Internet Key Exchange (IKE)Overview• Key generation and identity authentication• Automatic key refresh• Solves the "first key" problem• Based on ISAKMP framework and Oakley key distribution protocol• IETF standard (RFCs 2408-09, 2411-12)• Built-in protection

– Prevents Denial of Service attacks– Prevents Man-in-the-Middle attacks– Provides Perfect Forward Secrecy

• Must support IKE over UDP, port 500 (4500 typically used with UDP encapsulation)

• Must use strong authentication– Pre-shared keys– Digital signatures (DDS and RSA)– Public key encryption (RSA and revised RSA)

• Two phase approach


The Two Phases of IKE

Data policy

Protected by Phase 1Generate cryptographic keys to protect data

Keys are derived, never transmitted Used UDP port 500 for negotiation

IKE Phase 1

IKE Phase 2

Key policy

Establish master secret Generate IKE keys

Protect Phase 2 negotiationsAuthenticate each other

Host 2

Pre-shared 'key' - or - RSA Signatures

Host 1

Pre-shared 'key' - or- RSA Signatures


SoSe 2005 10


IKE Modes• Two IKE Phase 1 modes are supported...• 'Main' mode

– also know as 'identity protection' mode– encrypts identities during Phase 1 negotiations

• 'Aggressive' mode– faster– doesn't encrypt identities– Primarily used in a dynamic IP address environment (dial-up) (with pre-

shared keys)• Both modes negotiate a proposal for transforms to be used...

Accept One

Offer SA Proposals

Initiator (A) Responder (B)IP

HeaderUDP

HeaderISAKMPHeader

Transform(for #n)

Proposal#1

Transform(for #1)

IPHeader

UDPHeader

ISAKMPHeader

Proposal#x

Transform(for #x)

(First 2 messages, pre-shared keys - Phase 1 main mode)

...


Security Associations (SA)• Contains important information about how to use IPSec

– Algorithms (encryption, authentication)– Key lengths and lifetimes– Lifetimes (how long until an SA expires)– Participating parties– Nesting dependencies (inner or outer SA)– Encapsulation modes (transport or tunnel)– This information is cleartext and stored locally

• IKE SA– Protects Phase 1 and Phase 2 IKE

exchanges– Bi-directional– Either side can be Initiator or Responder

• Protocol SA– Protects user traffic– Negotiated during IKE Phase 2– Unidirectional– Requires separate SPI and key for

Initiator and Responder

SA establishment messagesKey exchanges messages

User data

User data

NO ENTRY

NO ENTRYONE WAY

ONE WAY

ISAKMP SA

Protocol SA

Protocol SA


SoSe 2005 11


IKE RSA signature: Main modeISAKMPheader SA Proposal Transform(2)Transform(1) ...

ISAKMPheader

ID(responder)

Initiatorto responder

Responderto initiator

Protected

Legend

Proposal and Transform payloads are considered part of SA payload

Certificate Signature(responder)

1

ISAKMPheader SA Proposal Transform2

ISAKMPheader

Keyexchange

Nonce(initiator)

Certificaterequest (1)

Certificaterequest (2) ...3

ISAKMPheader

Keyexchange

Nonce(responder)

Certificaterequest (1) ...4

ISAKMPheader

ID(initiator) Certificate

Signature(initiator)5

6

Both the initiator and responder send one or more Certificate Request (CERT-REQ) payloads for the CAs that they trust• Used by receiving system to help in certificate selection• The iSeries server sends one CERT-REQ for each trusted CA trusted by VPN Key Manager


VPN with UDP Encapsulation• Addresses header authentication problems when

NAT is used• UDP encapsulation, a.k.a. "NAT-friendly IPSec"

– For iSeries-initiated access through a NAT system (for example, firewall)

– Encapsulates an entire IPSec datagram into a UDP datagram, thereby allowing NAT to change the IP header in the UDP datagram rather than the hashed IP header in the original IPSec datagram

– Currently, the iSeries can only be the initiator– Example of a datagram using ESP in tunnel

mode

Branch Office

Intranet

Internet

VPN Tunnel

NAT


SoSe 2005 12


i5/OS L2TP Support

• Layer 2 Tunneling Protocol provides a virtual end-to-end PPP connection

• i5/OS supports LNS, LAC, and multi-hop connectivity• L2TP does not provide encryption support -> Use IPSec

to secure L2TP connections

ISP

ISP

ISP

ISP

PPP client

L2TPClient

L2TPClient

Internet

LNS

LACLAC = L2TP Access ConcentratorLNS = L2TP Network Server

LAC

LACVoluntary L2TP Tunnel

Compulsory L2TP Tunnel

CorporateNetwork

10.10.100.0/24

154.22.132.1710.10.101.20

66.51.73.11710.10.101.23

10.10.101.31


Multi-hop tunneling for extranets

L2TP tunnel

L2TP Voluntary Tunnel

Multi-hopgatewayRaleigh

L2TP client Raleigh

L2TP voluntary tunnel

Internet Singapore

PPP connection

Virtual PPP connection(Local call)

IPSec AH IPSec AHL2TP L2TP

PPPIPSec AH/ESP

IP

Optional

Expanding your private network


SoSe 2005 13


SSL / TLS• Secure Socket Layer (SSL) / Transport Layer Security (TLS) needs to be

implemented at application layer• SSL V3.0 is the de facto industry standard and today is widely used in many

applications to establish secure connections• TLS V1.0 is the official standard which was defined by the IETF first in

RFC 2246• Provides:

• Data encryption and decryption– Ensures that nobody can read transmitted data while in transit

• Data integrity– Ensures that nobody can manipulate data while in transit– Message Authentication Codes (MACs) are used to provide this service

• Authentication– Allows each communication partner to verify the identity of the other if

required– SSL V2.0 supports server authentication only– SSL V3.0 and TLS V1.0 support server and client authentication– Authentication is optional


SSL facts• Implemented on top of the OSI Reference Model layer 4

(transport layer) – Applications must support SSL– Needs additional programming– Special sockets APIs

• SSL is not a single protocol. Instead, it consists of:– SSL record protocol

• Sits on top of the transport layer and is used for encapsulation of various higher level protocols

– SSL handshake protocol• Operates on top of the SSL record layer• Allows the client and server to authenticate each other• Negotiates an encryption algorithm and cryptographic keys

before the application protocol receives or transmits data


SoSe 2005 14


SSL Handshake

Handshake

start

Client Server1. Request secure connection and sends supported CipherSuiteList (Client Hello)

Owner:SmithXYZ Corp.

Issuer:USPS

USPS

2. Send server's certificate to client and chosen CipherSuite (Server Hello) Optionally requests client certificate

3. Check trust status of the certificate

4. Optionally sends client certificate to the server

5. Send Server Hello Done and waits for client response

Secure Data FlowApplication Data Application Data

8. Decrypts the premaster secret using server's private key

Secret key

Private

7. Send the encrypted premaster secret to the server

6. Creates a premaster secret and encrypts it using the server's public key

Public

Secret key

04050A090306

050A

Allowedcipher suites

05

Simplified view of an SSL handshake


i5/OS Supported SSL Services

Confidentiality Integrity Authentication Authorization Audit/Logging

Telnet Server SSL/TLS SSL/TLS SSL/TLS (DCM), Kerberos, UserProfiles Exit Programs via IP Filtering

Exit Programs

Telnet Client N/A N/A N/A Exit Programs via IP FilteringApplication log.

FTP Server SSL/TLS SSL/TLS SSL/TLS (DCM), UserProfiles

AppAdmin, Exit Programs

via IP FilteringExit Programs

FTP Client SSL/TLS SSL/TLS SSL/TLS (CA Trust) AppAdmin, Exit Programs via IP Filtering

HTTP Server SSL/TLS SSL/TLSSSL/TLS (DCM), UserProfiles Validation Lists, LDAP Directory

HTTP directives via IP FilteringServer logs

LDAP Client SSL/TLS SSL/TLS SSL/TLS (DCM) N/A via IP FilteringAppl. dependent

LDAP Server SSL/TLS SSL/TLS SSL/TLS (DCM), Kerberos, UserProfiles

Access Control Lists (ACLs)

Audit journalChange log

Host ServersiSeries Access SSL/TLS SSL/TLS User profiles

Kerberos AppAdmin via IP Filtering


SoSe 2005 15


SSL vs. VPN• SSL / TLS

– SSL-enabled server and client applications required– Application to application– Simple to implement– Typically used for a few applications

or when dealing with users in the Internet

• VPN– Host or Gateway must support VPN– Transparent to application– Requires networking skills– Useful for protecting entire IP traffic between locations and

for applications that do not support SSL

TCP/UDP(Transport)

IP(Internetwork)

Data Link

IPSec

L2TP

-HTTP-TELNET-CA400

sslssl


Digital CertificatesWhat is a digital certificate?• An electronic form of identification, such as a passport or drivers license• Contains a name

– SubjectDN (such as CN=MyName, OU=FTSS, O=IBM, C=DE)– SubjectAltName (such as IP address, e-mail

address, host name, ...)• Issuer information• Public key• Validity period• Optional usage• Optional CRL locationIssued by a Certificate Authority (CA)Format defined in "Internet X.509 Public Key

Infrastructure and CRL Profile", RFC2459

VersionSerial number

Signature (algorithm)Issuer (X.500 DN)

ValiditySubject (X.500 DN)

Subject Public Key InfoIssuer Unique Identifier (v2)

Subject Unique Identifier (v2)Extensions (v3):

Subject Alternative NameAuthority Key IdentifierSubject Key Identifier

CRL Distribution Points...

Signature AlgorithmSignature Value


SoSe 2005 16


Usage for digital certificates• Secure transmitted data

– Certificates can be used when establishing secured connections using the Secure Sockets Layer (SSL) protocol

– Data traffic is encrypted (typically, traffic is not encrypted using asymmetric keys)

• Authentication– Better than a user ID and password because

possession of a private key is required– A private key will never be transmitted– One certificate can be used to identify an

entity to many other entities• Signing objects

– Certificates can be used for signing objects, which ensures thatdata transmitted over an untrusted media comes from a trusted source and was not modified.


Certificate Authority (CA)• A CA is a trusted authority

• Issues certificates

• Performs validation of certificate request data

• Certificates are issued based on the Certification Practice Statement (CPS)

• Distinction between well-known CAs and local (private) CAs

• Many well-known CAs offer different classes of certificates– The class specifies which parts of the certificate request data are

verified– Different costs for certificates of different classes


SoSe 2005 17


Certificate Authority (cont'd)• Can issue certificates based on the Public Key

Infrastructure X.509 (PKIX) – PKIX CA creates both the private and

the public keys for the requester– PKIX CA holds a copy of the certificate

including its public key – PKIX standards are outlined in RFC 2560

• Can maintain a Certificate Revocation List (CRL)– CRL contains serial numbers, time stamps,

and reason codes of revoked certificates– In most cases, the CRL can be downloaded

from a CA or accessed through LDAP

CRL


Managing Digital Certificates• i5/OS can act as a local Certificate

Authority (CA)

• i5/OS can use certificates issued by local/private CAs or well-known CAs

• Certificates are managed in i5/OS with the Digital Certificate Manager (DCM)– DCM is a facility that enables you to

manage digital certificates and their use in secure applications on the iSeries server

– Is a browser-based applications


SoSe 2005 18


What CA should I use?• Distinction between private/local CAs and public/well-known CAs• What are the advantages / disadvantages and what are reasons

for using a private CA versus a public CA?

Liability is requiredSpecial attribute values are required that are not provided by public CAs

No additional setup required on remote client/server

CA certificate must be deployed to all connected clients/servers for signature verification

Any client or server can use certificate (signature verification)

Additional level of protection (clients also need CA certificate)

Clients or servers are not known in advance or are not under direct control

All clients and servers are in a controlled environment

Charges fee depending on requested certificate type

No external fee associated

Public CAPrivate CA


Improving SSL Performance with Hardware Cryptography

• Secure connections on high volume Web sites or business application servers with many users put additional load on servers– Handshake and data encryption increase load– Symmetric data encryption is less expensive than asymmetric

encryption (RSA with public/private keys) for authentication

• Hardware cryptography can be used to improve performance for SSL handshake (asymmetric key operations)– offloads work from main CPU

• iSeries provides different hardware options


SoSe 2005 19


iSeries Cryptographic Hardware• 2058 e-Business Cryptographic Accelerator

– Improves SSL handshake performance– Simple configuration– Up to four adapters per system

• vary on device to activate• each adapter contains five IBM UltraCipher Cryptographic engines• one adapter supports 1000 RSA operations/second

• 4764 PCI-X Cryptographic Coprocessor (IOP-less)– Designed to meet Federal Information Processing Standard FIPS 140 level 4

certification– Supports EMV 2000 (Europay/MasterCard/Visa) standard– Contains tamper-responding module– Secure key generation and store– Random number generator– Clone a master key securely – Support financial PIN-processing – Generate and validate digital signatures – Encrypt and decrypt data – Improves SSL handshake performance


OpenSSH Support in i5/OS• OpenSSH is the free version of the SSH protocol suite

– it does not use any patended components, such as theIDEA encryption algorithm

• OpenSSH also supports the following services and functions:

– X11 forwarding• X11 forwarding allows the encryption of remote X windows traffic

– Port Forwarding• Port forwarding allows forwarding of TCP/IP connections to a

remote system over an encrypted channel– Data Compression

• Uses zlib for compression– Kerberos and AFS Ticket Passing

• Passes tickets for Kerberos and AFS on to the remote machine– Cryptographic functions

• Uses the OpenSSL cryptographic library

Secure SSH channel

ssh clientport 2200

to Server1port 23

Telnet clientDst addr: localhostDst port: 2200

Client Server

Port Forwarding to port23

sshdport 22

Telnetserver


SoSe 2005 20


7.3 System Layer Security


Security System ValuesLocking down security settings

• Security-related system values reflect the implementation of security policies

• Due to the lack of knowledge, many programmers have permissions to change system security settings

• The concept of split responsibilities can prevent high-authority users from changing security system settings

• Security system values can be locked down in System Service Tools (SST)

Work with System Security System: I5OSP3

Type choices, press Enter.

Allow system value security changes . . . . . 2 1=Yes, 2=NoAllow new digital certificates . . . . . . . 1 1=Yes, 2=NoAllow a service tools user ID with a default and expired password to change

its own password . . . . . . . . . . . . . . 2 1=Yes, 2=No


SoSe 2005 21


Object Signing


Object Integritiy Issues

• Distributing software via mail can introduce malicious code / trojans to the recipient’s side

• Object signatures enable recipients to check whether the code has been changed since it was sent

• Issues that are not addressed in most companies

Integrity

HeadquarterBP / ISV

Distribute Software to customers, branch offices Branch office

I’m going to modify the program

Oh, new SW from the HQ, I

have to restore it

Deployment process for newapplications or application changes

Tampering with program objectsremains undetected

Programmers can overrideproduction programs anytime


SoSe 2005 22


i5/OS Object Signing Support• All IBM operating system, license program, and

PTF objects are shipped digitally signed– Shipped i5/OS has the CA and Signature

Verification certificates internally stored– Therefore even if DCM is not setup and there is no object

signing or verification store, IBM supplied objects can be verified on restore

• i5/OS object signing capabilities can prevent objects from beingrestored when signatures are missing or invalid

• DCM can be used to create and manage certificates for digitally signing objects that will ensure:– The object's integrity– Provide proof of origination

• Signature operations as well as verification errors are logged in theaudit journal

IntegrityAudit/Logging


Objects that can be signed

Save files (not empty ones)

Programs *PGM *SVRPGM *SQLPKG *JVAPGM *MODULE*CMD

Stream files in the IFSObjects have to be in

a local file system


SoSe 2005 23


How to use object signingCreate signature verification store

Receive signer's signature verification

certificate (and CA certificate)

Add application and assign certificate

Define list ofobjects to sign

Sign objects

Create object signing certificate

Create object signingcertificate store

Verify setting of system value QVFYOBJRST

Verify signatures

Restore the application

Verify and package

Ship to customer

Export signing certificate as

verification certificate


Object signing components

ApplicationDefinitions

*SIGNATUREVERIFICATION Certificate Store

SignedObjects

*OBJECTSIGNINGCertificate Store

Object SigningCertificates

Signature VerificationCertificates

Certificate Authority

Issues Object Signing Cert

CA Certificate

Sign Objects with Object Signing Certificate assigned to the application

Verify ObjectSignatures


SoSe 2005 24


Check Object Integrity (CHKOBJITG)• The CHKOBJITG command can be used to check the integrity of a single

object, several objects, or all objects on the system• It not only verifies object signatures, but also verifies the integrity based on

checksums• The command flags the verified files with the following flags

– ALTERED The object has been tampered with– BADSIG The object has a digital signature that is not valid– DMN The domain is not correct for the object type– PGMMOD The runnable object has been tampered with

• The database file also logs the following non integrity violations as:– NOSIG Objects that do not have a digital signature but can

be signed or objects that have a signature that cannot be verified due to an untrusted status. Anuntrusted status is when the signature verificationstore does not contain the object signer’s signatureverification certificate.

– NOTCHECKED Objects that could not be checked • Only if violations are found by the CHKOBJITG command, results are

written to a result file1041101183438AS4B *PGM QDFTOWN BADSIG /qsys.lib/payslip.lib/PAYMREPORT.PGM1041101183438AS4B *PGM QDFTOWN PGMMOD /qsys.lib/payslip.lib/PAYRMAIN.PGM1041101183438AS4B *FILE BARLEN NOSIG /qsys.lib/payslip.lib/PAYIFSAPP.FILE


Verify Object on Restore system value• System value QVFYOBJRST defines the policy for object signature

verification during restore operations– It controls how important signatures are for objects being

restored onto your system• Signatures are verified when:

– Restoring *PGM, *SRVPGM, *MODULE, *SQLPKG, *CMD,*STMF with attached Java programs from media or out of a save file

• Signatures are not verified when:– Restoring a signed save file. Signatures on save files are verified

when you attempt to restore objects from the save file.– Restoring stream files without attached Java programs


SoSe 2005 25


Verify Object on Restore system valueOptions available1 Do not verify signatures on restore. Restore all objects

regardless of their signature. Be careful when using this value;it allows restore of system-state objects without valid signature.

2 Verify signatures on restore. Restore unsigned user-state objects. Restore signed user-state objects, even if the signatures are not valid.

3 Verify signatures on restore. Restore unsigned user-state objects. Restore signed user-state objects only if the signatures are valid.

4 Verify signatures on restore. Do not restore unsigned user-state objects. Restore signed user-state objects, even if the signatures are not valid.

5 Verify signatures on restore. Do not restore unsigned user-state objects. Restore signed user-state objects only if the signatures are valid.


Single Signon


SoSe 2005 26


Typical Environment Today

iSeries

pSeries zSeries

xSeries

Linux

Telnet

DDM

WebSphere z/OS

Windows 2000/2003

AIX

i5/OS

John Smith‘s useru: John Smith pw: my7dogu: jsmith pw: just4uu: smithjo pw: wolf9packu: JoSm99 pw: tar3heel....many more...

For example, back-end access is done using a single OS user, unaware of the end user's authority.

Telnet

Linux

RACF

NetServer

Unix


The Problems many companies face• Every server platform has unique mechanisms for managing users

(User Registries), making it complex for administrators• Difficult to keep track of users in all systems• Users have to remember user IDs and passwords to each system

they use• Application developers create their own user registries and use

unsafe techniques for access to back-end systems• Single point of management tools solve the problem for

administrators, but not necessarily for users or ISVs20% to 40% of all calls to a help desk involve forgotten passwords costing a company $14 to $26 per reset.Source: Gartner Group

• Existing single sign-on solutions (distributed authentication, authentication proxy, etc.) store user and password information

• Storing passwords, even encrypted, lowers security – passwords should be hashed


SoSe 2005 27


Single Signon characteristics• Sign on once to the network using, for example user ID and

password• Subsequent connection requests to application services and

resources are authenticated without prompting for the user ID orpassword– Network authentication protocols, such as

Kerberos, are used to perform authentication • Taking different identities for various

applications for a single entity into consideration is desirable

Vertical SSO

Horizontal SSO


Enterprise Identity Mapping (EIM)

EIM defined: Identity associations across user registries associated with OS platforms, applications, and middleware.

• Enterprise Identity Mapping (EIM) is a mechanism for mapping (associating) a person or entity to the appropriate user identities in various registries throughout the enterprise

• EIM provides an infrastructure that lowers the expense for application developers to provide single signonsolutions

Windows 2000 Server

kdc1.itso.myco.com

EIM Domain ControllerJsmith

Sjonesrealm = itso.myco.com

iSeriesB.itso.myco.com

iSeriesA.itso.myco.com

zSeriesC.itso.myco.com

EIM IdentifiersJohn Smith Sharon Jones

SjonesSharonjJonesshJoness2

JsmithJohnsSmithjoSmithj

Kerberos principaliSeries A user nameiSeries B user namezSeries C user name

The IBM autonomic computing initiative


SoSe 2005 28


Enterprise Identity Mapping (EIM) ...cont‘d

• EIM enables Single Signon• Accepts the fact that multiple registries (IBM and non-IBM) will exist in

the enterprise• EIM support on all IBM ̂ platforms

–zSeries (z/OS, Linux)–iSeries (OS/400, i5/OS, Linux, Windows 2000/2003 *1)

•Application support for Telnet (server, PC5250 and Host On-Demand clients), host servers, DDM/DRDA, ODBC, JDBC, NetServer, QFileSvr.400, HTTP server, Management Central, Windows integration

–pSeries (AIX, Linux) NFS–xSeries (Windows 2000/2003/XP, Linux)–Java and C API support

• EIM uses a collection of APIs that access a Directory server to store Domain information

• IBM freely distributes EIM APIs and Java packages for ISVs to bundle with their applications

– Vendor tools exist that exploit the APIs for managing EIM domains


EIM Identifier• An EIM identifier represents an actual person or entity in EIM • The identity associations (mappings) are stored in a well-known

location, such as LDAP, with common services across platforms toaccess the mappings

JohnSMSMITH1 JS J SmithJSmithJOHNS Services

z/OSUser

OS/400 User AIX user Kerberos

PrincipleLinux User

DCE User

2000/XPUser

Enterprise User

EIM Identifier

John Smith

local user

Identities

user registries

Identity

mappings


SoSe 2005 29


EIM Domain Data• EIM uses a Directory (LDAP Server) for storing identities along

with EIM Domain data• The Directory server also handles access control to the EIM

Domain configuration• A basic Directory configuration is required for creating an EIM

Domain• Available LDAP server functions, such as replication, can be

used to improve availability

Identity Mappings

User Registry

User Registry

EIM Domain Data

Directory root


SSO Authentication - Kerberos• Kerberos is a network authentication protocol• Designed to establish secure authentication from client to server

(and vice versa) on an untrusted network• NAS is built on the Kerberos Network Authentication Service

(RFC1510)– Kerberos V5 is required– On iSeries, Kerberos is referred to as Network Authentication

Servíce (NAS)• Network Authentication Service (NAS) enables the operating system

and applications to use Kerberos tickets for authentication instead of a user ID and password

• Applications can identify users and securely pass on the identity to other services

• Widespread throughout the industry, allows for interoperability between platforms

• Simplifies trust management


SoSe 2005 30


Kerberos Environment

Key Distribution Center(KDC)

"A"

TGT "A"

John

Server A

AS TGS

Service"A"

1

3

4

5

6

1

2

3

4

5

6

as_request:"Hi, I'm John.Can I have a ticket for getting tickets?"

as_reply: "Here's a ticket-granting ticket, encrypted with John's secret key".

tgs_request:"Here is my TGT, could I have a ticket for Service A? "

tgs_reply: "Here's a ticket for Service A."

ap_request:"Here is my ticket; let me use your service. "

ap_reply: "Welcome John! By the way, here's the proof that I'm Service A."

TGT2


Kerberos Tickets• Ticket: A record that helps a client authenticate itself to a server

or service and establish a session.

• Ticket-granting ticket (TGT): A ticket used for requesting tickets subsequently used for sessions. A TGT is received once the proper credentials are given to the Authentication Server.

• Some other tickets:– Proxiable/Proxy Ticket: Ticket that can be used by servers to

represent the client against a back-end server– Forwardable/Forwarded Ticket: Ticket that delegates the task

of obtaining service tickets on behalf of the client


SoSe 2005 31


The 'Ticket'

This structure is the same for all tickets(simplified; see RFC1510 for exact details)

•tkt-vno: Kerberos version used (v.5).•Realm: Name of the realm that issued the ticket.•Sname: Server/Service Name the ticket is intended for.

Version

RealmService

Flags

Session Key

Client Name

Client Realm

Transited

Auth. time

Start Time

End Time

Renew till

Client Address

Auth. data


Example Session

Shared secret (password) client user Session key client-KDC

KDC (AS)

2. AS_REP

Client

1. AS_REQ

ClientName

Servicekrbtgt

TimeStamp

as_req KU

KU

TGT Session Key

as_repKU

KUK

KUK

KUK

KM

KM

KDC Master key


SoSe 2005 32


Example Session (cont‘d)

Session key client-KDC Session key client-Service_A Shared secret (password) Service_AService_A

KDC (TGS)

KUK

3. TGS_REQ

TGT Authenticator

tgs_req

ServiceName

KUK

KUS KS

5. AP_REQAuthenticator

ap_req

ServiceTicket

ServiceName KSKUS

KUS

6. AP_REPap_rep

TimeStamp

KUS

4. TGS_REPService

TicketSession Key

tgs_repKUK

KSKUS


EIM and Kerberos – Working together

EIM Domain Controller

Registry: User: TypeDomainServer John Smith Kerberos

ServerA JOHNS OS/400ServerB JSMITH RACFIntraNet JohnS AIXSysA JOSMITH OS/400

Key Distribution Center(KDC)

AS TGS

Identifier: John N. Smith

Source ID

Type

Can I have a ticket

for SysA?

Sure. Here's my ticket.

Can you let me in?

Hey, who is this

John Smith ?

I know, that's JOSMITH

Oh. Welcome JOSMITH

1

2

3

45

6

Target ID

Target

TargetTargetID

John

SysARequesting TGT steps not shown

SSL


SoSe 2005 33


Implementation Prerequisites• iSeries

– Min. OS/400 V5R2 (5722-SS1) or i5/OS V5R3– Including Qshell interpreter (Option 30) and Host Servers (opt.12)– Cryptographic Access Provider 128-bit (5722-AC3)– iSeries Access for Windows (5722-XE1)

• Client– Windows 2000/XP– iSeries Access (Version 5 Release 2 or higher)– iSeries Navigator including the "Network" and "Security" components

(for administration)– Other clients that support Kerberos authentication

• KDC– Supporting Kerberos Version 5 – iSeries KDC support added with i5/OS V5R3– Windows 2000 or Windows 2003 server with Active Directory– Linux KDC (MIT or Heimdal)


Anti-Virus Scanning


SoSe 2005 34


Antivirus scanning

• i5/OS contains infrastructure support for enhanced virus scanning for the Integrated File System (IFS)

• Allows third-party vendors to develop antivirus scanning software that plugs into i5/OS (OS/400)

• Scanning support available to scan for any other purpose when an object is opened or closed

Viruses cause significant damage to businesses every year Integrity

Spread virus

W32/Cidu-A

W32/BabyBearA

Phantom 1

NetServerFTP, NFS


Antivirus scanning• i5/OS keeps track of all changes and only calls the

scanning software when files or virus definition files change.– When independent auxiliary storage pools (IASPs) are used and

virus definitions are kept in sync between systems, moving an IASP does not cause a rescan.

– Scanning behavior can be controlled via IFS object attributes and system values.

• Only objects in /root, QOpenSys and UDFS file systems are scanned.• When several open instances exist on an object, scanning is only

performed when a close request is received for the last descriptor.• By default, no scanning occurs when objects open for write.• Virus scanning products can register to the following exit points:

– QIBM_QP0L_SCAN_OPEN: Integrated File System Scan on Open Exit Program – QIBM_QP0L_SCAN_CLOSE: Integrated File System Scan on Close Exit Program


SoSe 2005 35


Antivirus scanning

• System-wide behavior controlled via two system values

System valueQSCANFSCTL

System valueQSCANFS


Antivirus scanning• Which files are being scanned can be further controlled via IFS object

attributes.• The following two new attributes were added and can be set via the Change

Attribute (CHGATR) command:– *CRTOBJSCAN: Specifies whether to scan objects created in a directory– *SCAN: Specifies whether to scan a specific object

CHGATR OBJ('/home/quser/envar') ATR(*SCAN) VALUE(*NO)

File properties

For our command line fans


SoSe 2005 36


Open Exit - Preconditions• Exit program NOT called if any of the following is true

– No exit program exist for this exit point– QSCANFS has *NONE specified– Object is marked to not to be scanned and a scan is

not required because the object was restored– Object opened for Write access only– Object truncated as part of Open request– Object is the storage for IXS– Object no being accessed from a file server and

QSCANFSCTL has *FSVRONLY specified– Object is in *TYPE1 directory


Open Exit – additional conditions• If previous conditions met, call exit program if one of the

following conditions is met– Object has never been scanned– Object data has been modified since last scan– CCSID of object has been modified since last scan– To CCSID specified on open request different from

last two To CCSID that were specified and scanned– Object being open in binary and not previously scan

in binary– Updates to scanning software and object was not

marked to be scanned only if object changed


SoSe 2005 37


Close Exit• Exit program NOT called if any of the following is true

– No exit program exist for this exit point– QSCANFS has *NONE specified– Object is marked to not to be scanned and a scan is

not required because the object was restored– Object being closed was opened for Write access

only– Object is the storage for IXS– Object no being accessed from a file server and

QSCANFSCTL has *FSVRONLY specified– Object is in *TYPE1 directory


Close Exit – Additional Conditions• If previous conditions met, call exit program if one of the

following conditions is met– Object has never been scanned– Object data has been modified since last scan– CCSID of object has been modified since last scan– To CCSID specified on open request associated with

this close is different from last two To CCSID that were specified and scanned

– Object associated in the close request was being open in binary and not previously scanned in binary

– Updates to scanning software and object was not marked to be scanned only if object changed


SoSe 2005 38


Lab Preparation and Demo


Lab Unit 7 Objectives• Lab 1 – Setting up digital certificates

– Verify that the *ADMIN HTTP instance isstarted – required to work with DCM

– Learn how to set up digital certificates underi5/OS for use with SSL-enabled applications

– You will create your own server certificate in the i5/OS *SYSTEM certificate store


SoSe 2005 39


iSeries Tasks page


Enabling SSL for SSL-enabled Apps

Create certificate requestvia DCM (*SYSTEM store)

Send signing request toCA

Receive signed certificateinto *SYSTEM store

Assign certificate toapplication

Modify applicationsettings


SoSe 2005 40


Lab Unit 7 Objectives (cont‘d)• Lab 2 – Protecting Web traffic with SSL

– You will activate SSL for one application• The application will be an HTTP Web server

– Every student will create her/his own Web server instance

– You are going to use your own certificate withyour server instance

– At the end, you will verify that your serverworks and an SSL session can be established


IBM Web Administration for iSeries


SoSe 2005 41


Assigning a server certificate


Lab Unit 7 Objectives (cont‘d)• Lab 3 – Authenticating Web users with LDAP

– You will configure your Web server instanceto protect a new resource

– Only authenticated users will be able to access the protected resource

– Authentication is performed through an LDAP-enabled user registry

– Students will create their own organizationalunit and person entries in the LDAP directoryserver


SoSe 2005 42


Setting up your LDAP directory entries


Configuring LDAP authentication

root

o=fuborg

ou=auth001 ou=authXXX

cn=webuserauid=userauserPassword=my5pwd

VL7 iSeries Security 2 - Freie Universität Security_2.pdf · – CAST-128 (RFC 2451) – RC5 (RFC 2451) – IDEA (RFC 2451) – Blowfish (RFC 2451) – 3DES (RFC 2451) – RC4 –

Documents