IEEE MACSec and NSA ESS: How to Protect Your WAN, LAN and Cloud

Transcription

1 SESSION ID: PDAC-F01 IEEE MACSec and NSA ESS: How to Protect Your WAN, LAN and Cloud Emil Isaakian Security Architect ViaSat

2 Enterprise Networks are Wide-Open Past Front Door 99% of your Enterprise Network is 100% unsecured Really? (Ok 97% in this capture ) 3.6% Encrypted! Holy C#$P! Yet we are shocked when the next major breach is announced 2

3 Sniffing an Enterprise Network. Raw text from SMB2 File read Full undetectable read access just by finding a Ethernet Cable or port 3

4 Data Center/Cloud security Cisco Nexus 93128TX Cisco Nexus 93128TX But wait we re moving to the Cloud. It s all fixed now! Security Sure it is But all the Traffic is Here STS Load Balancing/Redundancy is Here NextGen Firewall NextGen Firewall IDS/IPS IDS/IPS Data Center (aka the cloud) traffic is mostly east/west now 99% unsecured as well L 14 BCN BCN STS 100's of North South GbE Links >80-90% Traffic is East West Intra-DataCenter Communication N9K-M6PQ STS N9K-M6PQ 6 STS N9K-M6PQ 6 STS N9K-M6PQ STS N9K-M6PQ STS 's+ of East West GbE Links Servers Compute + Storage VM Replication/Migration 4 SAN/DAS/NAS Volumes Blade Compute Internet/SNMP/DNS

5 Why are We so Insecure? Fundamental Answer#1: Software is insecure by design Fundamental Answer#2: Encryption Not deployed everywhere And we actually need to communicate outside our intra-net ;) Why not? Most Encryption done by Application Most applications are hard to secure (Certificates, Passwords, RADIUS, Keys, etc) Leaves all network/link (Layer-2) protocols open Very hard to do right Easy to get wrong OpenSSL Can you patch fast enough (Sorry I know you devs are trying!) Without Layer-2 Encryption + Isolation APT Lateral Movement is easy 5

6 Easy/Hard L2 Encryption Targets Data In Transit (DIT) Encryption significantly reduces cyber vulnerability footprint Easy Areas to protect: Enterprise to Enterprise (CPE to CPE) links Over dark fiber or over leased infrastructure (MAN/WAN Intra-net links etc) Enterprise to Cloud/ Datacenter to Datacenter (cloud/hybrid IT) Hard(er) Areas to protect: Internal Networks: PC/Laptop shared LAN Connection to shared NAS/SAN Data Storage Printers, End Points, Network IT closets L2 Encryption not available yet at end points Few switches have line rate L2 Encryption available on all ports yet But were moving in that direction 6

7 Here s where MACSec + ESS come in Now were getting technical

8 What is MACsec/ESS? Its Complex! This is MACSec IEEE 802.1AEbw IEEE 802.1x IEEE 802.1AR RFC4492 RFC4949 RFC2986 RFC3279 RFC5247 RFC6379 RFC5106 RFC6460 RFC5216 RFC5759 RFC4108 All these RFCs make it work 8

9 Boil it down MACSec (IEEE 802.1AE) by itself is useless Requires all these IEEE specs + RFC s: Key Distribution & Exchange, Trusted Secure Device Authentication, External Authentication (RADIUS) Lots of options. Options == not(interoperable) == not(secure) == not(used) ESS 1.0 == NSA Tailored Spec version of MACSec Removes most options only allows maximum security XPN-AES-256-GCM (64-bit PSN, sectag, No-Bypass, Suite-B compliant) Adds better support for Carrier Ethernet/MEF PBN/PBBN, VPLS topologies, C-TAG, S-TAG, VLAN aware etc E.g. To make MACSec Hop-to-Hop suport service provider bridged networks Adds TRANSEC (Fixed Frame Padding SuperTunnels) Traffic Analysis protection Adds Tunnel Mode (MAC in MAC encapsulation) to cover internal Addresses 9

10 Packet Transforms 10

11 Encryption Details 11

12 Decryption Details 12

13 Key Management Protocol (MKA) MKA Provides Protected control protocol at Layer-2: Identifies Live Peers Creates Connectivity Associations (CA s) between 2+ Peers Distributes Security Association Keys (SAKs) among Peers in CA Timeliness check (optional) to prevent delayed packets (inverse of anti-replay) Protection: Each packet has a Cryptographic ICV (AES-CMAC) using ICK (Derived from CAK) SAKs encrypted (AESKW) using KEK (Derived from CAK) All derivation uses AES-CMAC based KDF Forward Security New SAKs distributed on Peer List Change Per Packet Counter for Anti-Replay (Strict) 13

14 EAPOL-MKA Frames 14

15 Ethernet Data Encryption (EDE) Device Types IEEE/ESS Created new MACSec Device Types to support Networks EDE-T Two Port Mac Relay. No VLAN awareness (Encapsulates) EDE-M Port Based or C-Tagged single service (VLAN Agnostic), or Customer Bridged Network EDE-CC C-Tagged to C-Tagged (Customer VLAN Tag) EDE-CS C-Tagged to S-Tagged EDE with internal translation EDE-SS S-Tagged to S-Tagged EDE (Service Provider VLAN Tag) Refer to: 15

16 Bridge Group Addressing IEEE specs EAPOL to use 802.1Q Reserved Addresses for Broadcast Allows easy visibility of group peers But overlaps with common protocols (Spanning Tree) Refer to: -0x Rsvd Address Filtered at various domains: Requires careful setup and selection of EDE-x device Based on customer vs service provider location 16

17 Network Vulnerability Mitigated Attack/Vulnerability Application Level DOS/DDOS L2 MAC Address Tables DOS Spanning Tree Protocol DOS ARP Poisoning/Man in the Middle Eavesdropping Port Mirroring Eavesdropping Replay Traffic Flow Analysis Covert Channels Repudiation MAC Address Spoofing Description Denial Of Service, Distributed Denial Of Service attacks where large volumes (Floods) of packets are directed at servers to overload network Denial Of Service targeting Router/Switch by sending large volumes (Floods) of packets with different MAC Addresses Denial Of Service targeting Router by sending large volumes (Floods) of STP packets (BPDUs) to cause Router control plane overload. Malicious ARP responses from compromised or unsecure end devices can poison the ARP cache causing traffic to be redirected Does MAC-SEC Protect against Yes Yes Yes Yes 17 Does ESS Protect against this? Reconfiguration or physical tapping of a switch/router port Yes Yes A adversary/malicious user can capture valid authenticated/encrypted traffic and replay (re-send) it. Even without being able to decrypt and recover a packets Plain- Text, inspection of the MAC source/destination addresses can allow a adversary to map a networks topology and gain intelligence on end-points, communication activity, etc. A compromised end-point, or malicious user or application can indirectly create a un-secured covert communications channel over a secure network by varying packet sizes, rates, sourcedest addresses of transmitted packets. Sending secure (or un-secure) packets and later dis-avowing that the packets were sent from the specified end device. A unsecure end-device can masquerade as a trusted devices MAC Address both to re-route traffic for DOS attacks and potentially eavesdrop on communications. Partial No No Partial Yes Yes Yes Yes Yes Partial Yes Yes Partial Yes Description of protection Packets that are not encrypted/authenticated are dropped at the link layer preventing application services from seeing the large volume of traffic preventing DOS. Line rate classification of L2 packets forces dropping of all un-authorized L2 packets on ingress (e.g. non-mac-sec Frames). Line rate classification of L2 packets forces dropping of all un-authorized L2 packets on ingress (e.g. non-mac-sec Frames) Un-authorized devices cannot communicate on a MAC-SEC authenticated/encrypted network Un-authorized devices cannot decrypt data sent on a MAC-SEC authenticated/encrypted network MAC-SEC provides anti-replay protection via a authenticated window (configurable) mechanism that discards packets with sequence numbers that are out of the replay window. ESS Provides continous fixed frame sizes encapsulating the underlying network packets preventing analysis ESS Provides continous fixed frame sizes encapsulating the underlying network packets preventing analysis Since MAC-SEC provides confidentiality and authentication with a anti-replay window there is inherently some protection against repudiation depending on how many end-devices are assigned to a SA. Un-authorized devices cannot communicate on a MAC-SEC authenticated/encrypted network so will be unable to eavesdrop.

18 What to do! How do I apply this in my network

19 WAN/MAN Protection (Easy Part) 19

20 Intranet Protection CPE to CPE Encryption is obvious and Easy to do. But what about reducing Cyber vulnerability threat vectors? VM Isolation of external vs internal applications + Encryption Move all non-critical applications to VM E.g. IE, Chrome, Firefox, web-apps, Facebook, Streaming Music, Dropbox Isolate via MACSec encryption all internal Enterprise port access Shared NAS/SAN, Printers, VDI, , Sharepoint, etc operate over encrypted L2 link Completely isolates internal vs external flows Next two slides show How Enterprise Network normally gets Hacked vs Protected Network 20

21 Unprotected Intranet Hack

22 Intranet Protection Protected Intranet Hack-Fail

23 Cloud Protection How to we extend these principles to the Cloud? Same techniques work inside Datacenter Encrypt External Links Encrypt Groups of VMs/Applications Internally Minimize Lateral movement on compromise Isolate separate clients to separate Cryptographic Domains (CA s) Allow Users to Encrypt all the way to VM (e.g. MACSec at vswitch layer) 23

24 L2 Protected DCI

25 What to Do next Analyze your internal network. Get scared! Encrypt your inter-office links Stop using openssl to Secure your network You cant possibly patch fast enough. And all Layer-2 is exposed L Deploy High Grade Encryption Appliances or Embedded Hardware Encryption Require Switches to support MACSec/ESS L2 Encryption on all ports Only use Software based encryption in VMs and applications For follow up - Contact me: Yep after all that security talk I ll give you an address K 25