Int ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28

Transcription

1 Int ernet w orking Internet Security Literature: Forouzan: TCP/IP Protocol Suite : Ch 28

2 Internet Security Internet security is difficult Internet protocols were not originally designed for security The protocols are full of security holes. In all levels of the stack: ARP - L2 hijacking IP - spoofing, fragments, broadcast, UDP - stateless easy to spoof TCP - hijacking sessions, denying service DNS contaminating DNS caches Dynamic routing false RIP messages Tunneling - bypass firewall rules

3 Attack Examples Spoofing forging someone else s address Dictionary attack getting passwords Port scanning finding open services Sniffing listening on internal traffic Denial of service attacks (DOS) Distributed DOS (DDOS) Man-in-the-middle Virus Trojan horse Worm Ping of death - killer packets

4 Address spoofing Forge addresses L2 / IP addr / UDP ports / Names Easy to do ARP & L2 spoofing redirects ARP caches and learning tables Hijacking of sessions blind spoofing : return traffic goes to wrong host attacking of the spoofed source man-in-the middle pretend to be other host DNS forging DNS RR entries

5 Denial of service DOS/DDOS Prevent normal use of a service TCP syn attack at TCP connection setup routing attacks make networks unaccessable web defacing mail attacks fragment attacks Distributed DOS (DDOS) use many hosts to launch a DOS smurf: use ping to directed multicast and spoofed src

6 Aspects of security (Forouzan) Privacy Message readable only by receiver and sender Unreadable by others Authentication The receiver is certain of the sender s identity No imposter Integrity Message receives exactly as it was sent. No changes during transmission. Nonrepudiation A receiver can prove that message came from a specific sender.

7 Secret key encryption Secret-key encryption/decryption symmetric encryption same key used at both parties Advantage Efficient algorithms: good for large messages Disadvantages Lots of keys: n(n-1)/2 Key distribution KDC Key Distribution Center Examples Data Encryption Standard (DES) Advanced Encryption Standard (AES)

8 Public key encryption Use two keys Public key available to all Private key secret Advantages No shared keys Fewer keys Disadvantages Algorithm complexity Public key needs verification Certification Authority (CA) Example: Rivest, Shamir, Adleman (RSA)

9 Digital Signature For authentication, integrity and nonrepudiation Signing the document digital signature Approach 1: Public-key encryption (RSA) for signing the whole document Use own private key to encrypt, public key to decrypt Approach 2: Signing a digest of the document Use a secure hash function (one-way) SHA-1, MD5

10 Sender signing the digest Sender produces a digest using hashing Digest is encrypted using its private key signed digest Singed digest appended to message

11 Receiver verifies signature Receiver extracts signed digest decrypts it using sender s public key Produces a digest using hashing Verification by comparing the two

12 Application/Transport layer security Security can be implemented in different layers of the IP stack Application/Transport/Networking Kerberos Authentication and key distribution PGP Pretty Good Privacy Digital signature using hashing and public-key encryption combined secret-/public-key encryption for privacy SSH Secure Shell A secure version of rlogin Numerous functions SSL Secure Socket Layer ( IETF version: TLS Transport Layer Security Confidential pipe between browser and web server Server authentication S/MIME Mail security

13 Security in the IP layer: IPsec A sender and receiver agree on a set of security schemes, Security Association (SA) a cleartext index (SPI) SA includes: encryption algorithm, keys, lifetime, addresses IPsec implemented in the IP header Part of IP stack, network layer IPsec consists of two protocols Privacy: Encapsulation Security Payload (ESP) Authentication, etc: Authentication Header (AH) IPsec has two modes Tunnel mode useful for VPNs Transport mode end-to-end Dynamic key management ISAKMP Internet SA and Key Management Protocol IKE Internet Key Exchange

14 IPsec Transport Mode End-to-end security Only end-host is trusted Security Association (SA) between H1 and H2. IPsec Transport m ode Securit y Associat ion Int ernet H 1 H 2

15 IPsec Tunnel Mode Security Association (SA) between R1 and R2. Cleartext packet to H1/H2. H1 - R1 and R2-H2 trusted IPsec headers encapsulate the packet Securit y Associat ion Int ernet H 1 R 1 R 2 H 2

16 Authentication Header - AH AH supports a digital signature digest produced by hash function addresses integrity, authentication, non-repudiation Some AH header fields: SA index, message digest, sequence number (may not re-occur), original datagram IP hdr TCP hdr Payload transport mode New proto: 51 IP hdr AH hdr TCP hdr Payload authenticated tunnel mode IP hdr AH hdr IP hdr TCP hdr Payload New hdr authenticated

17 Encapsulation Security Payload - ESP ESP encrypts the payload of an IP datagram But ESP also has authentication ESP addresses privacy, but also authentication, etc. In tunnel mode, the whole datagram is encrypted Some ESP header fields: SA index, sequence number (may not re-occur), padding original datagram IP hdr TCP hdr Payload transport mode New proto: 50 IP hdr ESP hdr TCP hdr Payload encrypted authenticated ESP trailer ESP auth tunnel mode IP hdr ESP hdr IP hdr TCP hdr Payload ESP trailer ESP auth New hdr encrypted authenticated

18 Automatic key distribution IKE/ISAKMP Basic IPsec requires manual key configurations. But keys are long and difficult to administer: We need key distribution protocols automatic keying Also, sequence numbers in ESP/AH do not wrap around New keys need to be used after 2 32 messages For further information see: Internet Security Association and Key Management Protocol (ISAKMP) The Internet Key Exchange (IKE/IKEv2)

19 Firewalls (on six slides)

20 Firewalls Keeping the bad guys out Prevent unauthorized access Forward some packets and blocks others But the roles are not always clear What do we mean by secure? Ext ranet Int ranet? Int ernet Servers (DMZ)

21 Packet-filter firewall A router with filtering capabilities The firewall uses packet-filters (ACLs) to drop or pass traffic Stateful inspection keep state of every TCP/UDP flow and allow reverse traffic traffic from inside opens the firewall for incoming traffic dynamically Example: permit out on eth0 from /24 to any proto tcp keep state permit inout on eth0 proto icmp deny default trusted Int ranet untrusted Int ernet Firewall router with packet filtering

22 Example rules ICMP allow all output, filter input (path MTU discovery) TCP allow connections created from inside, block all other input UDP block all input and output,... H.323/SIP use the phone? WWW allow all output/proxy, block all input, put web server in DMZ DNS block internal info from outside SSH allow all input and output Free from Cheswick et al Firewalls and Internet Security

23 Proxy firewall / Application-level gateway Better application-level understanding than packet-filtering An ALG is a firewall program that runs in user-space at the application level typically in combination with packet-filtering Two separate TCP connections one from a client to the ALG; one from the ALG to the server The ALG terminates the connections Disadvantages slower: more memory and processing one proxy per new application: web, sip, ftp,... trusted Int ranet untrusted Int ernet Applicat ion-level gateway

24 Demilitarized Zone A DMZ contains server accessible from the Internet but the intranet is not accessible from the outside two levels of defence: defence in depth If a server is attacked, the intranet is still safe Can be combined with application proxies Servers / Proxies trusted Int ranet Inner Barrier DMZ Outer Barrier untrusted Int ernet

25 Firewall Design Criteria There is no absolute security It is always a question of economics Defense in depth place several firewalls after each other Weakest link The strength of your security system is bounded by the weakness of your weakest link Least privilege Give the smallest amount of privilege possible Fail safe Even if everything is going wrong, the security system should not leave any security hole in the system. Keep it simple!