Cisco Live /11/2016

Similar documents
Advanced IKEv2 Protocol Jay Young, CCIE - Technical Leader, Services. Session: BRKSEC-3001

CSC Network Security

CIS 6930/4930 Computer and Network Security. Topic 8.2 Internet Key Management

INFS 766 Internet Security Protocols. Lectures 7 and 8 IPSEC. Prof. Ravi Sandhu IPSEC ROADMAP

Outline. Key Management. Security Principles. Security Principles (Cont d) Escrow Foilage Protection

Outline. Key Management. CSCI 454/554 Computer and Network Security. Key Management

CSC/ECE 574 Computer and Network Security. Outline. Key Management. Key Management. Internet Key Management. Why do we need Internet key management

CSCI 454/554 Computer and Network Security. Topic 8.2 Internet Key Management

Outline. CSC/ECE 574 Computer and Network Security. Key Management. Security Principles. Security Principles (Cont d) Internet Key Management

Advanced IKEv2 Protocol

Virtual Private Network

IPsec (AH, ESP), IKE. Guevara Noubir CSG254: Network Security

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2.

Virtual Private Networks

CSC Network Security

Table of Contents 1 IKE 1-1

IPSec Network Applications

The EN-4000 in Virtual Private Networks

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Configuring Security for VPNs with IPsec

The Internet community has developed application-specific security mechanisms in a number of application areas, including electronic mail (S/MIME,

Secure channel, VPN and IPsec. stole some slides from Merike Kaeo

IPSec Transform Set Configuration Mode Commands

IPsec and Secure VPNs

Some optimizations can be done because of this selection of supported features. Those optimizations are specifically pointed out below.

Swift Migration of IKEv1 to IKEv2 L2L Tunnel Configuration on ASA 8.4 Code

Internet security and privacy

IP Security IK2218/EP2120

Network Security - ISA 656 IPsec IPsec Key Management (IKE)

Cryptography and Network Security Chapter 16. Fourth Edition by William Stallings

show crypto group summary, page 1 show crypto ikev2-ikesa security-associations summary spi, page 2

Sample excerpt. Virtual Private Networks. Contents

CSCE 715: Network Systems Security

Network Security: IPsec. Tuomas Aura

IPSec Transform Set Configuration Mode Commands

VPN Overview. VPN Types

AIT 682: Network and Systems Security

Configuring Internet Key Exchange Version 2 and FlexVPN Site-to-Site

VPN, IPsec and TLS. stole slides from Merike Kaeo apricot2017 1

IP Security II. Overview

Security for VPNs with IPsec Configuration Guide, Cisco IOS XE Release 3S

CONTENTS. vii. Chapter 1 TCP/IP Overview 1. Chapter 2 Symmetric-Key Cryptography 33. Acknowledgements

A-B I N D E X. backbone networks, fault tolerance, 174

4 Network Access Control 4.1 IPsec Network Security Encapsulated security payload (ESP) 4.2 Internet Key Exchange (IKE)

NCP Secure Enterprise macos Client Release Notes

Security for VPNs with IPsec Configuration Guide, Cisco IOS Release 15M&T

BiGuard C01 BiGuard VPN Client Quick Installation Guide (BiGuard series VPN enabled devices) Secure access to Company Network

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1

Configuring Internet Key Exchange Version 2

Index. Numerics 3DES (triple data encryption standard), 21

IKE and Load Balancing

IPsec NAT Transparency

Internet Key Exchange

Crypto Templates. Crypto Template Parameters

IPSec Site-to-Site VPN (SVTI)

Release Notes. NCP Android Secure Managed Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3.

NCP Secure Client Juniper Edition (Win32/64) Release Notes

Junos Security. Chapter 8: IPsec VPNs Juniper Networks, Inc. All rights reserved. Worldwide Education Services

Site-to-Site VPN. VPN Basics

Hillstone IPSec VPN Solution

Data Sheet. NCP Secure Entry Mac Client. Next Generation Network Access Technology

VPN Auto Provisioning

NCP Secure Client Juniper Edition Release Notes

Security for VPNs with IPsec Configuration Guide Cisco IOS Release 12.4T

Virtual Tunnel Interface

Configuring LAN-to-LAN IPsec VPNs

Network Security: IPsec. Tuomas Aura T Network security Aalto University, Nov-Dec 2014

Configuring VPN Policies

Key Encryption as per T10/06-103

Configuration of an IPSec VPN Server on RV130 and RV130W

IPsec NAT Transparency

NCP Secure Entry macos Client Release Notes

IPsec Dead Peer Detection Periodic Message Option

In the event of re-installation, the client software will be installed as a test version (max 10 days) until the required license key is entered.

This version of the des Secure Enterprise MAC Client can be used on Mac OS X 10.7 Lion platform.

Chapter 11 The IPSec Security Architecture for the Internet Protocol

Configuring Internet Key Exchange Security Protocol

Chapter 6. IP Security. Dr. BHARGAVI H. GOSWAMI Department of Computer Science Christ University

Cryptography and Network Security. Sixth Edition by William Stallings

VPN Ports and LAN-to-LAN Tunnels

8. Network Layer Contents

Quick Note. Configure an IPSec VPN tunnel in Aggressive mode between a TransPort LR router and a Cisco router. Digi Technical Support 7 October 2016

Data Sheet. NCP Exclusive Remote Access Mac Client. Next Generation Network Access Technology

Network Security CSN11111

Virtual Tunnel Interface

Release Notes. NCP Secure Enterprise Mac Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3.

IBM i Version 7.2. Security Virtual Private Networking IBM

Virtual Private Network. Network User Guide. Issue 05 Date

The IPSec Security Architecture for the Internet Protocol

IP Security Discussion Raise with IPv6. Security Architecture for IP (IPsec) Which Layer for Security? Agenda. L97 - IPsec.

Advanced IPSec Algorithms and Protocols

Firepower Threat Defense Site-to-site VPNs

Chapter 5: Network Layer Security

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL II. VERSION 2.0

VPN World. MENOG 16 Istanbul-Turkey. By Ziad Zubidah Network Security Specialist

Dynamic Site to Site IKEv2 VPN Tunnel Between Two ASAs Configuration Example

VPNs and VPN Technologies

IPsec and ISAKMP. About Tunneling, IPsec, and ISAKMP

Transcription:

1

Cisco Live 2016 2

3

4

Connection Hijacking - prevents the authentication happening and then an attacker jumping in during the keyexchange messaging 5

6

7

8

9

Main Mode - (spoofing attack) DH performed after 3 rd packet Aggressive Mode - PSK Can be retrieved by an offline brute-force attack. Similar to a salted password file. - Trivial to DOS - DH done after receiving 1 st packet 10

11

CKY-I = md5{(src_ip, dest_ip), Random Number} CKY-R = md5{(src_ip, dest_ip), Random Number} 12

13

Nonce values prevent crendential replay attacks 14

15

16

17

18

19

Crypto validate previous messages prevents session hijack 20

21

22

23

Leads to an offline brute force attack because AUTH_R (in AM2) is: For pre-shared keys: SKEYID = prf(pre-shared-key, Ni_b Nr_b) HASH_R = prf(skeyid, g^xr g^xi CKY-R CKY-I SAi_b IDir_b ) Where g^xr and g^xi are the public portions of the DH exchange. All the values except for pre-shared-key are available in cleartext. 24

DOI Domain of Interpretation 25

How to be encapsulated (ESP/AH, Tunnel/Transport Mode) How to be encrypted (DES, 3DES, AES, AES-GCM) How to provide integrity (HMAC-[MD5,SHA1,SHA2],AES-GMAC) If new keying material needs to be generated (PFS) 26

27

28

29

30

31

Certificates are meant to make authentication scalable but need to configure which certificates to use for each connection. We need a better way to figure out which certificate to use 32

AH can t work through NAT since IP Addr is included in integrity check ESP can work through 1:1 NAT since only IP Address Header is changed ESP doesn t have ports can t go through PAT 33

34

35

36

37

38

Problem 1: each side needs to know which PKI infrastructures (CAs) are trusted by the peer in order to select which local certificate to use. Could be explicitly configured but reduces the potential to scale (due to configuration overhead). Solution 1: RFC4945 - Provide a list of subject names of trusted CAs to peer in the IKE exchange in the message prior to the AUTH payload. 39

40

SKEYID = prf(pre-shared-key, Initiator Nonce Responder Nonce) However the identities are shared after encryption has been established in MM5 and MM6. where identities are exchanged prior to key derivation. 41

if we haven t heard any IKE or IPsec traffic from peer. Periodic or on-demand 42

43

Unfortunately multiple RFCs have been defined to add additional features and clarifications to IKEv2. So that original point is lost. More Secure - to protect all IKEv2 packets. IKEv1 did integrity/auth check differently for each type of message. Built-in config exchange. Too many options in IKEv1, too complex. Implementations only supported subset of options. RFCs for IKEv1 confusing and too many different choices (ISAKMP defined 4 different phase-1 modes!) *Using only public key cryptography (Diffie-Hellman) means exchange is not Quantum Computer Resistant. There is an RFC draft to 44

In negotiation it is a selection of options not exact combinations more likely to have successful policy match smaller packet Keys are generated from Nonce, and DH values (no PSK). We reuse NAT-T, DH, and Nonce concepts 45

46

By reducing the number of exchanges, expensive cryptographic work is done after receiving 1 st packet Generate a cheap stateless cookie from secret + values from request. 47

48

49

Gives great flexibility to upgrade security/interoperability as EAP method must only match between the AAA server and the client 50

51

IKEv1 uses encryption to encapsulate each message but uses a HASH payload within the encrypted payload to provide authentication. The HASH payload construction is different for each message type. Wider set of rules for security analysis and potential attack surface Certificate requests are now sha-1 hashes of the public key of each CA rather than a list of the subject names - This provides the same functionality but hides the names of the CAs from any eavesdroppers. Reduces reconnaissance attacks. AEAD is Authenticated Encryption and Associated Data. This is encryption that includes integrity checks like AES- GCM. IKEv1 allowed group name/group password to build a secure phase-1. Then over that XAUTH was used to differentiate end users. EAP does this in the phase-1 establishment so no need to securely pre-deploy a group name/key. In IKEv1 aggressive mode responder must provide and prove identity first. Reconnaissance attack. AUTH payload can be offline brute-forced to recover crendentials. Suite-B has removed all IKEv1 references! Technically IKEv2 is not Quantum Computer Resistant because the session keys are based on the public key computation and do not include a secret value. RFC draft (draft-fluhrer-qr-ikev2-01) to allow for PSK to be included in key derviation. 52

53

Certificates that are revoked are a problem (or psk key change) since when you are in you are in forever 54

Exponential back-off. But when manually cleared via the cli IOS will delete sooner. Luckily this is mitigated if DPDs are used to detect dead peer sooner 55

With IOS/FlexVPN the routes are installed into RIB pointing out the P2P Virtual-Access or Tunnel interface. Allows to scale 56

Carrier Grade NAT typically block fragments IKEv1 vulnerable to re-assembly buffer attacks frags are unauthenticated IKEv2 standard protection (anti-replay) protect buffers. 57

58

59

track the protocol flow by looking that the source and destination IP/Port. Track the specific Security Association by the Initiator and Responder SPI Track the exchange that is happening (IKE_SA_INIT, IKE_AUTH, CREATE_CHILD_SA, NOTIFICATION) Track the exchange if it is a request or response. 60

61

Incompatible but can run side-by-side. Version number in IKE packet allows to demux the messages to the different services. 62

63

64

65

66

67

68

Cisco Live 2016 69

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback