Managing and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer

Similar documents
COSC4377. Chapter 8 roadmap

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

CSC 4900 Computer Networks: Security Protocols (2)

Chapter 8 Network Security

Internetwork Expert s CCNA Security Bootcamp. Mitigating Layer 2 Attacks. Layer 2 Mitigation Overview

05 - WLAN Encryption and Data Integrity Protocols

Wireless Network Security Spring 2015

Wireless Network Security Spring 2016

Example: Configuring DHCP Snooping and DAI to Protect the Switch from ARP Spoofing Attacks

Chapter 8 Security. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.

Link & end-to-end protocols SSL/TLS WPA 2/25/07. Outline. Network Security. Networks. Link and End-to-End Protocols. Link vs. End-to-end protection

Security in IEEE Networks

Wireless Security. Comp Sci 3600 Security. Attacks WEP WPA/WPA2. Authentication Encryption Vulnerabilities

Chapter 24 Wireless Network Security

Csci388. Wireless and Mobile Security Access Control: 802.1X, EAP, and RADIUS. Importance of Access Control. WEP Weakness. Wi-Fi and IEEE 802.

Wireless Network Security

Vendor: HP. Exam Code: HP2-Z32. Exam Name: Implementing HP MSM Wireless Networks. Version: Demo

Overview of Security

"$% "& & Thanks and enjoy! JFK/KWR. All material copyright J.F Kurose and K.W. Ross, All Rights Reserved. 8: Network Security 8-1

Selected Network Security Technologies

Chapter 8 Security. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

CIS 551 / TCOM 401 Computer and Network Security. Spring 2007 Lecture 8

CIT 380: Securing Computer Systems. Network Security Concepts

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

Physical and Link Layer Attacks

Chapter 8 Security. Computer Networking: A Top Down Approach

Network Encryption 3 4/20/17

CCNP Switch Questions/Answers Securing Campus Infrastructure

Exam HP2-Z32 Implementing HP MSM Wireless Networks Version: 7.1 [ Total Questions: 115 ]

Chapter 8 Security. Computer Networking: A Top Down Approach. Andrei Gurtov. 7 th edition Jim Kurose, Keith Ross Pearson/Addison Wesley April 2016

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

Securing Your Wireless LAN

Wireless Security Security problems in Wireless Networks

Numerics INDEX. 2.4-GHz WMIC, contrasted with 4.9-GHz WMIC g 3-6, x authentication 4-13

RC4. Invented by Ron Rivest. A stream cipher Generate keystream byte at a step

Network Security. The Art of War in The LAN Land. Mohamed Sabt Univ Rennes, CNRS, IRISA Thursday, September 27th, 2018

Campus Networking Workshop. Layer 2 engineering Spanning Tree and VLANs

Chapter 8 Network Security. Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009.

Configuring a Wireless LAN Connection

A Framework for Optimizing IP over Ethernet Naming System

Computer and Network Security

Securing a Wireless LAN

Problem Set 10 Due: Start of class December 11

Network Security. Thierry Sans

WPA Migration Mode: WEP is back to haunt you

Wireless Network Security

Wireless Networked Systems

Chapter 8 Network Security

Wireless Security Protocol Analysis and Design. Artoré & Bizollon : Wireless Security Protocol Analysis and Design

Chapter 8 Network Security

The Final Nail in WEP s Coffin

Wireless Attacks and Countermeasures

Wireless LAN Security. Gabriel Clothier

Configuring the WMIC for the First Time

Wireless Security i. Lars Strand lars (at) unik no June 2004

Exam Questions CWSP-205

Wireless technology Principles of Security

Configuring a VAP on the WAP351, WAP131, and WAP371

Chapter 17. Wireless Network Security

Wireless Network Security

HW/Lab 4: IPSec and Wireless Security. CS 336/536: Computer Network Security DUE 11 am on 12/01/2014 (Monday)

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ

Cisco Catalyst 6500 Series Wireless LAN Services Module: Detailed Design and Implementation Guide

Chapter 2. Switch Concepts and Configuration. Part II

Configuring Authentication Types

EEC-682/782 Computer Networks I

Chapter 4: Securing TCP connections

Chapter 8. Computer Networking: A Top Down Approach Featuring the Internet, 3 rd edition. Jim Kurose, Keith Ross Addison-Wesley, July 2004.

FAQ on Cisco Aironet Wireless Security

Example: Configuring DHCP Snooping, DAI, and MAC Limiting on an EX Series Switch with Access to a DHCP Server Through a Second Switch

Cisco Networking Academy CCNP

CCNP SWITCH (22 Hours)

Authentication and Security: IEEE 802.1x and protocols EAP based

Configuring Management Frame Protection

Switching & ARP Week 3

Security in Data Link Protocols

CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS

EXAM - PW Certified Wireless Security Professional (CWSP) Buy Full Product.

Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services

From wired internet to ubiquitous wireless internet

4.4 IEEE MAC Layer Introduction Medium Access Control MAC Management Extensions

Manual:Interface/Wireless

Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy

Session Overview. ! Introduction! Layer 2 and 3 attack scenarios! CDP, STP & IEEE 802.1q! ARP attacks & ICMP abuse! Discovering & attacking IGPs

Switched environments security... A fairy tale.

Network Security Fundamentals. Network Security Fundamentals. Roadmap. Security Training Course. Module 2 Network Fundamentals

Review. Error Detection: CRC Multiple access protocols. LAN addresses and ARP Ethernet. Slotted ALOHA CSMA/CD

Configuring WDS, Fast Secure Roaming, Radio Management, and Wireless Intrusion Detection Services

Configuring the Client Adapter through Windows CE.NET

DGS-1510 Series Gigabit Ethernet SmartPro Switch Web UI Reference Guide. Figure 9-1 Port Security Global Settings window

Security and Authentication for Wireless Networks

Appendix E Wireless Networking Basics

WIRELESS LAN/PAN/BAN. Objectives: Readings: 1) Understanding the basic operations of WLANs. 2) WLAN security

Analysis of Security or Wired Equivalent Privacy Isn t. Nikita Borisov, Ian Goldberg, and David Wagner

Configuring Hybrid REAP

CS 393/682 Network Security

Securing Wireless Networks by By Joe Klemencic Mon. Apr

CITS3002 Networks and Security. The IEEE Wireless LAN protocol. 1 next CITS3002 help3002 CITS3002 schedule

Exam Advanced Network Security

Transcription:

Managing and Securing Computer Networks Guy Leduc Chapter 7: Securing LANs Computer Networking: A Top Down Approach, 7 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2016. (section 8.8) Also based on: LAN Switch Security, Eric Vyncke, Christopher Paggen Cisco Press, 2008 (chapters 2 to 6) 7: Securing LANs 7-1 Chapter 7: Securing LANs Chapter goals: security in practice: Security in the data link layer Securing Wireless LANs Securing Switched Ethernet LANs 7: Securing LANs 7-2 1

Chapter Roadmap Securing Wireless LANs Wired Equivalent Privacy (WEP) IEEE 802.11i Securing Switched Ethernet LANs Securing the MAC self-learning process Securing DHCP and ARP Securing the spanning tree protocol Securing VLANs 7: Securing LANs 7-3 WEP Design Goals Symmetric key crypto Confidentiality Station authorization Data integrity Self-synchronizing: each packet separately encrypted Given encrypted packet and key, can decrypt; can continue to decrypt packets when preceding packet was lost Unlike Cipher Block Chaining (CBC) in block ciphers Efficient Can be implemented in hardware or software 7: Securing LANs 7-4 2

Review: Symmetric Stream Ciphers key keystream generator keystream Combine each byte of keystream with byte of plaintext to get ciphertext m(i) = i th unit of message ks(i) = i th unit of keystream c(i) = i th unit of ciphertext c(i) = ks(i) m(i) ( = exclusive or) m(i) = ks(i) c(i) WEP uses RC4 7: Securing LANs 7-5 Stream cipher and packet independence Recall design goal: each packet separately encrypted If for frame n+1, use keystream from where we left off for frame n, then each frame is not separately encrypted Need to know where we left off for packet n WEP approach: initialize keystream with key + new IV for each packet: Key+IV packet keystream generator keystream packet 7: Securing LANs 7-6 3

WEP encryption (1) Sender calculates Integrity Check Value (ICV) over data four-byte hash/crc for data integrity Each side has 104-bit shared key Sender creates 24-bit initialization vector (IV), appends to key: gives 128-bit key Sender also appends keyid (in 8-bit field) 128-bit key input into pseudo random number generator to get keystream data in frame + ICV is encrypted with RC4: Bytes of keystream are XORed with bytes of data & ICV IV & keyid are appended to encrypted data to create payload Payload inserted into 802.11 frame encrypted IV Key ID data ICV MAC payload 7: Securing LANs 7-7 WEP encryption (2) Sender-side IV (per frame) K s : 104-bit secret symmetric key key sequence generator (for given K s, IV) IV IV IV IV IV IV k 1 k 2 k 3 k N k N+1 k N+4 802.11 header IV WEP-encrypted data + CRC Plaintext frame data + CRC d 1 d 2 d 3 d N CRC 1 CRC 4 c 1 c 2 c 3 c N c N+1 c N+4 new IV for each frame 7: Securing LANs 7-8 4

WEP decryption overview encrypted IV Key ID data ICV MAC payload Receiver extracts IV Inputs IV and shared secret key into pseudo random generator, gets keystream XORs keystream with encrypted data to decrypt data + ICV Verifies integrity of data with ICV Note: message integrity approach used here is different from the MAC (message authentication code) and signatures (using PKI) 7: Securing LANs 7-9 End-point authentication with nonce STA: client station I am Alice R AP: access point authentication as in protocol ap4.0 K A-B (R) host requests authentication from access point access point sends 128-bit nonce: R host encrypts nonce using shared symmetric key: K A-B (R) access point decrypts nonce, authenticates host Alice is live, and only Alice knows key to encrypt nonce, so it must be Alice! 7: Securing LANs 7-10 5

WEP Authentication authentication request nonce (128 bytes) nonce encrypted shared key success if decrypted value equals nonce authentication: knowing the shared key is enough. But no key distribution mechanism - Not all APs do it, even if WEP is being used - AP indicates if authentication is necessary in beacon frame - Done before association 7: Securing LANs 7-11 Breaking 802.11 WEP encryption security hole: 24-bit IV, one IV per frame -> IV s eventually reused After 12,000 frames, 99% probability to have reused same IV Could be as short as a few seconds at full LAN capacity! IV transmitted in plaintext -> IV reuse detected attack: Trudy causes Alice to encrypt known plaintext d 1 d 2 d 3 d 4 Trudy sees: c i = d i XOR k i IV Trudy knows c i and d i, so can compute k i IV Trudy knows encrypting key sequence k 1 IV k 2 IV k 3 IV Next time IV is used, Trudy can decrypt! 7: Securing LANs 7-12 6

Chapter Roadmap Securing Wireless LANs Wired Equivalent Privacy (WEP) IEEE 802.11i Securing Switched Ethernet LANs Securing the MAC self-learning process Securing DHCP and ARP Securing the spanning tree protocol Securing VLANs 7: Securing LANs 7-13 802.11i: improved security numerous (stronger) forms of encryption possible replacing WEP e.g., CCMP based on AES, or strengthened WEP provides key distribution one key per station, not the same key for all! uses authentication server separate from access point good thing for mobility 7: Securing LANs 7-14 7

802.11i: four phases of operation (802.1x) STA: client station 1 Discovery of security capabilities AP: access point wired network AS: Authentication server (AAA) 2 STA and AS mutually authenticate, together generate Master Key (MK). AP serves as pass through 3 STA derives Pairwise Master Key (PMK) 3 AS derives same PMK, sends to AP 4 STA, AP use PMK to derive Temporal Key (TK) used for message encryption, integrity 7: Securing LANs 7-15 EAP: extensible authentication protocol EAP: end-end client (mobile) to authentication server protocol EAP sent over separate links mobile-to-ap (EAP over LAN) defines the way to encapsulate EAP messages in 802.11 frames AP-to-AS (RADIUS over UDP) allows non local communication (including roaming through a Radius proxy) EAP-TLS: uses X.509v3 PKI-issued certificates and TLS mechanisms for strong end-end mutual authentication Mobile AP wired network AS EAP over LAN (EAPoL) IEEE 802.11 EAP TLS EAP RADIUS UDP/IP 7: Securing LANs 7-16 8

Other standards WPA: WiFi Protected Access Implements the majority of the IEEE 802.11i standard Existed before IEEE 802.11i Still uses RC4 Two modes: Enterprise: uses 802.1x, so PMK is specific to client station Personal: does not use 802.1x, PMK is replaced by a pre-shared key, simpler, use for SOHO (Small Office Home Office) environments, no need for AS server WPA2 Implements the full IEEE 802.11i But may not work with older WiFi cards 7: Securing LANs 7-17 Chapter Roadmap Securing Wireless LANs Wired Equivalent Privacy (WEP) IEEE 802.11i Securing Switched Ethernet LANs Securing the MAC self-learning process Securing DHCP and ARP Securing the spanning tree protocol Securing VLANs 7: Securing LANs 7-18 9

Switched Ethernet Reminder Switches build a spanning tree to avoid loops Root bridge, root ports, forwarding/blocking ports Switches self-learn mapping between MAC addresses and ports, by looking at MAC source addresses They build a CAM (Content Addressable Memory) table When a MAC address is not in the table, the switch floods the frame Switches are transparent to routers and hosts A set of interconnected switches form a LAN For IP, this LAN is a subnet IP addresses are mapped on MAC addresses by the ARP protocol Don t confuse MAC forwarding tables and ARP tables! 7: Securing LANs 7-19 Chapter Roadmap Securing Wireless LANs Wired Equivalent Privacy (WEP) IEEE 802.11i Securing Switched Ethernet LANs Securing the MAC self-learning process Securing DHCP and ARP Securing the spanning tree protocol Securing VLANs 7: Securing LANs 7-20 10

MAC spoofing attack MAC spoofing B sends a frame with source MAC address C Switch «learns» that C is reachable via interface 2! B can now see the frames destined for C Some switches will overwrite C s entry C cannot see frames any longer! DoS attack! A Spoofed source: C 1 2 3 Dest: A C A B C 7: Securing LANs 7-21 MAC flooding attack B generates a large number of frames with spoofed MAC addresses Switch (CAM) table will overflow Capacity of table may vary from a few thousands to more than 100,000 entries Older entries will be removed from table Switch now floods frames on all interfaces for removed (unknown) MAC addresses Usually one table per switch, not one per VLAN All VLANs impacted A 1 2 3 Y? X? B C 7: Securing LANs 7-22 11

Preventing MAC spoofing and flooding attacks MAC address activity notification Many switches can be configured to warn about frequent MAC address changes Port security Associate a (few) MAC address(es) with every port (Why not just 1?) Can be static or dynamic Violations are notified Unicast flooding protection Limited flooding is normal But continuous flooding is not! Alert! DHCP snooping See next slides 7: Securing LANs 7-23 Chapter Roadmap Securing Wireless LANs Wired Equivalent Privacy (WEP) IEEE 802.11i Securing Switched Ethernet LANs Securing the MAC self-learning process Securing DHCP and ARP Securing the spanning tree protocol Securing VLANs 7: Securing LANs 7-24 12

Attack against DHCP DHCP is not a datalink protocol but solutions to DHCP attacks are also useful to thwart layer 2 attacks DHCP reminder: Client discovers server(s): broadcast packet DHCP server broadcasts an offer Client broadcasts interest in (one) offer DHCP acks Client gets IP address and mask, but also default router and DNS servers! A (quick) rogue DHCP server can easily redirect client to a fake router and/or fake DNS server Solution: DHCP snooping Monitor and restrict DHCP operations on a (V)LAN A host has no reason to send DHCP offers (nor ACKs)! Don t let DHCP offers enter the switch on «untrusted» ports In addition: DHCP snooping allows to learn IP-to-MAC bindings Learns IP address assigned to client and knows client MAC address (present in request) 7: Securing LANs 7-25 DHCP snooping to thwart IP/ MAC spoofing attacks IP spoofing Source: B Spoofed source IP is IP C Dest: A B A IP packet B: attacker MAC spoofing Spoofed source: C Dest: A Source IP is IP B C A IP packet B: attacker A C: victim A C: victim DHCP snooping: discard frames with invalid <IP, MAC> source address pairs 7: Securing LANs 7-26 13

ARP spoofing/poisoning Telling that IP C is at MAC B ARP reminder: ARP request: MAC broadcast frame searching for an IP address ARP reply: unicast Gratuitous ARP: Reply sent without prior request Useful when MAC address changes ARP spoofing/poisoning Sends gratuitous ARP with wrong IP-to-MAC mapping: attacker s MAC address (MAC B ) mapped to victim s IP address (IP C ) All traffic to C is actually sent to B. Then B can silently forward it to C after sniffing: Man-in-the- Middle attack Note: B needs a second ARP spoofing attack to also sniff the return traffic A Source: B Solutions: Dest: A B A gratuitous ARP C: victim B: attacker Ignore gratuitous ARP Use an IDS to track changes in IP-to-MAC mappings Rely on DHCP snooping 7: Securing LANs 7-27 Chapter Roadmap Securing Wireless LANs Wired Equivalent Privacy (WEP) IEEE 802.11i Securing Switched Ethernet LANs Securing the MAC self-learning process Securing DHCP and ARP Securing the spanning tree protocol Securing VLANs 7: Securing LANs 7-28 14

Attacking the Spanning Tree Protocol Taking over the root bridge Attacker sends BPDUs with smallest id Becomes root bridge If attacker is dualhomed some traffic can be redirected to cross attacker s device BPDU flooding DoS attack Solution: Discard BPDUs on access ports End stations are not supposed to send BPDUs! 7: Securing LANs 7-29 Chapter Roadmap Securing Wireless LANs Wired Equivalent Privacy (WEP) IEEE 802.11i Securing Switched Ethernet LANs Securing the MAC self-learning process Securing DHCP and ARP Securing the spanning tree protocol Securing VLANs 7: Securing LANs 7-30 15

VLANs Reminder VLAN: Virtual LAN Multiple VLANs can be deployed on the same set of switches (same LAN infrastructure) 802.1Q: Extended frame format, with VLAN id Frames cannot jump from one VLAN to another without crossing a router Broadcast frames remain on their VLAN A VLAN can be switch-port-based or MAC-addressbased One can define VLANs within VLANs: VLAN ids can be stacked in the 802.1Q frame When a frame has no VLAN id on a trunk line, there is a default VLAN id which the frame is considered to be associated with 7: Securing LANs 7-31 Attacking the VLAN tag stack Victim A: is on VLAN 2 Switch strips off 1st tag (equal to default) B being on VLAN 1? A 2 Trunk line with default VLAN = 1. Frames on VLAN 1 travel untagged? A 1 2 Inner VLAN Outer VLAN VLAN hopping Frame hops from VLAN 1 to VLAN 2! Victim on VLAN 2 can receive killer packets from an attacker on VLAN 1 without crossing any router! Solutions Don t assign default VLAN to any access port, or Force all traffic on trunk to always carry a tag, even the default one 7: Securing LANs 7-32 16

Summary Securing Wireless LANs Wired Equivalent Privacy (WEP) IEEE 802.11i IEEE 802.1x EAP Radius Same AAA principles can also be used with Switched Ethernet LANs Securing Switched Ethernet LANs Securing the MAC selflearning process MAC spoofing MAC flooding Securing DHCP and ARP Rogue DHCP server ARP spoofing/poisoning Securing the spanning tree protocol Securing VLANs VLAN hopping 7: Securing LANs 7-33 17

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback