Title: Network Security
1Network Security
2Todays Universities CampusPerimeter Security
Anti-virus system
Firewalls
100
Anti-virus system
Remote access VPN, using IPSEC
Access control
96.2
Firewalls
Content filtering
Remote access VPN, using IPSEC
Intrusion Detection System
78.8
Remote access VPN using SSL
Other
78.8
Access control
55.8
Content filtering
57.7
Intrusion Detection System
Remote access VPN using SSL
25
11.5
Other
Other includes packet shapers, proxy servers
and smart-card authentication.
3Security challenges for remote offices
4Agenda
- NAT the most common and quite effective
zero-mainetnance firewall - PacketFilters and RealFirewalls
- SSL/TLS transport layer security
- Easy to use
- CA infrastructure
- SSH
- IPSec network layer security (VPN)
- Difficult to deploy
- Transport or Tunnel mode
5Use of Private Addresses
- Routers in the public Internet will not route
packets whose destination are private addresses - 10.0.0.0/8,
- 172.16.0.0/12,
- 192.168.0.0/16
- However, it is possible for routers in a private
network to route packets with private addresses - The same private addresses can be reused in
different private networks
6(No Transcript)
7(No Transcript)
8Network Address Port Translation (NAPT or
Masquerading)
9(No Transcript)
10Network Address Translation
- NAT is a major problem for media communications!
- NAT
11Types of NAT
- Full Cone
- Restricted Cone
- Port Restricted Cone
- Symmetric
12Full Cone
- Any computer can send back data to an open port.
13Restricted Cone
- Any computer can send back data to an open port
AFTER we send data to their IP.
14Port Restricted Cone
- Same as restricted cone but we need to first send
data to their IP AND the port that will be
allowed to send back.
15Symmetric
16Typical Call Setup
The Location Service is being queries to check
that the destination IP address represents a
valid registered device, and for its IP Address
DNS Server
DNS Query for the IP Address of the SIP Proxy of
the Destination Domain
Location Service
The INVITE is forwarded
4
2
3
A request is sent (SIP INVITE) to ESTABLISH a
session
SIP Proxy
5
The request is forwarded to the End-Device
SIP Proxy
1
SIP IP Phone
6
Media Transport
SIP IP Phone
Destination device returns its IP Address to the
originating device and a media connection is
opened
17SIP Signaling and NAT
- SIP itself is usually not the problem.
- The UAC/proxy/etc just send back SIP packets
based on the rport tag (the received data) - SIP signaling intervals need to be shorter than
NAT timeout time.
18Simple NAT Scenario(Bob sending data)
Private address space
Public Internet
Bob
NSIS NAT
Alice
Application-level signaling
NSIS signaling (Reserve Mode)
Data
NSIS signaling (Create Mode)
19STUN Tests
20RTP-gateway
21NAT Limitations
- Applications with IP-address content
- Need AGL (Application Level Gateway)
- Applications with inter-dependent control and and
data sessions - Translation of fragmented FTP control packets
- NAT device can be a target for attacks
22Packet Filtering
- Packet filtering
- Access Control Lists
- source/destination IP address
- source/destination TCP/UDP port
- protocol (TCP, UDP, ICMP, GRE,...)
- IP/TCP header bits (fragmentation, QoS,
Established) - Session filtering
- Dynamic Packet Filtering
- Stateful Inspection
- Smart packet filtering
- Context Based Access Control
23(No Transcript)
24(No Transcript)
25(No Transcript)
26SSL/TLS and IPSec
27IPSec
- Security at the network layer
- Can hide data and destination ports
- Dont have to rewrite applications
- Using security gateways in tunnel mode, can be
done without reconfiguring hosts.
28IPSec Architecture
29Tunnel and Transport Mode
- Authentication Header (AH)
- Authenticates the sender
- Encapsulating Security Payload (ESP)
- Data encryption
- Can be done in two ways
- Transport mode only the transport layer segment
is encrypted - Tunnel mode
- encrypt the entire IP datagram
- put it inside another IP datagram
30Tunnel Mode
31SSL and TLS
- SSL designed by Netscape
- TLS IETF standard
- compromise between SSL and a Microsoft protocol
- SSL and TLS provide applications
- Encryption
- Server authentication
- (Optional) client authentication
- SSL programming libraries are pretty easy to use
32SSL Data Processing
33SSL Record Format
34SSL Handshake
- Pretty complicated
- why HTTPS websites seem sooooooo slow.
- Server (and client) authentication
- Negotiation of
- Encryption algorithm
- MAC algorithm
- Encryption key
- Must be done before any data transmission
35SSL/TLS Overview
- SSL Secure Sockets Layer.
- unreleased v1, flawed but useful v2, good v3.
- TLS Transport Layer Security.
- TLS1.0 SSL3.0 with minor tweaks (see later).
- Defined in RFC 2246.
- Open-source implementation at http//www.openssl.o
rg/. - SSL/TLS provides security at TCP layer.
- Uses TCP to provide reliable, end-to-end
transport. - Applications need some modification.
- In fact, usually a thin layer between TCP and
HTTP.
36SSL/TLS Basic Features
- SSL/TLS widely used in Web browsers and servers
to support secure e-commerce over HTTP. - Built into Microsoft IE, Netscape, Mozilla,
Apache, IIS, - The (in)famous browser lock.
- SSL architecture provides two layers
- SSL Record Protocol
- Provides secure, reliable channel to upper layer.
- Upper layer carrying
- SSL Handshake Protocol, Change Cipher Spec.
Protocol, Alert Protocol, HTTP, any other
application protocols.
37SSL Protocol Architecture
SSL Change Cipher Spec Protocol
SSL Handshake Protocol
SSL Alert Protocol
HTTP, other apps
SSL Record Protocol
TCP
38TLS Transport Layer Security
- formerly known as SSL Secure Sockets Layer
- Addresses issues of privacy, integrity and
authentication - What is it?
- How does it address the issues?
- How is it used
39What is TLS?
- Protocol layer
- Requires reliable transport layer (e.g. TCP)
- Supports any application protocols
40TLS Privacy
- Encrypt message so it cannot be read
- Use conventional cryptography with shared key
- DES, 3DES
- RC2, RC4
- IDEA
41TLSKey Exchange
- Need secure method to exchange secret key
- Use public key encryption for this
- key pair is used - either one can encrypt and
then the other can decrypt - slower than conventional cryptography
- share one key, keep the other private
- Choices are RSA or Diffie-Hellman
42TLS Integrity
- Compute fixed-length Message Authentication Code
(MAC) - Includes hash of message
- Includes a shared secret
- Include sequence number
- Transmit MAC with message
43TLS Integrity
- Receiver creates new MAC
- should match transmitted MAC
- TLS allows MD5, SHA-1
44TLS Authentication
- Verify identities of participants
- Client authentication is optional
- Certificate is used to associate identity with
public key and other attributes
45TLS Overview
- Establish a session
- Agree on algorithms
- Share secrets
- Perform authentication
- Transfer application data
- Ensure privacy and integrity
46TLS Architecture
- TLS defines Record Protocol to transfer
application and TLS information - A session is established using a Handshake
Protocol
47TLS Record Protocol
48TLS Handshake
- Negotiate Cipher-Suite Algorithms
- Symmetric cipher to use
- Key exchange method
- Message digest function
- Establish and share master secret
- Optionally authenticate server and/or client
49 Handshake Phases
- Hello messages
- Certificate and Key Exchange messages
- Change CipherSpec and Finished messages
50X.509 Certificate Issues
- Certificate Administration is complex
- Hierarchy of Certification Authorities
- Mechanisms for requesting, issuing, revoking
certificates - X.500 names are complicated
- Description formats are cumbersome (ASN.1)
51X.509 Alternative SDSI
- SDSI Simple Distributed Security Infrastructure
(Rivest, Lampson) - Merging with IETF SPKI Simple Public-Key
Infrastructure in SDSI 2.0 - Eliminate X.500 names - use DNS and text
- Everyone is their own CA
- Instead of ASN.1 use S-expressions and simple
syntax - Name and Authorization certificates
52TLS Alternatives
- S-HTTP secure HTTP protocol, shttp//
- IPSec secure IP
- SET Secure Electronic Transaction
- Protocol and infrastructure for bank card
payments - SASL Simple Authentication and Security Layer
(RFC 2222)
536.2 SSH
- SSH overview
- SSH architecture
- SSH security
- Port forwarding with SSH
- SSH applications
54SSH Overview
- SSH Secure Shell.
- Initially designed to replace insecure rsh,
telnet utilities. - Secure remote administration (mostly of Unix
systems). - Extended to support secure file transfer and
e-mail. - Latterly, provide a general secure channel for
network applications. - SSH-1 flawed, SSH-2 better security (and
different architecture). - SSH provides security at Application layer.
- Only covers traffic explicitly protected.
- Applications need modification, but
port-forwarding eases some of this (see later). - Built on top of TCP, reliable transport layer
protocol.
55SSH Overview
- SSH Communications Security (SCS).
- www.ssh.com.
- Founded by Tatu Ylonen, writer of SSH-1.
- SSH is a trademark of SCS.
- Open source version from OpenSSH.
- IETF Secure Shell (SECSH) working group.
- Standard for SSH in preparation.
- www.ietf.org/html.charters/secsh-charter.html.
- Long-running confusion and dispute over naming.
56SSH-2 Architecture
- SSH-2 adopts a three layer architecture
- SSH Transport Layer Protocol.
- Initial connection.
- Server authentication (almost always).
- Sets up secure channel between client and server.
- SSH Authentication Protocol
- Client authentication over secure transport layer
channel. - SSH Connection Protocol
- Supports multiple connections over a single
transport layer protocol secure channel. - Efficiency (session re-use).
57SSH-2 Architecture
Applications
SSH Connection Protocol
SSH Authentication Protocol
SSH Transport Layer Protocol
TCP
58SSH-2 Security Goals
- Server (nearly) always authenticated in transport
layer protocol. - Client (nearly) always authenticated in
authentication protocol. - By public key (DSS, RSA, SPKI, OpenPGP).
- Or simple password for particular application
over secure channel. - Establishment of a fresh, shared secret.
- Shared secret used to derive further keys,
similar to SSL/IPSec. - For confidentiality and authentication in SSH
transport layer protocol. - Secure ciphersuite negotiation.
- Encryption, MAC, and compression algorithms.
- Server authentication and key exchange methods.
59SSH-2 Algorithms
- Key establishment through Diffie-Hellman key
exchange. - Variety of groups supported.
- Server authentication via RSA or DSS signatures
on nonces (and other fields). - HMAC-SHA1 or HMAC-MD5 for MAC algorithm.
- 3DES, RC4, or AES finalists (Rijndael/Serpent).
- Pseudo-random function for key derivation.
- Small number of official algorithms with simple
DNS-based naming of private methods.
60SSH-1 versus SSH-2
- Many vulnerabilities have been found in SSH-1 .
- SSH-1 Insertion attack exploiting weak integrity
mechanism (CRC-32) and unprotected packet length
field. - SSHv1.5 session key retrieval attack
(theoretical). - Man-in-the-middle attacks (using e.g. dsniff).
- DoS attacks.
- Overload server with connection requests.
- Buffer overflows.
- But SSH-1 widely deployed.
- And SSH-1 supports
- Wider range of client authentication methods
(.rhosts and Kerberos). - Wider range of platforms.
61SSH Port Forwarding
Without SSH or port forwarding.
LS Loginserver
UM Usersmachine
MI Mail inserver
Src UM Dest LS Port 23
MO Mail outserver
Src UM Dest MI Port 113
Src UM Dest MO Port 25
62SSH Port Forwarding
- Recall TCP port number identifies application.
- SSH on local machine
- Intercepts traffic bound for server.
- Translates standard TCP port numbers.
- E.g. port 113 ? port 5113.
- Sends packets to SSH-enabled server through SSH
secure channel. - SSH-enabled server
- Receives traffic.
- Re-translates port numbers.
- E.g. port 5113 ? port 113.
- Forwards traffic to appropriate server using
internal network.
63SSH Port Forwarding
With SSH and port forwarding.
MI Mail inserver
LS SSH-enabled loginserver
UM Usersmachine
MO Mail outserver
Src UM Dest LS Port 23
Src UM Dest MO Port 25Src UM Dest LS
Port 5025Src LS Dest MO Port 25
Src UM Dest MI Port 113Src UM Dest LS
Port 5113Src LS Dest MI Port 113
64SSH Applications
- Anonymous ftp for software updates, patches...
- No client authentication needed, but clients want
to be sure of origin and integrity of software. - Secure ftp.
- E.g.upload of webpages to webserver using sftp.
- Server now needs to authenticate clients.
- Username and password may be sufficient,
transmitted over secure SSH transport layer
protocol. - Secure remote administration.
- SysAdmin (client) sets up terminal on remote
machine. - SysAdmin password protected by SSH transport
layer protocol. - SysAdmin commands protected by SSH connection
protocol. - Guerilla Virtual Private Network.
- E.g. use SSH port forwarding to secure e-mail
communications.
656.3 Comparing IPSec, SSL/TLS, SSH
- All three have initial (authenticated) key
establishment then key derivation. - IKE in IPSec
- Handshake Protocol in SSL/TLS (can be
unauthenticated!) - Authentication Protocol in SSH
- All protect ciphersuite negotiation.
- All three use keys established to build a secure
channel.
66Comparing IPSec, SSL/TLS, SSH
- Operate at different network layers.
- This brings pros and cons for each protocol
suite. - Recall Where shall we put security? discussion.
- Naturally support different application types,
can all be used to build VPNs. - All practical, but not simple.
- Complexity leads to vulnerabilities.
- Complexity makes configuration and management
harder. - Complexity can create computational bottlenecks.
- Complexity necessary to give both flexibility and
security.
67Comparing IPSec, SSL/TLS, SSH
- Security of all three undermined by
- Implementation weaknesses.
- Weak server platform security.
- Worms, malicious code, rootkits,
- Weak user platform security.
- Keystroke loggers, malware,
- Limited deployment of certificates and
infrastructure to support them. - Especially client certificates.
- Lack of user awareness and education.
- Users click-through on certificate warnings.
- Users fail to check URLs.
- Users send sensitive account details to bogus
websites (phishing) in response to
official-looking e-mail.
68Secure Protocols Last Words
- A (mis)quote from Eugene Spafford
- Using encryption on the Internet is the
equivalent of arranging an armored car to deliver
credit-card information from someone living in a
cardboard box to someone living on a park bench.
69What is a VPN
Public networks are used to move information
between trusted network segments using shared
facilities like frame relay or atm
A VIRTUAL Private Network replaces all of the
above utilizing the public Internet Performance
and availability depend on your ISP and the
Internet
70VPN Implementations
71VPN as your Intranet
72VPN Components
73Technologies
74Application Layer SSL
75Tunnel vs Transport
- Transport
- Implemented by the end point systems
- Real address to real address
- Cannot go through other networks
- Tunnel
- Encapsulation of the original IP packet in
another packet - Can go through other networks
- End systems need not support this
- Often PC to a box on the inside
76PPTP Free from Microsoft
77PPTP Security
78Outgoing PPTP Client Through NAT
web server
Internet
a
10.0.0.2
NAT
b
204.x.1.10
10.0.0.1
10.0.0.3
c
10.0.0.4
79VPN Comparisons
80So why have a private network QOS not fully
cooked
- Very dependent on your ISP
- Real hard to do across ISPs
- So no guarantee of performance