04/18/23 1

CIS 534CIS 534 Advanced Network Security Advanced Network Security Chapter # 2Chapter # 2

Prof. Mort AnvariStrayer University

Abraham Torres

204/18/23

Secure Technology Classes

A wide range of security technologies exists to provide solutions forsecurity network access and data transport mechanisms within thecorporate network infrastructure.

Identity technologies

Security in TCP/IP structure layers

Virtual Private dial-up security technologies (VPM)

Public Key Infrastructure and distribution models

304/18/23

Identity Technologies

Authentication is an extremely critical element becauseeverything is based on who you are. In many corporatenetworks, you would not grant access to specific partsof the network before established who is trying to gain

access to restricted resources

How foolproof the authentication method is depends on the technology used

404/18/23

Identity Product Technology

Secure Password Protocol (S/Key) Token Password Authentication Schemes Point-to-Point Protocol (PPP). The TACACS+ Protocol. The RADIUS Protocol. The Kerberos Protocol

504/18/23

Secure Key Password Protocol

The S/Key One-Time Password System, released by Bellcore and definein RFC 1760, is a one time password generation scheme based on MD4

and MD5. The S/key protocol is designed to counter a replay attackwhen a user is attempting to log in to a system.

Involves three distinct steps

Preparation step: The client enters a secret pass phrase. This pass phrase is concatenated with the seed that was transmitted from the server in cleartext.

Generation step: Applies the secure hash function multiple times, producing a 64-bit final output

Output Function: Takes the 64-bit one-time password and displays it in readable form.

604/18/23

Token Password Authentication

Token authentication systems generally require the use of a specialsmart card or token card. Although some implementations are domeusing software to alleviate the problem of loosing the smart card ortoken this types of authentication mechanisms are based on one or

two alternatives schemes:

Challenge-Response

Time-Synchronous Authentication

704/18/23

Step1: The user dials into an authentication server, which then issues aprompt for a user id.

Step2: The user provides the ID to the server, which then issues a challengea random number that appears on the user’s screen.

Step3: The user enters that challenge number into the token or smart card,a credit-card-like device, which then encrypts the challenge with the user’sencryption key and displays a response.

Step4: The user types this response and sends it to the Authenticationserver. While the user is obtaining a response from the token, theAuthentication server calculates what the appropriate response should bebased on its database of user keys.

Step5: When the server receives the user’s response, it compares thatresponse with the one it has calculated

Step for Authentication

804/18/23

1 2 3

4 5 6

7 8 9

A 0 B

Client UserClient User

Authentication Server

8HAD5898HAD589

Dial into server

Prompt for access code

7968D95

8HAD589

1 2 3

4 5 6

7 8 9

A 0 B

User enters PINUser enters PIN

Token card displays digitsToken card displays digits

8HAD5898HAD589

CompareCompare

Time-Synchronous Token Time-Synchronous Token Authentication Authentication

904/18/23

Point-to-Point Protocol

The Point-to-Point Protocol (PPP) is most often used to establish a dial connection over serial lines or ISDN. PPP authentication

mechanism include the Password Authentication Protocol (PAP), TheChallenge Handshake Protocol (CHAP), and the Extensible

Authentication Protocol (EAP). In all these cases, the peer device isbeing authenticated rather than the user of the device. PPP provides

for an optional authentication phase before proceeding to the network-layer protocol phase

Point-to-Point Frame FormatPoint-to-Point Frame Format

FLAGFLAG AddressAddress ControlControl ProtocolProtocol DataData FCSFCS FlagFlag

1004/18/23

PPP Authentication Summary

ProtocolProtocol StrengthStrength WeaknessWeakness

PAPPAP Easy to implement

CHAPCHAP Password encrypted

EAPEAP Flexible, more robust

authentication support

Does not have strong authentication;

password is sent in the clear between

client and server; no playback protection

Password must be between client and

stored in cleartext on server; both client

And server playback protection

New; may not yet be widely deployed

1104/18/23

TACACS + Protocol

The TACACS+ protocol is the latest generation of TACACS. TACACS is asimple UDP-based access control protocol originally developed by BBN for

the MILNET. Cisco has enhanced (extended) TACACS several times, andCisco’s implementation, based on the original TACACS, is referred to as

XTACACS

Fundamental DifferencesFundamental Differences

•TACACS: Combined authentication and authorization process.

•XTACACS: Separated authentication, authorization, and accounting.

•TACAS+: XTACAS with extended attributed control and accounting

1204/18/23

RADIUS Protocol

The Remote Address Dial-In User Service protocol was developed byLivingston Enterprises, Inc. as an access server authentication and

accounting protocol. In June 19966, the RADIUS protocolspecifications was submitted to the IETF. The RADIUS specification

(RFC2058) and RADIUS accounting standard (RFC 2059) are nowproposed standard protocols

RADIUS Authentication:RADIUS Authentication: Server can support a variety of methods to authenticated a user, can support PPP, PAP,CHAP, UNIX and other authentication mechanisms

RADIUS Authorization:RADIUS Authorization: The authentication and authorization functionalities are coupled together, typical parameters include service type (shell or frame), protocol type, IP address to assign the user (static or dynamic), access list to apply, or the static route in the NAS

1304/18/23

RADIUS Accounting:RADIUS Accounting: Allows data to be sent at the start and end of sessions, indicating the amount of resources (such as time, packets, bytes, and so on) used during the session.

RADIUS Transactions:RADIUS Transactions: Transactions between the client and RADIUS server are authenticated through the use of a shared secret, which is never sent over the network. In addition, any user passwords are sent encrypted between the client and RADIUS server to eliminate the possibility that someone snooping on an unsecured network

No encryptionEncryption of Applicable TACACS+/RADIUS parameters

ModemModem

RADIUS ClientRADIUS Client RADIUS ServerRADIUS Server

RADIUS Protocol

1404/18/23

The Kerberos ProtocolKerberos is a secret-key network authentication protocol, develop a

Massachusetts Institute of Technology (MIT), that uses the Data

Encryption Standard (DES) Cryptographic algorithm for encryption and

authentication. The Kerberos Version 5 protocol is an Internet standard

specified by RFC 1510

When the client wants to create an association with a particular application server, the client uses the authentication request and response to first obtain a ticket and a session key from the KDC.

ClientShared key between Shared key between KDC and clientKDC and client

Key client

KDC

Shared Key between Shared Key between KDC and serverKDC and server

Key server

Server

1504/18/23

The FORTEZZA

Multilevel Information Systems Security Initiative (MISSI) is a networkSecurity initiative, under the leadership of the National Security

Agency (NSA). MISSI provides a framework for the development andevolution of interoperable security products to provide flexible,

modular security for the networked information systems across theDefense Information Infrastructure (DII) and the National InformationInfrastructure (MII). Netscape has a build-in browser that links SSl.

MISSI Building Blocks

•FORTEZZA and FORTEZZA Plus.FORTEZZA and FORTEZZA Plus.

•FirewallsFirewalls

•Guards.Guards.

•Inline encryptors.Inline encryptors.

•Trusted computingTrusted computing

1604/18/23

Mayor Types of FORTEZA

Electronic Messaging:Electronic Messaging: Can secure e-mail, electronic datainterchange (EDI), electronic commerce, and facsimile to providemessage encryption, authentication, and data integrity.

World Wide Web:World Wide Web: Can protect secure Web transactions usingstrong identification and authentication and secure-sockets-layer(SSL) interactions.

File and Media Encryptors:File and Media Encryptors: These encryptors are applicationswritten to enable FORTEZZA to secure user files on strong media.

Identification and Authentication:Identification and Authentication: After the FORTEZZA card hasbeen installed in the workstation and the PIN has been correctlyentered, the identity of the user is known and trusted.

1704/18/23

ApplicationApplicationPresentationPresentationSessionSession

TransportTransport

NetworkNetwork

Data linkData linkPhysicalPhysical

TELNET FTP SMTP DNS SNMP DHCPTELNET FTP SMTP DNS SNMP DHCP

RIPRIP

RTPRTPRTCPRTCP

TransmissionTransmissionControl ProtocolControl Protocol

User DatagramUser DatagramProtocolProtocol

OSPFOSPF

IGMPIGMP ICMPICMP

Security in TCP/IP Layers

Internet ProtocolInternet Protocol

ARPARP

EthernetEthernet Token BusToken Bus Token RingToken Ring FDDIFDDI

1804/18/23

TCP/IP Application LayerProvides access to network for end-user. User’s capabilities are

determined by what items are available on this layer Logic needed tosupport various applications each type of application (file transfer,

remote access) requires different software on this layer.

FTP:FTP: Protocol for copying files between hosts

HTTP:HTTP: Primary protocol used to implement the WWW.

Telnet:Telnet: Remote terminal protocol enabling any terminal to log in to any host

NNTP:NNTP: Protocol used to transmit and received network news.

SMTP:SMTP: Protocol used for managing network resources, e-mail

SHTTP:SHTTP: Protocol designed for the used of secure Web Transactions

1904/18/23

Transport LayerTransport Layer

Concerned with reliable transfer of information between applications.

Independent of the nature of the application. Includes aspects like flowcontrol and error checking.

Isolates messages from lower and upper layers.

Breaks down message size.

Monitors quality of communications channel.

Selects most efficient communication service necessary for a given Transmission.

Also called host-to-host layer.

Uses TCP protocols for transmission.

2004/18/23

Secure Socket Layer Protocol

The Secure Socket Layer (SSL) is an open protocol designed byNetscape; it specifies a mechanism for providing data security layeredbetween Application protocols (such as HTTP, Telnet, NNTP, or FTP)

and TCP/IP. It provides data encryption, server authentication,message integrity, and optional client authentication for a TCP/IP

connection.

Goals of SSLGoals of SSL

The Handshake Protocol:The Handshake Protocol: This protocol negotiates the cryptographic parameters to be used between the client and the server.

The Record Protocol:The Record Protocol: This protocol is used to exchange Application layer data, messages are fragmented into manageable blocks, optional compressed, and a MAC is applied; the result is encrypted and transmitted.

The Alert Protocol:The Alert Protocol: This protocol is used to indicate when errors have occurred or when a session between two hosts is being terminated

2104/18/23

The Secure Shell Protocol

The Secure Shell (SSH) is a protocol for secure remote login and other

secure network services over an insecure network. It providessupport for secure remote login, secure file transfer, and the secure

forwarding of TCP/IP and X Windows system traffic.

SSH three major componentsSSH three major components

1. The Transport layer protocol, which provides server authentication, confidentiality, and integrity with perfect forward secrecy. Optionally, it may also provide compression

2. The user authentication protocol, which authenticates the client to the server.

3. The connection protocol, which multiplexes the encrypted tunnel into several logical channels.

2204/18/23

Is a transport layer-based secured networking proxy protocol. It is

designed to provide a framework for client/server applications in both

the TCP and UDP domains to conveniently and securely use the

services of a network Firewall. SOCKS was originally developed by

David and Michelle Koblas; the code was made freely available on the

Internet.

The SOCKS Protocol

SOCKS version 4;SOCKS version 4; provides for unsecured firewall traversal for TCP-based client/server applications including Telnet, FTP, and the popular information discovery protocols such as HTTP, WAIS, and Gopher.

SOCKS Version 5;SOCKS Version 5; defined in RFC 1928, extends the SOCKS version 4 model to include UDP, extends the framework to include provisions for generalized strong authentication schemes, and extends the addressing scheme to encompass domain-name and IPv6 addresses

2304/18/23

Network Layer Security

Network Layer security pertains to security services at the IP layer of the TCP/IP protocol stack. Many years of work have produce a set

of standards from the IETF that, collectively, define how to secureservices at the IP Network layer

• have considered some application specific security mechanisms- eg. S/MIME, PGP, Kerberos, SSL/HTTPS

• however there are security concerns that cut across protocol layers

• would like security implemented by the network for all applications

IP SecurityIP Security

2404/18/23

IPSec

general IP Security mechanisms provides

authentication confidentiality key management

applicable to use over LANs, across public & private WANs, & for the Internet

Benefits of IPSec

• in a firewall/router provides strong security to all traffic crossing the perimeter.• is resistant to bypass• is below transport layer, hence transparent to applications• can be transparent to end users• can provide security for individual users if desired

2504/18/23

IP Security Architecture

Specification is quite complex.

Defined in numerous Request For Common Architectures (RFC)

RFC 2401:RFC 2401: The IP Security Architecture.

RFC 2402:RFC 2402: The IP Authentication Header (AH).

RFC 2406:RFC 2406: The IP Encapsulation Security Payload (ESP.

RFC 2408:RFC 2408: The Internet Security and Key Management Protocol (ISAKMP).

Many others, grouped by category

Mandatory in IPv6, optional in IPv4

2604/18/23

IPSec Uses

2704/18/23

IPSec Services

Access control Connectionless integrity Data origin authentication Rejection of replayed packets

a form of partial sequence integrity Confidentiality (encryption) Limited traffic flow confidentiality

2804/18/23

Virtual Private Dial-up Security Technologies

Enable large enterprises to extend their private networks acrossdial-up lines. Instead of incurring large costs to ensure security by

dialing into a campus site from any where in the world or lessening security by dialing in locally and using the Internet as

the transport to get to the main enterprise campus.

The Layer 2 Forwarding (L2F) Protocol

Created by Cisco Systems. It permits the tunneling of the link layer-that is, High-Level Data Link Control (HDLC), a sync HDLC, or Serial

Line Internet Protocol (SLIP) frames –of higher-level protocols

Dial-Up Protocols LayersDial-Up Protocols Layers

2904/18/23

Dial-Up Protocols

The Point-to-Point Tunneling ProtocolThe Point-to-Point Tunneling Protocol

Was initiated by Microsoft. It is a client/server architecture that allows

the Point-to-Point Protocols (PPP) to be tunneled through an IP

network and decouples functions that exist in current NASs.

The Layer 2 Tunneling Protocol (L2TP)The Layer 2 Tunneling Protocol (L2TP)

Cisco and Microsoft, along with other vendors, have collaborated on a

single standard: a track protocol within the IETF, which is now called

Layer 2 Tunneling Protocol (L2TP).

3004/18/23

Public Key Infrastructure

The purpose of a Public Key Infrastructure (PKI) is to provide trusted

and efficient key and certificate management to support these

protocols. A PKI is defined by the Internet X.509 Public Key

Infrastructure PKIX Roadmap “work in progress”. A PKI consists of

the following five types of components:

The set of hardware, software, people, policies, and procedures The set of hardware, software, people, policies, and procedures needed to create, manage, store, distribute, and revoke certificates needed to create, manage, store, distribute, and revoke certificates

based on public-key cryptography based on public-key cryptography

3104/18/23

PKI Components Certification Authorities (CAs) that issue and revoke certificates.

Organizational Registration Authorities (ORAs) that vouch for the binding between public keys, certificate holder identities, and other attributes.

Certificate holders that are issued certificates and that can sign digital documents.

Clients that validated digital signatures and their certification paths from a known public key of a trusted CA.

Repositories that store and make available certificates and Certificate Revocation Lists (CRLs)

MIST Special Publication 800-15, Minimum Interoperability Specification for PKI Components, Version 1, September 1997, by William Burr, Donna Dodson, Noel Nazario, and W. Timothy Polk.

3204/18/23

Functions of a PKI

Registration Initialization. Certification. Key Pair Recovery. Key Generation. Key Update. Cross-Certification. Revocation.

3304/18/23

A Sample Scenario Using a PKI

3404/18/23

Certificates

Certificates are used in the process of validating data. Specifies vary

according to which algorithm is used, but the general process works

as follows:

1. The recipient of signed data verifies that the claimed identity of the user is in accordance with the identity contained in the certificate.

2. The recipient validates that no certificate in the path has been revoked, and that all certificates were within their validity periods at the time the data was signed.

3. The recipient verifies that the data does not claim to have any attributes for which the certificate indicates that the signer is not authorized.

4. The recipient verifies that the data has not been altered since it was signed by using the public key in the certificate

3504/18/23

The X.509 Certificate

The X.509 standard constitutes a widely accepted basis

for a PKI infrastructure, defining data formats and

procedures related to the distribution of the public keys

using certificates digitally signed by CAs. RFC 1422

specified the basis of an X.509-based PKI, Targeted

primarily at satisfying the needs of Internet privacy

enhanced mail (PEM). The current standards define the

X.509 Version 3 certificate and Version 2 CRL.

3604/18/23

Version NumberVersion Number

Serial NumberSerial Number

IssuerIssuer

SubjectSubject

Subject’s Public Key (Algorithm, Key)Subject’s Public Key (Algorithm, Key)

Validity Period (not before, not after)Validity Period (not before, not after)

Optional Extensions Optional Extensions

Signature AlgorithmSignature Algorithm

SignatureSignature

The X.509 V3 Certificate

Every Certificate contains three main fields

Certificate Body

3704/18/23

The X.509 V2 CRL

X.509 V2 defines one method of certificate revocation. This method requires each CA to periodically issue a signed data structure calleda Certificate Revocation List (CRL). A CRL is a time stamped list thatidentifies revoked certificates. Each revoked certificate is identified

in a CRL by its certificate serial number.

The lightweight Directory Access Protocol

Is used for accessing online directory services. LDAP was developed by the University of Michigan in 1995 to make it easier to access. LDAP is specially targeted at management applications and browser applications that provide read/write interactive access to

directories. LDAP is intended to be a complement to the X.500 DAP. The LDAP V2 protocol is defined in RFC 1777

3804/18/23

SummarySummary

This chapter detailed many of the current and evolving technologies relating to security. One of the most important security considerations is establishing the identity of the entity that wants to access the corporate network. This process usually entails

authenticating the entity and subsequently authorizing that entity and establishing access controls. Some protocols are specifically designed to only authenticate end-users (people) or end-devices (hosts, routers). Frequently, you have to combine the

two protocols so that both end-users and the end-devices they are using to access the network are authenticated.

In addition to establishing identity, you must ensure data integrity and confidentiality; that is, you must protect the data traversing the corporate network. Many technologies exist to provide security services for various TCP/IP layers. Although Application layer

security protocols provide the most flexibility for application-specific parameters, using a different security protocol for every application is not practical. Transport security protocols such as SSL and SSH are widely deployed. SSL is bundled into

many Web servers and clients and has become a de facto standard in securing Web transactions; SSH is most often used for securing Telnet or FTP transactions. IPsec is

becoming widely deployed and can offer security services for the Transport and Application layer traffic on a per-packet basis. IPsec should be able to secure Telnet, FTP, and Web traffic but may be harder to scale until client support is more readily

available on many platforms.