Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who...
Transcript of Cyber Security Basics, Threat Pragmatics & Cryptography · 2017-05-23 · DNS Changer •Anyone who...
Cyber Security Basics,Threat Pragmatics & Cryptography
Network Security Workshop
29-31 May 2017
Phnom Penh, Cambodia
Overview
• Security Overview• Threat Pragmatics
• Cryptography Basics
2
Drawing some correlations
3
Why Security?
• The Internet was initially designed for connectivity – Trust was assumed– Security protocols added on top of the TCP/IP with time
• The Internet has become fundamental to our daily activities (business, work, and personal)
• Fundamental aspects of information must be protected– Confidential data– Employee information– Business models– Protect identity and resources
4
Internet Evolution
Security (threats and challenges) changes as the Internet evolves!
LAN connectivity Content driven (email, web, music, video)
Data on the Cloud
5
Recent Incidents• WannaCry Ransomware (May 2017)
– As of 12 May, 45K attacks across 74 countries– Remote code execution in SMBv1 using EternalBlue exploit
• TCP 445, or via NetBIOS (UDP/TCP 135-139)
– Patch released on 14 March 2017 (MS17-010)• https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
– Exploit released on 14 April 2017
6
Recent Incidents• SHA-1 is broken (Feb 23, 2017)
– colliding PDF files: obtain same SHA-1 hash of two different pdf files, which can be abused as a valid signature on the second PDF file.• https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
7
Recent Incidents• San Francisco Rail System Hacker Hacked
(Nov 2016)– Ransomware attack on San Francisco public transit gave
everyone a free ride ([email protected])• Encrypts boot sectors (ransom for decryption) - Mamba
– Java vulnerability not patched (Security Alert CVE-2015-4852 since Nov 2015 from Oracle )
8
Recent Incidents
• Dyn cyberattack (Oct 2016)– With an estimated throughput of 1.2 terabits per second– DDoS by IOT devices (Mirai botnet)– malicious queries!
9
Recent Incidents• Cloudbleed (Sept 2016)
– Again a buffer overflow like Heartbleed affecting Cloudflare– Coding bug (Layer 8 problem!):
• inserted an == instead of >= in the source code of cf-html (html parser), causing a buffer overflow
– Problem: HTTP requests read past the buffer and kept reading from other memory spaces• Session tokens• Encryption keys• POST data• Passwords
– cached by search engines L• https://github.com/pirate/sites-using-cloudflare
10
www.shodan.io
11
• Find any internet connected device
Who are they? (Attack Motivation)
• Nation states want SECRETS
• Organized criminals want MONEY
• Protesters or activists want ATTENTION
• Hackers and researchers want KNOWLEDGE
13
Source: NANOG60 keynote presentation by Jeff Moss, Feb 2014
http://cartoonsmix.com/cartoons/national-security-agency-cartoon.html
Threats, Vulnerability, and Risks
• Threat– circumstance or event with potential to cause harm to a
networked system
• Vulnerability– A weakness that can be exploited
• Software bugs• Design flaws• Configuration mistakes• Lack of encryption
• Risk– The likelihood that a particular vulnerability will be exploited
14
The Threat Matrix
15
Degree of Focus
Opportunistic hacks
Joy hacks Targeted attacks
Advanced Persistent Threats
Source: Thinking Security – Steve M. Bellovin
Joy Hacks
• For fun - with little skill using known exploits
• Minimal damage - especially unpatched machines
• Random targets – anyone they can hit
• Most hackers start this way – learning curve
16
Opportunistic Hacks
• Skilled (often very skilled) - also don’t care whom they hit– Know many different vulnerabilities and techniques
• Profiting is the goal - bank account thefts, botnets, ransomwares….– WannaCry?
• Most phishers, virus writers, etc.
17
Targeted Attacks
• Have a specific target!
• Research the target and tailor attacks– physical reconnaissance
• At worst, an insider (behind all your defenses)– Not so happy
• Tools like “spear-phishing”
• May use 0-days
18
Advanced Persistent Threats
• Highly skilled (well funded) - specific targets– Mostly 0-days
• Sometimes (not always) working for a nation-state– Think Stuxnet (up to four 0-days were used)
• May use non-cyber means:– burglary, bribery, and blackmail
• Note: many lesser attacks blamed on APTs
19
Are you a Target?
• Biggest risk?– assuming you are not interesting enough!
• Vendors and their take on security:– Underwhelming– Overwhelming
20
Defense Strategies
• Depends on what you’re trying to protect
• Tactics that keep out teenagers won’t keep out a well-funded agency
• But stronger defenses are often much more expensive, and cause great inconvenience
21
What Are You Protecting?
• Identify your critical Assets– Both tangible and intangible (patents, methodologies) assets
• Hardware, software, data, people, documents
– Who would be interested?
• Place a Value on the asset– Different assets require different level of protection– Security measures must be in proportion with asset value
• How much can you afford?
• Determine Likelihood of breaches– threats and vulnerabilities ?
22
Against Joy Hacks
• By definition, joy hackers use known exploits
• Patches exist for known holes:– Up to date system patches– Up to date antivirus database
• Ordinary enterprise-grade firewalls will also repel them
23
Opportunistic Hacks
• Sophisticated techniques used
• You need multiple layers of defense– Up to date patches and anti-virus– Firewalls– Intrusion detection– Lots of attention to log files
24
Targeted Attacks
• Targeted attacks exploit knowledge of target– Try to block or detect reconnaissance– Security policies and procedures matter a lot
• How do you respond to phone callers?• What do people do with unexpected attachments?• USB sticks in the parking
• Hardest case: disgruntled employee or ex-employee– Already behind your defenses– Think Manning & Snowden
25
Advanced Persistent Threats
• L very very hard defend against!
• Use all of the previous defenses
• There are no sure answers
• Pay special attention to policies and procedures
• Investigate all oddities
26
Example of Security Controls
27
Category Example of Controls Purpose
Policy & Procedure
Cyber Security Policy, IncidentHandling Procedure
Make everyone aware of theimportance of security, define role and responsibilities (pre and post incident), understandscope of the problem
Technical Firewall, Intrusion DetectionSystem, AV, Logging Systems
Prevent and detect potentialattacks, mitigate risk of breach
Physical CCTV, Locks, Biometrics, Secure working space
Prevent physical theft of information assets or unauthorized physicalaccess
Goals of Information Security
Confidentiality Integrity Availability
SEC
UR
ITY
prevents unauthorized use or disclosure of
information
safeguards the accuracy and
completeness of information
authorized users have reliable and timely access to
information
28
Access Control
• To permit or deny the use of resource(s)
• All about:– Authentication (who is the user)– Authorization (who is allowed to use what)– Accountability (what did the user do)
Authentication
• Verify a user’s identity• “user” may refer to:
– A person – An application or process– A machine or device
• Identification comes before authentication– Ex: username to establish user’s identity
• To prove identity, a user must present either:– What you know (passwords, passphrase, PIN)– What you have (token, smart cards, passcodes, RFID)– Who you are (biometrics such as fingerprints and iris scan,
signature or voice)
Strong Authentication
• An absolute requirement
• Two-factor authentication – Passwords (something you know)– Tokens (something you have)
• Examples:– Passwords– Tokens– PINs– Biometrics– Certificates
Two-factor Authentication• At least two authentication ‘factors’ to prove user’s
identity– something you know
• Username/password
– something you have• Token using a one-time password (OTP)
• OTP is generated using device in physical possession of the user– generated each time and expires after some time– through applications installed on mobile device
• Multi-factor authentication is also common
Authorization
• Defines the user’s rights and permissions on a system
• Typically done after user has been authenticated• Grants a user access to a particular resource and
what actions he is permitted to perform on that resource
• Access criteria based on the level of trust:– Roles– Groups– Location– Time– Transaction type
Authorization Concepts
• Authorization Creep– When users may possess unnecessarily high access
privileges within an organization
• Default to Zero– Start with zero access and build on top of that
• Need to Know Principle– Least privilege; give access only to information that the user
absolutely need
• Access Control Lists– List of users allowed to perform particular access to an
object (read, write, execute, modify)
Accountability
• What did the user do with the resource?
• Actions of an entity to be traced back uniquely to that entity – Senders cannot deny sending information– Receivers cannot deny receiving it – Users cannot deny performing a certain action
• Supports nonrepudiation, deterrence, fault isolation, intrusion detection and prevention and after-action recovery and legal action
Source: NIST Risk Management Guide for Information Technology Systems
Overview
• Security Overview
• Threat Pragmatics • Cryptography Basics
36
Target
• Targets could be:– Network infrastructure– Network services– Application services– End user machines
• What’s at risk?
Attacks on Different LayersApplication
Presentation
Session
Transport
Network
Data Link
Physical
Application
Transport
Internet
Network Access (Link Layer)
Layer 2: Ethernet, PPP, ARP, NDP, OSPF
Layer 4: TCP, UDP, SCTP
Layer 5: NFS, Socks
Layer 7: HTTP, FTP, IMAP, LDAP, NTP, Radius, SSH, SMTP, SNMP, Telnet, DNS, DHCP
DNS Poisoning, Phishing, SQL injection, Spam/Scam
ARP spoofing, MAC flooding
OSI Reference Model TCP/IP Model
Layer 3: IPv4, IPv6, ICMP, ICMPv6, IGMP
TCP attacks, Routing attack, SYN flooding
Ping/ICMP Flood, Sniffing
38
Layer 2 Attacks
• ARP Spoofing
• MAC attacks
• DHCP attacks
• VLAN hopping
39
ARP Spoofing
ARP Cache poisoned. Machine A connects to Machine D (not C)
I want to connect to 10.0.0.3. I don’t know the
MAC address
10.0.0.1AA-AA-AA-AA-AA-AA
10.0.0.2BB-BB-BB-BB-BB-BB
10.0.0.3CC-CC-CC-CC-CC-CC
10.0.0.4DD-DD-DD-DD-DD-DD
ARP Request
ARP Reply
Wait, I am 10.0.0.3!
I am 10.0.0.3. This is my MAC address
40
MAC Flooding
• Exploits the limitation of all switches
• CAM stores mapping of individual MAC addresses to source ports.
• Attacker floods the CAM table using spoofed source MAC addresses
41
DHCP Attacks
• DHCP Starvation Attack– Broadcasting vast number of DHCP requests with spoofed
MAC address simultaneously.
• DHCP Spoofing– Rogue DHCP
42
Layer 3 Attacks
• ICMP Attacks– ICMP Smurf/Flood– Ping of death
• Control plane attacks
43
ICMP Flood/Smurf
NetworkBroadcast Address
Victim
Other forms of ICMP attack:-Ping of death
Attacker
Echo request Echo request
Echo reply to actual destination
44
Routing Attacks
• Malicious route insertion– Poison routing table
• Distance Vector – Announce 0 (hop count-16 for RIPv2) distance to all other
nodes (count to infinity!)• Blackhole traffic
• Link State – drop links randomly (convergence)– Malicious routes to eavesdrop
• BGP attacks– Originate someone's prefix– Tamper the path information
45
TCP Attacks
• SYN Flood –attacker sends SYN requests in succession to a target
• Causes a host to retain enough state for bogus half-connections such that there are no resources (memory) left to establish new legitimate connections.
46
TCP Attacks
• Exploits the TCP 3-way handshake
• Attacker sends a series of SYN packets without replying with the ACK packet
• Finite queue size for incomplete connections
ServerCONNECTION ESTABLISHED
SYN
SYN+ACK
ACK
47
TCP Attacks
• Exploits the TCP 3-way handshake
• Attacker sends a series of SYN packets – Does not send ACK packet
• Finite queue size for incomplete connections
Server(Victim)
Attacker
OPEN CONNECTIONS
SYN
SYN+ACK
ACK?
48
Application Layer Attacks
• Scripting vulnerabilities
• Cookie poisoning
• Buffer overflow
• Hidden field manipulation
• Parameter tampering
• Cross-site scripting
• SQL injection
49
Layer 7 DDoS Attack
• Traditional DoS attacks focus on L3 and L4
• On L7, a DoS attack targets applications disguised as legitimate packets
• The aim is to exhaust application resources (bandwidth, ports, protocol weakness)
• Includes:– Slowloris– RUDY (R-U-Dead Yet)
• POST request with long content length and write forms slowly
– LOIC/HOIC (Low/high orbit Ion canon)• TCP/UDP/HTTP requests (H-only HTTP with scripts)
50
Layer 7 DDoS – Slowloris
• Incomplete HTTP requests– No blank line in request header (\r\n)
• Properties– Low bandwidth– Keep threads active
• Only affects threaded web servers (Apache)• Doesn’t work through load balancers
– Keepalives to reset timeout
51
DNS Changer
• Anyone who controls your DNS controls what you see!
• How: – infect computers with a malicious software (malware) – This malware changes the user’s DNS settings with that of
the attacker’s DNS servers– Points the DNS configuration to DNS resolvers in specific
address blocks and use it for their criminal enterprise
52
DNS Cache Poisoning
• Caching incorrect resource record that did not originate from authoritative DNS sources.
• Result: – connection (web, email, network) is redirected to another
target (controlled by the attacker)
53
DNS Cache Poisoning
(pretending to be the authoritative
zone)
ns.example.comWebserver
(192.168.1.1)
DNS Caching Server
Client
I want to access www.example.com
1
QID=645712
QID=64569
QID=64570
QID=64571
www.example.com 192.168.1.1
match!
www.example.com 192.168.1.993
3
Root/GTLD
QID=64571
54
Amplification Attacks
• Exploiting UDP protocol to return large amplified amounts of data– Small request, large reply
• Examples:– DNS– NTP– SMTP
55
DNS Amplification Attack
• A type of reflection attack combined with amplification– Source of attack is reflected off other machine(s)– Traffic received is bigger (amplified) than the traffic sent by
the attacker
• UDP packet’s source address is spoofed
56
DNS Amplification
Bots
57
Attacker
ns.example.com
Victim
Open DNS Resolvers
Root/GTLD
www.example.com 192.168.1.1
Queries (ANY) withspoofed IP - Victim’s IP
dig ANY www.example.com @8.8.8.8 +edns=0 +notcp +bufsize=4096 +dnssec
NTP Amplification
• UDP 123
• NTP versions older than v4.2.7p26 vulnerable to “monlist” attack– Made easier by Open NTP servers (time.google.com)– Monlist fetches the MRU list of NTP associationsntpdc -C –n monlist <NTP-Server-IP>
• Several incidents in 2014– Use mrulist instead of monlist (requires proof)– Upgrade NTP (ntpd) server
58
Wireless Attacks
• WEP (wired equivalent privacy) – first go at wireless security
• 104-bit WEP key:– 50% of the time broken with 45k packets– 95% of the time with 85k packets (in less than 60 seconds)
• Use WPA2 (wired protected access)– WPA – 256-bit key– WPA2 - AES
59
Tews,Weinmann, and Pyshkin, "Breaking 104 bit WEP in less than 60 seconds", Proceedings of the 8th international conference on Information security applications, 2007
Wireless Attacks- MITM
• Creates a fake access point and have clients authenticate to it instead of a legitimate one.
• Capture traffic (usernames, passwords)
60
Security - Different LayersApplication
Presentation
Session
Transport
Network
Data Link
Physical
Application
Transport
Internet
Network Access (Link Layer)
Layer 2: Ethernet, PPP, ARP, NDP, OSPF
Layer 4: TCP, UDP, SCTP
Layer 5: NFS, Socks
Layer 7: HTTP, FTP, IMAP, LDAP, NTP, Radius, SSH, SMTP, SNMP, Telnet, DNS, DHCP
DNS Poisoning, Phishing, SQL injection, Spam/Scam
ARP spoofing, MAC flooding
OSI Reference Model TCP/IP Model
Layer 3: IPv4, IPv6, ICMP, ICMPv6, IGMP
TCP attacks, Routing attack, SYN flooding
Ping/ICMP Flood, Sniffing
IEEE 802.1X, PPP & PPTP
IPsec
TLS, SSL, SSH
HTTPS, DNSSEC, PGP, SMIME
61
BCP 38• Since 1998!
– https://tools.ietf.org/html/bcp38
• Only allow traffic with valid source addresses to– Leave your network (only those from your address space)– To enter your network (only from your customer’s address
space)
• uRPF verifies both source address and incoming interface with FIB entries– ip/ipv6 verify unicast reverse-path
62
Link-Layer Security
• Dynamic ARP Inspection– Check IP to MAC binding
• Port Security
• 802.1X
63
Transport Layer Security
• Secure Socket Layer (SSL)• Secure Shell (SSH)• SYN Cookies
– MD5 hash (source IP, source port, dest IP, dest port and ISN in SYN)
– Send in its SYN-ACK – no need for state for half-open connections in memory
64
Enable:vi /etc/sysctl.confÞ net.ipv4.tcp_syncookies = 1
Verify:Þ cat /proc/sys/net/ipv4_tcpsyncookiesÞ sysctl –n net ipv4.tcp_syncookies
Application Layer Security
• HTTPS
• PGP (Pretty Good Privacy)
• SMIME (Secure Multipurpose Internet Mail Extensions)
• TSIG and DNSSEC
• Wireless Encryption - WEP, WPA, WPA2
65
Overview
• Network SecurityFundamentals
• Threat Pragmatics
• Cryptography Basics
66
Cryptography
67
• All about hiding information in plain sight!
Cryptography• Cryptography deals with creating documents that
can be shared secretly over public communication channels
• Other terms closely associated– Cryptanalysis = code breaking– Cryptology
• Kryptos (hidden or secret) and Logos (description) = secret speech / communication
• combination of cryptography and cryptanalysis
• Cryptography is a function of plaintext and a cryptographic key
C = F(P,k) Notation:Plaintext (P)Ciphertext (C)Cryptographic Key (k)
68
Terminology
• Cryptography : the practice and study of hiding information
• Cryptanalysis : to find some weakness or insecurity in a cryptographic scheme
• Encryption : the method of transforming data (plain text) into an unreadable format
• Plaintext - the “scrambled” format of data after being encrypted
69
Cryptosystem Terminology
• Decryption : the method of turning cipher text back into plaintext
• Encryption Algorithm : a set of rules or procedures that dictates how to encrypt and decrypt data, also called encryption cipher
• Key : (cryptovariable) a value used in the encryption process to encrypt and decrypt
70
Key is the key
• The key length is the measure in bits and the key space is the number of possibilities that can be generated by a specific key length
• Example : – 22 key = a keyspace of 4– 24 key = a keyspace of 16 – 240 key = a keyspace of 1,099,511,627,776
71
• Assume everyone knows your encryption/decryption algorithm
• Security of encryption lies in the secrecy of the keys, not the algorithm! – Kerckhoff’s principle
• How do we keep them safe and secure?
72
Key is the key
Work Factor
• The amount of processing power and time to break a crypto system
• No system is unbreakable
• Make it too expensive to break
73
Encryption
• Scramble plaintext to ciphertext using a cryptographic key
• Used all around us– Application Layer – used in secure email, database sessions,
and messaging– Session layer – Secure Socket Layer (SSL) or Transport
Layer Security (TLS)– Network Layer –IPsec
74
Encryption and Decryption
Plaintext Ciphertext Plaintext
ENCRYPTIONALGORITHM
DECRYPTIONALGORITHM
Encryption Key Decryption Key
75
Symmetric Key Algorithm
• Same key to encrypt and decrypt information– Both sender and receiver needs to know the key
• Also known as a secret-key algorithm– The key must be kept a “secret” to maintain security
• Follows the more traditional form of cryptography with key lengths ranging from 40 to 256 bits.
• Examples:– DES, 3DES, AES, RC4, RC6, Blowfish
76
Same shared secret key
Plaintext
ENCRYPTIONALGORITHM
DECRYPTIONALGORITHM
Ciphertext Plaintext
Encryption Key Decryption Key
Shared Key Shared Key
Symmetric Encryption
77
Symmetric Key AlgorithmSymmetric Algorithm Key SizeDES 56-bit keys
Triple DES (3DES) 112-bit and 168-bit keys
AES 128, 192, and 256-bit keys
IDEA 128-bit keys
RC2 40 and 64-bit keys
RC4 1 to 256-bit keys
RC5 0 to 2040-bit keys
RC6 128, 192, and 256-bit keys
Blowfish 32 to 448-bit keys
Note: Longer keys are more difficult to crack, but more computationally expensive.
78
Asymmetric Key Algorithm
• Also called public-key cryptography
• Public-Private key pair– Encrypt with one key and decrypt with the other
• Keep private-key private• Anyone can see the public-key
• The decryption key cannot, at least in a reasonable amount of time, be calculated from the encryption key and vice-versa.
• Examples:– RSA, DSA, Diffie-Hellman, ElGamal, PKCS
79
Asymmetric Encryption
Plaintext
ENCRYPTIONALGORITHM
DECRYPTIONALGORITHM
Ciphertext Plaintext
Encryption Key Decryption Key
Public Key Private Key
Different keys
80
Asymmetric Key Algorithms
• RSA (512-2048 bits)– the first and still most common implementation
• DSA (512-1024)– provides capability for authentication of messages
• Diffie-Hellman (512, 1024, 2048 bits) – used for secret key exchange only
• ElGamal (512-1024)– used for key exchange (similar to DH)
81
Hash Functions
• produces a condensed representation of a message
• takes an input message of arbitrary length and outputs fixed-length code– The fixed-length output is called the hash or message digest
• A form of signature that uniquely represents the data
• Uses: – Verifying file integrity – Digitally signing documents– Hashing passwords
82
Hash Functions
• Message Digest (MD) Algorithm – Outputs a 128-bit fingerprint of an arbitrary-length input– MD5 is widely-used
• Secure Hash Algorithm (SHA)– SHA-1 produces a 160-bit message digest similar to MD5
• Widely-used on security applications (TLS, SSL, PGP, SSH, S/MIME, IPsec) L
– SHA-256, SHA-384, SHA-512 produce longer hash values
83
Digital Signature
• Encrypted hash of a message appended to the message– used to prove the identity of the sender and the integrity of
the packet
84
Digital Signature Process
• Hash the data
• Encrypt the hash with the sender’s private key
• Append the signature to the data
DATA HASH SIGNATURE
MD5/SHA PRIVATE KEY
85
SIGNATURE
Verification - Receiver• Hash the received data
– with the same hashing algorithm
• Decrypts the signature using the sender’s public key
• Compare the hashes– If match, the data was not modified and signed by the
sender
DATAHASH
HASH
MD5/SHA-1
86
PUBLIC KEYSIGNATURE
Example
87
https://www.gpg4win.org (MSWIN) https://www.gpgtools.org (OS X)
PKI / PGP Primer
• 🔑 Public Key• 🗝 Private Key
• 📝 Message
• 📝+🔑 = 🔒✉ Encrypted
• 🔒✉+🗝 = 🔓📝 Decrypted• 📝+🗝 = 🔏✉ Signed
• 🔏✉ + 🔑 = 👤 Authenticated
88
89