NetworkSecurity( Workshop · 2017. 6. 13. · Overview Network(Security(Workshop –...

Network Security Workshop13-15 JUNE, 2017

Ulaanbaatar, Mongolia.

Overview Network Security Workshop– Network Security Fundamental– Attack Types Analysis and Mitigation

– ICMP Protocol Security Threats – Attack Analysis in Different Layers– IPv6 Protocol Overview & Security Basic– Cryptography and IPSec– IPSec Lab Exercise– DNS/DSNSec

Questions?


– ICMP Protocol Security Threats – Attack Analysis in Different Layers– IPv6 Protocol Overview & Security Basic– Cryptography and IPSec– IPSec Lab Exercise

– DNS/DSNSec

Network Security

• What is network security?

• How does it secure our network?

• What are the business benefits of network security?

• Is your network secure enough? J

Why Security?

• The Internet was initially designed for connectivity – Trust assumed– We do more with the Internet nowadays

• Fundamental aspects of information must be protected– Confidential data– Protect identity and resources

• We can’t keep ourselves isolated from the Internet– Most business communications are done online– We provide online services – We get services from third-party organizations online

Goals of Information Security

Confidentiality Integrity Availability

SECURITY

prevents unauthorized use or disclosure of information

safeguards the accuracy and completeness of information

authorized users have reliable and timely access to information

Internet Evolution

• Different ways to handle security as the Internet evolves

LAN connectivity Application-specificMore online content

Cloud computingApplication/data hosted in the cloud environment

Why Security?

• Key findings:– Hacktivism and vandalism are the common DDoSattack motivation

– High-bandwidth DDoS attacks are the ‘new normal’– First-ever IPv6 DDoS attacks are reported– Trust issues across geographic boundaries

Source: Arbor Networks Worldwide Infrastructure Security Report Volume VII

Security Threat Categories

• There are four general categories of security threats to the network:– Unstructured threats• These threats primarily consist of random hackers using common tools such as malicious shell scripts, password crackers, credit card number generators, and dialer daemons. Hacker may have malicious intent but mostly are interested in the intellectual challenge.

– Structured threats• These threats are created by hackers who are more highly motivated and technically competent. Typically, such hackers act alone or in small groups to understand, develop, and use sophisticated hacking techniques to penetrate unsuspecting businesses. These groups are often involved in the major fraud and theft cases reported to law enforcement agencies

Security Threat Categories

• There are four general categories of security threats to the network:– External threats• These threats consist of structured and unstructured threats originating from an external source. These threats may have malicious and destructive intent, or they may simply be errors that generate a threat.

– Internal threats• These threats typically involve dissatisfied former or current employees. Although internal threats may seem more ominous than threats from external sources, security measures are available for reducing vulnerabilities to internal threats and responding when attacks occur

Ways to Initiate Network Attack

• A combination of the following can be used to compromise a system:– Reconnaissance– Network access– Denial of service– Worms, viruses, and Trojan horses

Reconnaissance Attacks

• Reconnaissance attacks include:– Packet sniffers– Port scans– Ping sweeps– Internet information queries

Packet Sniffers

• A packet sniffer is a software application that uses a network adapter card in promiscuous mode to capture all network packets. The following are packet sniffer features:– Packet sniffers exploit information passed in clear text. Protocols that pass information in clear text are Telnet, FTP, SNMP, POP and HTTP.

– Packet sniffers must be on the same collision domain.

– Packet sniffers can be used legitimately or can be designed specifically for attack.

Packet Sniffer Attack Mitigation

• The mitigation techniques and tools include:– Authentication– Switched infrastructure– Cryptography

Port Scans and Ping Sweeps

• These attacks can attempt to:– Identify all services on the network– Identify all hosts and devices on the network– Identify the operating systems on the network– Identify vulnerabilities on the network

Port Scan and Ping Sweep AttackMitigation• Port scans and ping sweeps cannot be prevented without compromising network capabilities.

• However, damage can be mitigated using intrusion prevention systems at network and host levels.

Network Access Attacks

• Access attacks include the following:– Password attacks– Trust exploitation– Port redirection

Password Attacks• Hackers implement password attacks using the following:– Brute-force attacks• Password attacks usually refer to repeated attempts to identify a user account and password. These repeated attempts are called brute-force attacks.

– Dictionary cracking» The password hashes for all of the words in a dictionary file are computed and compared against all of the password hashes for the users. This method is extremely fast and finds very simple passwords

– Brute-force computation» This method uses a particular character set, such as A to Z, or A to Z plus 0 to 9, and computes the hash for every possible password made up of those characters. Brute-force compilation always computes the password if that password is made up of the character set you have selected to test. The problem for the attacker is that time is required for completion of this type of attack.

Password Attack Mitigation

• The following are password attack mitigation Techniques: – Do not allow users to use the same password on multiple systems.– Disable accounts after a certain number of unsuccessful login attempts

– Do not use plain text passwords. Use strong passwords. ( Just an example use apY8!Nicws8y rather than apnicws)

Denial of Service Attacks

• A denial of service (DoS) attack damages or corrupts your computer system or denies you and others access to your networks, systems or services.

• DoS attacks are the most publicized form of attack, and are also among the most difficult to completely eliminate.

• If you are interested in learning more about DoS attacks, research is the best methods on some of the well-known attacks happen in Internet.

• But in principle DoS attack sucks all CPU/memory/process capabilities etc of a system and kick them out of the network. Compromise system availability.

Questions?

Overview Network Security Workshop– Network Security Fundamental

– Attack Types Analysis and Mitigation – ICMP Protocol Security Threats – Attack Analysis in Different Layers– IPv6 Protocol Overview & Security Basic– Cryptography and IPSec– IPSec Lab Exercise

– DNS/DSNSec

Type of Attacks

• Eavesdropping

• Masquerading

• Man-in the middle

Eavesdropping Attack

• Clear text data exchange between source and destination

• Hackers/attacker will be in the middle (On the network)

• Sniff all clear text packet

• Used tools i.e protocol analyzer, promiscuous LAN card and PC

Eavesdropping Attack (Cont)

• Possible solutions are:

• One time password (OTP) to protect password information (Not other data).

• Data encryption i.e 3DES, AES etc

Eavesdropping Attack (Cont)

• Two type of encryption– Link encryption (L2)– On point to point link entire frame (PPP/HDLC) in encrypted – Packet payload encryption (L3)– Only Packet payload is encrypted so it could be routed across L3 network or Internet

– Example encryption RC4, DES, 3DES, AES– Packet payload/L3 encryption is most common in Internet because only source and destination will do encryption/decryption

Masquerading Attack

• Hacker/attacker spoof someone's identity

• Change source address (L2 or L3)

• Typically combine with DoS attack

• Use specialized software to generate packet/frame changing IP/MAC address of the originating PC

• Masquerade identity with authorized external source IP/MAC to get access

Masquerading Attack (Cont)

• To control returning traffic attack might be combined with routing attack

• To initiate DoS attack hacker/attacker use internal address as source of packet

• In L2 network ARP spoofing is used to redirect L2 traffic

Masquerading Attack (Cont)

• Need packet integrity check to handle masquerading attack

• Common solution is to use hash function

• Hash function use a one way hash with a shared key

• Only the device have the key will be able to create/verify hash value

• Most common hashing functions are MD5, SHA

Man-in-the Middle Attack

• Attacker can sit in the middle of source and destination and initiate following two types of Man-in-the Middle attacks:– Session replay attack– Session hijack attack

• For both type of attack hacker need access to the network (i.e LAN/Internet)

Man-in-the Middle Attack (Cont)

• Session hijack attack– Attacker insert him in to an established connection between sender and receiver and hijack the connection. Require a specialized TCP sequence number generating software.

– This is much easier in UDP, ICMP protocol (No ACK)


• To handle these type of attack generate randomize TCP sequence number

• TCP sequence number is 32bit so around 4.3 billion possible combination. Practically impossible to guess next sequence number.

• VPN is best option to protect this attack.


• Session replay attacks– Attacker intercepts traffic from the source to the real destination by combination of spoofing and routing attack. Then pretend to be the real destination, capture all information from source and redirect it to real destination including TCP session reply.

– Attacker use Java or ActiveX script to initiate this attack

Computer Worms• Worms have emerged as the new security threat

• Computer worms are malicious software/malware designed to spread via computer networks.

• Anyone can installs worms by opening an email attachment or message that contains executable scripts.

• Worms can spontaneously generate additional email messages containing copies of the worm.

• Being embedded inside network software, computer worms can penetrate firewalls and other network security measures.

Computer Worms

• ICMP error message contain part/full of the original packet in its payload that cause the error at the first place

• This payload could be used by the hacker as a covert channel to send any malicious code– If firewall do not inspect payload segment in ICMP error packet– If the error packet fragment does not contain legitimate IP address or it is not statefully sent then packet should be dropped

Questions?


– ICMP Protocol Security Threats – Attack Analysis in Different Layers– IPv6 Protocol Overview & Security Basic– Cryptography and IPSec– IPSec Lab Exercise

– DNS/DSNSec

Historical Purpose of ICMP

• Internet Control Message Protocol (ICMP) was initially drafted in RFC 791 & 792– Allow errors/information to report back to the transmitting device to facilitate testing and debugging in TCP/IP network

– Originally created to allow the reporting of a small set of error conditions of IPv4 networks

• It work as a protocol on top of IP as an “administrative assistant”

• One of the under-appreciated service of TCP/IP protocol because of its wide spread use by the hackers

• Not all functions are harmful for network though J

ICMP Messages

• Most of the firewall administrator would like to block nearly all ICMP messages for IPv4

• IPv4 communication still work

• There are two class of ICMPv4 messages– Error messages• i.e. Destination unreachable, Source quench, Redirect, Time exceeded, Parameter problem

– Informational messages• i.e. Echo (Request), Echo reply, Router advertisement, Router solicitation, Time stamp (Request), Timestamp reply, Information request, Information reply, Address mask request, address mask reply, Traceroute

ICMP Messages

• Error messages– Error message includes the original full IP header and the first 8 bytes of the payload. Beginning of the payload will contain higher-layer header. ICMP message also carries either the full UDP header, or the first 8 bytes of the TCP header. In both cases, the source and destination port numbers are provided

• Informational messages– Informational messages are used to let devices exchange information, implement certain IP-related features, and perform testing. They do not indicate errors and are typically not sent in response to a regular datagram transmission. They are generated either when directed by an application, or on a regular basis to provide information to other devices. An informational ICMP message may also be sent in reply to another informational ICMP message, since they often occur in request/reply or solicitation/advertisement functional pairs.

ICMP Attack Vector

• Some of the ICMP messages can be used and attack vector by the hacker i.e. – ECHO_REQUEST• Which will allow network reconnaissance or DoS attack

– REDIRECT• Which could achieve the same result to source routing

– DESTINATION_ UNREACHABLE• This ICMP message can cause a host to drop a connection immediately

– TIME_EXCEEDED• This ICMP message can cause a host to drop a connection immediately

Smurf Attack

• The Smurf attack is named after the source code employed to launch the attack (smurf.c)

• ICMP ECHO_REQUEST packets are sent to the broadcast address of a network.

• Depending on host configuration they may attempt to reply to the ECHO_REQUEST

• The resulting flood of responses may degrade the performance of the network particularly at the destination host.

ICMP DoS Attack

• Attacker could use either TIME_EXCEEDED or DESTINATION_UNREACHABL messages

• By forging one of this ICMP messages and sending it to any of the communicating host

• They will immediately drop a connection

Ping of Death Attack

• An attacker sends an ICMP ECHO_REQUEST packet that is larger than the maximum IP packet size.

• Since the received ICMP echo request packet is larger than the normal IP packet size, it is fragmented

• The target can't reassemble the packets, so the OS crashes or reboots

ICMP Redirect Attack

• Router R1 will send an ICMP REDIRECT message to host H to send packet to R2 directly for destination 10.1.1.1

• Hackers can utilize this behavior and initiate man-in-the-middle attack

How to Stop These?

• Most of the firewall administrator would like to block nearly all ICMP messages for IPv4 on the perimeter J

• Use interface commandno ip redirectsno ip directed-broadcastno ip unreachables

• Use ACL (Advance ACL using ICMP Type and Code)

Vulnerabilities and Exploits

• A vulnerability is a weakness that compromises the security of a system. I.e.– Poor passwords– Insecure communication

• An exploit is the mechanism used to leverage a vulnerability of a system. I.e.– Password guessing tools– Shell scripts– Executable code

Questions?


– ICMP Protocol Security Threats

– Attack Analysis in Different Layers– IPv6 Protocol Overview & Security Basic– Cryptography and IPSec– IPSec Lab Exercise

– DNS/DSNSec

Attacks on Different LayersApplication

Presentation

Session

Transport

Network

Data Link

Physical

Application

Transport

Internet

Network AccessLayer 2: PPTP, Token Ring

Layer 3: IPv4, IPv6, ICMP, IPSec

Layer 4: TCP, UDP

Layer 5: SMB, NFS, Socks

Layer 7: DNS, DHCP, HTTP, FTP, IMAP, LDAP, NTP, Radius, SSH, SMTP, SNMP, Telnet, TFTP

Ping/ICMP Flood

TCP attacks, Routing attack, SYN flooding,

Sniffing

DNS Poisoning, Phishing, SQL injection, Spam/Scam

ARP spoofing, MAC flooding

OSI Reference Model TCP/IP Model

Layer 2 Attacks

• ARP Spoofing

• MAC flooding attacks

• DHCP attacks

• VLAN hopping

ARP Spoofing1

Client’s ARP Cache already poisonedIt will communicate directly to the fake destination

I want to connect to 10.0.0.3. I don’t know the MAC address

10.0.0.1AA-AA-AA-AA-AA-AA

10.0.0.2BB-BB-BB-BB-BB-BB

10.0.0.3CC-CC-CC-CC-CC-CC

10.0.0.4DD-DD-DD-DD-DD-

DD

ARP Request

Wait, I am 10.0.0.3!

I am 10.0.0.3. This is my MAC address

MAC Flooding

• Exploits the limitation of all switches – fixed CAM table size

• CAM = Content Addressable memory = stores info on the mapping of individual MAC addresses to physical ports on the switch.

Port 1 Port 2

Port 3

Port 4

00:01:23:45:67:A1 x

00:01:23:45:67:B2 x

00:01:23:45:67:C3 x

00:01:23:45:67:D4 x

DHCP Attacks

• DHCP Starvation Attack– Broadcasting vast number of DHCP requests with spoofed MAC address simultaneously.

– DoS attack using DHCP leases

• Rogue DHCP Server Attacks

Attacker sends many different DHCP requests with many spoofed addresses.

Server runs out of IP addresses to allocate to valid users

VLAN Hopping

• Attack on a network with multiple VLANs

• Two primary methods:– Switch spoofing – attacker initiates a trunking switch– Double tagging – packet is tagged twice.

DHCP Attack Types

• Solution: enable DHCP snooping

ip dhcp snooping (enable dhcp snooping globally)ip dhcp snooping vlan <vlan-id> (for specific vlans)ip dhcp snooping trust ip dhcp snooping limit rate <rate>

TCP Attacks

• SYN Flood – occurs when an attacker sends SYN requests in succession to a target.

• Causes a host to retain enough state for bogus half-connections such that there are no resources left to establish new legitimate connections.

TCP Attacks

• TCP 3-way handshake

• Attacker sends a series of SYN packets without replying with the ACK packet

• Finite queue size for incomplete connections

Server(Victim)

Attacker

X

CONNECTION ESTABLISHEDOPEN CONNECTIONS

Application Layer Attacks

• Applications don’t authenticate properly

• Authentication information in clear– FTP, Telnet, POP

• DNS insecurity– DNS poisoning– DNS zone transfer

1

DNS Cache Poisoning

(pretending to be the authoritative

zone)

ns.example.comWebserver

(192.168.1.1)

DNS Caching Server

Client

I want to access www.example.com

1

QID=64571

2

QID=64569

QID=64570

QID=64571

www.example.com 192.168.1.1

match!


3

Root/GTLD

QID=64571

Botnet

• Collection of compromised computers (or ‘bot’)

• Computers are targeted by malware (malicious software)

• Once controlled, an attacker can use the compromised computer via standards-based network protocol such as IRC and HTTP

• How to become a bot:– Drive-by downloads (malware) – Go to malicious websites (exploits web browser vulnerabilities)– Run malicious programs (Trojan) from websites or as email attachment

Security on Different Layers

Application

Presentation

Session

Transport

Network

Data Link

Physical

Layer 2: ARP, Token Ring

Layer 3: IPv4, IPv6, ICMP, IPSec

Layer 4: TCP, UDP

Layer 5: SMB, NFS, Socks

Layer 7: DNS, DHCP, HTTP, FTP, IMAP, LDAP, NTP, Radius, SSH, SMTP, SNMP, Telnet, TFTP

Ping/ICMP Flood

TCP attacks, Routing attack, SYN flooding, Sniffing

DNS Poisoning, Phishing, SQL injection, Spam/Scam

ARP spoofing, MAC floodingIEEE 802.1X, PPP & PPTP

IPSec

TLS, SSL, SSH

HTTPS, DNSSEC, PGP, SMIME

PPPoE

• PPP over Ethernet

• Defined in RFC 2516

• A means to encapsulate PPP packets over the Ethernet link layer

• Mostly used in ADSL environments to provide access control, billing, and type of service on a per-user rather than a per-site basis

Transport Layer Security

• Secure Socket Layer (SSL)

• Secure Shell Protocol

• SOCKS Protocol

Secure Shell Protocol (SSH)

• Protocol for secure remote login

• Provides support for secure remote login, secure file transfer, and secure forwarding of TCP/IP and X Window System traffic

• Consists of 3 major components:– Transport layer protocol (server authentication, confidentiality, integrity)

– User authentication protocol (authenticates client to the server)– Connection protocol (multiplexes the encrypted tunnel into several logical channels)

Application Layer Security

• HTTPS

• PGP (Pretty Good Privacy)

• SMIME (Secure Multipurpose Internet Mail Extensions)

• TSIG and DNSSEC

• Wireless Encryption - WEP, WPA, WPA2

HTTPS

• Hypertext Transfer Protocol Secure

• Widely-used, message-oriented communications protocol

• Connectionless oriented protocol

• Technically not a protocol in itself, but simply layering HTTP on top of the SSL/TLS protocol

• Encapsulates data after security properties of the session

• Not to be confused with S-HTTPNote: A website must use HTTPS everywhere, otherwise it is still vulnerable to some attacks

Questions?

Device & Infrastructure SecurityNetwork Security Workshop

Overview

• Server Hardening

• Logging and Monitoring

• Backup and Recovery

• L2 Device (Switch) Security

• L3 Device (Router) Security

• Bogons

Server Hardening

• Use netstat to check which ports you are currently listening on your Linux machine.– Close unnecessary ports

• Remove unused applications. Minimal software means less possible vulnerabilities

• Perform regular software patches and update.

• Disable unwanted services and remove from startup items

• Use TCP wrappers and properly configure hosts.allow and hosts.deny files.

• Rule of thumb: deny all, allow as necessary

Server Hardening - Accounts

• Disable default accounts and groups that are not needed

• Use strong authentication

• Good password policy– Minimum number of characters– Combination of alphabets, numbers, special characters, upper and lower case

– Implement password aging– Force users to change password on first login– Prevent use of previous passwords

• Lock account after a number of failed logins

Backup and Recovery

• A backup system is a fundamental element of any disaster recovery plan

• Provides for disaster recovery of key network services and any file

• Physical vs Logical backup– Physical backup – create copy of the files into some other location, such as disks or tapes

– Logical backup – remote, cloud services

Backup and Recovery

• Type of Backup – Full backup – entire dataset regardless whether it has been altered or not;; take longer

– Incremental backups – only backs up data that has been changed since last backup

– Differential backups – backups data that has changed since the last full backup

– Copy backups – full backups without a reset of archive bits

• Backup intervals– Daily incremental

• Backup media– Offline backups: Magnetic Tapes, Optical drives, Hard disk– Offsite backups: Network, NAS, Data center

Backup and Recovery

• Always test that your backups are restorable

• Restoration should be within a reasonable period of time– time to recover– Priority of some files over others

Logging

• All security-related events must be logged

• Audits must be performed on a regular basis

• In a Linux system:– monitor log messages using logwatch– Perform system accounting using auditd

Network Devices

• Attack areas:– Default passwords– Broadcasting packets replicated on all ports

– rogue devices participate in STP and mislead it

– packet flooding using spoofed MAC addresses

– Gaining management access

Network Devices

• Change the default settings

• Allow management sessions only from approved sources

• Use AAA server to authenticate administrators, authorize their actions and perform accounting of all actions

• Encrypt sessions

• Limit device access– Console sessions should also be authenticated

• Admin actions should be authorized through a AAA server

• Disable password recovery

Increasing Port Security

• CAM entry aging

• Static or permanent CAM entries

• Limit MAC addresses per port

• Disable unused port

• Port authentication with IEEE 802.1X

Mitigation of ARP Spoofing

• Static ARP entries

• Secure ARP inspection– Secure ARP Discovery (SAD)

• Separate VLANs with unique IP subnets

• Private VLAN

• IEEE 802.1X port authentication

Port Authentication using 802.1X

• 802.1X is an IEEE standard defining layer 2 protocol used for authentication purposes

• 3 authentication protocols– EAP-MD5 (challenge response auth protocol)– EAP-OTP (proprietary one-time password)– EAP-TLS (using digital certificates)

Spanning Tree Protocol

• Used to prevent loops in a switched LAN by disabling redundant links (IEEE 802.1D)

• STP takes 30-50 seconds to converge

• Misplacement of the root bridge can cause suboptimal paths

• Loss of the root bridge has the most effect on performance

• STP does not include any security by default

Trunking

• Allows multiple VLANs to be carried over one physical link. This may expose the whole network to a single port if not configured properly.

• An intruder can also interfere with VTP messages and cause VLANs to disappear

• Must disable trunking on a port

VLAN Trunking Protocol (VTP)

• Used to make VLAN management easier in large switched LAN environments

• VTP should use authentication to prevent unauthoriseddevices from participating in VTP

• VTP can use MD5 to authenticate VTP messages

• The same password has to be used on all devices in a VTP domain

• Replay attacks are not possible

VLAN/Trunking Best Practices

• Always use a dedicated VLAN ID for all trunk ports

• Disable unused ports and put them in an unused vlan

• Do not use VLAN 1 for anything

• Disable auto-trunking on user facing ports (DTP off)

• Explicitly configure trunking on infrastructure ports

• Use all tagged mode for the native VLAN on trunks

• Use PC Voice VLAN access on phones that support it

• Use 802.1q tag on all the trunk ports

VLAN 1

• A special VLAN used as a default vlan assigned to L2 device ports.

• Generic rule: “network administrators should pruse any VLAN, and in particular VLAN 1, from all theports where that VLAN is not strictly needed”

Network Devices: Routers

• Use strong authentication

• Disable unused services

• Modify insecure default settings

• Authenticate IGP messages

• Check software versions for security-related bugs

Network Hardening (Layer 3)

• Interior gateway protocol (IGP) - exchange routing information between routers inside the network– OSPF, EIGRP, RIPv2, IS-IS

• Exterior Gateway Protocol (EGP) - exchange routes with Internet Service Providers (ISPs)– BGP

Threats to Routing Protocols

• Deliberate exposure – attacker takes control of a router and intentionally releases routing information to other entities

• Sniffing – attackers monitor and/or record the routing exchanges between authorized routers to sniff for routing information

• Traffic analysis – attackers gain routing information by analyzing the characteristics of the data traffic on a subverted link

• Spoofing – illegitimate device assumes the identity of a legitimate one.

• Falsification – attacker sends false routing information• Interference – attacker inhibits the exchanges by legitimate routers

• Overload – attackers place excess burden on legitimate routersRFC 4593

Securing Routing Protocols

• an authentication mechanism should be used to prevent accidental or deliberate adjacencies from being established– password system should be secret and changed regularly

• authenticate routing updates

• security only verifies the source of the information– no encryption of the routing update contents– any packet interception will allow read-access

BGP Security (BGPsec)

• Extension to BGP that provides improved security for BGP routing

• Currently an IETF Internet draft

• Implemented via a new optional non-transitive BGP path attribute that contains a digital signature

• BGP Prefix Origin Validation (using RPKI)

• BGP Path Validation

BGP Security• Real-time Blackhole Routing (RTBH)– Packets are forwarded to a router’s bit bucket – either a null interface or a discard interface)

– desired packets are dropped with minimal or no performance impact– Employing uRPF in conjunction with RTBH can provide source-based solution vs destination-based

• BGP Diversion– Uses BGP to divert traffic to sinkholes or any packet “scrubbing” centers for further analysis

– Divert via resetting BGP next hop to ip address of analysis system(s) or matching community tags that result in different BGP next hops being assigned for a given prefix

• BGP Route Tagging– Tag routes using BGP communities to apply filtering, rate limiting, QoS, firewall, or any other policy on packets

Sinkholes

Cisco IOS Features

• Control Plane Policing– allows users to configure a QoS filter that manages the traffic flow of control plane packets to protect the control plane of Cisco IOS routers and switches against reconnaissance and denial-of-service (DoS) attacks

– Control plane can help maintain packet forwarding despite an attack or heavy traffic load

• Unicast RPF– limits malicious traffic by enabling a router to verify the reachability of the source address in packets being forwarded.

Bogons

• Bogons – Martians and netblocks that have not been allocated to an RIR by IANA.

• Fullbogons – a larger set which also includes IP space that has been allocated to an RIR, but not assigned by that RIR to an actual ISP or other end-users.

Reference: http://www.team-cymru.org/Services/Bogons/bgp.html

Bogons (BGP)Cisco Router Traditional bogons

router bgp <your asn>

neighbor x.x.x.x remote-as 65333

neighbor x.x.x.x ebgp-multihop 255

neighbor x.x.x.x description <your description>

neighbor x.x.x.x prefix-list cymru-out out

neighbor x.x.x.x route-map CYMRUBOGONS in

neighbor x.x.x.x password <your password>

neighbor x.x.x.x maximum-prefix 100 threshold 90

Reference: http://www.team-cymru.org/Services/Bogons/bgp.html

Bogons (BGP)! Remember to configure your Cisco router to handle the new style! community syntax.ip bgp-community new-format!! Set a bogon next-hop on all routers that receive the bogons.ip route 192.0.2.1 255.255.255.255 null0!! Configure a community list to accept the bogon prefixes into the! route-map.ip community-list 10 permit 65333:888!! Configure the route-map. Remember to apply it to the proper! peering sessions.route-map CYMRUBOGONS permit 10description Filter bogons learned from cymru.com bogon route-serversmatch community 10set ip next-hop 192.0.2.1

!ip prefix-list cymru-out seq 5 deny 0.0.0.0/0 le 32

Bogons (BGP Peer-Group)router bgp <your asn>

neighbor cymru-bogon peer-groupneighbor cymru-bogon ebgp-multihop 255neighbor cymru-bogon description <general description>neighbor cymru-bogon prefix-list cymru-out outneighbor cymru-bogon route-map CYMRUBOGONS inneighbor cymru-bogon maximum-prefix 100 threshold 90

! You'll need to increase the maximum to at least 50000 with an! appropriate thresholds if you're receiving one or both fullbogons! feeds.!

neighbor x.x.x.x remote-as 65333neighbor x.x.x.x peer-group cymru-bogonneighbor x.x.x.x description <specific description>neighbor x.x.x.x password <your password>

Questions?

Overview Network Security Workshop– Network Security Fundamental– Attack Types Analysis and Mitigation – ICMP Protocol Security Threats – Network Security Policy Overview– Attack Analysis in Different Layers– End System & Device Security BCP and Lab

– IPv6 Protocol Overview & Security Basic– IP Core Network Security BCP and LAB Exercise– Cryptography and IPSec– IPSec Lab Exercise– DNS/DSNSec

Protocol Header Comparison

• IPv4 contain 10 basic header field

• IPv6 contain 6 basic header field

• IPv6 header has 40 octets in contrast to the 20 octets in IPv4

• So a smaller number of header fields and the header is 64-bit aligned to enable fast processing by current processors

102Diagram Source: www.cisco.com

IPv6 Protocol Header Format The IPv6 header fields:

• Version: – A 4-bit field, same as in IPv4. It contains the number 6 instead of the number 4 for IPv4

• Traffic class: – A 8-bit field similar to the type of service (ToS) field in IPv4. It tags packet with a traffic class that it uses in differentiated services (DiffServ). These functionalities are the same for IPv6 and IPv4.

• Flow label: – A completely new 20-bit field. It tags a flow for the IP packets. It can be used for multilayer switching techniques and faster packet-switching performance


IPv6 Protocol Header Format • Payload length: – This 16-bit field is similar to the IPv4 Total Length Field, except that with IPv6 the Payload Length field is the length of the data carried after the header, whereas with IPv4 the Total Length Field included the header. 216 = 65536 Octets.

• Next header: – The 8-bit value of this field determines the type of information that follows the basic IPv6 header. It can be a transport-layer packet, such as TCP or UDP, or it can be an extension header. The next header field is similar to the protocol field of IPv4.

• Hop limit: – This 8-bit field defines by a number which count the maximum hops that a packet can remain in the network before it is destroyed. With the IPv4 TLV field this was expressed in seconds and was typically a theoretical value and not very easy to estimate.


IPv6 Extension Header • Adding an optional Extension Header in IPv6 makes it simple to add new features in IP protocol in future without a major re-engineering of IP routers everywhere

• The number of extension headers are not fixed, so the total length of the extension header chain is variable

• The extension header will be placed in- between main header and payload in IPv6 packet

105

IPv6 Extension Header • If the Next Header field value (code) is 6 it determine that there is no extension header and the next header field is pointing to TCP header which is the payload of this IPv6 packet

• Code values of Next Header field:– 0 Hop-by-hope option– 2 ICMP– 6 TCP– 17 UDP– 43 Source routing– 44 Fragmentation– 50 Encrypted security payload– 51 Authentication– 59 Null (No next header)– 60 Destination option

106

Link listed Extension Header

• Link listed extension header can be used by simply using next header code value

• Above example use multiple extension header creating link list by using next header code value i.e 0 44 6

• The link list will end when the next header point to transport header i.e next header code 6

107

Order Of Extension Header• Source node follow the order:– 1. Hop-by-hop– 2. Routing– 3. Fragment– 4. Authentication– 5. Encapsulating security payload– 6. Destination option– 7. Upper-layer

• Order is important because:– Only hop-by-hop has to be processed by every intermediate nodes– Routing header need to be processed by intermediate routers– At the destination fragmentation has to be processed before others– This is how it is easy to implement using hardware and make faster processing engine

108

Fragmentation Handling In IPv6• Routers handle fragmentation in IPv4 which cause variety of processing performance issues

• IPv6 routers no longer perform fragmentation. IPv6 host use a discovery process [Path MTU Discovery] to determine most optimum MTU size before creating end to end session

• In this discovery process, the source IPv6 device attempts to send a packet at the size specified by the upper IP layers [i.e TCP/Application].

• If the device receives an ICMP packet too big message, it informs the upper layer to discard the packet and to use the new MTU.

• The ICMP packet too big message contains the proper MTU size for the pathway.

• Each source device needs to track the MTU size for each session.

109Source: www.cisco.com

IPv6 Addressing

• An IPv6 address is 128 bits long

• So the number of addresses are 2^128=340282366920938463463374607431768211455(39 decimal digits)=0xffffffffffffffffffffffffffffffff (32 hexadecimal digits)

• In hex 4 bit (nibble) is represented by a hex digit

• So 128 bit is reduced down to 32 hex digit

IPv6 Address Representation• Hexadecimal values of eight 16 bit fields

- X:X:X:X:X:X:X:X (X=16 bit number, ex: A2FE)- 16 bit number is converted to a 4 digit hexadecimal number

• Example:- FE38:DCE3:124C:C1A2:BA03:6735:EF1C:683D

– Abbreviated form of address- 4EED:0023:0000:0000:0000:036E:1250:2B00- →4EED:23:0:0:0:36E:1250:2B00- →4EED:23::36E:1250:2B00- (Null value can be used only once)

IPv6 addressing structure

1 128

ISP/32

32

128 bits

Customer Site /48

16

End Site Subnet /64

16 64

Device 128 Bit Address

Interface ID65

Network Prefix 64

IPv6 addressing model• IPv6 Address type – Unicast• An identifier for a single interface

– Anycast• An identifier for a set of interfaces

– Multicast• An identifier for a group of nodes

RFC4291

Addresses Without a Network Prefix

• Localhost ::1/128

• Unspecified Address ::/128

• IPv4-mapped IPv6 address ::ffff/96 [a.b.c.d]

• IPv4-compatible IPv6 address ::/96 [a.b.c.d]

114

Local Addresses With Network Prefix

• Link Local Address– A special address used to communicate within the local link of an interface

– i.e. anyone on the link as host or router – This address in packet destination that packet would never pass through a router

– fe80::/10

115

Local Addresses With Network Prefix • Unique Local IPv6 Unicast Address– Addresses similar to the RFC 1918 / private address like in IPv4 but will ensure uniqueness

– A part of the prefix (40 bits) are generated using a pseudo-random algorithm and it's improbable that two generated ones are equal

– fc00::/7– Example webtools to generate ULA prefixhttp://www.sixxs.net/tools/grh/ula/http://www.goebel-consult.de/ipv6/createLULA

116

Global Addresses With Network Prefix

• IPV6 Global Unicast Address– Global Unicast Range: 0010 2000::/3

0011 3000::/3– All five RIRs are given a /12 from the /3 to further distribute within the RIR region• APNIC 2400:0000::/12• ARIN 2600:0000::/12• AfriNIC 2C00:0000::/12• LACNIC 2800:0000::/12• Ripe NCC 2A00:0000::/12

117

Examples and Documentation Prefix

• Two address ranges are reserved for examples and documentation purpose by RFC 3849– For example 3fff:ffff::/32– For documentation 2001:0DB8::/32

118

Interface ID

• The lowest-order 64-bit field addresses may be assigned in several different ways:– auto-configured from a 48-bit MAC address expanded into a 64-bit EUI-64

– assigned via DHCP– manually configured– auto-generated pseudo-random number– possibly other methods in the future

EUI-640 0 2 6 B 0 E 5 8 3 3 C

0 0 0 0 0 0 0 0

0 0 0 0 0 0 1 0

0 0 2 6 B 0 E 5 8 3 3 C

F F F E

0 2 2 6 B 0 E 5 8 3 3 CF F

Mac Address

EUI-64 Address

Interface Identifier

U/L bit

F E

IPv6 autoconfiguration

Tentative address (link-local address)Well-known link local prefix +Interface ID (EUI-64)Ex: FE80::310:BAFF:FE64:1D

Is this address unique?

1. A new host is turned on.2. Tentative address will be assigned to the new host.3. Duplicate Address Detection (DAD) is performed. First the host transmit

a Neighbor Solicitation (NS) message to the solicited node multicast address (FF02::1:FF64:001D) corresponding to its to be used address

5. If no Neighbor Advertisement (NA) message comes back then the address is unique.

6. FE80::310:BAFF:FE64:1D will be assigned to the new host.

AssignFE80::310:BAFF:FE64:1D

2001:1234:1:1/64 network

IPv6 autoconfiguration

FE80::310:BAFF:FE64:1D

Send meRouter Advertisement

1. The new host will send Router Solicitation (RS) request to the all-routers multicast group (FF02::2).

2. The router will reply Routing Advertisement (RA).3. The new host will learn the network prefix. E.g, 2001:1234:1:1/644. The new host will assigned a new address Network prefix+Interface ID

E.g, 2001:1234:1:1:310:BAFF:FE64:1D

RouterAdvertisement

Assign2001:1234:1:1:310:BAFF:FE64:1D

2001:1234:1:1/64 network

Exercise 1.1: IPv6 subnetting

1. Identify the first four /36 address blocks out of 2406:6400::/321. _____________________2. _____________________3. _____________________4. _____________________

Exercise 1.2: IPv6 subnetting

1. Identify the first four /35 address blocks out of 2406:6400::/321. _____________________2. _____________________3. _____________________4. _____________________

Configuration of IPv6 Node Address• There are 3 ways to configure IPv6 address on an IPv6 node:– Static address configuration – DHCPv6 assigned node address– Auto-configuration [New feature in IPv6]

Configuration of IPv6 Node AddressQuantity Address Requirement Context

One Loopback [::1] Must define Each nodeOne Link-local Must define Each InterfaceZero to many Unicast Optional Each interfaceZero to many Unique-local Optional Each interfaceOne All-nodes multicast

[ff02::1]Must listen Each interface

One Solicited-node multicast ff02:0:0:0:0:1:ff/104

Must listen Each unicast and anycast define

Any Multicast Group Optional listen Each interface

ULA are unicast address globally unique but used locally within sites.Any sites can have /48 for private use. Each /48 is globally unique so no Collision of identical address in future when they connect together

Exercise 1: IPv6 Host Configuration

• Windows XP SP2

• netsh interface ipv6 install

• Windows XP

• ipv6 install


• Configuring an interface– netsh interface ipv6 add address “Local Area Connection” 2406:6400::1

• Prefix length is not specified with address which will force a /64 on the interface


Verify your Configuration

• c:\>ipconfig

Verify your neighbor table

• c:\>netsh interface ipv6 show neighbors

• # ip -6 neigh show [Linux]

• #ndp –a [Mac OS]


• Disable privacy state variable

C:\> netsh interface ipv6 set privacy state=disable

OR

C:\> netsh interface ipv6 set global randomizeidentifiers=disabled


Testing your configuration

• ping fe80::260:97ff:fe02:6ea5%4

Note: the Zone id is YOUR interface index


• Enabling IPv6 on Linux– Set the NETWORKING_IPV6 variable to yes in /etc/sysconfig/network

# vi /etc/sysconfig/networkNETWORKING_IPV6=yes# service network restart

• Adding IPv6 address on an interface# ifconfig eth0 add inet6 2406:6400::1/64

Exercise 1: IPv6 Host Configuration• Configuring RA on Linux– Set IPv6 address forwarding on# echo 1 > /proc/sys/net/ipv6/conf/all/forward– Need radvd-0.7.1-3.i386.rpm installed– On the demon conf file /etc/radvd.conf# vi /etc/radvd.confInterface eth1 advSendAdvert on;;prefix 2406:6400::/64 AdvOnLink on;; ;; ;;


• Enabling IPv6 on FreeBSD– Set the ipv6_enable variable to yes in the /etc/rc.conf# vi /etc/rc.confIpv6_enable=yes

• Adding IPv6 address on an interface# ifconfig fxp0 inet6 2406:6400::1/64

Exercise 1: IPv6 Host Configuration• Configuring RA on FreeBSD– Set IPv6 address forwarding on# sysctl -w net.inet6.ip6.forwarding=1

- Assign IPv6 address on an interface# ifconfig en1 inet6 2001:07F9:0400:010E::1 prefixlen 64

- RA on an interface# rtadvd en1


• Configure RA on Cisco

Config t

Interface e0/1

Ipv6 nd prefix-advertisement 2406:6400::/64

136

Firewall Types

Firewall Definition

• A firewall is a system or a group of systems that enforces an access control policy between two side of your network

• Firewalls can not protect you from attacks that do not go through it

• Firewalls do not verify the content of the traffic going through it

Firewall System Types

• There are two type of firewall systems available:

• Firewall Application– Firewall application run on a general purpose computing hardware and third party OS i.e. PC based server and Unix or Windows OS

• Firewall Devices– Custom designed computing hardware and integrated operating systems i.e. Cisco ASA based hardware on ASA OS.


• Firewall application has following advantages:– Easy to install, maintain and administer because UNIX/Windows operating systems administrator are widely available

– Run on wide variety of PC/Server hardware platform. More hardware options and Cost effective

– Example product:• Check Points• Novell BorderManager• Iptables

• OS level security need to be handle separately L


• Hardware firewall has following advantages:– More secure then firewall specially OS and firewall application are integrated on custom build hardware

– They provide better scalability and packet filtering speed because of the custom build OS and hardware

– Example product:• Cisco ASA firewall product line

• More expensive, need special staff training, vendor dependency L

Firewall Security Algorithm

• How firewall will be watching IP packet passing through it.

• Stateful Firewall– A stateful firewall add and maintain information about a user’s connection when a session has been created and clear the state when session is closed.

• Packet Filtering Firewall– A packet filtering firewall do not look at the state of the connection but just deal with the packet based on the rule created before.

Firewall Security Algorithm- Stateful

• Create a table based on the following detail to keep eye on the packet passing through it:– Source IP address– Destination IP address– IP Protocol (I.e. TCP, UDP, ICMP)– Protocol Information (i.e. Port number, TCP sequence number and TCP flags)

• This table is called:– State Table or Conn Table

• Return packet are process based on the Conn/State table entry

Firewall Security Algorithm- Packet Filtering• Maintain the same information as stateful firewall but those rules need to be created before

• Does not look whether it is a connection setup request, an existing connection or connection tear down request

• This table is called:– ACL rule

• Return packet will be permitted if equivalent rule are created ( establish keyword in cisco ACL are not equivalent of stateful firewall)

Firewall Policy Implementation

• Stateful firewall algorithm uses a tired hierarchy on available Interfaces to implement multiple levels of security

• Each interface on the firewall is assigned a security level number from 0 to 100 where:– 0 is the least secure Interface– 100 is the most secure interface– This security level will be used to enforce the default policies– For example interface connected to public network should have the lowest security level

– Interface connected to inside network should have highest security level


• Default security policy rule for traffic as it will flow through the firewall:– Traffic from higher-level security interface to lower-level security interface PERMITTED by default

– Traffic from lower-level security interface to higher-level security interface DENIED by default

– Traffic flowing from interfaces with same security level is DENIED by default

– Traffic flowing into and then out of the same interface is DENIED by default


• Changes can be implemented to the default rule on a stateful firewall and traffic can be permitted by:– Allowing access based on user account• For example setting up a Cut-through Proxy (CTP)

– Use an ACL to allow traffic• For example creating a temporary small hole in the firewall

What is Cut-through Proxy (CTP)

• Cut-through Proxy allows the firewall to intercept incoming or outgoing connections and authenticate them before they are permitted

• CTP are used when application can not authenticate itself

• CTP authentication are done by an external authentication server i.e Cisco Secure Access Control Server (CSACS)

• If the connection is authenticated the firewall will add an entry in to the conn table

Protocol Overview on a Firewall

• Three most commonly used protocol need to control traffic through a firewall are:– TCP• Transmission Control Protocol is a connection oriented protocol. Certain connection parameter will have to be negotiated before the data session will be established i.e. 3-way TCP handshake. There is a defined state for each session and flow control system.

– UDP• User Datagram protocol is a connection less protocol. No preliminary transport layer negotiation required between source and destination devices. Data session is established straightway. There is no defined state for each session and no flow control system.

– ICMP• Internet Control Management Protocol is a connection less protocol. No preliminary transport layer negotiation required between source and destination devices. Data session is established straightway. There is no defined state for each session and no flow control system.

TCP Handshake Procedure

• TCP handshake from a firewall perspective:– Source send TCP SYN to destination– Destination acknowledge receipt of of TCP SYN by sending its own SYN and ACK

– Both device negotiate parameters like window size – Finally source send its own ACK and session established– Data session is established– Send ACK on negotiated window – When data exchange finish both source and destination exchange FIN and FIN/ACK to tear-down session

Firewall Action- Outgoing Connection

• What firewall does for outgoing connection in TCP:– Source is inside the firewall. – Traffic flow is from higher-security-level interface to lower-security-level interface

– Firewall default rule is permit – Add an entry in its conn [state] table so that when destination will reply with SYN/ACK it will be permitted

– Keep the conn table entry as long as the session is active so the return traffic is allowed

– When the session is finished source will send FIN and destination will reply with FIN/ACK.

– Firewall will remove its conn table entry.– No traffic are allowed from the destination to inside the firewall

Firewall Action- Incoming Connection

• What firewall does for incoming connection on TCP:– Source is outside the firewall. – Traffic flow is from lower-security-level interface to higher-security-level interface

– Firewall default rule is deny and no conn table entry will be added – Need to add an ACL entry or cut-through proxy to allow incoming connection

TCP Protocol Limitation on Firewall

• Predictable behaviour of TCP can be abused by an attacker for example:– Might attempt to send TCP SYNs flood attack to an internal host– Session hijacking/replay attack by attacker

• Firewall specific features can be used to mitigate these:– Limiting number of connection by using policy map tools on a firewall which will restrict number of connection for different application, servers, users or it could be a combination of the these three

– TCP Sequence Number Randomization (SNR) which is enable by default on Cisco ASA based firewall

UDP Protocol Handling on Firewall

• UDP is connection less protocol and it does not have:– Transport layer negotiation between source and Destination – Source simply start sending UDP segment to destination– There is no session tear-down signal when they finish exchanging data

– UDP itself has no built-in flow control to regulate the flow of traffic– UDP is typically used to send small amount of information between devices.

Firewall Action- Outgoing Connection

• What firewall does for outgoing connection in UDP:– Source is inside the firewall. – Traffic flow is from higher-security-level interface to lower-security-level interface

– Firewall default rule is permit – Add a temporary entry in its conn [state] table so that return traffic from destination will be allowed

– Conn table entry removal process will depend on UDP application– No traffic are allowed from the destination to inside the firewall

Firewall Action- Incoming Connection

• What firewall does for incoming connection on UDP:– Source is outside the firewall. – Traffic flow is from lower-security-level interface to higher-security-level interface

– Firewall default rule is deny and no conn table entry will be added – Need to add and ACL entry or cut-through proxy to allow incoming connection

UDP Protocol Limitation on Firewall

• Unpredictable behaviour of UDP will not send any signal to firewall when to remove the conn table entry.– Since there is no connection setup for UDP the firewall have problem differentiating among start, continuation and end of the session

– So the firewall will examine the idle timeout period of UDP session i.eTFTP application 2 minutes for Cisco ASA firewalls

– DNS query only one response are allowed from outside DNS server. This feature are called DNS Guard in firewall

– But these process is more susceptible to IP spoofing an session replay attack since there is no way to differentiate between start, continuation and ending of UDP connection

ICMP Protocol Handling on Firewall

• ICMP is connection less protocol like UDP and it does not have:– No real definite state for transport layer negotiation between source and Destination

– This protocol is used for administrative purpose for testing connectivity and sharing error, control and configuration information

– ICMP has no flow control and acknowledgement like UDP

ICMP Protocol Handling on Firewall

• Firewall default rule for ICMP protocol – Firewall does not add outbound/incoming ICMP message to their conn table therefore return traffic are not allowed by default through firewall

– So there are two ways to allow ICMP protocol through a cisco ASA based firewall• Must use an ACL to allow returning traffic• Enable state tracking (disable by default) for ICMP. When an ICMP message is sent from a source inside the firewall, it contains a sequence number in the ICMP header that will be added in the conn table. Return traffic will be matched with sequence number and its contain to make sure it is part of the existing connection.

ICMP Protocol Vulnerability

• ICMP error message contain part/full of the original packet in its payload that cause the error at the first place

• This payload could be used by the hacker as a covert channel to send any malicious code– If firewall do not inspect payload segment in ICMP error packet– If the error packet fragment does not contain legitimate IP address or it is not statefully sent then packet should be dropped

Questions?

Overview Network Security Workshop– Network Security Fundamental– Attack Types Analysis and Mitigation – ICMP Protocol Security Threats – Network Security Policy Overview– Attack Analysis in Different Layers– End System & Device Security BCP and Lab– IPv6 Protocol Overview & Security Basic– IP Core Network Security BCP and LAB Exercise

– Cryptography and IPSec– IPSec Lab Exercise– DNS/DSNSec

Cryptography

• Cryptography is everywhere

German Lorenz cipher machine

Cryptography

• Cryptography deals with creating documents that can be shared secretly over public communication channels

• Other terms closely associated– Cryptanalysis = code breaking– Cryptology• Kryptos (hidden or secret) and Logos (description) = secret speech / communication

• combination of cryptography and cryptanalysis

• Cryptography is a function of plaintext and a cryptographic key

C = F(P,k) Notation:Plaintext (P)Ciphertext (C)Cryptographic Key (k)

Typical Scenario

• Alice wants to send a “secret” message to Bob

• What are the possible problems?– Data can be intercepted

• What are the ways to intercept this message?

• How to conceal the message?– Encryption

Crypto Core

• Secure key establishment

• Secure communication

Alice has key (k) Bob has key (k)

Alice has key (k) Bob has key (k)

mmmConfidentiality and integrity

Source: Dan Boneh, Stanford

It Can Do Much More

• Digital Signatures

• Anonymous communication

• Anonymous digital cash– Spending a digital coin without anyone knowing my identity– Buy online anonymously?

• Elections and private auctions– Finding the winner without actually knowing individual votes (privacy)


Other uses are also theoretically possible (Crypto magic)• Privately outsourcing computation

• Zero knowledge (proof of knowledge)

Alice with search query

Google

E(query)

E(results)

What did she search

for?

I know the factorial of N Bob

I know the factorial of N

Proof


History: Ciphers

• Substitution cipher – involves replacing an alphabet with another character of the same alphabet set

– Can be mono-alphabetic (single set for substitution) or poly-alphabetic system (multiple alphabetic sets)

• Example: – Caesar cipher, a mono-alphabetic system in which each character is replaced by the third character in succession

– Vigenere cipher, a poly-alphabetic cipher that uses a 26x26 table of characters

History: Rotor Machines (1870-1943)

• Hebern machine – single rotor

• Enigma - 3-5 rotors

Source: Wikipedia (image)

Modern Crypto Algorithms

• specifies the mathematical transformation that is performed on data to encrypt/decrypt

• Crypto algorithm is NOT proprietary

• Analyzed by public community to show that there are no serious weaknesses

• Explicitly designed for encryption

Encryption

• process of transforming plaintext to ciphertext using a cryptographic key

• Used all around us– In Application Layer – used in secure email, database sessions, and messaging

– In session layer – using Secure Socket Layer (SSL) or Transport Layer Security (TLS)

– In the Network Layer – using protocols such as IPsec

• Benefits of good encryption algorithm:– Resistant to cryptographic attack– They support variable and long key lengths and scalability– They create an avalanche effect– No export or import restrictions

Encryption and Decryption

Plaintext

ENCRYPTIONALGORITHM

DECRYPTIONALGORITHM

Ciphertext Plaintext

Encryption Key Decryption Key

Symmetric Key Algorithm

• Uses a single key to both encrypt and decrypt information

• Also known as a secret-key algorithm– The key must be kept a “secret” to maintain security– This key is also known as a private key

• Follows the more traditional form of cryptography with key lengths ranging from 40 to 256 bits.

• Examples:– DES, 3DES, AES, RC4, RC6, Blowfish

Symmetric Encryption

Plaintext

ENCRYPTIONALGORITHM

DECRYPTIONALGORITHM



Same shared secret key

Shared Key Shared Key Symmetric Key Cryptography

Symmetric Key Algorithm

Symmetric Algorithm Key SizeDES 56-bit keysTriple DES (3DES) 112-bit and 168-bit keysAES 128, 192, and 256-bit keysIDEA 128-bit keysRC2 40 and 64-bit keysRC4 1 to 256-bit keysRC5 0 to 2040-bit keysRC6 128, 192, and 256-bit keysBlowfish 32 to 448-bit keys

Note: Longer keys are more difficult to crack, but more computationally expensive.

Data Encryption Standard (DES)

• Developed by IBM for the US government in 1973-1974, and approved in Nov 1976.

• Based on Horst Feistel’s Lucifer cipher

• block cipher using shared key encryption, 56-bit key length

• Block size: 64 bits

DES: Illustration

Plaintext

ENCRYPTIONALGORITHM

DECRYPTIONALGORITHM



56-bit keys + 8 bits parity

64-bit blocks of input text

Triple DES

• 3DES (Triple DES) – a block cipher that applies DES three times to each data block

• Uses a key bundle comprising of three DES keys (K1, K2, K3), each with 56 bits excluding parity.

• DES encrypts with K1, decrypts with K2, then encrypts with K3

• Disadvantage: very slow

Ci = EK3(DK 2 (EK1(Pi )))

3DES: Illustration

• Note:– If Key1 = Key2 = Key3, this is similar to DES– Usually, Key1 = Key3

Plaintext

ENCRYPT

Ciphertext

Key 1

DECRYPT ENCRYPT

Key 2 Key 3

Advanced Encryption Standard (AES)

• Published in November 2001

• Symmetric block cipher

• Has a fixed block size of 128 bits

• Has a key size of 128, 192, or 256 bits

• Based on Rijndael cipher which was developed by Joan Daemen and Vincent Rijmen

• Better suited for high-throughput, low latency environments

Block Cipher

• Transforms a fixed-length block of plain text into a block of ciphertext– operate on a pre-determined block of bits (one byte, one word, 512 bytes, so forth), mixing key data in with the message data in a variety of different ways

• Common block ciphers:– DES and 3DES (in ECB and CBC mode)– Skipjack– Blowfish– RSA– AES– IDEA– SAFER

Stream Cipher

• Use smaller units of plaintext than what are used with block ciphers.– encrypts bits of the message at a time– typically bit-wise– They perform some operation (typically an exclusive OR) with one of these key bits and one of the message bits

• They either have a very long key (that eventually repeats) or a reusable key that generates a repeatable but seemingly random string of bits.

• Common stream ciphers:– RC4– DES and 3DES (running OFB or CFB mode)– SEAL

Asymmetric Key Algorithm

• Also called public-key cryptography– Keep private key private– Anyone can see public key

• separate keys for encryption and decryption (public and private key pairs)

• Examples:– RSA, DSA, Diffie-Hellman, ElGamal, PKCS

Asymmetric Encryption

Plaintext

ENCRYPTIONALGORITHM

DECRYPTIONALGORITHM



Public Key Private Key Asymmetric Key Cryptography

Different keys

Asymmetric Key Algorithms

• RSA – the first and still most common implementation

• DSA – specified in NIST’s Digital Signature Standard (DSS), provides digital signature capability for authentication of messages

• Diffie-Hellman – used for secret key exchange

• ElGamal – similar to Diffie-Hellman and used for key exchange

• PKCS – set of interoperable standards and guidelines

Symmetric vs. Asymmetric Key

Symmetric Asymmetricgenerally fast Same key for both encryption and decryption

Can be 1000 times slowerUses two different keys (public and private)Decryption key cannot be calculated from the encryption keyKey lengths: 512 to 4096 bitsUsed in low-volume

Hash Functions

• produces a condensed representation of a message (hashing)• The fixed-length output is called the hash or message digest• A hash function takes an input message of arbitrary length and outputs fixed-length code. – Given x, we can compute the value f(x).– Given f(x), it is hard to get the value of x.

• A form of signature that uniquely represents the data– Collision-free

• Uses: – Verifying file integrity - if the hash changes, it means the data is either compromised or altered in transit.

– Digitally signing documents– Hashing passwords

Hash Functions

• Message Digest (MD) Algorithm – Outputs a 128-bit fingerprint of an arbitrary-length input– MD4 is obsolete, MD5 is widely-used

• Secure Hash Algorithm (SHA)– SHA-1 produces a 160-bit message digest similar to MD5– Widely-used on security applications (TLS, SSL, PGP, SSH, S/MIME, IPsec)

– SHA-256, SHA-384, SHA-512 are also commonly used, which can produce hash values that are 256, 384, and 512-bits respectively

• RIPEMD– Derived from MD4, but performs like SHA– RIPEMD-160 is the most popular version

Digital Signature

• A digital signature is a message appended to a packet

• The sender encrypts message with own private key instead of encrypting with intended receiver’s public key

• The receiver of the packet uses the sender’s public key to verify the signature.

• Used to prove the identity of the sender and the integrity of the packet

Digital Signature

• Two common public-key digital signature techniques:– RSA (Rivest, Shamir, Adelman)– DSS (Digital Signature Standard)

• Used in a lot of things:– Email, software distribution, electronic funds transfer, etc

• A common way to implement is to use a hashing algorithm to get the message digest of the data, then use an algorithm to sign the message

Digital Signature Process

1. Hash the data using one of the supported hashing algorithms (MD5, SHA-1, SHA-256)

2. Encrypt the hashed data using the sender’s private key

3. Append the signature (and a copy of the sender’s public key) to the end of the data that was signed)

DATAHASH (DATA)

DIGITAL SIGNATURE

MD5/SHA-1 PRIVATE KEY

Signature Verification Process

1. Hash the original data using the same hashing algorithm2. Decrypt the digital signature using the sender’s public key. All

digital signatures contain a copy of the signer’s public key3. Compare the results of the hashing and the decryption. If the

values match then the signature is verified. If the values do not match, then the data or signature was probably modified.

DATAHASH (DATA)

HASH (DIGITAL SIG)

MD5/SHA-1

MATCH?

Message Authentication Code

• Message authentication code provides– Integrity (checks that data has not been altered)– Authenticity (verifies the origin of data)

• In the sender side, the message is passed through a MAC algorithm to get a MAC (also called Tag)

• In the receiver side, the message is passed through the same algorithm. The output is compared with the received tag and should match

• Sender and receiver uses the same secret key• Hash-based Message Authentication Code (RFC2104)– Uses hash function to generate the MAC– “HMACs are less affected by collisions than their underlying hashing algorithms alone.”

Public Key Infrastructure

• Framework that builds the network of trust

• Combines public key cryptography, digital signatures, to ensure confidentiality, integrity, authentication, nonrepudiation, and access control

• Protects applications that require high level of security

Functions of a PKI

• Registration

• Initialization

• Certification

• Key pair recovery

• Key generation

• Key update

• Cross-certification

• Revocation

Public Key Infrastructure

Source: http://commons.wikimedia.org

Components of a PKI

• Certificate authority– The trusted third party– Trusted by both the owner of the certificate and the party relying upon the certificate.

• Validation authority

• Registration authority– For big CAs, a separate RA might be necessary to take some work off the CA

– Identity verification and registration of the entity applying for a certificate

• Central directory

Certificate Authority

• Issuer and signer of the certificate• Trusted (Third) Party – Based on trust model– Who to trust?

• Types: – Enterprise CA – Individual CA (PGP)– Global CA (such as VeriSign)

• Functions:– Enrolls and Validates Subscribers– Issues and Manages Certificates– Manages Revocation and Renewal of Certificates– Establishes Policies & Procedures

Certificates

• Public key certificates bind public key values to subjects• A trusted certificate authority (CA) verifies the subject’s identity and digitally sign each certificate– Validates

• Has a limited valid lifetime• Can be used using untrusted communications and can be cached in unsecured storage– Because client can independently check the certificate’s signature

• Certificate is NOT equal to signature– It is implemented using signature

• Certificates are static– If there are changes, it has to be re-issued

Digital Certificate

• Digital certificate – basic element of PKI;; secure credential that identifies the owner

• Also called public key certificate

• Certificate examples:– X509 (standard)– PGP (Pretty Good Privacy)

Every certificate contains…

• Body of the certificate– Version number, serial number, names of the issuer and subject– Public key associated with the subject– Expiration date (not before, not after)– Extensions for additional tributes

• Signature algorithm– Used by the CA to sign the certificate

• Signature– Created by applying the certificate body as input to a one-way hash function. The output value is encrypted with the CA’s private key to form the signature value

Digital Certificate

• To obtain a digital certificate, Alice must:– Make a certificate signing request to the CA– Alice sends to CA:• Her identifier IdA• Her public key KA_PUB• Additional information

• CA returns Alice’s digital certificate, cryptographically binding her identity to public key:– CertA = IDA, KA_PUB, info, SigCA(IDA,KA_PUB,info)

X.509

• An ITU-T standard for a public key infrastructure (PKI) and Privilege Management Infrastructure (PMI)

• Assumes a strict hierarchical system of Certificate Authorities (CAs)

• RFC 1422 – basis of X.509-based PKI

• Current version X.509v3 provides a common baseline for the Internet

• Structure of a Certificate, certificate revocation (CRLs)

IP Security (IPSec)

Virtual Private Network

• A VPN is a way of creating a secure connection between two sites through a public network i.e. Internet.

• Previously organizations used lease line to connect their private sites

• This is cost effective, can ensure information security from different types of networks attacks

Virtual Private Network

• There are three basic types of VPN:– Remote access VPNs or virtual private dial-up networks (VPDNs)– Site-to-site VPN, where multiple fixed sites are connected over a public network i.e. Internet

– Point-to-Point VPN, these are also referred to as "leased-line VPNs.” Two or more networks are connected using a dedicated line from an ISP. These lines can be packet or circuit switched. For example, T1's, Metro Ethernet, DS3, ATM or something else

VPN Implementations

• Hardware– Usually a VPN-type router– Pros: highest network throughput, plug and play, dual purpose– Cons: cost and lack of flexibility

• Software– Ideal for two end-points in different organisations– Pros: flexible, and low relative cost– Cons: lack of efficiency, more labor training required, lower productivity;; higher labor costs

• Firewall– Pros: cost effective, tri-purpose, hardens the operating system– Cons: still relatively costly

VPN Protocols

• PPTP (Point-to-Point tunneling Protocol) – Developed by Microsoft to secure dial-up connections– Operates in the data-link layer

• L2F (Layer 2 Forwarding Protocol)– Developed by Cisco – Similar as PPTP

• L2TP (Layer 2 Tunneling Protocol)– IETF standard– Combines the functionality of PPTP and L2F

• IPSec (Internet Protocol Security)– Open standard for VPN implementation– Operates on the network layer

Advantages of VPN

• Scalability– Flexibility of growth– Efficiency with broadband technology

• Cheaper connection– Use the Internet connection instead of a private lease line

• Availability– Available everywhere there is an Internet connection

Disadvantages

• VPNs require an in-depth understanding of public network security issues and proper deployment of precautions

• Availability and performance on factors largely outside of their control

• VPNs need to accommodate protocols other than IP and existing internal network technology

IPSec Security Functions

• Confidentiality– Encryption prevents eavesdropping and reading of intercepted data.

• Data integrity– Receiver can verify data was transmitted unchanged or altered.

• Origin authentication– Receiver can guarantee and certify the data source.

• Anti-replay protection– Each packet is verified as unique. Late and duplicate packets are dropped.

IPSec Security Framework

IPSec Standards• RFC 2401 “The IP Security Architecture”– Defines the original IPsec architecture and elements common to both AH and ESP

• RFC 2402– Defines authentication headers (AH)

• RFC 2406– Defines the Encapsulating Security Payload (ESP)

• RFC 2409– IKE v1 - ISAKMP

• Updated documents [in RFC editor queue]– Draft-ietf-ipsec-rfc2401bis-06 (architecture)– Draft-ietf-ipsec-rfc2402bis-10 (AH)– Draft-ietf-ipsec-esp-v3-10 (ESP)– Draft-ietf-ipsec-ikev2-17 (IKEv2)

IPsec Transport and Tunnel Mode

• IPsec has two mode of encapsulation– Transport mode– Provide end to end security between two end station – Tunnel mode– Provide secure connection between two gateway (router). Unencrypted data from end system go through encrypted tunnel provided by the source and destination gateways

IPsec Transport and Tunnel Mode

Diagram Source: www.cisco.com

IPsec Security Services

• IPsec has two types of security services:– Authenticated Header (AH): The protection is made by computing a cryptographic checksum over the protected fields.

– Encapsulating Security Payload (ESP): Compared to AH, ESP adds confidentiality (encryption), but has a more limited integrity protection, covering only the payload.

Source: Migrating to IPv6, Marc Blanchet


• Services Provided by AH and ESP:– Authenticated Header (AH):• Integrity of the whole packet• Authentication of the source• Replay protection

– Encapsulating Security Payload (ESP):• Confidentiality• Integrity of the inner packet • Authentication of the source• Replay protection



AH ESP

Integrity of the IPv6 header & data Confidentiality of the IPv6 data



IPSec AH Transport Mode

IPv6 first header next header field 51 Source N1 Destination N2 in main header

IPSec AH Tunnel Mode

IPv6 first header next header field 51 Source N1 Destination VPN Server



IPSec ESP Transport Mode

IPv6 first header next header field 50 Source N1 Destination N2 in main header

IPSec ESP Tunnel Mode

IPv6 first header next header field 50 Source N1 Destination VPN Server


Internet Key Exchange (IKE)

• “An IPsec component used for performing mutual authentication and establishing and maintaining Security Associations.” (RFC 5996)

• Typically used for establishing IPsec sessions

• A key exchange mechanism

• Five variations of an IKE negotiation:– Two modes (aggressive and main modes)– Three authentication methods (pre-shared, public key encryption, and public key signature)

• Uses UDP port 500

IKE ModesMode DescriptionMain mode Three exchanges of information between IPsec peers.

Initiator sends one or more proposals to the other peer (responder)Responder selects a proposal

Aggressive Mode Achieves same result as main mode using only 3 packetsFirst packet sent by initiator containing all info to establish SASecond packet by responder with all security parameters selectedThird packet finalizes authentication of the ISAKMP session

Quick Mode Negotiates the parameters for the IPsec session.Entire negotiation occurs within the protection of ISAKMP session

Internet Key Exchange (IKE)

• Phase I– Establish a secure channel (ISAKMP SA)– Using either main mode or aggressive mode– Authenticate computer identity using certificates or pre-shared secret

• Phase II– Establishes a secure channel between computers intended for the transmission of data (IPsec SA)

– Using quick mode

Overview of IKE

Traffic which needs to be protected

IPsec PeerIPsec Peer

IKE Phase 1

Secure communication channel

IKE Phase 2

IPsec Tunnel

Secured traffic exchange

12

3

4

IKE Phase 1 (Main Mode)

• Main mode negotiates an ISAKMP SA which will be used to create IPsec SAs

• Three steps– SA negotiation (encryption algorithm, hash algorithm, authentication method, which DF group to use)

– Do a Diffie-Hellman exchange– Provide authentication information– Authenticate the peer

IKE Phase 1 (Main Mode)

ResponderInitiator

1

2

IKE Message 1 (SA proposal)

IKE Message 2 (accepted SA)

IKE Message 3 (DH public value, nonce)

IKE Message 4 (DH public value, nonce)

IKE Message 5 (Authentication material, ID)

IKE Message 6 (Authentication material, ID)4

3

NegotiateIKE Policy

AuthenticatedDH Exchange

Compute DH shared secretand derive keying material

Protect IKEPeer Identity

Internet

(Encrypted)

IKE Phase 2 (Quick Mode)

• All traffic is encrypted using the ISAKMP Security Association

• Each quick mode negotiation results in two IPsec Security Associations (one inbound, one outbound)

• Creates/refreshes keys

IKE Phase 2 (Quick Mode)

ResponderInitiator

3

Compute keying material

Internet

Message 1 (authentication/keying material and SA proposal)

Message 2 (authentication/keying material and accepted SA)

Message 3 (hash for proof of integrity/authentication)

1

2

5

Validatemessage 1

7

4

6Validatemessage 3

Validatemessage 2

IPsec Best Practices

• Use IPsec to provide integrity in addition to encryption – Use ESP option

• Use strong encryption algorithms – AES instead of DES

• Use a good hashing algorithm– SHA instead of MD5

• Reduce the lifetime of the Security Association (SA) by enabling Perfect Forward Secrecy (PFS)– Increases processor burden so do this only if data is highly sensitive

Questions?

Overview Network Security Workshop– Network Security Fundamental– Attack Types Analysis and Mitigation – ICMP Protocol Security Threats – Network Security Policy Overview– Attack Analysis in Different Layers– End System & Device Security BCP and Lab– IPv6 Protocol Overview & Security Basic– IP Core Network Security BCP and LAB Exercise– Cryptography and IPSec

– IPSec Lab Exercise– DNS/DSNSec

Configure IPSec with Pre-shared Key

• Task 1: Prepare for ISAKMP and IPSec

• Task 2: Configure ISAKMP

• Task 3: Configure IPSec

• Task 4: Test and verify IPSe


• Task 1: Prepare for IPSec. – This task involves determining the detailed encryption policy identifying the hosts and networks that need to be protected

– Determining details about the IPSec peers, determining the IPSec features that we need, and ensuring that existing ACLs are compatible with IPSec.


• Step 1: Determine ISAKMP (IKE Phase 1) policy.• Step 2: Determine IPSec (IKE Phase 2) policy.• Step 3: Check the current configuration.

show running configshow crypto isakmp policyshow crypto map

• Step 4: Ensure that the network works without encryptionping

• Step 5: Ensure that ACLs are compatible with IPSecshow access-list


• Step 1: Determine ISAKMP (IKE Phase 1) policy

Key distribution method

Authentication method

IPSec peer IP addresses and host names

IKE Phase 1 policies for all peers

Encryption algorithm

Hash algorithm

IKE SA lifetime


DES

Default value

SHA-1

RSA Signature

DH group 1

86,400 sec (1 day)


• Step 2: Determine IPSec (IKE Phase 2) policy

IPSec algorithms and parameters for optimal security and performance

Determine transform sets

IPSec peer details

IP address and applications of hosts to be

protected


• Step 2: Determine IPSec (IKE Phase 2) policy

• Example Conf

crypto ipsec transform-set ESP-AES-SHA esp-aesesp-sha-hmac


• Task 1: Prepare for ISAKMP and IPSec

• Task 2: Configure ISAKMP– Configure IKE. – This task involves enabling IKE, creating the IKE policies, and validating the configuration

Router Configurationcrypto isakmp policy 1

authentication pre-share

encryption aes

hash sha

group 5

crypto isakmp key Training123 address 172.16.11.66

!

crypto ipsec transform-set ESP-AES-SHA esp-aes esp-sha-hmac

!

crypto map LAB-VPN 10 ipsec-isakmp

match address 101

set transform-set ESP-AES-SHA

set peer 172.16.11.66

Phase 1 SA

Encryption and authentication

Phase 2 SA

IPv6 and IPSec

int fa 0/1

crypto map LAB-VPN

Exit

!

access-list 101 permit ip 172.16.16.0 0.0.0.255 172.16.20.0 0.0.0.255

Apply to an outbound interface

Define interesting VPN traffic

IPSec Debug Commands

• sh crypto ipsec sa

• sh crypto isakmp peers

• sh crypto isakmp sa

• sh crypto map

DNS Security

DNS Security - Background

• The original DNS protocol wasn’t designed with security in mind– It has very few built-in security mechanism

• As the Internet grew, IETF realized this would be a problem– For example DNS spoofing was too easy

• Some security problems:– Using reverse DNS to impersonate hosts– Software bugs (buffer overflows, bad pointer handling)– Bad crypto (predictable sequences, forgeable signatures)– Cache poisoning (putting inappropriate data into the cache)

Reference:https://wiki.tools.isoc.org/DNSSEC_History_Project

DNS Cache Poisoning

(pretending to be the authoritative

zone)

ns.example.comWebserver

(192.168.1.1)

DNS Caching Server

Client

I want to access www.example.com

1

QID=645712

QID=64569

QID=64570

QID=64571


match!


3

Root/GTLD

QID=64571

DNS Amplification

• A type of reflection attack combined with amplification– Source of attack is reflected off another machine– Traffic received is bigger (amplified) than the traffic sent by the attacker

• UDP packet’s source address is spoofed

DNS AmplificationQueries for

www.example.com

Attacker

ns.example.com

Victim Machine

DNS Recursive server

Compromised Machines

(spoofed IP)

Root/GTLD


Open Resolvers

• DNS servers that answer recursive queries from any host on the Internet

• http://openresolverproject.org/

• Check if you’re running open resolvers– http://dns.measurement-factory.com/cgi-bin/openresolvercheck.pl

• More statistics at – http://dns.measurement-factory.com/surveys/openresolvers/ASN-reports/latest.html

Response Rate Limiting (RRL)

• Protects against DNS amplification attack

• Implemented in CZ-NIC Knot (v1.2-RC3), NLNetLabs NSD (v3.2.15), and ISC BIND 9 (v9.9.4) releaserate-limit

responses-per-second 5;

log-only yes;

;

• If using older versions, a patch is available from – http://ss.vix.su/~vjs/rrlrpz.html– patch –p0 -l

DNS Changer

• “Criminals have learned that if they can control a user’s DNS servers, they can control what sites the user connects to the Internet.”

• How: infect computers with a malicious software (malware)

• This malware changes the user’s DNS settings with that of the attacker’s DNS servers

• Points the DNS configuration to DNS resolvers in specific address blocks and use it for their criminal enterprise

• The data collection ran until July 2012

Rogue DNS Servers

• 85.225.112.0 through 85.255.127.255

• 67.210.0.0 through 67.210.15.255

• 93.188.160.0 through 93.188.167.255

• 77.67.83.0 through 77.67.83.255

• 213.109.64.0 through 213.109.79.255

• 64.28.176.0 through 64.28.191.255

• If your computer is configured with one of these DNS servers, it is most likely infected with DNSChanger malware

DNS Changer – Victim Count

Source: http://www.dcwg.org

DNS Changer (News)

Securing the Nameserver• Run the most recent version of the DNS software– Bind 9.9.4 or Unbound 1.4.16– Apply the latest patches

• Hide version• Restrict queries– Allow-query acl_match_list; ;

• Prevent unauthorized zone transfers– Allow-transfer acl_match_list; ;

• Run BIND with the least privilege (use chroot)• Randomize source ports– don’t use query-source option

• Secure the box• Use TSIG and DNSSEC

Sender Policy Framework (SPF)

• Using DNS for email validation

• Checks the sender IP address

• Defined in RFC 4408 with updates in RFC 6652

apnic.net. 3600 IN TXT "v=spf1 mx a:clove.apnic.net a:asmtp.apnic.net ip4:203.119.93.0/24 ip4:203.119.101.0/24 ip4:203.89.255.141/32 ip4:203.190.232.30/32 ip4:122.248.232.184/32 include:_spf.google.com -all"

DNS Protocol Vulnerability

• DNS data can be spoofed and corrupted between master server and resolver or forwarder

• The DNS protocol does not allow you to check the validity of DNS data– Exploited by bugs in resolver implementation (predictable transaction ID)

– Polluted caching forwarders can cause harm for quite some time (TTL)

– Corrupted DNS data might end up in caches and stay there for a long time

• How does a slave (secondary) know it is talking to the proper master (primary)?

DNS: Data Flow

master Caching forwarder

Zone administrator

Zone file

Dynamicupdates

1

2

slaves

3

4

5

resolver

DNS Vulnerabilities


Zone administrator

Zone file

Dynamicupdates

1

2

slaves

3

4

5

resolver

Server protection Data protection

Corrupting data Impersonating master

Unauthorized updates

Cache impersonation

Cache pollution byData spoofing

TSIG Protected Vulnerabilities


Zone administrator

Zone file

Dynamicupdates

slavesresolver

Impersonating master

Unauthorized updates

What is TSIG - Transaction Signature?

• A mechanism for protecting a message from a primary to secondary and vice versa

• A keyed-hash is applied (like a digital signature) so recipient can verify the message– DNS question or answer– & the timestamp

• Based on a shared secret - both sender and receiver are configured with it– TSIG/TKEY uses DH, HMAC-MD5, HMAC-SHA1, HMAC-SHA224, HMAC-SHA512 among others

What is TSIG - Transaction Signature?

• TSIG (RFC 2845)– authorizing dynamic updates & zone transfers– authentication of caching forwarders

• Used in server configuration, not in zone file

SOA …SOA

Sig ...

Master

AXFR

TSIG example

SlaveKEY:%sgs!f23fv

KEY:%sgs!f23fv

AXFR

Sig ...Sig ...

SOA …SOA

Sig ...

SlaveKEY:%sgs!f23fv

verification

verification

Query: AXFR

Response: Zone

TSIG steps

1. Generate secret

2. Communicate secret

3. Configure servers

4. Test

TSIG - Names and Secrets

• TSIG name– A name is given to the key, the name is what is transmitted in the message (so receiver knows what key the sender used)

• TSIG secret value– A value determined during key generation– Usually seen in Base64 encoding

TSIG – Generating a Secret

• dnssec-keygen– Simple tool to generate keys– Used here to generate TSIG keys

> dnssec-keygen -a <algorithm> -b <bits> -n host <name of the key>


• Example

> dnssec-keygen –a HMAC-MD5 –b 128 –n HOST ns1-ns2.pcx.net

This will generate the key> Kns1-ns2.pcx.net.+157+15921

>lsKns1-ns2.pcx.net.+157+15921.keyKns1-ns2.pcx.net.+157+15921.private


• TSIG should never be put in zone files– might be confusing because it looks like RR:

ns1-ns2.pcx.net. IN KEY 128 3 157 nEfRX9…bbPn7lyQtE=

TSIG – Configuring Servers

• Configuring the key– in named.conf file, same syntax as for rndc– key algorithm ...; secret ...;

• Making use of the key– in named.conf file– server x key ...; – where 'x' is an IP number of the other server

Configuration Example – named.confPrimary server 10.33.40.46

key ns1-ns2.pcx. net algorithm hmac-md5;secret "APlaceToBe";

;server 10.33.50.35

keys ns1-ns2.pcx.net;;;zone "my.zone.test."

type master;file “db.myzone”;allow-transfer key ns1-ns2.pcx.net ;;

;

Secondary server 10.33.50.35

key ns1-ns2.pcx.net algorithm hmac-md5;secret "APlaceToBe";

;server 10.33.40.46 keys ns1-ns2.pcx.net;;

;zone "my.zone.test."

type slave;file “myzone.backup”;masters 10.33.40.46;;

;

You can save this in a file and refer to it in the named.conf using ‘include’ statement:include “/var/named/master/tsig-key-ns1-ns2”;

TSIG Testing : dig

• You can use dig to check TSIG configuration– dig @<server> <zone> AXFR -k <TSIG keyfile>

$ dig @127.0.0.1 example.net AXFR \-k Kns1-ns2.pcx.net.+157+15921.key

• Wrong key will give “Transfer failed” and on the server the security-category will log this.

TSIG Testing - TIME!

• TSIG is time sensitive - to stop replays– Message protection expires in 5 minutes– Make sure time is synchronized– For testing, set the time– In operations, (secure) NTP is needed

TSIG steps

1. Generate secret– dnssec-keygen -a <algorithm> -b <bits> -n host

<name of the key>

2. Communicate secret– scp <keyfile> <user>@<remote-server>:<path>

3. Configure servers– key algorithm ...; secret ...;– server x key ...;

4. Test– dig @<server> <zone> AXFR -k <TSIG keyfile>

DNSSEC

Vulnerabilities protected by DNSKEY / RRSIG / NSEC


Zone administrator

Zone file

Dynamicupdates

slavesresolver

Cache impersonation

Cache pollution byData spoofing

RFC4035

RFC4034

DNS Security Extensions (DNSSEC)

• Protects the integrity of data in the DNS by establishing a chain of trust

• Uses public key cryptography – each link in the chain has a public/private key pair

• A form of digitally signing the data to attest its validity

• Standard is defined in RFC4033, RFC4034, and RFC4035

• Guarantees– Authenticity– Integrity– Non-existence of a domain

RFC4033

DNSSEC History

• 1990: Steven Bellovin discovers a major flaw in the DNS• 1995: Bellovin publishes his research;; DNSSEC (as it became later known) becomes a topic within IETF

• 1997: RFC 2065 (adding security extensions) was published• 1998: Dan Kaminsky discovers some security flaw• 1999: RFC 2535, the DNSSEC protocol, is published;; BIND 9 developed to be DNSSEC-capable

• 2001: key handling in RFC2535 is causing operational problems• 2005: Three new RFCs published to update RFC2535– RFC 4033 (DNS Security Introduction and Requirements)– RFC 4034 (Resource Records for DNS Security Extensions)– RFC 4035 (Protocol Modifications)

https://wiki.tools.isoc.org/DNSSEC_History_Project

DNSSEC History

• 2005: In October, Sweden (.SE) becomes the first ccTLD to deploy DNSSEC

• 2008: new DNSSEC record created to address privacy concerns (RFC 5155)

• 2010– In July 15, the root zone was signed– In July 29, .edu was signed– In December 9, .net was signed

• 2011: In March 31, .com was signed

https://wiki.tools.isoc.org/DNSSEC_History_Project

DNSSEC Resource Records

• 3 Public key crypto related RRs– RRSIG = Signature over RRset made using private key – DNSKEY = Public key, needed for verifying a RRSIG– DS = Delegation Signer;; ‘Pointer’ for building chains of authentication

• One RR for internal consistency – NSEC = Next Secure;; indicates which name is the next one in the zone and which type codes are available for the current name• authenticated non-existence of data

RFC4034

DNSSEC Resource Records

• DNSKEY, RRSIG, and NSEC records provide mechanisms to establish authenticity and integrity of data

• DS record provides a mechanism to delegate trust to public keys of third parties

DNSSEC RRs

• Data authenticity and integrity by signing the Resource Records Sets with private key

• Public DNSKEY is used to verify the RRSIG

• Children sign their zones with their private key– Authenticity of that key established by signature/checksum by the parent (DS)

• Ideal case: one public DNSKEY distributed

RR’s and RRsets

• Resource Record:Name TTL class type rdatawww.example.net. 7200 IN A 192.168.1.1

• RRset: RRs with same name, class and type:www.example.net. 7200 IN A 192.168.1.1

A 10.0.0.3A 172.10.1.1

• RRsets are signed, not the individual RRs

RRSIG• The private part of the key-pair is used to sign the resource record set (RRset) per zone

• The digital signature per RRset is saved in an RRSIG record

irrashai.net. 86400 NS NS.JAZZI.COM.

86400 NS NS.IRRASHAI.NET.

86400 RRSIG NS 5 2 86400 (

20121202010528 20121102010528 3510 irrashai.net.

Y2J2NQ+CVqQRjQvcWY256ffiw5mp0OQTQUF8

vUHSHyUbbhmE56eJimqDhXb8qwl/Fjl40/km

lzmQC5CmgugB/qjgLHZbuvSfd9W+UCwkxbwx

3HonAPr3C+0HVqP8rSqGRqSq0VbR7LzNeayl

BkumLDoriQxceV4z3d2jFv4ArnM= )

RR type signedDigital signature algorithmNumber of labels in the signed name

Signature expiry

Date signed

DNSKEY

• Contains the zone’s public key

• Uses public key cryptography to sign and authenticate DNS resource record sets (RRsets).

• Example:

irrashai.net. IN DNSKEY 256 3 5 ( AwEAAagrVFd9xyFMQRjO4DlkL0dgUCtogviS+FG9Z6Au3h1ERe4EIi3L X49Ce1OFahdR2wPZyVeDvH6X4qlLnMQJsd7oFi4S9Ng+hLkgpm/n+otEkKiXGZzZn4vW0okuC0hHG2XU5zJhkct73FZzbmBvGxpF4svo5PPWZqVb H48T5Y/9 ) ; key id = 3510

16-bit field flag

Protocol octet

DNSKEY algorithm number

Public key (base64)

DNSKEY

• Also contains some timing metadata – as a comment in the key file

; This is a key-signing key, keyid 19996, for myzone.net.

; Created: 20121102020008 (Fri Nov 2 12:00:08 2012)

; Publish: 20121102020008 (Fri Nov 2 12:00:08 2012)

; Activate: 20121102020008 (Fri Nov 2 12:00:08 2012)

NSEC / NSEC3

• Next Secure

• Forms a chain of authoritative owner names in the zone

• Lists two separate things:– Next owner name (canonical ordering)– Set of RR types present at the NSEC RR’s owner name

• Also proves the non-existence of a domain

irrashai.net. NSEC blog.irrashai.net. A NS SOA MX RRSIG NSEC DNSKEY

NSEC / NSEC3

• “The last NSEC wraps around from the last name in the ordered zone to the first”

• Each NSEC record also has a corresponding RRSIG

NSEC RDATA

• Points to the next domain name in the zone– also lists what are all the existing RRs for “name”– NSEC record for last name “wraps around” to first name in zone

• Used for authenticated denial-of-existence of data– authenticated non-existence of TYPEs and labels

NSEC Record example$ORIGIN example.net.

@ SOA …

NS NS.example.net.

DNSKEY …

NSEC mailbox.example.net. SOA NS NSEC DNSKEY RRSIG

mailbox A 192.168.10.2

NSEC www.example.net. A NSEC RRSIG

WWW A 192.168.10.3

TXT Public webserver

NSEC example.net. A NSEC RRSIG TXT

Delegation Signer (DS)

• Establishes the chain of trust from parent to child zones• Found in the parent’s zone file• In this example, irrashai.net has been delegated from .net. This is how it looks like in the .net zone file

irrashai.net. IN NS ns1.irrashai.net.NS ns2.irrashai.net.

IN DS 19996 5 1 ( CF96B018A496CD1A68EE7C80A37EDFC6ABBF8175 )

IN DS 19996 5 2 (6927A531B0D89A7A4F13E110314C722EC156FF926D2052C7D8D70C50 14598CE9 )

Key IDDNSKEY algorithm (RSASHA1)

Digest type: 1 = SHA12 = SHA256

Delegation Signer (DS)

• Delegation Signer (DS) RR indicates that:– delegated zone is digitally signed– indicated key is used for the delegated zone

• Parent is authoritative for the DS of the child’s zone– Not for the NS record delegating the child’s zone!– DS should not be in the child’s zone

Types of Keys

• Zone Signing Key (ZSK)– Sign the RRsets within the zone – Public key of ZSK is defined by a DNSKEY RR

• Key Signing Key (KSK)– Signed the keys which includes ZSK and KSK and may also be used outside the zone

• Trusted anchor in a security aware server

• Part of the chain of trust by a parent name server

• Using a single key or both keys is an operational choice (RFC allows both methods)

Creation of keys

• Zones are digitally signed using the private key

• Can use RSA-SHA-1, DSA-SHA-1 and RSA-MD5 digital signatures

• The public key corresponding to the private key used to sign the zone is published using a DNSKEY RR

Chain of Trust

• DNSSEC is based on trust

• Root is on top of the chain of trust.– Root servers were signed on July 15, 2010.

FINISHING UP

295

Need any help?

• More personalised service– Range of languages:Bahasa Indonesia, Bengali, Cantonese, English, Hindi, Mandarin, Thai, etc.

• Faster response and resolution of queries– IP resource applications, status of requests, obtaining help in completing application forms, membership enquiries, billing issues & database enquiries

Member Services Helpdesk-One point of contact for all member enquiries-Online chat services

Helpdesk hours9:00 am - 9:00 pm (AU EST, UTC + 10 hrs)

ph: +61 7 3858 3188 fax: 61 7 3858 3199

APNIC Helpdesk chat

APNIC Website

299

Questions?

300

Thank You! J

NetworkSecurity( Workshop · 2017. 6. 13. · Overview Network(Security(Workshop –...

Documents

Transcript of NetworkSecurity( Workshop · 2017. 6. 13. · Overview Network(Security(Workshop –...