internet services & protocols internet (in)security (in)security dresden, july 10 2006. ... no...

Department of Computer Science Institute for System Architecture, Chair for Computer Networks

Dipl.-Inform. Stephan GroßRoom: GRU314E-Mail: [email protected]

Internet Services & Protocols

Internet (In)Security

Dresden, July 10 2006

Stephan Groß, July 10 2006 Internet Services & Protocols 2

Why is Security crucial for the Internet?

• Internet = Network of networks• Wide-spread use of the Internet for transportation of

sensitive informations– Online Banking– E-Commerce– E-Government

• Problem: The Internet's roots were based on the academic world and the free exchange of information– If at all, security was only a secondary design goal– The basic Internet protocols suffer from severe security holes


Today's Agenda

• What is to be protected?– Protection Goals

• Against what to protect?– Threats and fundamental problems of the Internet

• How to protect?– Firewalls– Virtual Private Networks (VPN)


Basic Protection Goals

• Integrityinformation are correct, complete and up-to-date or that is recognizably not the case.

• Confidentiality information only known to entitled users

• Availabilityinformation are accessible where and when they are used by entitled users.

• AuthenticityThe quality or condition of being authentic, trustworthy, or genuine.


• Address Spoofing– Attacking the authenticity, integrity and availability– Attacker sends IP packets with forged source address– Problem: no authentication of IP addresses– Objective: impersonation, Denial-of-Service, avoid access

control

• Sniffing– Attacking the confidentiality– Everyone within a subnet can “listen” to the whole network

communications

• Routing attacks– Attacking the confidentiality– “Loose Source Routing” to specify a packets route

Security Threats against IP Networks


Threats against Internet Services

• Internet Services are based on layered ISO/OSI model• “Weakest-Chain-Link” Paradigm• Example 1: Telnet, FTP

– Access control based on username and password– Attacker can obtain both by sniffing login session

• Example 2: DNS– Authentication is based on IP addresses– Attacker can impersonate a DNS server by address spoofing– See also Group Homework (May 8 2006)


Fundamental Security Problems in IP

• Authentication based on IP addresses• No protection of integrity• No protection of confidentiality• No protection against malicious attacks against availability

• Security has not been a design goal in the first line!

One part of the solution: IPv6However, there remain some problems, e.g. Complexity and Transition from IPv4 to IPv6


Firewall

What is an Internet Firewall?– Restricts people to entering at a carefully controlled point– Restricts people to leaving at a carefully controlled point

A firewall is a component or set of components that restricts access between a protected network and the Internet, or between other sets of networks.


Firewall

What Can a Firewall Do?– A firewall is a focus for security decisions– A firewall can enforce security policy– A firewall can log Internet activity– A firewall limits your exposure

What Can't a Firewall Do?– A firewall can't protect against malicious insiders– A firewall can't protect against connections that don't go

through it– A firewall can't protect against completely new threats– A firewall can't protect against viruses


Some Firewall Definitions

Bastion hostA computer system that must be highly secured because it is exposed to the Internet and thus, it is vulnerable to attack.

Dual-homed hostA general-purpose computer system that has at least two network interfaces (or homes)

Perimeter networkA network added between a protected network and an external network, in order to provide an additional layer of security. A perimeter network is sometimes called a DMZ, which stands for De-Militarized Zone.

Packet filteringThe action a device takes to selectively control the flow of data to and from a network. Packet filters allow or block packets, usually while routing them from one network to another (most often from the Internet to an internal network, and vice versa).

Proxy serverA program that deals with external servers on behalf of internal clients.


Packet Filtering

• Filtering is based on IP header information

• Pros and Cons:– Cheap and easy– Authenticity and Integrity

of IP header– Stateless filtering versus

dynamically assigned port numbers (FTP, H.323, ...)

– Severe performance issues of dynamic filtering


Proxy Services

• Also known as Application-Level Gateways

• Control application-level data flows

• Pros and Cons:– Intrusion Detection using

stateful inspection– Accounting– Performance issues– Dedicated proxy for each

service


Firewall Architectures

• Dual-Homed Host– Isolating network segments (no

routing/forwarding)– Based on Bastion host (Proxy +

packet filter)– Scalability issues and single-

point-of-failure

• Screened Host– Bastion host connected to the

internal network– Additional packet filter (critical

component)– Circumvent proxy for specific

applications -> more flexibility (but also more risks)


Firewall Architectures (continued)

• Screened Subnet– Today's state of the art– Additional net segment for

exposed systems isolated from both, internal and external network

– Hides internal network structure from external view

– Circumvent proxy for specific applications but do not allow access to interior from exterior network

– Good balance between flexibility and security


Problems with Firewalls

• Complexity -> Expert knowledge necessary for the definition of security policies, configuration and administration

• Open standard ports, e.g. 80– increasing dissemination of web services

• Tunnelling• Mobile devices• Multimedia applications


Virtual Private Networks (VPNs)

• Network infrastructure to transparently connect private networks over a public transportation network like the Internet


VPN Characteristics

• Interconnection of (physically) secured private networks using tunnelling techniques– Company headquarters and branch office– Business partners– Mobile worker– Telecommuter

Extends geographic connectivity• Connection completely transparent for the end-user

– Appears to be a separate physical network, but is not– VPN maintains addressing and routing– VPN has to enforce local security restrictions

• Reduce operational costs versus traditional WAN and RAS• Show a good economy of scale


Types of VPNs

• Site-to-Site– Connecting two local

networks– VPN-Gateway (aka

concentrator)

• Site-to-End– Connecting single host with

local network– VPN Client Software

connecting to a VPN-Gateway

– Also used to secure WLAN

• Secure VPNs– use cryptographic protocols

to provide confidentiality, authentication, and message integrity

– e.g. L2TP, PPTP, IPSec, SSL

• Trusted VPNs– do not use cryptographic

tunneling– rely on the security of a

single provider's network to protect the traffic.

– e.g. BGP/MPLS VPN [RFC 2547bis]


BGP/MPLS VPN Network Components

• Customer Edge (CE) deviceProvides customer access to the service provider network over a data link to one or more PE routers

• Provider Edge (PE) deviceExchanges routing information with CE routers using static routing, RIP, OSPF or EBGP

• Provider (P) deviceAny router in the provider's network that does not attach to CE devices


Operational Model – Sample Network Topology


Operational Model – First Control Subflow

Exchange of routing information between CE and PE routers at the edges of the provider's backbone and between PE routers across the backbone


Operational Model – Second Control Flow

Establish LSPs across provider's backbone between PE routers using LDP or RSVP


Operational Model – Data Flow

Host 10.2.3.4 at site 2 communicates with server 10.1.3.8 at site 1 across the service provider's backbone.


Benefits of BGP/MPLS VPN

• Standards based technology• Equivalent Privacy to Frame Relay and ATM• Core and Access flexibility

– Core: IP, FR, ATM, Leased Line– Access: dial, DSL

• Support for DiffServ QoS architecture• Benefits for end customer

– Simplicity• Well suited for customers with relatively simple networks• Shift complexities from subscriber's CE route to the PE router

– Low-cost managed services


Final Examination – Relevant Topics

• Of course, all lecture slides are relevant for the final examination.

• The same applies for the lecture's exercises

• Relevant group homework:– Secure DNS– Web Services– Streaming multimedia data

• Registration for CE and ISE students ends today!

internet services & protocols internet (in)security (in)security dresden, july 10 2006. ... no...

Documents