Network Security

Today’s Universities CampusPerimeter Security

Anti-virus system Firewalls Remote access VPN, using IPSEC Access controlContent filteringIntrusion Detection System Remote access VPN using SSL Other

Anti-virus system

Firewalls

Remote access VPN, using IPSEC

Access control

Content filtering

Intrusion Detection System

Remote access VPN using SSL

Other *

100 %

96.2 %

78.8 %

78.8 %

55.8 %

57.7 %

25 %

11.5 %

* Other includes packet shapers, proxy servers and smart-card authentication.

Security challenges for remote offices

53.8 % 51.9 %

42.3 %

36.5 %

21.2 %

Lack of personnel/expertise Complexity

Solution costs are too highLack of one-stop shopping from vendors

Management costs are too high

Agenda

NAT – the most common and quite effective zero-mainetnance firewall

PacketFilters and RealFirewalls SSL/TLS: transport layer security

– Easy to use– CA infrastructure – SSH

IPSec: network layer security (VPN)– Difficult to deploy– Transport or Tunnel mode

Use of Private Addresses

Routers in the public Internet will not route packets whose destination are private addresses– 10.0.0.0/8, – 172.16.0.0/12, – 192.168.0.0/16

However, it is possible for routers in a private network to route packets with private addresses

The same private addresses can be reused in different private networks

Network Address Port Translation (NAPT or Masquerading)

Network Address Translation

NAT is a major problem for media communications!

NAT:

Types of NAT

1. Full Cone

2. Restricted Cone

3. Port Restricted Cone

4. Symmetric

Full Cone

Any computer can send back data to an open port.

Restricted Cone Any computer can send back data to an

open port AFTER we send data to their IP.

Port Restricted Cone

Same as restricted cone but we need to first send data to their IP AND the port that will be allowed to send back.

Symmetric

SIP IP Phone

SIP IP Phone

Location Service

SIP Proxy

SIP Proxy

DNS Server

Media Transport

1

2

3

4

5

6

A request is sent (SIP INVITE) to ESTABLISH a

session

DNS Query for the IP Address of the SIP Proxy of the Destination

Domain The INVITE is forwarded

The Location Service is being queries to check that the destination IP address

represents a valid registered device, and for its IP

Address

The request is forwarded to the End-Device

Destination device returns its IP Address to the

originating device and a media connection is opened

Typical Call Setup

SIP Signaling and NAT

SIP itself is usually not the problem. The UAC/proxy/etc just send back SIP

packets based on the “rport“ tag (the received data)

SIP signaling intervals need to be shorter than NAT timeout time.

Simple NAT Scenario(Bob sending data)

Bob

Public Internet

Alice

Private address space

Data

NSIS signaling (Reserve Mode)

Application-level signaling

NSISNAT

NSIS signaling (Create Mode)

STUN Tests

4 tests needed.

RTP-gateway

NAT Limitations

Applications with IP-address content– Need AGL (Application Level Gateway)

Applications with inter-dependent control and and data sessions

Translation of fragmented FTP control packets

NAT device can be a target for attacks

Packet Filtering

Packet filtering – Access Control Lists

• source/destination IP address• source/destination TCP/UDP port• protocol (TCP, UDP, ICMP, GRE,...)• IP/TCP header bits (fragmentation, QoS, Established)

Session filtering– Dynamic Packet Filtering– Stateful Inspection– Smart packet filtering– Context Based Access Control

SSL/TLS and IPSec

IPSec

Security at the network layer Can hide data and destination ports Don’t have to rewrite applications Using security gateways in tunnel mode,

can be done without reconfiguring hosts.

IPSec Architecture

Tunnel and Transport Mode Authentication Header (AH)

– Authenticates the sender Encapsulating Security Payload (ESP)

– Data encryption– Can be done in two ways:

• Transport mode: only the transport layer segment is encrypted

• Tunnel mode– encrypt the entire IP datagram– put it inside another IP datagram

Tunnel Mode

SSL and TLS

SSL designed by Netscape TLS IETF standard

– compromise between SSL and a Microsoft protocol

SSL and TLS provide applications:– Encryption– Server authentication– (Optional) client authentication

SSL programming libraries are pretty easy to use

SSL Data Processing

SSL Record Format

SSL Handshake

Pretty complicated– why HTTPS websites seem sooooooo slow.

Server (and client) authentication Negotiation of:

– Encryption algorithm– MAC algorithm– Encryption key

Must be done before any data transmission

SSL/TLS Overview

SSL = Secure Sockets Layer.– unreleased v1, flawed but useful v2, good v3.

TLS = Transport Layer Security.– TLS1.0 = SSL3.0 with minor tweaks (see later).– Defined in RFC 2246.– Open-source implementation at

http://www.openssl.org/. SSL/TLS provides security ‘at TCP layer’.

– Uses TCP to provide reliable, end-to-end transport.– Applications need some modification.– In fact, usually a thin layer between TCP and HTTP.

SSL/TLS Basic Features

SSL/TLS widely used in Web browsers and servers to support ‘secure e-commerce’ over HTTP.– Built into Microsoft IE, Netscape, Mozilla, Apache, IIS,

…– The (in)famous browser lock.

SSL architecture provides two layers:– SSL Record Protocol

• Provides secure, reliable channel to upper layer.

– Upper layer carrying:• SSL Handshake Protocol, Change Cipher Spec. Protocol, Alert

Protocol, HTTP, any other application protocols.

SSL Protocol Architecture

TCP

SSL Record Protocol

SSL Handshake

Protocol

SSL Alert

Protocol

HTTP, other apps

SSL Change Cipher Spec

Protocol

TLS: Transport Layer Security

formerly known as SSL: Secure Sockets Layer

Addresses issues of privacy, integrity and authentication

– What is it?– How does it address the issues?– How is it used

What is TLS?

Protocol layer Requires reliable transport layer (e.g.

TCP) Supports any application protocols

IPTCPTLS

HTTP Telnet FTP LDAP

TLS: Privacy

Encrypt message so it cannot be read Use conventional cryptography with

shared key– DES, 3DES– RC2, RC4– IDEA

AMessage Message

B$%&#!@

TLS:Key Exchange

Need secure method to exchange secret key

Use public key encryption for this– “key pair” is used - either one can encrypt

and then the other can decrypt– slower than conventional cryptography– share one key, keep the other private

Choices are RSA or Diffie-Hellman

TLS: Integrity

Compute fixed-length Message Authentication Code (MAC)– Includes hash of message– Includes a shared secret– Include sequence number

Transmit MAC with message

TLS: Integrity

Receiver creates new MAC– should match transmitted MAC

TLS allows MD5, SHA-1

A BMessage’

MAC’

MAC

=?

Message

MAC

TLS: Authentication

Verify identities of participants Client authentication is optional Certificate is used to associate identity

with public key and other attributes

ACertificate

B

Certificate

TLS: Overview

Establish a session – Agree on algorithms– Share secrets– Perform authentication

Transfer application data– Ensure privacy and integrity

TLS: Architecture

TLS defines Record Protocol to transfer application and TLS information

A session is established using a Handshake Protocol

TLS Record Protocol

Handshake Protocol

Alert Protocol

ChangeCipher Spec

TLS: Record Protocol

TLS: Handshake

Negotiate Cipher-Suite Algorithms– Symmetric cipher to use– Key exchange method– Message digest function

Establish and share master secret Optionally authenticate server and/or

client

Handshake Phases

Hello messages Certificate and Key Exchange

messages Change CipherSpec and Finished

messages

X.509 Certificate Issues

Certificate Administration is complex– Hierarchy of Certification Authorities– Mechanisms for requesting, issuing,

revoking certificates X.500 names are complicated Description formats are cumbersome

(ASN.1)

X.509 Alternative: SDSI

– SDSI: Simple Distributed Security Infrastructure (Rivest, Lampson)

• Merging with IETF SPKI: Simple Public-Key Infrastructure in SDSI 2.0

• Eliminate X.500 names - use DNS and text• Everyone is their own CA• Instead of ASN.1 use “S-expressions” and

simple syntax• Name and Authorization certificates

TLS “Alternatives”

S-HTTP: secure HTTP protocol, shttp://

IPSec: secure IP SET: Secure Electronic Transaction

– Protocol and infrastructure for bank card payments

SASL: Simple Authentication and Security Layer (RFC 2222)

6.2 SSH

SSH overview SSH architecture SSH security Port forwarding with SSH SSH applications

SSH = Secure Shell.– Initially designed to replace insecure rsh, telnet utilities.– Secure remote administration (mostly of Unix systems).– Extended to support secure file transfer and e-mail.– Latterly, provide a general secure channel for network

applications.– SSH-1 flawed, SSH-2 better security (and different

architecture). SSH provides security at Application layer.

– Only covers traffic explicitly protected.– Applications need modification, but port-forwarding

eases some of this (see later).– Built on top of TCP, reliable transport layer protocol.

SSH Overview

SSH Overview

SSH Communications Security (SCS).– www.ssh.com.– Founded by Tatu Ylonen, writer of SSH-1.– SSH is a trademark of SCS.

Open source version from OpenSSH. IETF Secure Shell (SECSH) working group.

– Standard for SSH in preparation.– www.ietf.org/html.charters/secsh-charter.html.

Long-running confusion and dispute over naming.

SSH-2 Architecture

SSH-2 adopts a three layer architecture: SSH Transport Layer Protocol.

– Initial connection. – Server authentication (almost always).– Sets up secure channel between client and server.

SSH Authentication Protocol– Client authentication over secure transport layer channel.

SSH Connection Protocol– Supports multiple connections over a single transport

layer protocol secure channel.– Efficiency (session re-use).

SSH-2 Architecture

SSH Transport Layer Protocol

SSH Authentication Protocol

TCP

SSH Connection Protocol

Applications

Server (nearly) always authenticated in transport layer protocol.

Client (nearly) always authenticated in authentication protocol.– By public key (DSS, RSA, SPKI, OpenPGP). – Or simple password for particular application over secure

channel. Establishment of a fresh, shared secret.

– Shared secret used to derive further keys, similar to SSL/IPSec.

– For confidentiality and authentication in SSH transport layer protocol.

Secure ciphersuite negotiation.– Encryption, MAC, and compression algorithms.– Server authentication and key exchange methods.

SSH-2 Security Goals

Key establishment through Diffie-Hellman key exchange.– Variety of groups supported.

Server authentication via RSA or DSS signatures on nonces (and other fields).

HMAC-SHA1 or HMAC-MD5 for MAC algorithm. 3DES, RC4, or AES finalists (Rijndael/Serpent). Pseudo-random function for key derivation. Small number of ‘official’ algorithms with simple

DNS-based naming of ‘private’ methods.

SSH-2 Algorithms

SSH-1 versus SSH-2

Many vulnerabilities have been found in SSH-1 .– SSH-1 Insertion attack exploiting weak integrity mechanism

(CRC-32) and unprotected packet length field.– SSHv1.5 session key retrieval attack (theoretical).– Man-in-the-middle attacks (using e.g. dsniff).– DoS attacks.

• Overload server with connection requests.• Buffer overflows.

But SSH-1 widely deployed. And SSH-1 supports:

– Wider range of client authentication methods (.rhosts and Kerberos).

– Wider range of platforms.

SSH Port ForwardingWithout SSH or port forwarding.

UM User’smachine

LS Loginserver

MO Mail outserver

MI Mail inserver

Src: UM Dest: LS Port: 23

Src: UM Dest: MI Port: 113

Src: UM Dest: MO Port: 25

SSH Port Forwarding

Recall: TCP port number ‘identifies’ application. SSH on local machine:

– Intercepts traffic bound for server.– Translates standard TCP port numbers.

• E.g. port 113 port 5113.

– Sends packets to SSH-enabled server through SSH secure channel.

SSH-enabled server:– Receives traffic.– Re-translates port numbers.

• E.g. port 5113 port 113.

– Forwards traffic to appropriate server using internal network.

SSH Port Forwarding

UM User’smachine

LSSSH-enabled

loginserver

MO Mail outserver

MI Mail inserver

Src: UM Dest: LS Port: 23

With SSH and port forwarding.

Src: UM Dest: MI Port: 113Src: UM Dest: LS Port: 5113Src: LS Dest: MI Port: 113

Src: UM Dest: MO Port: 25Src: UM Dest: LS Port: 5025Src: LS Dest: MO Port: 25

Anonymous ftp for software updates, patches...– No client authentication needed, but clients want to be sure of

origin and integrity of software. Secure ftp.

– E.g.upload of webpages to webserver using sftp.– Server now needs to authenticate clients.– Username and password may be sufficient, transmitted over

secure SSH transport layer protocol. Secure remote administration.

– SysAdmin (client) sets up terminal on remote machine.– SysAdmin password protected by SSH transport layer protocol.– SysAdmin commands protected by SSH connection protocol.

Guerilla Virtual Private Network.– E.g. use SSH + port forwarding to secure e-mail

communications.

SSH Applications

6.3 Comparing IPSec, SSL/TLS, SSH

All three have initial (authenticated) key establishment then key derivation. – IKE in IPSec– Handshake Protocol in SSL/TLS (can be

unauthenticated!)– Authentication Protocol in SSH

All protect ciphersuite negotiation. All three use keys established to build a

‘secure channel’.

Comparing IPSec, SSL/TLS, SSH Operate at different network layers.

– This brings pros and cons for each protocol suite.– Recall `Where shall we put security?’ discussion.– Naturally support different application types, can all be

used to build VPNs. All practical, but not simple.

– Complexity leads to vulnerabilities.– Complexity makes configuration and management

harder.– Complexity can create computational bottlenecks.– Complexity necessary to give both flexibility and security.

Comparing IPSec, SSL/TLS, SSHSecurity of all three undermined by: Implementation weaknesses. Weak server platform security.

– Worms, malicious code, rootkits,… Weak user platform security.

– Keystroke loggers, malware,… Limited deployment of certificates and infrastructure to support

them.– Especially client certificates.

Lack of user awareness and education.– Users click-through on certificate warnings.– Users fail to check URLs.– Users send sensitive account details to bogus websites (“phishing”) in

response to official-looking e-mail.

Secure Protocols – Last Words

A (mis)quote from Eugene Spafford:

“Using encryption on the Internet is the equivalent of arranging an armored car to deliver credit-card information from someone living in a cardboard box to someone living on a park bench.”

What is a VPN

Public networks are used to move information between trusted network segments using

shared facilities like frame relay or atm

A VIRTUAL Private Network replaces all of the above utilizing the public Internet Performance and availability depend on your ISP and the Internet

VPN Implementations

VPN as your Intranet

VPN Components

Technologies

Application Layer: SSL

Tunnel vs Transport

Transport– Implemented by the end point systems– Real address to real address– Cannot ‘go through’ other networks

Tunnel– Encapsulation of the original IP packet in another

packet– Can ‘go through’ other networks– End systems need not support this– Often PC to a box on the ‘inside’

PPTP: Free from Microsoft

PPTP: Security

10.0.0.1

10.0.0.4

10.0.0.3

10.0.0.2

web servera

b

c

NAT

204.x.1.10

Internet

Outgoing PPTP Client Through NAT

VPN Comparisons

So why have a private network: QOS not fully cooked

Very dependent on your ISP Real hard to do across ISPs So no guarantee of performance