Secure Networks Chapter 4-3 PDF
Document Details
Uploaded by Deleted User
Tags
Related
Summary
These lecture notes cover the goals of creating secure networks, including availability, confidentiality, and functionality. It also describes denial-of-service attacks (DoS attacks), ARP poisoning, Ethernet security, and wireless security standards. The notes explore potential attacks against wireless networks.
Full Transcript
Chapter 4-3 Describe the goals of creating secure networks. Explain how denial-of-service attacks work. Explain how ARP poisoning works. Know why access controls are important for networks. Explain how to secure Ethernet networks. Describe wireless (WLAN) security standa...
Chapter 4-3 Describe the goals of creating secure networks. Explain how denial-of-service attacks work. Explain how ARP poisoning works. Know why access controls are important for networks. Explain how to secure Ethernet networks. Describe wireless (WLAN) security standards. Describe potential attacks against wireless networks. 2 4.1 Introduction 4.2 Denial-of-Service (DoS) Attacks 4.3 ARP Poisoning 4.4 Access Control for Networks 4.5 Ethernet Security 4.6 Wireless Security 3 Cryptography provides confidentiality, authenticity, and message integrity Modern networks have additional vulnerabilities ◦ The means of delivering the messages could be stopped, slowed, or altered ◦ The route the messages took could be altered ◦ Messages could be redirected to false recipients ◦ Attackers could gain access to communication channels that were previously considered closed and confidential 4 Goals of Creating Secure Networks 1. Availability—users have access to information services and network resources Attacks on network availability can prevent customers, suppliers, and employees from transacting business. Even the best cryptographic systems become inconsequential if the messages cannot be delivered. 2. Confidentiality—prevent unauthorized users from gaining information about the network’s structure, data flowing across the network, network protocols used, or packet header values. Even if the traffic is encrypted the attacker can still see which sites are visited, how much data is sent or received, and which port numbers are used. 5 Goals of Creating Secure Networks 3. Functionality—preventing attackers from altering the capabilities, or normal operation of the network Appropriate network functionality would include properly routing packets, correctly resolving hostnames, excluding unapproved protocols, correctly assigning IP addresses, and so on. For example, a disgruntled employee could alter the functionality of an internal network using ARP poisoning (man- in-the-middle. 4. Access control—keep attackers, or unauthorized employees, from accessing internal resources 6 The “castle” model ◦ Good guys on the inside, attackers on the outside, and a well-guarded point of entry Death of the Perimeter (creating a 100 % secure network is impossible) ◦ It is impractical, if not impossible, to force all information in an organization through a single point in the network ◦ New means of attacking networks (i.e. smart phones) are constantly emerging ◦ Lines between “good guys” and “bad guys” has become blurred 7 The “city” model ◦ No distinct perimeter, and there are multiple ways of entering the network ◦ Like a real city, who you are will determine which buildings you will be able to access ◦ Greater need for: Internal intrusion detection Virtual LANs Central authentication servers Encrypted internal traffic 8 4.1 Introduction 4.2 Denial-of-Service (DoS) Attacks 4.3 ARP Poisoning 4.4 Access Control for Networks 4.5 Ethernet Security 4.6 Wireless Security 9 What is a DoS attack? ◦ An attempt to make a server or network unavailable to legitimate users by flooding it with attack packets What is NOT a DoS attack? ◦ Faulty coding that causes a system to fail ◦ Referrals from large websites that overwhelm smaller websites 10 Ultimate goal of DoS attacks is to cause harm ◦ Harm includes: losses related to online sales, industry reputation, employee productivity, customer loyalty, etc. The two primary means of causing harm via DoS attacks include: 1.Stopping critical services 2.Slowly degrading services 11 The two primary means of causing harm via DoS attacks include: 1. Stopping critical services DoS attacks against an organization’s most important service Most common service targeted by attackers is HTTP a DDoS attack was launched against the DNS provider (Neustar) and affected websites for Amazon, Walmart, and the Gap 2. Slowly degrading services 12 Direct DoS Attack ◦ An attacker tries to flood a victim with a stream of packets directly from the attacker’s computer Indirect DoS Attack ◦ The attacker’s IP address is spoofed (i.e., faked) and the attack appears to come from another computer 13 14 Bots ◦ Updatable attack programs ◦ Botmaster can update the software to change the type of attack the bot can do May sell or lease the botnet to other criminals ◦ Botmaster can update the bot to fix bugs Botmaster can control bots via a handler ◦ Handlers are an additional layer of compromised hosts that are used to manage large groups of bots 15 16 Types of packets sent: 17 18 Reflected DoS attack ◦ Responses from legitimate services flood a victim ◦ The attacker sends spoofed requests to existing legitimate servers (Step 1) ◦ Servers then send all responses to the victim (Step 2) ◦ There is no redirection of traffic 19 20 Smurf Flood ◦ The attacker sends a spoofed ICMP echo request to an incorrectly configured network device (router) ◦ Broadcasting enabled to all internal hosts ◦ The network device forwards the echo request to all internal hosts (multiplier effect) 21 22 Black holing ◦ Drop all IP packets from an attacker ◦ Not a good long-term strategy because attackers can quickly change source IP addresses ◦ An attacker may knowingly try to get a trusted corporate partner black holed 23 Validating the handshake ◦ Whenever a SYN segment arrives, the firewall itself sends back a SYN/ACK segment, without passing the SYN segment on to the target server (false opening) ◦ When the firewall gets back a legitimate ACK the firewall send the original SYN segment on to the intended server 24 Rate limiting ◦ Used to reduce a certain type of traffic to a reasonable amount ◦ Can frustrate attackers, and legitimate users For example, the effects of a Smurf flood could be mitigated by limiting the number of ICMP packets entering a network. Broadcasting to the internal network could still be used, but at a limited rate. 25 26 27 Copyright Pearson Prentice-Hall 2013 Which layer make use of captcha to counter DDoS attack? 28 Copyright Pearson Prentice-Hall 2013 29 Copyright Pearson Prentice-Hall 2013 4.1 Introduction 4.2 Denial-of-Service (DoS) Attacks 4.3 ARP Poisoning 4.4 Access Control for Networks 4.5 Ethernet Security 4.6 Wireless Security 30 ARP Poisoning ◦ Network attack that manipulates host ARP tables to reroute local-area network (LAN) traffic ◦ Possible man-in-the-middle attack ◦ Requires an attacker to have a computer on the local network ◦ An attack on both the functionality and confidentiality of a network 31 ARP: address resolution protocol ARP table: each IP node (host, router) on LAN has table Used to resolve 32-bit IP addresses (e.g., 55.91.56.21) into 48-bit local MAC addresses (e.g., 01-1C-23-0E-1D-41) TTL (Time To Live): time after which address mapping will be forgotten (typically 20 min) FAST, National University of Computer and Emerging Sciences, Islamabad ARP: address resolution protocol host with IP address 222.222.222.220 wants to send an IP datagram to host 222.222.222.222. FAST, National University of Computer and Emerging Sciences, Islamabad ARP protocol: same LAN A wants to send datagram to B B’s MAC address not in A’s ARP table. A broadcasts ARP query packet, containing B's IP address dest MAC address = FF-FF-FF-FF-FF-FF all nodes on LAN receive ARP query B receives ARP packet, replies to A with its (B's) MAC address frame sent to A’s MAC address (unicast) FAST, National University of Computer and Emerging Sciences, Islamabad 35 The problem: ARP requests and replies do NOT require authentication or verification ◦ All hosts trust all ARP replies ◦ ARP spoofing uses false ARP replies to map any IP address to any MAC address ◦ An attacker can manipulate ARP tables on all LAN hosts ◦ The attacker must send a continuous stream of unsolicited ARP replies 36 37 ARP DoS Attack ◦ Attacker sends all internal hosts a continuous stream of unsolicited spoofed ARP replies saying the gateway (10.0.0.4) is at E5-E5-E5-E5-E5-E5 (Step 1) ◦ Hosts record the gateway’s IP address and nonexistent MAC address (Step 2) ◦ The switch receives packets from internal hosts addressed to E5-E5-E5-E5-E5-E5 but cannot deliver them because the host does not exist ◦ Packets addressed to E5-E5-E5-E5-E5-E5 are dropped 38 39 Preventing ARP Poisoning ◦ Static ARP tables are manually set Most organizations are too large, change too quickly, and lack the experience to effectively manage static IP and ARP tables ◦ Limit Local Access Foreign hosts must be kept off the LAN 40 4.1 Introduction 4.2 Denial-of-Service (DoS) Attacks 4.3 ARP Poisoning 4.4 Access Control for Networks 4.5 Ethernet Security 4.6 Wireless Security 41 42 43 Before authentication, the identity of the endpoint is unknown and all traffic is blocked. After authentication, the identity of the endpoint is known and all traffic from that endpoint is allowed 44 Copyright Pearson Prentice-Hall 2013 https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Secu rity/TrustSec_1-99/Dot1X_Deployment/Dot1x_Dep_Guide.html 45 RADIUS Functionality Authentication Authorizations Auditing Uses EAP Uses RADIUS Uses RADIUS authorization auditing functionality functionality 46 4.1 Introduction 4.2 Denial-of-Service (DoS) Attacks 4.3 ARP Poisoning 4.4 Access Control for Networks 4.5 Ethernet Security 4.6 Wireless Security 47 48 Open networks can be legally accessed by anyone ◦ Found in public places like cafes, coffee shops, universities, etc. Private networks that do not allow access unless specifically authorized Secured networks have security protocols enabled ◦ Users are authenticated and wireless traffic is encrypted 49 Internal Harm 50 External Harm Internal Harm Attackers have greater access to internal information, resources, and other network traffic. They have effectively bypassed the main firewall and all the security measures that normal network traffic must go through. A packet sniffer can be used to gather network information, or user data. The wireless chipset on the attacker’s client must support radio frequency monitoring (RFMON) in order to pick up wireless packets addressed to other hosts. External Harm An attacker could anonymously download, upload, and store illegal content via the wireless network An unauthorized attacker launches a DoS attack against a well-known online e-mail provider from your unsecured internal wireless network. The e-mail provider could block the entire IP range belonging to the corporation 51 52 53 54 Attackers can alter wireless devices to flood these frequency bands with electromagnetic interference (EMI), also known as radio frequency interference (RFI). The interference, or noise, damages the 802.11 signal and makes the packets unreadable. ◦ Network administrators can use wireless spectrum analyzers to identify DoS floods. ◦ A network administrator may see extensive damage to wireless packets. This might be an indication of a DoS flood 55 DoS can takes advantage of the protocols implemented in the 802.11 standard. An attacker sends attack commands to clients, APs, or both. Many of these attack commands are actually 802.11 management or control frames used to manage the connection of hosts and transmission of signals. 56 Copyright Pearson Prentice-Hall 2013 A continuous stream of spoofed deauthenticate messages could keep clients from connecting to the AP. an attacker could flood wireless clients with request-to-send (RTS) or clear-to-send (CTS) frames. ◦ RTS frames tell other wireless clients that you want to transmit for a given amount of time. ◦ CTS frames tell other clients that you have received a RTS frame, and that they should not transmit until the designated time expires. A flood of CTS frames with long transmission durations keeps other clients waiting. A flood of RTS frames produces a flood of CTS frames. Both produce an effective DoS attack on the wireless network. Again, these messages are not authenticated 57 Copyright Pearson Prentice-Hall 2013 58 59 Origin of WEP ◦ Original core security standard in 802.11, created in 1997 Uses a Shared Key ◦ Each station using the access point uses the same (shared) key ◦ The key is supposed to be secret, so knowing it “authenticates” the user ◦ All encryption uses this key 60 61 WEP key generator: http://network-logix.net/ Problem with Shared Keys ◦ If the shared key is learned, an attacker near an access point can read all traffic ◦ Shared keys should at least be changed frequently But WEP had no way to do automatic rekeying Manual rekeying is expensive if there are many users Manual rekeying is operationally next to impossible if many or all stations use the same shared key because of the work involved in rekeying many or all corporate clients 62 Problem with Shared Keys ◦ Because “everybody knows” the key, employees often give it out to strangers ◦ If a dangerous employee is fired, the necessary rekeying may be impossible or close to it 63 RC4 Initialization Vectors (IV) ◦ WEP uses RC4 for fast and therefore cheap encryption ◦ But if two frames are encrypted with the same RC4 key are compared, the attacker can learn the key ◦ To solve this, WEP encrypts with a per-frame key that is the shared WEP key plus an initialization vector (IV-24bits) ◦ Since the master key is usually manually configured and static and since the IV used in 802.11 is just 24 bits long, this results in a very limited key-space. 64 Algorithm (RC4 without IV) 65 Algorithm (RC4 with IV) Concatenate the 24-bit IV with the 40-bit WEP key to form a 64-bit key Append a 32-bit Integrity Check Value (ICV) to the end of the packet. “Newcastle”= “Newcastle:b54dd1ca” 66 Algorithm (RC4 with IV) In WEP RC4 uses two inputs to generate a key stream These inputs are the shared password and the IV This key stream is then XORed with the plain text package to produce an encrypted package (Epackage) The IV is then prepended to the front of the Epackage (it is important to note that the IV has NOT been encrypted) and sent. When the access point receives this, it reads the IV, strips it from the Epackage, uses the IV and the shared password to run the algorithm in reverse (decrypts the package), checks the message against the checksum, and if the message is intact, passes it along. 67 Algorithm (RC4 with IV) To have an effective stream cipher, the same key should never be used twice A 24‐bit IV only provides about 16 million possibilities. On a busy network this would only take a few hours to exhaust, but in practice an IV usually gets reused every 10,000 packets. The second flaw is that this IV is transmitted in plain text! This means it is know exactly which two messages were encrypted with the same keystream, since the keystream is made up of the static shared password and the IV. All that is needed to completely break the encryption is two packets that use the same IV. 68 Conclusion ◦ With high traffic, an attacker using readily available software can crack a shared key in 2 or 3 minutes ◦ Corporations should never use WEP for security 69 IEEE formed a Task Group: 802.11i with the aim of improving upon the security of 802.11 networks Group came up with the proposal of a Robust Security Network (RSN) Allows only RSN-capable devices to join the network, thus allowing no “holes.” The term hole is used to refer to a non-802.11i compliant The proposal specified by the Task Group-i uses the Advanced Encryption Standard (AES) in its default mode. One obstacle in using AES is that it is not backward compatible with existing WEP hardware AES requires the existence of a new more powerful hardware engine there is also a need for a security solution which can operate on existing hardware Vendors wanted interoperability of 802.11 equipment therefore, Wi-Fi alliance came up with Temporal Key Integrity Protocol (TKIP) TKIP was known as Wi-Fi Protected Access (WPA) which was a firmware upgrade to WEP equipment TKIP (WPA) is basically a pre-standard subset of 802.11i which includes the key management and the authentication architecture (802.1X) specified in 802.11i TKIP provides encryption and integrity protection for wireless transmissions, while 802.1X provides authentication and access control for devices attempting to connect to the network. The biggest difference between WPA and 802l.11i (which has also come to be known as WPA2) is that instead of using AES for providing confidentiality and integrity, WPA uses Temporal Key Integrity Protocol (TKIP) respectively WPA ◦ WPA extends the security of RC4 primarily by increasing the IV from 24 bits to 48 bits ◦ This extension vastly reduces leakage and so makes RC4 much harder to crack WPA2 (802.11i) ◦ 802.11 Working Group completed the 802.11i standard (WPA2) in 2002 ◦ Uses stronger security methods 73 Cryptographic WEP WPA 802.11i Characteristic (WPA2) Cipher for RC4 with a RC4 with 48-bit AES with 128- Confidentiality flawed initialization vector bit keys implementation (IV) Overall Negligible Weaker but no Extremely Cryptographic complete crack to strong Strength date 74 Cryptographic WEP WPA 802.11i Characteristic (WPA2) Operates in 802.1X No Yes Yes (Enterprise) Mode? Operates in Pre- No Yes Yes Shared Key (Personal) Mode? 75 For large firms, using 802.11i or WPA to implement 802.1X mode with its expensive central authentication server is necessary. ◦ 802.1X can be used with TKIP to authenticate devices before they are allowed to join the wireless network. This helps to prevent unauthorized access and protect the network from attacks. For very small businesses and individual households, however, using a central authentication server would be overkill. Consequently, 802.11i and WPA both offer a non-802.1X mode called pre- shared key (PSK) mode. PSK/personal mode was created for homes or small businesses that only have a single access point. 76 Consequently, 802.11i and WPA both offer a non-802.1X mode called pre-shared key (PSK) mode. PSK/personal mode was created for homes or small businesses that only have a single access point. It is used for authentication in wireless networks, and is a simpler form of authentication. TKIP and PSK, when used together, the pre-shared key is used to authenticate devices, while TKIP provides encryption and integrity protection for wireless transmissions. ◦ This combination is commonly used with WPA-PSK, which stands for Wi-Fi Protected Access with Pre-Shared Key. 77 78 PSK/personal mode has one serious operational security issue. Unless the shared initial key is complex, cryptanalysis of the initial key will be possible. In practice, the administrator or user has to type a passphrase into every wireless client and the access point. The equipment generates the key from this passphrase. Long passphrases produce strong keys, but if the passphrase is too short, then 802.11i or WPA in PSK/personal mode will have very weak security. 80 1. Network and security capability discovery: During this exchange, STAs discover the existence of a network with which to communicate. The AP either periodically broadcasts its security capabilities, indicated by RSN IE (Robust Security Network Information Element), in a specific channel through the Beacon frame; or responds to a station’s Probe Request through a Probe Response frame. A wireless station may discover available access points and corresponding security capabilities by either passively monitoring the Beacon frames or actively probing every channel. 2. Authentication (1) IEEE 802.11i makes use of another standard that was designed to provide access control functions for LANs. The standard is IEEE 802.1X, Port-Based Network Access Control. The authentication protocol that is used, the Extensible Authentication Protocol (EAP), is defined in the IEEE 802.1X standard. IEEE 802.1X uses the terms supplicant (station), authenticator (AP),and authentication server (AS) 2. Authentication (2) The authenticator only passes control or authentication messages between the supplicant and the AS; The 802.1X control channel is unblocked, but the 802.11 data channel is blocked. Once a supplicant is authenticated and keys are provided, the authenticator can forward data from the supplicant to the network. Under these circumstances, the data channel is unblocked. 2. Authentication (3) 3. Key management Secure key delivery: Once authentication is established, the AS generates a master session key (MSK), also known as the Authentication, Authorization, and Accounting (AAA) key and sends it to the STA. All the cryptographic keys needed by the STA for secure communication with its AP are generated from this MSK. Whatever method is used, it involves the transmission of an MPDU containing an encrypted MSK from the AS, via the AP, to the AS. Open system authentication is complete 802.11X Authentication is complete Pairwise Transient Key (PTK) is divided into: KCK (Key Confirmation Key, 128 bit) KEK (Key Encryption Key, 128 bit) TEK (Temporal Encryption Key, 128 bit). KCK is used to construct MAC in EAPOL packets 2,3 and 4. KEK is used to encrypt some data sent to client(for example GTK). TEK is used for encrypting traffic between client and AP, later during session. MIC Encrypt GTK [ Encrypt Traffic ] Usage of TK1 and TK2 is ciphersuite-specific IEEE 802.11i Phases of Operation: Four-Way Handshake and Group Key handshake PMK is first 256bits (0-255) of MSK and MAC address of station and MAC address of AP Used for communication between a pair of devices, typically between a STA and an AP These keys form a hierarchy beginning with a master key from which other keys are derived dynamically and used for a limited period of time Pre-shared key (PSK) A secret key shared by the AP and a STA and installed in some fashion outside the scope of IEEE 802.11i Master session key (MSK) Also known as the AAAK, and is generated using the IEEE 802.1X protocol during the authentication phase Pairwise master key (PMK) Derived from the master key If a PSK is used, then the PSK is used as the PMK; if a MSK is used, then the PMK is derived from the MSK by truncation Pairwise transient key (PTK) Consists of three keys to be used for communication between a STA and AP after they have been mutually authenticated Using the STA and AP addresses in the generation of the PTK provides protection against session hijacking and impersonation; using nonces provides additional random keying material 91 91