Overview Windows NT 4.0 Security Cryptography SSL CryptoAPI SSPI, Certificate Server, Authenticode Firewall & Proxy Server IIS Security IE Security

Transcription

1 Overview Windows NT 4.0 Security Cryptography SSL CryptoAPI SSPI, Certificate Server, Authenticode Firewall & Proxy Server IIS Security IE Security Ch 7 - Security 1

2 Confidentiality and privacy: Protect business and personal information from unauthorized disclosure. Integrity: Protect information from unauthorized modification. Availability: Protect information and processing services from disruption and destruction. Accountability and non-repudiation: Ensure that individuals can be held responsible for their actions. Ch 7 - Security 2

3 Applications NT Security Features Enabling Technologies Basic Principles Ch 7 - Security 3

4 Authentication Access control Cryptography Firewall System Integrity Auditing Ch 7 - Security 4

5 CryptoAPI P-Store, Wallet, PFX Smart Cards Security Support Provider, Secure RPC, DCOM Certificate Server Authenticode, Java Security Ch 7 - Security 5

6 IIS Proxy Server SQL Server IE Exchange, Outlook SNA Server Ch 7 - Security 6

7 User Authentication Access Control Refs: hdetails/prodarch/cooperslybrand.asp Ch 7 - Security 7

8 A domain is a logical group of computers that share a set of common user accounts The Domain Controller, a NT server, keeps the domain user account database, which is visible to all computers. Each local computer has its own isolated user account database. Local user accounts are not necessarily domain user accounts and vice versa. Ch 7 - Security 8

9 Local Logon: how - check the local user account database. only the hashed password is stored. Remote logon: types - Remote Access Service (RAS): Dial-up Virtual Private Network (VPN): Internet-based logon from local computer as a domain user Ch 7 - Security 9

10 1. The domain controller is requested to set up a secure RPC session. 2. The controller issues a 16-byte one-time randomly generated number as the challenge. 3. The local computer produces a response by encrypting the hashed password and challenge together and sends it back a response. 4. The controller uses the challenge and the hashed password from the domain user account database to produce its own response. 5. The logon is granted if the two responses match. Ch 7 - Security 10

11 Each user ID is associated with an security ID (SID). Each user may belong to one or more user s groups, and is given group SID. For simplicity, group SID are ignored from here on. An access token is created upon a user logon, which is attached to any process (or thread) the user invoked. An access token is mainly comprised of two parts: the SID User Rights: privileges of the process associated with the token; mostly related to the computer, e.g. shut down the computer Ch 7 - Security 11

12 Similar to Daemon in UNIX It runs forever unless otherwise halted. Users may log on to an NT service without logon to the NT system. Examples: SQL Server, MS Exchange, IIS and other operating system functions such as WINS (Windows Internet Name Service). User may supply his/her own application as a service. Ch 7 - Security 12

13 An NT service may use the access token of the client to acquire resources. An NT service may not logon to another NT machine on the behalf of the client, because NetLogon does not authenticate with any access token. Ch 7 - Security 13

14 Each NT object is associated with an ACL which has two components: Discretionary ACL: specifies the access permissions for each user. System ACL: for security logging and auditing NTFS ACL permissions for each directory and file object: Read, Write, Execute, Delete, Change Permissions, Take Ownership Ch 7 - Security 14

15 An ACE determines whether an entity X is allowed or not allowed to do activity Y (DACL) an attempt by entity X to do activity Y is or is not to be logged in the security event logs (SACL) Components in an ACE: SID (for entity X) Type (for action) Access permissions (for entity Y) Ch 7 - Security 15

16 Ch 7 - Security 16

17 If DACL is empty, then no one is allowed access to the object If DACL is deleted, then everyone is allowed access to the object In traversing a DACL, the system stops looking as soon as access is explicitly granted or denied. For safety, denial ACEs should appear in the ACL. Ch 7 - Security 17

18 Three major concerns: Privacy tool: Encryption/Decryption Authentication tool: digital certificate Integrity tool: digital signature (digital timestamp) Ref: ml Ch 7 - Security 18

19 Cipher is the procedure of encrypting a message. Cipher usually has one or more parameters, that are considered keys, i.e. the values may be generated randomly. Cipher is not usually not the object to protect; keys are. Ch 7 - Security 19

20 Ch 7 - Security 20

21 Symmetric: encryption key = decryption key key is private Asymmetric: encryption key not equal to decryption key one public key and one secret key Ch 7 - Security 21

22 Stream Cipher Block Cipher Input:a fixed-length block of plaintext Parameter: the encryption key Output: a block of encrypted text of the same length Deciphers work in a reverse way, with the same key. Ch 7 - Security 22

23 If a party intends to communicate with 5 other parties, it needs 5 different keys. Transmitting a private key over an insecure communication channel is problematic. Ch 7 - Security 23

24 Lengths: 128/40 bits (North America/Export) Strength: DES 56-bit key (the Data Encryption Standard) is too small for safety. US Govt. recommends 40/512 for adequate and strategic strengths RSA, the most well-known vendor, recommends 80/768 Safe transport of key Well known secret: password Public-key cryptography Ch 7 - Security 24

25 E and D are the cipher and decipher respectively, and M is the message. D(E(M)) = M Both E and D are easy to compute. D is a one-way function, if by revealing E in public, there is no easy way for others to compute D. Ch 7 - Security 25

26 E is a cipher with n as the parameter, where n is the product of two larger prime numbers p, and q. D is a decipher with p and q as the parameters. Both D and E are well-known, albeit patented algorithms. n is the public key The p and q together is the private key The one-way function here is the multiplication of p and q. Ch 7 - Security 26

27 A product of 2 large prime numbers is 129- digit long (about 435-bits) In early 90 s, it took eight months using 1,600 computers to derive the two prime factors of this product. Ch 7 - Security 27

28 A (Alice) gets B s (Bob) public key from the directory, with which to encrypt the message. The cipher-text is transmitted over an insecure channel to Bob. Bob receives the message, and use his own secret private key to decrypt the cipher-text. Ch 7 - Security 28

29 Public key cryptography offers increased security and convenience Symmetric algorithms are much faster. In practice, public key cryptography is used to pass the private key needed to run symmetric algorithms. Ch 7 - Security 29

30 Ch 7 - Security 30

31 the output has a fixed length, H(x) is relatively easy to compute for any given x, H(x) is one-way, H(x) is collision-free. Ch 7 - Security 31

32 Bob computes the message digest MG, of the message M using a cryptographic hash function H, i.e. MG=H(M). Bob encrypts MG with his private key D B, and sends D B (MG) to Alice, together with the un-ciphered M. Alice uses Bob s public key E B to decipher D B (MG) obtain MG. Alice applies the same H to M, to obtained MG. If MG is equal to MG, Alice now has proof the Bob signs the message. Ch 7 - Security 32

33 SHA = A well-known cryptographic hash Ch 7 - Security 33

34 Hashing is not strictly necessary, but it will save time in the encryption. It may be extremely difficult to crack a one-way hash function, but it is (slightly) easier to produce a different message that is hashed to the same result. Birthday Attack : for a group of 23 or more people the probability that two or more people share the same birthday > 50%. If a message M may be found such H(M )=H(M), Bob may be perceived to have signed the message M as well. Ch 7 - Security 34

35 Bob computes his signature S for the message M using his private key D B, i.e. S=D B (M) Bob encrypts the signature with Alice s public key, E A, and sends E A (S) to Alice, together with the unciphered M. Alice uses her own private key D A to decrypt the ciphertext, and then use Bob s public key E B to obtain M. If M is not equal to M, some one must have tempered the message, and/or Bob did not sign it. If M is equal to M, Alice now has the proof the Bob sends the message to Alice. Ch 7 - Security 35

36 Certificate Authorities are created to certify the authenticity of a public key. A certificate contains at least the following: the public key the name of the owner the issuing CA digital signature CA keeps a list of revoked certificates which are declared invalid before they expire. Ch 7 - Security 36

37 To be effective, the user must have a high level of trust in the CA which issues. CA may rely on its own certification by other CA s to establish a level of trust, hence a hierarchy of trust. An organization may become a CA for issuing certificates to its employees. Ch 7 - Security 37

38 Ch 7 - Security 38

39 1. Key generation: the individual generates key pairs of public and private keys. 2. Matching of policy information: the applicant packages up the additional information necessary for the CA to issue the certificate 3. Sending of public keys and information: the applicant sends the public keys and information to the CA. Ch 7 - Security 39

40 4. Verification of information: the CA applies whatever policy rules it might require to verify that the applicant should receive a certificate. 5. Certificate creation: the CA creates a digital document with the appropriate information (public keys, expiration date, other data) and signs it using the CA's private key. 6. Sending/posting of certificate: The CA may send the certificate to the applicant, or post it publicly as appropriate. Ch 7 - Security 40

41 Man-in-the-middle attack: garbled message Integrity of messages in plaintext (e.g. stock price) Need to authenticate the message, but not the sender or receiver: Digital coupon, digital ticket, Ch 7 - Security 41

42 Use cryptographic hash function to produce a message digest Encrypt the digest with a secret key to produce the MAC. The message may be optionally encrypted. The MAC can be decrypted only by the same secret key. Ch 7 - Security 42

43 SSL is the most popular protocol for secure communication over insecure channel. SSL is a layered protocol. SSL is application protocol independent. A higher level protocol can layer on top of the SSL Protocol transparently. SSL imposes a performance penalty. Ch 7 - Security 43

44 The connection is private: Encryption is used after an initial handshake to define a secret key. Symmetric cryptography is used for data encryption The peer's identity are authenticated: Digital certificates are examined. The connection is reliable. Message transport includes a message integrity check using a keyed MAC. Cryptographic hash functions are used. Ch 7 - Security 44

45 SSL Record Protocol is used for encapsulation of various higher level protocols, the Handshake Protocol. manages the CipherSpec, the state of SSL protocol SSL Handshake Protocol: It allows the server and client to authenticate each other to negotiate an encryption algorithm to negotiate cryptographic keys before the application protocol transmits or receives its first byte of data. Ch 7 - Security 45

46 Ch 7 - Security 46

47 Web server needs 3 to 4 threads to process the protocol set-up. During the message transmission, it takes on average tens of instructions to process each byte of the message. The window size for SSL is only 16K. SSL runs only in user mode. Ch 7 - Security 47

48 A firewall is a system that enforces an access control policy between two networks. It blocks or permits traffic one network to another. Firewall acts a single choke point where security and audit can be imposed. Ch 7 - Security 48

49 Firewall is a generic name for hardware, software, or its combination that used to protect internal network from intruders. Two types of firewalls: Network level Application level application-level proxy service circuit-level gateway proxy (SOCKS) Ref: Ch 7 - Security 49

50 A router is a hardware that can perform simple packet filtering at the network level. It implements rules that blocks or permit IP packets, based on a number of factors: destination address source address port number service types (e.g. DNS queries, SMPT mail) Ch 7 - Security 50

51 Bastion host architecture Filtering host architecture Filtering subset architecture Ch 7 - Security 51

52 Ch 7 - Security 52

53 Bastion host is usually a proxy server on NT platform. A bastion may have two network interface cards (with different IP addresses), which allows to be a dual-homed host, i.e. running on two networks. The proxy server will relay the authorized traffic between the two interfaces and block traffic that is denied. The host is able to provide extensive logging of transactions for auditing purposes. Ch 7 - Security 53

54 Ch 7 - Security 54

55 SSL provides a secure end-to-end session between the client and original server. The proxy server will become a tunnel, or a byteforwarder in both directions. It cannot, and need not act as the application level proxy. Benefits: URL is hidden from the proxy server Minimize the chance of man-in-the-middle attack. Downside: no protection for other security risks. Ch 7 - Security 55

56 The proxy server is sent a HTTP request with a CONNECT method on a HTTP header. The proxy server will response either positively, or negatively. The tunneling ceases to work when one side drops the connection. Ch 7 - Security 56

57 Ch 7 - Security 57

58 The router can be configured to make the proxy server as the only host that accesses the router. All internal hosts will be forced to use the proxy server to reach external hosts. This architecture is more secure than the bastion host one because it provides two layers of protection. Ch 7 - Security 58

59 Ch 7 - Security 59

60 The internal network is considered as a subnet. The perimeter network is considered as a filtering subnet. There is no internal information on the filtering subnet. Benefits: Provides specific security requirements to a subset of an organization (CSIL) Provides three layers of protection. Ch 7 - Security 60

61 CryptoAPI is an API that provides core cryptographic functionality to application developers. Features: cryptographic hashing, encrypting and decrypting data, private and public key cryptography authentication using digital certificates, managing certificates in certificate stores. Ch 7 - Security 61

62 A CSP contains implementations of cryptographic standards and algorithms. Microsoft works with vendors such as RSA Data Security Inc. to develop programs that implements the features of CryptoAPI. Ch 7 - Security 62

63 Ch 7 - Security 63

64 Secure Support Provider Interface MS Certificate Server MS Authenticode Ch 7 - Security 64

65 SSPI makes common network authentication schemes available to application developers via simplified software libraries. A SSP is a library that manages a particular scheme. User of SSPI may call its SSP directly or use the secure options in DCOM or RPC. Ch 7 - Security 65

66 Kerberos NTLM (NT Lan Manager) SSL DPA (password-based) Ch 7 - Security 66

67 Certificate Server is a toolkit for building a Certificate Authority (CA) for large networks. It enables an organization to issue, renew, and revoke certificates without having to rely on external certificate. Each site building a CA with Certificate Server may supply its own approval module to verify the certificate applicant, or use a market standard modules (like software publishing). Ch 7 - Security 67

68 It uses simple cryptographic integrity features to help ensure the authenticity of a software module. Digital signature is generated by the Authenticode software which is attached to the code. This technology may be used to sign script, COM objects, and programs in C++ or VB. Ch 7 - Security 68

69 Grant or deny access for both inbound and outbound connections by: user service / port IP domain Each port can be enabled or disabled for communications by a specific list of users or user groups. Ch 7 - Security 69

70 Local Address Table: A system table containing the IP internal IPs. Use by Proxy Server to prevent IP spoofing. Packet alert: issue alerts for specific events, such as for dropped packets or packets sent to an unused service port. IP address aggregation: requests to external hosts will use proxy s external IP. SSL Tunnelling Ch 7 - Security 70

71 Anonymous User: an NT user account IUSR_xxxx, where xxxx is the server name, will be assigned to the user. NT User: Basic authentication Challenge/Response Ch 7 - Security 71

72 The access permission to objects in the Web application is determined by the user s access token. The request by anonymous user to access the requested object will be denied if its ACL does not permit access by IUSER. HTTP will response with a failure return-code (HTTP Error 401), with an authenticate header: WWW-Authenticate: Basic WWW-Authenticate: NTLM The browser will choose one of the two methods. Ch 7 - Security 72

73 Procedure: The browser will gather the user account and password from the user. The information will be sent to the server in BASE64 code. Given a choice, Netscape browser will pick this method over NTLM, because it does not do NTLM IE will by default use NTLM. Ch 7 - Security 73

74 IIS will impersonate the user when accessing resources in the server. When IIS attempts to logon to a remote database server: In case of the basic authentication, IIS will be able to do because it has the user id and password. In case of NTLM, IIS can t because domain controller, instead of IIS, did the authentication. Ch 7 - Security 74

75 <%If request.servervariables("remote_addr") = " " then Response.Buffer = TRUE Response.Status = ("401 Unauthorized") Response.End End If%> Ch 7 - Security 75

76 <% Response.Clear Response.Buffer = True Response.Status = 401 Unauthorized Response.AddHeader WWW-Authenticate, NTLM Response.End %> Ch 7 - Security 76

77 User may set different levels of security for the following classes of sites: Internet Local Intranet Trusted sites Restricted sites Major differences: Prompt/No-prompt signature of ActiveX Control required/not required. Cookies allowed/not allowed Ch 7 - Security 77