NETWORK SECURITY ASPECTS & VULNERABILITIES

Transcription

1 NETWORK SECURITY ASPECTS & VULNERABILITIES Luis Sousa Cardoso FIINA President Brdo pri Kranju, 19. in 20. maj

2 Background Importance of Network Explosive growth of computers and network - To protect data and resources - To guarantee the authenticity of data - To protect systems Concerns of IT executives Reliability Complexity of the Transition Unproven Services Increased Telecom Costs Increased Operating Costs Quality of Management Tools Lack of Standards Lack of Applications to Exploit Other 1% 48% 75% 73% 69% 64% 64% 62% 61% 60% Source: Information Week. Brdo pri Kranju, 19. in 20. maj

3 aspects Attacks : An action that compromise the information Mechanism : Design to protect,prevent,recover from attacks Service : Enhance the security of data,systems, transfer Relationship between security objectives Treats Requirements services mechanisms algorithms objectives Brdo pri Kranju, 19. in 20. maj

4 INFORMATION FLOW MODEL A B Information Source NORMAL FLOW Information Destination Brdo pri Kranju, 19. in 20. maj

5 SECURITY THREATS A AVAILABILITY INTERRUPTION B A X INTERCEPTION B CONFIDENTIALITY A INTEGRITY X MODIFICATION B A X AUTHENTICITY FABRICATION B Brdo pri Kranju, 19. in 20. maj

6 SECURITY REQUIREMENTS AVAILABILITY CONFIDENTIALITY Communications NON-REPUDIATION & IT INTEGRITY AUTHENTICATION Brdo pri Kranju, 19. in 20. maj

7 SECURITY SERVICES Confidentiality Protection of transmitted data Authentication Assuring that communication is authentic Integrity Assuring that message has originality Non-repudiation Preventing denying message Access Control Limit & control the access Availability Automated or physical countermeasures Brdo pri Kranju, 19. in 20. maj

8 MODEL FOR NETWORK SECURITY Brdo pri Kranju, 19. in 20. maj

9 SIX LAYERS OF NETWORK SECURITY SECURITY AUDITING SECURITY TOOLS SOFTWARE MONITORING PHYSICAL SECURITY NETWORK ADMINISTRATOR Brdo pri Kranju, 19. in 20. maj

10 POLICY IS KEY TO SECURITY Policy Standards Mandate to implement security Standard to measure security Procedures, Guidelines & Practices Basis for all security technology and procedures Brdo pri Kranju, 19. in 20. maj

11 SECURITY VULNERABILITIES (PROTOCOLS) Brdo pri Kranju, 19. in 20. maj

12 EXPLOSION OF INCIDENTS Incidents CERT/CC Incidents Statistics 52,658 Q ,829 21, , , ,340 2,412 2,573 2, , Year

13 DECREASING BARRIERS TO INTRUSION: It just gets easier! High Low Wireless Hack-in-a-box e.g., AirSnort aimed at WEP/802.11b Sources: CERT Coordination Center Network Reliability and Interoperability Council back doors network element Trojans disabling audits network mgmt. diagnostics PAD to PAD hijacking Sophistication burglaries sessions exploiting known vulnerabilities self-replicating code password guessing scanners/sweepers password cracking packet spoofing sniffers Y2K enabled hacking stealth / advanced scanning techniques denial of service Baseline Reference: Telecommunications Risk Assessment NSTAC, June 99 GUI SONET /SDH backbone attacks automated probes Tools & Techniques Distributed denial of service / advanced virus /worm techniques Skills & Knowledge Threat

14 TRENDS OF CYBER TERROR TECHNOLOGIES Unification of Hacking Tech. and Virus Tech. Autonomy, Intelligence, Popularization, Distribution, Large Scale, Encapsulation Hacktivism : From Personal Purpose To Political, Social, Military, Industrial Purpose Hacking Tech. Area Virus Tech. Area

15 Event ACTION Probe Scan Flood Autenticate Bypass Spoof Read Copy TARGET Account Process Data Component Computer Network Internetwork Steal Modify Delete Brdo pri Kranju, 19. in 20. maj

16 Attack Event TOOL Physical Attack Information Exchange User Command Script of Command Autonumus Agent Toolkit VULNERABILITY Design Implementation Configuration ACTION Probe Scan Flood Autenticate Bypass Spoof TARGET Account Process Data Compunent Computer Network UNAUTHORIZED RESULT Increased Access Discloser of Information Corruption of Information Denial of Service Thef of Resources Distributed Tool Data Tap Read Copy Internetwork Steal Modify Delete

17 WHAT IS A SECURITY VULNERABILITY? A security vulnerability is: A flaw or weakness in a system s design, implementation or operation that could be exploited to violate the system s security (RFC 2828). A security vulnerability is not: a risk, a threat, or an attack. Brdo pri Kranju, 19. in 20. maj

18 VULNERABILITIES, THREATS AND RISKS A security vulnerability combined with a security threat creates a security risk. Example: Vulnerability Threat Risk Overflow Bug Hacker Knowledge & Tools & Access Risk of Webserver Attack Brdo pri Kranju, 19. in 20. maj

19 THE HIGH-IMPACT OF PROTOCOL SECURITY VULNERABILITIES Threats change, but security vulnerabilities exist throughout the life of a protocol. With standardized protocols, protocol-based security risks can be very large global in scale. Brdo pri Kranju, 19. in 20. maj

20 Map of Vulnerability (with standard examples) Types Theft Sabotage Application Specific Operating System Instant Social Engineering Logic Error Seconds Minutes Internal Spying Information Fishing Network Protocol Design Forced Trust Violations Hours Physical Protection Policy Data Protection Policy Eavesdropping Weak Passwords Days Policy Oversight Weakness Months Personal Protection Policy Information Divulgence Policy Custom Obscure Encryption Years Requires close interaction with Victim Requires some familiarity with Victim s behaviors Requires response from Victim Special attention required by attacker May require simple decisionby attacker Cause-effect simple results No ability to automate Attempts to automate will usually invoke suspicion Automatable but forfeits control to chance Automation helpful but results may be incomplete Automation handles majority of situations Completely automatable Human Interaction Required Brdo pri Kranju, 19. in 20. maj

21 COMMON PROBLEMS VULNERABILITIES & ERRORS Policies and standards driven by known exploits rather than integral with evolving technology and services Unencrypted Login Sessions over vulnerable networking coupled with Reusable Passwords Poor access controls Search for Holes in Protocols Outdated Physical Uncontrolled networking Inadequate documentation Insecure System Defaults Weak Auditing & Reporting Critical Infrastructure Resources Brdo pri Kranju, 19. in 20. maj

22 THESIS Standards bodies have a unique ability and responsibility to address security vulnerabilities in protocols. There are immediate and relatively simple actions standards bodies can take to improve the security of all protocols currently being standardized. Brdo pri Kranju, 19. in 20. maj

23 PROTOCOL SECURITY VULNERABILITY TYPES Threat Model New threats from those originally considered. SS7 Design & Specification Errors make the protocol inherently vulnerable. BGP Implementations Errors create unexpected vulnerabilities. SNMP, ASN.1, BER Usage & Configuration Improper usage opens or magnifies security vulnerabilities b, BGP Brdo pri Kranju, 19. in 20. maj

24 A SIMPLE PROTOCOL VULNERABILITY MODEL Vulnerabilities Threats Risks Threat Model Design & Specification Implementatio n Operations & Configuration Hackers Insiders Terrorists Vandals Organized crime State sponsored Data loss Data corruption Privacy loss Fraud Down-time Public loss of confidence Confusion Brdo pri Kranju, 19. in 20. maj

25 NEW THREAT MODEL Old Model SS7 Designed for a closed network of well-known service providers of fixed services. No interface to IP-based networks. Software extensively tested. New Model Rogue providers may be malicious. Software and protocols for new services may be poorly tested or a poor fit with SS7. Network convergence puts IP interfaces on SS7-capable elements. Brdo pri Kranju, 19. in 20. maj

26 DESIGN & SPECIFICATION ERRORS BGP (RFC1771) Design implies an ASN of 0 is illegal. Specification allows 0 (and 65535). What happens when an ASN of 0 is advertised? Different implementations probably handle this differently. Such protocol inconsistencies are at the root of many attacks on specific implementations. Brdo pri Kranju, 19. in 20. maj

27 IMPLEMENTATION ERRORS SNMP, ASN.1, BER SNMP security depends on proper parsing of ASN.1 and BER. Some ASN.1 and BER parsers are not robust and make mistakes or allow buffer overflows. Limited specifics on SNMP error handling lead to unpredictable behaviors across implementations. Brdo pri Kranju, 19. in 20. maj

28 USAGE OR CONFIGURATION ERRORS B, BGP In b, a stream cipher is misused so that there is very little privacy protection b operators often turn off even the basic security features. BGP operators turn off the authentication mechanisms. Errors and rogue messages can then easily propagate through core networks. Brdo pri Kranju, 19. in 20. maj

29 LESSONS LEARNED Standards bodies have accepted protocols with serious vulnerabilities. depends on the whole protocol. Protocol vulnerabilities last a long time. Threats change over time. Implicit assumptions are often violated. Application layer protocols also have security vulnerabilities. Inattention to security issues creates vulnerable protocols. Brdo pri Kranju, 19. in 20. maj

30 RECOMMENDATIONS FOR DISCUSSION A Simple Protocol Vulnerability Model Vulnerabilities Threat Model Design & Specification Implementation Operations & Configuration Threats Hacker Risks Data loss Insider Data corruption Privacy loss Terrorists Fraud Vandals Down-time Organized crime State sponsored Public loss of confidence Confusion Openly discuss with security experts the security algorithms and mechanisms used in protocols. Establish simple but effective security guidelines for protocol authors. Initiate a systematic root-cause study of protocol vulnerabilities. Brdo pri Kranju, 19. in 20. maj

31 OPEN SECURITY DISCUSSIONS A Simple Protocol Vulnerability Model Vulnerabilities Threat Model Design & Specification Implementation Operations & Configuration Threats Hacker Risks Data loss Insider Data corruption Privacy loss Terrorists Fraud Vandals Down-time Organized crime State sponsored Public loss of confidence Confusion The security community has learned that two elements improve security: Exposure of the details to a wide audience Time to analyze and discuss the details. Secrecy does not improve security. Standards bodies should promote: Open discussion of security algorithms and mechanisms. Engagement with security experts on every standard. Brdo pri Kranju, 19. in 20. maj

32 SECURITY GUIDELINES FOR PROTOCOL AUTHORS A Simple Protocol Vulnerability Model Vulnerabilities Threat Model Design & Specification Implementation Operations & Configuration Threats Hacker Risks Data loss Insider Data corruption Privacy loss Terrorists Fraud Vandals Down-time Organized crime State sponsored Public loss of confidence Confusion Early attention to security is best. Guidelines provide a way to quickly improve the process. Standards bodies should issue guidelines in four areas for all protocol authors: Specify Threat Models Protocol Designs & Specifications Secure Implementation Issues Operational & Configuration Issues Brdo pri Kranju, 19. in 20. maj

33 ROOT-CAUSE ANALYSIS A Simple Protocol Vulnerability Model Vulnerabilities Threat Model Design & Specification Implementation Operations & Configuration Threats Hacker Risks Data loss Insider Data corruption Privacy loss Terrorists Fraud Vandals Down-time Organized crime State sponsored Public loss of confidence Confusion Incident analysis usually focuses on threat reduction and prosecution. The root cause(s) of an enabling vulnerability are usually not found. Standards bodies should: Systematically analyze the root causes of serious protocol vulnerabilities. Understand how their decisions and processes produce security vulnerabilities. Brdo pri Kranju, 19. in 20. maj

34 SUMMARY A Simple Protocol Vulnerability Model Vulnerabilities Threat Model Design & Specification Implementation Operations & Configuration Threats Hacker Risks Data loss Insider Data corruption Privacy loss Terrorists Fraud Vandals Down-time Organized crime State sponsored Public loss of confidence Confusion vulnerabilities in important protocols have created serious security risks that were avoidable. Standards bodies should: Promote open security discussions. Provide protocol security guidelines. Identify root causes of vulnerabilities. Brdo pri Kranju, 19. in 20. maj

35 Acronyms & References b IEEE Wireless Local Area Network Standard BGP Border Gateway Protocol Version DoS - Denial of Service (attack) IETF Internet Engineering Task Force IEEE - Institute of Electronic and Electrical Engineers IP Internet Protocol MPLS Multi-protocol Label Switching SNMP Simple Network Management Protocol SS7 Signaling System #7 IETF ID draft-rescorla-sec-cons-05.txt, Guidelines for Writing RFC Text on Considerations IETF RFC #2828, Internet Glossary Lorenz, Moore, Manes, Hale, Shenoi. Securing SS7 Telecommunications Networks. Proceedings of the 2001 IEEE Workshop on Information Assurance and. Sharp. Principles of Protocol Design. Prentice Hall, Brdo pri Kranju, 19. in 20. maj