10/23/12. Fundamentals of Linux Platform Security. Linux Platform Security. Roadmap. Security Training Course. Module 9 Application Security

Transcription

1 Fundamentals of Linux Platform Security Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Linux Platform Security Module 9 Application Security Roadmap ssh SSL IPsec & VPNs 3 1

2 ssh What is ssh? Secure shell Secure interactive connections to remote hosts over an insecure network Secure data transfers 5 Security Requirements 1. Authentication (who are you?) 2. Authorization (what are you allowed to do?) 3. Confidentiality (nobody else can see the data without 1 & 2) 4. Integrity (nobody else can change it) 5. Availability (you can see the data whenever you want to) 6 2

3 Security Requirements rtools et alia are naîve nowadays rsh, rcp, rexec, rlogin, rsync weak client authentication, no server authentication, no confidentiality or integrity telnet, ftp cleartext client authentication, no server authentication, no confidentiality or integrity 7 ssh features Remote access like telnet and rlogin Remote transfers like rcp (scp) and ftp (sftp) Transparent connection tunnelling: POP, IMAP, SMTP X connections (-X), VNC, Remote Desktop LDAP clients CVS (CVS_RSH), rsync (RSYNC_RSH) SSHFS: securely mount remote directory 8 But, passwords You (have to) type them all the time Single sign-on remains elusive Conflict between usability & security Too many passwords Varying strength rules Varying length and character class limits Varying aging policies 9 3

4 Public-key authentication Public-key quick tour Instead of one key (think password) there are two: Public key: published widely Private key: kept secure Something encrypted by one key can only be decrypted by the other To encrypt a message: encrypt with receiver s public key, receiver decrypts with their private key To sign a message: encrypt with your private key, receiver decrypts with your public key 10 Public-key and ssh Generate your key-pair once. Install public key on remote host once. Server authenticates client: Server picks a number n, encrypts with my public key, sends it My client decrypts n with my private key My client re-encrypts n+1 with my private key, sends it Server decrypts with my public key You re authenticated if server recovers n+1 No passwords required! 11 lab: public-key ssh ssh-keygen -t rsa -b 2048! never use RSA-1 (uses SSH1, which we said was broken) You will be asked for a passphrase, which is used to encrypt your private key for secure storage on your computer. Think of this passphrase as a PIN securing your private key. Don t leave passphrase blank unless you want anyone to be able to read it cd ~/.ssh/! cat id_rsa.pub! ls -ltra! 12 4

5 lab: public-key ssh Copy your public key to your.ssh directory on the remote host ssh mkdir.ssh! scp id_rsa.pub You ll be prompted for your password! Connect to the remote machine ssh You ll be prompted for your private key passphrase!! 13 But, passphrases But I m still typing my passphrase! Yes, but your password isn t going to the server So a malicious server can t steal it But I m still typing my passphrase! Enter the ssh-agent Handles your private key(s) Which can be on a smartcard: ssh -I Unlocks private key once, keep in memory So trading some security for convenience Supplies your private key through intervening machines So trading more security for convenience 14 ssh-agent $SHELL! lab: ssh-agent and ssh-add alternatively: eval `ssh-agent`! this second form is easy to add to login scripts! ps ax grep ssh-agent! ssh-add id_rsa! enter your passphrase ssh remotehost! You shouldn t be asked for a passphrase! 15 5

6 ssh as plumbing ssh & CVS? export CVS_RSH=ssh! ssh & rsync? export RSYNC_RSH=ssh ssh & tar? (this copies over contents of /bin, and doesn t overwrite /bin on the remote host) ssh remotehost cd /; tar cf bin/ tar xvf fire & forget eval `ssh-agent` ; ssh-add ; startx! 16 ssh as plumbing ssh & Kerberos? Add to client s.ssh/config: Host remotehost.fqdn!gssapiauthentication yes!gssapidelegatecredentials yes!gssapitrustdns yes! kinit! Obtain Kerberos creds ssh remotehost! You ll be logged in with Kerberos credentials! 17 Some final thoughts Should I keep upgrading? (yes!) EnableRootLogin? Disable passwords altogether? Protocol 2,1? Read the logfiles -- look for `attack', at least. I keep getting tons of brute-force login attempts! 18 6

7 References HQ: snailbook.com man pages: ssh, sshd, ssh_config, sshd_config Harvey Allen, Security with SSH, Pre-SANOG VI Workshop, Thimphu Bhutan, Acoustic password guessing attacks (90% of 5-character passwords in less than 20 tries, 80% of 10-char < 75) : Keyboard_Acoustic_Emanations_Revisited/preprint.pdf CRC32 exploit: CITI research: Warning: Analysis: 19 X.509 An ITU (nee CCITT) standard PKI Defines standard formats for Public key certificates Binds public key to X.500-flavor distinguished name or alternative ( address, ) Certification path algorithms Certification chain anchored by trusted root certificates Hierarchical Certification Authorities (CAs) Coin of the browser realm because SSL uses X

8 TLS - Transport Layer Security Aka Secure Sockets Layer (SSL) Operates at transport layer Applications don t have to change Creates secure channel between peers Authenticates server to client Client validates server PK certificate Supports optional mutual authentication Provides confidentiality and integrity 22 SSL Secure Socket Layer HTTPS on TCP port 443 vendor-driven consortium SSLv2/PCT/SSLv3/TLS Global PKI Trusted Certificate Authorities CA keys built into web browsers x SSL Verify certificate chain Exchange symmetric keys Cookies can be marked secure-only Problems Self-signed certificates Costs a non-trivial amount of money to get a real SSL key Trusting trust CAs pay to include their CERTs in web browsers Privacy backfires You can t see the data either 24 8

9 IPsec & VPNs Roadmap Definition Types of VPNs Details Pros and Cons 26 Definition A VPN is a link over a shared public network, typically the Internet, that simulates the behavior of dedicated WAN links over leased lines. A VPN uses strong encryption to secure your data as it travels over an insecure network. 27 9

10 Types of VPNs Application ssh Protocol IPSec IETF standard Supports all protocols Flexible & complicated SSL Vendor consortium HTTP protocol only Rigid & simple(r) 28 IPSec IPSec protocol Authentication Headers (AH) Encapsulating Security Protocol (ESP) 29 IPSec Details AH (Protocol 51) AH Transport Used to authenticate the integrity of the datagram IP Header (with options) A H Transport Layer Header Transport Layer Data All Authenticated (except non mutable fields), e.g., TTL As the entire packet is authenticated, there are some limitations. If using NAT or a firewall where a gateway changes your address, then the packet will fail to authenticate at the far end as the source IP has changed. This is not to say that you cannot use IPSec with a NAT gateway, just that the Gateway will have to be considered the endpoint

11 Internal Server Tunneled ARBL ARBL C I S C O SY S T E M S Public Network Cisco 3030 COOL COOL Pool Pool Wireless User (non-split tunnel) 10/23/12 IPSec Details ESP (Protocol 50) Encapsulation Security Payload ESP will encrypt the payload so that it is private as it passed through the network IP Header (with options) ESP Header Transport Layer Header Transport Layer Data ESP Trailer ESP Authentication Encrypted Authenticated As you can note, the ESP authentication does not authenticate the IP header so this does not have a problem with working behind NAT. 31 Pros/Cons IPSec Full remote access All applications supported All protocols supported SSL Access through firewall (443) Clientless 32 Logical Connection to VPN Concentrator Yahoo Remote Access client (Split Tunnel ) Ethernet UM Backbone Ethernet 33 11

12 lab install VPN Free encryption VPN Cisco VPN client (ITCom) Built-in Mac OS X VPN client configuration files macosvpn/ SSH, SFTP, SCP SSH Secure Shell (U-M Blue Disc) PuTTY 34 References Steve Friedl, An Illustrated Guide to IPsec, retrieved October S. Kent and K. Seo, Security Architecture for the Internet Protocol, RFC 4301, IETF, December