NETWORK SECURITY ASPECTS & VULNERABILITIES

NETWORK SECURITY ASPECTS & VULNERABILITIES Luis Sousa Cardoso FIINA President Brdo pri Kranju, 19. in 20. maj 2003 1

Background Importance of Network Explosive growth of computers and network - To protect data and resources - To guarantee the authenticity of data - To protect systems Concerns of IT executives Reliability Complexity of the Transition Unproven Services Increased Telecom Costs Increased Operating Costs Quality of Management Tools Lack of Standards Lack of Applications to Exploit Other 1% 48% 75% 73% 69% 64% 64% 62% 61% 60% Source: Information Week. Brdo pri Kranju, 19. in 20. maj 2003 2

aspects Attacks : An action that compromise the information Mechanism : Design to protect,prevent,recover from attacks Service : Enhance the security of data,systems, transfer Relationship between security objectives Treats Requirements services mechanisms algorithms objectives Brdo pri Kranju, 19. in 20. maj 2003 3

INFORMATION FLOW MODEL A B Information Source NORMAL FLOW Information Destination Brdo pri Kranju, 19. in 20. maj 2003 4

SECURITY THREATS A AVAILABILITY INTERRUPTION B A X INTERCEPTION B CONFIDENTIALITY A INTEGRITY X MODIFICATION B A X AUTHENTICITY FABRICATION B Brdo pri Kranju, 19. in 20. maj 2003 5

SECURITY REQUIREMENTS AVAILABILITY CONFIDENTIALITY Communications NON-REPUDIATION & IT INTEGRITY AUTHENTICATION Brdo pri Kranju, 19. in 20. maj 2003 6

SECURITY SERVICES Confidentiality Protection of transmitted data Authentication Assuring that communication is authentic Integrity Assuring that message has originality Non-repudiation Preventing denying message Access Control Limit & control the access Availability Automated or physical countermeasures Brdo pri Kranju, 19. in 20. maj 2003 7

MODEL FOR NETWORK SECURITY Brdo pri Kranju, 19. in 20. maj 2003 8

SIX LAYERS OF NETWORK SECURITY SECURITY AUDITING SECURITY TOOLS SOFTWARE MONITORING PHYSICAL SECURITY NETWORK ADMINISTRATOR Brdo pri Kranju, 19. in 20. maj 2003 9

POLICY IS KEY TO SECURITY Policy Standards Mandate to implement security Standard to measure security Procedures, Guidelines & Practices Basis for all security technology and procedures Brdo pri Kranju, 19. in 20. maj 2003 10

SECURITY VULNERABILITIES (PROTOCOLS) Brdo pri Kranju, 19. in 20. maj 2003 11

EXPLOSION OF INCIDENTS Incidents 50000 CERT/CC Incidents Statistics http://www.cert.org 52,658 Q1. 2002 26,829 21,756 20000 10000 9,859 4000 3,734 3000 2,340 2,412 2,573 2,134 2000 1,334 1000 773 0 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 Year

DECREASING BARRIERS TO INTRUSION: It just gets easier! High Low Wireless Hack-in-a-box e.g., AirSnort aimed at WEP/802.11b http://www.wired.com/news/print/0,1294,46187,00.html Sources: CERT Coordination Center Network Reliability and Interoperability Council back doors network element Trojans disabling audits network mgmt. diagnostics PAD to PAD hijacking Sophistication burglaries sessions exploiting known vulnerabilities self-replicating code password guessing scanners/sweepers password cracking packet spoofing sniffers Y2K enabled hacking stealth / advanced scanning techniques denial of service 1980 1985 1990 1995 2000 Baseline Reference: Telecommunications Risk Assessment NSTAC, June 99 GUI SONET /SDH backbone attacks automated probes Tools & Techniques Distributed denial of service / advanced virus /worm techniques Skills & Knowledge Threat

TRENDS OF CYBER TERROR TECHNOLOGIES Unification of Hacking Tech. and Virus Tech. Autonomy, Intelligence, Popularization, Distribution, Large Scale, Encapsulation Hacktivism : From Personal Purpose To Political, Social, Military, Industrial Purpose Hacking Tech. Area Virus Tech. Area

Event ACTION Probe Scan Flood Autenticate Bypass Spoof Read Copy TARGET Account Process Data Component Computer Network Internetwork Steal Modify Delete Brdo pri Kranju, 19. in 20. maj 2003 15

Attack Event TOOL Physical Attack Information Exchange User Command Script of Command Autonumus Agent Toolkit VULNERABILITY Design Implementation Configuration ACTION Probe Scan Flood Autenticate Bypass Spoof TARGET Account Process Data Compunent Computer Network UNAUTHORIZED RESULT Increased Access Discloser of Information Corruption of Information Denial of Service Thef of Resources Distributed Tool Data Tap Read Copy Internetwork Steal Modify Delete

WHAT IS A SECURITY VULNERABILITY? A security vulnerability is: A flaw or weakness in a system s design, implementation or operation that could be exploited to violate the system s security (RFC 2828). A security vulnerability is not: a risk, a threat, or an attack. Brdo pri Kranju, 19. in 20. maj 2003 17

VULNERABILITIES, THREATS AND RISKS A security vulnerability combined with a security threat creates a security risk. Example: Vulnerability Threat Risk Overflow Bug Hacker Knowledge & Tools & Access Risk of Webserver Attack Brdo pri Kranju, 19. in 20. maj 2003 18

THE HIGH-IMPACT OF PROTOCOL SECURITY VULNERABILITIES Threats change, but security vulnerabilities exist throughout the life of a protocol. With standardized protocols, protocol-based security risks can be very large global in scale. Brdo pri Kranju, 19. in 20. maj 2003 19

Map of Vulnerability (with standard examples) Types Theft Sabotage Application Specific Operating System Instant Social Engineering Logic Error Seconds Minutes Internal Spying Information Fishing Network Protocol Design Forced Trust Violations Hours Physical Protection Policy Data Protection Policy Eavesdropping Weak Passwords Days Policy Oversight Weakness Months Personal Protection Policy Information Divulgence Policy Custom Obscure Encryption Years Requires close interaction with Victim Requires some familiarity with Victim s behaviors Requires response from Victim Special attention required by attacker May require simple decisionby attacker Cause-effect simple results No ability to automate Attempts to automate will usually invoke suspicion Automatable but forfeits control to chance Automation helpful but results may be incomplete Automation handles majority of situations Completely automatable Human Interaction Required Brdo pri Kranju, 19. in 20. maj 2003 20

COMMON PROBLEMS VULNERABILITIES & ERRORS Policies and standards driven by known exploits rather than integral with evolving technology and services Unencrypted Login Sessions over vulnerable networking coupled with Reusable Passwords Poor access controls Search for Holes in Protocols Outdated Physical Uncontrolled networking Inadequate documentation Insecure System Defaults Weak Auditing & Reporting Critical Infrastructure Resources Brdo pri Kranju, 19. in 20. maj 2003 21

THESIS Standards bodies have a unique ability and responsibility to address security vulnerabilities in protocols. There are immediate and relatively simple actions standards bodies can take to improve the security of all protocols currently being standardized. Brdo pri Kranju, 19. in 20. maj 2003 22

PROTOCOL SECURITY VULNERABILITY TYPES Threat Model New threats from those originally considered. SS7 Design & Specification Errors make the protocol inherently vulnerable. BGP Implementations Errors create unexpected vulnerabilities. SNMP, ASN.1, BER Usage & Configuration Improper usage opens or magnifies security vulnerabilities. 802.11b, BGP Brdo pri Kranju, 19. in 20. maj 2003 23

A SIMPLE PROTOCOL VULNERABILITY MODEL Vulnerabilities Threats Risks Threat Model Design & Specification Implementatio n Operations & Configuration Hackers Insiders Terrorists Vandals Organized crime State sponsored Data loss Data corruption Privacy loss Fraud Down-time Public loss of confidence Confusion Brdo pri Kranju, 19. in 20. maj 2003 24

NEW THREAT MODEL Old Model SS7 Designed for a closed network of well-known service providers of fixed services. No interface to IP-based networks. Software extensively tested. New Model Rogue providers may be malicious. Software and protocols for new services may be poorly tested or a poor fit with SS7. Network convergence puts IP interfaces on SS7-capable elements. Brdo pri Kranju, 19. in 20. maj 2003 25

DESIGN & SPECIFICATION ERRORS BGP (RFC1771) Design implies an ASN of 0 is illegal. Specification allows 0 (and 65535). What happens when an ASN of 0 is advertised? Different implementations probably handle this differently. Such protocol inconsistencies are at the root of many attacks on specific implementations. Brdo pri Kranju, 19. in 20. maj 2003 26

IMPLEMENTATION ERRORS SNMP, ASN.1, BER SNMP security depends on proper parsing of ASN.1 and BER. Some ASN.1 and BER parsers are not robust and make mistakes or allow buffer overflows. Limited specifics on SNMP error handling lead to unpredictable behaviors across implementations. Brdo pri Kranju, 19. in 20. maj 2003 27

USAGE OR CONFIGURATION ERRORS 802.11B, BGP In 802.11b, a stream cipher is misused so that there is very little privacy protection. 802.11b operators often turn off even the basic security features. BGP operators turn off the authentication mechanisms. Errors and rogue messages can then easily propagate through core networks. Brdo pri Kranju, 19. in 20. maj 2003 28

LESSONS LEARNED Standards bodies have accepted protocols with serious vulnerabilities. depends on the whole protocol. Protocol vulnerabilities last a long time. Threats change over time. Implicit assumptions are often violated. Application layer protocols also have security vulnerabilities. Inattention to security issues creates vulnerable protocols. Brdo pri Kranju, 19. in 20. maj 2003 29

RECOMMENDATIONS FOR DISCUSSION A Simple Protocol Vulnerability Model Vulnerabilities Threat Model Design & Specification Implementation Operations & Configuration Threats Hacker Risks Data loss Insider Data corruption Privacy loss Terrorists Fraud Vandals Down-time Organized crime State sponsored Public loss of confidence Confusion Openly discuss with security experts the security algorithms and mechanisms used in protocols. Establish simple but effective security guidelines for protocol authors. Initiate a systematic root-cause study of protocol vulnerabilities. Brdo pri Kranju, 19. in 20. maj 2003 30

OPEN SECURITY DISCUSSIONS A Simple Protocol Vulnerability Model Vulnerabilities Threat Model Design & Specification Implementation Operations & Configuration Threats Hacker Risks Data loss Insider Data corruption Privacy loss Terrorists Fraud Vandals Down-time Organized crime State sponsored Public loss of confidence Confusion The security community has learned that two elements improve security: Exposure of the details to a wide audience Time to analyze and discuss the details. Secrecy does not improve security. Standards bodies should promote: Open discussion of security algorithms and mechanisms. Engagement with security experts on every standard. Brdo pri Kranju, 19. in 20. maj 2003 31

SECURITY GUIDELINES FOR PROTOCOL AUTHORS A Simple Protocol Vulnerability Model Vulnerabilities Threat Model Design & Specification Implementation Operations & Configuration Threats Hacker Risks Data loss Insider Data corruption Privacy loss Terrorists Fraud Vandals Down-time Organized crime State sponsored Public loss of confidence Confusion Early attention to security is best. Guidelines provide a way to quickly improve the process. Standards bodies should issue guidelines in four areas for all protocol authors: Specify Threat Models Protocol Designs & Specifications Secure Implementation Issues Operational & Configuration Issues Brdo pri Kranju, 19. in 20. maj 2003 32

ROOT-CAUSE ANALYSIS A Simple Protocol Vulnerability Model Vulnerabilities Threat Model Design & Specification Implementation Operations & Configuration Threats Hacker Risks Data loss Insider Data corruption Privacy loss Terrorists Fraud Vandals Down-time Organized crime State sponsored Public loss of confidence Confusion Incident analysis usually focuses on threat reduction and prosecution. The root cause(s) of an enabling vulnerability are usually not found. Standards bodies should: Systematically analyze the root causes of serious protocol vulnerabilities. Understand how their decisions and processes produce security vulnerabilities. Brdo pri Kranju, 19. in 20. maj 2003 33

SUMMARY A Simple Protocol Vulnerability Model Vulnerabilities Threat Model Design & Specification Implementation Operations & Configuration Threats Hacker Risks Data loss Insider Data corruption Privacy loss Terrorists Fraud Vandals Down-time Organized crime State sponsored Public loss of confidence Confusion vulnerabilities in important protocols have created serious security risks that were avoidable. Standards bodies should: Promote open security discussions. Provide protocol security guidelines. Identify root causes of vulnerabilities. Brdo pri Kranju, 19. in 20. maj 2003 34

Acronyms & References 802.11b IEEE Wireless Local Area Network Standard BGP Border Gateway Protocol Version DoS - Denial of Service (attack) IETF Internet Engineering Task Force IEEE - Institute of Electronic and Electrical Engineers IP Internet Protocol MPLS Multi-protocol Label Switching SNMP Simple Network Management Protocol SS7 Signaling System #7 IETF ID draft-rescorla-sec-cons-05.txt, Guidelines for Writing RFC Text on Considerations IETF RFC #2828, Internet Glossary Lorenz, Moore, Manes, Hale, Shenoi. Securing SS7 Telecommunications Networks. Proceedings of the 2001 IEEE Workshop on Information Assurance and. Sharp. Principles of Protocol Design. Prentice Hall, 1995. Brdo pri Kranju, 19. in 20. maj 2003 35