6/1/2015 1 cis 534 advanced network security chapter # 2 cis 534 advanced network security chapter #...
Post on 18-Dec-2015
226 views
TRANSCRIPT
04/18/23 1
CIS 534CIS 534 Advanced Network Security Advanced Network Security Chapter # 2Chapter # 2
Prof. Mort AnvariStrayer University
Abraham Torres
204/18/23
Secure Technology Classes
A wide range of security technologies exists to provide solutions forsecurity network access and data transport mechanisms within thecorporate network infrastructure.
Identity technologies
Security in TCP/IP structure layers
Virtual Private dial-up security technologies (VPM)
Public Key Infrastructure and distribution models
304/18/23
Identity Technologies
Authentication is an extremely critical element becauseeverything is based on who you are. In many corporatenetworks, you would not grant access to specific partsof the network before established who is trying to gain
access to restricted resources
How foolproof the authentication method is depends on the technology used
404/18/23
Identity Product Technology
Secure Password Protocol (S/Key) Token Password Authentication Schemes Point-to-Point Protocol (PPP). The TACACS+ Protocol. The RADIUS Protocol. The Kerberos Protocol
504/18/23
Secure Key Password Protocol
The S/Key One-Time Password System, released by Bellcore and definein RFC 1760, is a one time password generation scheme based on MD4
and MD5. The S/key protocol is designed to counter a replay attackwhen a user is attempting to log in to a system.
Involves three distinct steps
Preparation step: The client enters a secret pass phrase. This pass phrase is concatenated with the seed that was transmitted from the server in cleartext.
Generation step: Applies the secure hash function multiple times, producing a 64-bit final output
Output Function: Takes the 64-bit one-time password and displays it in readable form.
604/18/23
Token Password Authentication
Token authentication systems generally require the use of a specialsmart card or token card. Although some implementations are domeusing software to alleviate the problem of loosing the smart card ortoken this types of authentication mechanisms are based on one or
two alternatives schemes:
Challenge-Response
Time-Synchronous Authentication
704/18/23
Step1: The user dials into an authentication server, which then issues aprompt for a user id.
Step2: The user provides the ID to the server, which then issues a challengea random number that appears on the user’s screen.
Step3: The user enters that challenge number into the token or smart card,a credit-card-like device, which then encrypts the challenge with the user’sencryption key and displays a response.
Step4: The user types this response and sends it to the Authenticationserver. While the user is obtaining a response from the token, theAuthentication server calculates what the appropriate response should bebased on its database of user keys.
Step5: When the server receives the user’s response, it compares thatresponse with the one it has calculated
Step for Authentication
804/18/23
1 2 3
4 5 6
7 8 9
A 0 B
Client UserClient User
Authentication Server
8HAD5898HAD589
Dial into server
Prompt for access code
7968D95
8HAD589
1 2 3
4 5 6
7 8 9
A 0 B
User enters PINUser enters PIN
Token card displays digitsToken card displays digits
8HAD5898HAD589
CompareCompare
Time-Synchronous Token Time-Synchronous Token Authentication Authentication
904/18/23
Point-to-Point Protocol
The Point-to-Point Protocol (PPP) is most often used to establish a dial connection over serial lines or ISDN. PPP authentication
mechanism include the Password Authentication Protocol (PAP), TheChallenge Handshake Protocol (CHAP), and the Extensible
Authentication Protocol (EAP). In all these cases, the peer device isbeing authenticated rather than the user of the device. PPP provides
for an optional authentication phase before proceeding to the network-layer protocol phase
Point-to-Point Frame FormatPoint-to-Point Frame Format
FLAGFLAG AddressAddress ControlControl ProtocolProtocol DataData FCSFCS FlagFlag
1004/18/23
PPP Authentication Summary
ProtocolProtocol StrengthStrength WeaknessWeakness
PAPPAP Easy to implement
CHAPCHAP Password encrypted
EAPEAP Flexible, more robust
authentication support
Does not have strong authentication;
password is sent in the clear between
client and server; no playback protection
Password must be between client and
stored in cleartext on server; both client
And server playback protection
New; may not yet be widely deployed
1104/18/23
TACACS + Protocol
The TACACS+ protocol is the latest generation of TACACS. TACACS is asimple UDP-based access control protocol originally developed by BBN for
the MILNET. Cisco has enhanced (extended) TACACS several times, andCisco’s implementation, based on the original TACACS, is referred to as
XTACACS
Fundamental DifferencesFundamental Differences
•TACACS: Combined authentication and authorization process.
•XTACACS: Separated authentication, authorization, and accounting.
•TACAS+: XTACAS with extended attributed control and accounting
1204/18/23
RADIUS Protocol
The Remote Address Dial-In User Service protocol was developed byLivingston Enterprises, Inc. as an access server authentication and
accounting protocol. In June 19966, the RADIUS protocolspecifications was submitted to the IETF. The RADIUS specification
(RFC2058) and RADIUS accounting standard (RFC 2059) are nowproposed standard protocols
RADIUS Authentication:RADIUS Authentication: Server can support a variety of methods to authenticated a user, can support PPP, PAP,CHAP, UNIX and other authentication mechanisms
RADIUS Authorization:RADIUS Authorization: The authentication and authorization functionalities are coupled together, typical parameters include service type (shell or frame), protocol type, IP address to assign the user (static or dynamic), access list to apply, or the static route in the NAS
1304/18/23
RADIUS Accounting:RADIUS Accounting: Allows data to be sent at the start and end of sessions, indicating the amount of resources (such as time, packets, bytes, and so on) used during the session.
RADIUS Transactions:RADIUS Transactions: Transactions between the client and RADIUS server are authenticated through the use of a shared secret, which is never sent over the network. In addition, any user passwords are sent encrypted between the client and RADIUS server to eliminate the possibility that someone snooping on an unsecured network
No encryptionEncryption of Applicable TACACS+/RADIUS parameters
ModemModem
RADIUS ClientRADIUS Client RADIUS ServerRADIUS Server
RADIUS Protocol
1404/18/23
The Kerberos ProtocolKerberos is a secret-key network authentication protocol, develop a
Massachusetts Institute of Technology (MIT), that uses the Data
Encryption Standard (DES) Cryptographic algorithm for encryption and
authentication. The Kerberos Version 5 protocol is an Internet standard
specified by RFC 1510
When the client wants to create an association with a particular application server, the client uses the authentication request and response to first obtain a ticket and a session key from the KDC.
ClientShared key between Shared key between KDC and clientKDC and client
Key client
KDC
Shared Key between Shared Key between KDC and serverKDC and server
Key server
Server
1504/18/23
The FORTEZZA
Multilevel Information Systems Security Initiative (MISSI) is a networkSecurity initiative, under the leadership of the National Security
Agency (NSA). MISSI provides a framework for the development andevolution of interoperable security products to provide flexible,
modular security for the networked information systems across theDefense Information Infrastructure (DII) and the National InformationInfrastructure (MII). Netscape has a build-in browser that links SSl.
MISSI Building Blocks
•FORTEZZA and FORTEZZA Plus.FORTEZZA and FORTEZZA Plus.
•FirewallsFirewalls
•Guards.Guards.
•Inline encryptors.Inline encryptors.
•Trusted computingTrusted computing
1604/18/23
Mayor Types of FORTEZA
Electronic Messaging:Electronic Messaging: Can secure e-mail, electronic datainterchange (EDI), electronic commerce, and facsimile to providemessage encryption, authentication, and data integrity.
World Wide Web:World Wide Web: Can protect secure Web transactions usingstrong identification and authentication and secure-sockets-layer(SSL) interactions.
File and Media Encryptors:File and Media Encryptors: These encryptors are applicationswritten to enable FORTEZZA to secure user files on strong media.
Identification and Authentication:Identification and Authentication: After the FORTEZZA card hasbeen installed in the workstation and the PIN has been correctlyentered, the identity of the user is known and trusted.
1704/18/23
ApplicationApplicationPresentationPresentationSessionSession
TransportTransport
NetworkNetwork
Data linkData linkPhysicalPhysical
TELNET FTP SMTP DNS SNMP DHCPTELNET FTP SMTP DNS SNMP DHCP
RIPRIP
RTPRTPRTCPRTCP
TransmissionTransmissionControl ProtocolControl Protocol
User DatagramUser DatagramProtocolProtocol
OSPFOSPF
IGMPIGMP ICMPICMP
Security in TCP/IP Layers
Internet ProtocolInternet Protocol
ARPARP
EthernetEthernet Token BusToken Bus Token RingToken Ring FDDIFDDI
1804/18/23
TCP/IP Application LayerProvides access to network for end-user. User’s capabilities are
determined by what items are available on this layer Logic needed tosupport various applications each type of application (file transfer,
remote access) requires different software on this layer.
FTP:FTP: Protocol for copying files between hosts
HTTP:HTTP: Primary protocol used to implement the WWW.
Telnet:Telnet: Remote terminal protocol enabling any terminal to log in to any host
NNTP:NNTP: Protocol used to transmit and received network news.
SMTP:SMTP: Protocol used for managing network resources, e-mail
SHTTP:SHTTP: Protocol designed for the used of secure Web Transactions
1904/18/23
Transport LayerTransport Layer
Concerned with reliable transfer of information between applications.
Independent of the nature of the application. Includes aspects like flowcontrol and error checking.
Isolates messages from lower and upper layers.
Breaks down message size.
Monitors quality of communications channel.
Selects most efficient communication service necessary for a given Transmission.
Also called host-to-host layer.
Uses TCP protocols for transmission.
2004/18/23
Secure Socket Layer Protocol
The Secure Socket Layer (SSL) is an open protocol designed byNetscape; it specifies a mechanism for providing data security layeredbetween Application protocols (such as HTTP, Telnet, NNTP, or FTP)
and TCP/IP. It provides data encryption, server authentication,message integrity, and optional client authentication for a TCP/IP
connection.
Goals of SSLGoals of SSL
The Handshake Protocol:The Handshake Protocol: This protocol negotiates the cryptographic parameters to be used between the client and the server.
The Record Protocol:The Record Protocol: This protocol is used to exchange Application layer data, messages are fragmented into manageable blocks, optional compressed, and a MAC is applied; the result is encrypted and transmitted.
The Alert Protocol:The Alert Protocol: This protocol is used to indicate when errors have occurred or when a session between two hosts is being terminated
2104/18/23
The Secure Shell Protocol
The Secure Shell (SSH) is a protocol for secure remote login and other
secure network services over an insecure network. It providessupport for secure remote login, secure file transfer, and the secure
forwarding of TCP/IP and X Windows system traffic.
SSH three major componentsSSH three major components
1. The Transport layer protocol, which provides server authentication, confidentiality, and integrity with perfect forward secrecy. Optionally, it may also provide compression
2. The user authentication protocol, which authenticates the client to the server.
3. The connection protocol, which multiplexes the encrypted tunnel into several logical channels.
2204/18/23
Is a transport layer-based secured networking proxy protocol. It is
designed to provide a framework for client/server applications in both
the TCP and UDP domains to conveniently and securely use the
services of a network Firewall. SOCKS was originally developed by
David and Michelle Koblas; the code was made freely available on the
Internet.
The SOCKS Protocol
SOCKS version 4;SOCKS version 4; provides for unsecured firewall traversal for TCP-based client/server applications including Telnet, FTP, and the popular information discovery protocols such as HTTP, WAIS, and Gopher.
SOCKS Version 5;SOCKS Version 5; defined in RFC 1928, extends the SOCKS version 4 model to include UDP, extends the framework to include provisions for generalized strong authentication schemes, and extends the addressing scheme to encompass domain-name and IPv6 addresses
2304/18/23
Network Layer Security
Network Layer security pertains to security services at the IP layer of the TCP/IP protocol stack. Many years of work have produce a set
of standards from the IETF that, collectively, define how to secureservices at the IP Network layer
• have considered some application specific security mechanisms- eg. S/MIME, PGP, Kerberos, SSL/HTTPS
• however there are security concerns that cut across protocol layers
• would like security implemented by the network for all applications
IP SecurityIP Security
2404/18/23
IPSec
general IP Security mechanisms provides
authentication confidentiality key management
applicable to use over LANs, across public & private WANs, & for the Internet
Benefits of IPSec
• in a firewall/router provides strong security to all traffic crossing the perimeter.• is resistant to bypass• is below transport layer, hence transparent to applications• can be transparent to end users• can provide security for individual users if desired
2504/18/23
IP Security Architecture
Specification is quite complex.
Defined in numerous Request For Common Architectures (RFC)
RFC 2401:RFC 2401: The IP Security Architecture.
RFC 2402:RFC 2402: The IP Authentication Header (AH).
RFC 2406:RFC 2406: The IP Encapsulation Security Payload (ESP.
RFC 2408:RFC 2408: The Internet Security and Key Management Protocol (ISAKMP).
Many others, grouped by category
Mandatory in IPv6, optional in IPv4
2604/18/23
IPSec Uses
2704/18/23
IPSec Services
Access control Connectionless integrity Data origin authentication Rejection of replayed packets
a form of partial sequence integrity Confidentiality (encryption) Limited traffic flow confidentiality
2804/18/23
Virtual Private Dial-up Security Technologies
Enable large enterprises to extend their private networks acrossdial-up lines. Instead of incurring large costs to ensure security by
dialing into a campus site from any where in the world or lessening security by dialing in locally and using the Internet as
the transport to get to the main enterprise campus.
The Layer 2 Forwarding (L2F) Protocol
Created by Cisco Systems. It permits the tunneling of the link layer-that is, High-Level Data Link Control (HDLC), a sync HDLC, or Serial
Line Internet Protocol (SLIP) frames –of higher-level protocols
Dial-Up Protocols LayersDial-Up Protocols Layers
2904/18/23
Dial-Up Protocols
The Point-to-Point Tunneling ProtocolThe Point-to-Point Tunneling Protocol
Was initiated by Microsoft. It is a client/server architecture that allows
the Point-to-Point Protocols (PPP) to be tunneled through an IP
network and decouples functions that exist in current NASs.
The Layer 2 Tunneling Protocol (L2TP)The Layer 2 Tunneling Protocol (L2TP)
Cisco and Microsoft, along with other vendors, have collaborated on a
single standard: a track protocol within the IETF, which is now called
Layer 2 Tunneling Protocol (L2TP).
3004/18/23
Public Key Infrastructure
The purpose of a Public Key Infrastructure (PKI) is to provide trusted
and efficient key and certificate management to support these
protocols. A PKI is defined by the Internet X.509 Public Key
Infrastructure PKIX Roadmap “work in progress”. A PKI consists of
the following five types of components:
The set of hardware, software, people, policies, and procedures The set of hardware, software, people, policies, and procedures needed to create, manage, store, distribute, and revoke certificates needed to create, manage, store, distribute, and revoke certificates
based on public-key cryptography based on public-key cryptography
3104/18/23
PKI Components Certification Authorities (CAs) that issue and revoke certificates.
Organizational Registration Authorities (ORAs) that vouch for the binding between public keys, certificate holder identities, and other attributes.
Certificate holders that are issued certificates and that can sign digital documents.
Clients that validated digital signatures and their certification paths from a known public key of a trusted CA.
Repositories that store and make available certificates and Certificate Revocation Lists (CRLs)
MIST Special Publication 800-15, Minimum Interoperability Specification for PKI Components, Version 1, September 1997, by William Burr, Donna Dodson, Noel Nazario, and W. Timothy Polk.
3204/18/23
Functions of a PKI
Registration Initialization. Certification. Key Pair Recovery. Key Generation. Key Update. Cross-Certification. Revocation.
3304/18/23
A Sample Scenario Using a PKI
3404/18/23
Certificates
Certificates are used in the process of validating data. Specifies vary
according to which algorithm is used, but the general process works
as follows:
1. The recipient of signed data verifies that the claimed identity of the user is in accordance with the identity contained in the certificate.
2. The recipient validates that no certificate in the path has been revoked, and that all certificates were within their validity periods at the time the data was signed.
3. The recipient verifies that the data does not claim to have any attributes for which the certificate indicates that the signer is not authorized.
4. The recipient verifies that the data has not been altered since it was signed by using the public key in the certificate
3504/18/23
The X.509 Certificate
The X.509 standard constitutes a widely accepted basis
for a PKI infrastructure, defining data formats and
procedures related to the distribution of the public keys
using certificates digitally signed by CAs. RFC 1422
specified the basis of an X.509-based PKI, Targeted
primarily at satisfying the needs of Internet privacy
enhanced mail (PEM). The current standards define the
X.509 Version 3 certificate and Version 2 CRL.
3604/18/23
Version NumberVersion Number
Serial NumberSerial Number
IssuerIssuer
SubjectSubject
Subject’s Public Key (Algorithm, Key)Subject’s Public Key (Algorithm, Key)
Validity Period (not before, not after)Validity Period (not before, not after)
Optional Extensions Optional Extensions
Signature AlgorithmSignature Algorithm
SignatureSignature
The X.509 V3 Certificate
Every Certificate contains three main fields
Certificate Body
3704/18/23
The X.509 V2 CRL
X.509 V2 defines one method of certificate revocation. This method requires each CA to periodically issue a signed data structure calleda Certificate Revocation List (CRL). A CRL is a time stamped list thatidentifies revoked certificates. Each revoked certificate is identified
in a CRL by its certificate serial number.
The lightweight Directory Access Protocol
Is used for accessing online directory services. LDAP was developed by the University of Michigan in 1995 to make it easier to access. LDAP is specially targeted at management applications and browser applications that provide read/write interactive access to
directories. LDAP is intended to be a complement to the X.500 DAP. The LDAP V2 protocol is defined in RFC 1777
3804/18/23
SummarySummary
This chapter detailed many of the current and evolving technologies relating to security. One of the most important security considerations is establishing the identity of the entity that wants to access the corporate network. This process usually entails
authenticating the entity and subsequently authorizing that entity and establishing access controls. Some protocols are specifically designed to only authenticate end-users (people) or end-devices (hosts, routers). Frequently, you have to combine the
two protocols so that both end-users and the end-devices they are using to access the network are authenticated.
In addition to establishing identity, you must ensure data integrity and confidentiality; that is, you must protect the data traversing the corporate network. Many technologies exist to provide security services for various TCP/IP layers. Although Application layer
security protocols provide the most flexibility for application-specific parameters, using a different security protocol for every application is not practical. Transport security protocols such as SSL and SSH are widely deployed. SSL is bundled into
many Web servers and clients and has become a de facto standard in securing Web transactions; SSH is most often used for securing Telnet or FTP transactions. IPsec is
becoming widely deployed and can offer security services for the Transport and Application layer traffic on a per-packet basis. IPsec should be able to secure Telnet, FTP, and Web traffic but may be harder to scale until client support is more readily
available on many platforms.