information security lesson 7 - remote access - eric vanderburg
TRANSCRIPT
Information Security © 2006 Eric Vanderburg
Information Security
Chapter 7Remote Access
Information Security © 2006 Eric Vanderburg
FTP• Download files from a server• Can use a web browser ftp://• FTP clients are also available WSFTPLE• Command line• BlindFTP – FTP with anonymous access• SFTP (Secure FTP) – FTP over SSL• Active FTP – server receives a request on port
21 and then initiates a connection to the data port (1 greater than command port) on the client.
• Passive FTP – client initiates both the command and data connections to the server
Information Security © 2006 Eric Vanderburg
Tunneling• Tunneling – encapsulating a packet inside
another• PPTP (Point to Point Tunneling Protocol)
– TCP port 1723– MPPE (Microsoft Point to Point Encryption) used for
encryption– LCP (Link Control Protocol) is used for setting up and
taking down the session and testing it. – Operates only over TCP/IP
• L2TP (Layer 2 Tunneling Protocol) – Combination of Cisco’s L2F (Layer 2 Forwarding) and PPTP. – Supports many protocols– Can use IPSec for encryption
Information Security © 2006 Eric Vanderburg
Tunneling• SSH (Secure Shell) – uses a digital
certificates, or Kerberos and encrypted passwords– SSH replaces rsh for sending remote
commands– SSH is a good replacement for telnet– Slogon – replaces rlogon using SSH– Scp replaces rcp for copying files over a
network using SSH– SSH protects against IP spoofing, DNS
spoofing, and the confidentiality of information
Information Security © 2006 Eric Vanderburg
Tunneling• IPSec (IP Security) – Securely exchange
packets, layer 3– AH (Authentication Header) – used to encrypt
the header of the packet to verify that the packet was sent from the legitimate sender.
– ESP (Encapsulating Security Payload) – encrypts the entire packet – protects confidentiality
– ISAKMP (Internet Security Association Key Management Protocol) – helps the sender and receiver obtain keys using digital certificates
Information Security © 2006 Eric Vanderburg
Tunneling• IPSec
– Transport mode encrypts only the data portion (payload) of each packet, yet leaves the header encrypted
• AH in transport mode – data, header, and AH are encrypted• ESP in transport mode - new ESP header is created for the
data. It is authenticated and the data is encrypted
– Tunnel mode encrypts both the header and the data portion
• AH in tunnel mode – Data, new header, tunneled header and AH are all encrypted
• ESP in tunnel mode – new ESP header is created for the data. It is authenticated and the header, trailer, and data is encrypted
Information Security © 2006 Eric Vanderburg
Authentication• 802.1x – blocks ports of unauthenticated
users• Supplicant – client who wants to access
the network• Authenticator – device in between the
supplicant and authentication server• Authentication server – receives
requests and accepts of denies them.
Information Security © 2006 Eric Vanderburg
Authentication Protocols• EAP (Extensible Authentication Protocol)• EAP-MD5 (EAP Message Digest 5)
– Does not use certificates– Hashes password using MD5
• LEAP (Lightweight EAP)– Cisco version of EAP without using certificates– Can be cracked easily with ASLEAP
• EAP-FAST (EAP Flexible Authentication via Secure Tunneling)– no use of certificates– Establishes a TLS tunnel– Improves on problems with LEAP
Information Security © 2006 Eric Vanderburg
EAP Types (continued)• EAP-SIM (EAP Subscriber Identity Module) – used for
authentication on GSM (Global System for Mobile Communications) devices
• EAP-TLS (Extensible Authentication Protocol Transport Layer Security) – Certificate based– Used in conjunction with a RADIUS server– Supports certificates contained on smartcards
• EAP-TTLS (EAP Tunneled Transport Layer Security)– Entire communication is tunneled. Tunneling begins first.
• PEAP (Protected EAP)– one way use of certificates– MSCHAP v2 mutual authentication
Information Security © 2006 Eric Vanderburg
Centralized Authentication• RADIUS (Remote Authentication Dial In
User Service) - Supported on Microsoft systems– UDP ports 1812 & 1813
• TACACS (Terminal Access Control Access Control System) – Supported on UNIX & Linux– TCP port 49
• Provides AAA (Authentication, Authorization, & Auditing)
Information Security © 2006 Eric Vanderburg
VPN (Virtual Private Networks)• Remote connections over the Internet can
appear as local connections• VPDN (Virtual Private Dialup Network)• Remote Access VPN• Site to Site VPN• VPN Concentrator – takes many VPN
connections to or from a location and packages them together to conserve bandwidth.
Information Security © 2006 Eric Vanderburg
Securing Directory Services• Directory Service – database of all users and resources
and their associated permissions• X.500 – ISO standard for data storage on directory
servers. The standard allows applications to be written for the standard rather than for a specific directory. – DAP (Directory Access Protocol) – standard defining how an
application will interface with an X.500 compliant directory server.
– LDAP (Lightweight Directory Access Protocol) – a subset of DAP that is easier to implement and use. It also runs over TCP/IP.
– DIB (Directory Information Base) – database where directory services data is stored. It consists of objects and their attributes.
– DIT (Directory Information Tree) – The tree-like structure of the DIB.
Information Security © 2006 Eric Vanderburg
DAP / LDAP Flaws• Lack of effective authentication
– Vendors often use some other form of authentication. Ex: Windows & kerberos
• Query responses are sent in the clear. – Encrypt database communication through
tunneling technologies discussed earlier.
Information Security © 2006 Eric Vanderburg
Wireless• Wireless Uses
– Temporary connections– Redundant connections– Network extension– Roaming– Access in difficult areas– Support for handhelds– Docking– Peripherals
• Network Types– LANs – 802.11a,b,g,n– Extended LANs – Microwave, Satellite– Mobile – Radio or Cellular
Information Security © 2006 Eric Vanderburg
The Wireless Spectrum
Figure 3-37: The wireless spectrum
Information Security © 2006 Eric Vanderburg
Electromagnetic Fundamentals• Lower frequency = slower, less data,
longer distance• Higher frequency = faster, more data,
shorter distance• Highest frequencies need line of sight &
use tight beams
Information Security © 2006 Eric Vanderburg
Frequency Ranges• Radio: 10KHz – 1GHz• Microwave: 1GHz – 500GHz• Infrared: 500GHz – 1THz
Information Security © 2006 Eric Vanderburg
Infrared Technologies• Line of Sight• Reflective (central device)• Scatter Infrared
– Bounces signal– Limited to 30 meters
• Broadband Optical Telepoint Networks
Information Security © 2006 Eric Vanderburg
Infrared Transmission• Diffused
– The infrared light transmitted by the sender unit fills the area.– The receiver unit located anywhere in that area can receive the
signal. • Directed
– The infrared light is focused before transmitting the signal– Increases the transmission speed.
• Directed point-to-point – Highest transmission speed– Receiver is aligned with the sender unit. The infrared light is then
transmitted directly to the receiver.
Information Security © 2006 Eric Vanderburg
Infrared Transmission• Transmitted by frequencies in the 300-
GHz to 300,000-GHz range• Most often used for communications
between devices in same room– Relies on the devices being close to each
other– May require line-of-sight path
Information Security © 2006 Eric Vanderburg
Infrared threats• Data could be “beamed” to another device
such as a pda, laptop, or even watch• Secure serial ports and disable infrared on
devices if it is not needed.
Information Security © 2006 Eric Vanderburg
Cellular Wireless• 1G – First Generation
– Analog– circuit switching (can only do one thing at a
time with a dedicated link to the other party)– Mid 1980s
Information Security © 2006 Eric Vanderburg
Cellular Wireless• 2G – Second Generation
– GSM (Global System for Mobile Communications)• TDMA (Time Division Multiple Access) standard - allows
several users to share the same frequency by dividing it into different timeslots.
• Both signaling and speech channels are digital. Supports advanced phone functions and the ability to do multiple actions at the same time.
• Started in Europe but soon became a global standard– iDEN (Integrated Digital Enhanced Network)
• Supports paging, text messaging, and picture messaging– PDC (Personal Digital Cellular) – Used mainly in
Japan• 3G – Third Generation
– 384kbps – 3Mbps speed– Geared for internet access
Information Security © 2006 Eric Vanderburg
Cellular Wireless• WAP (Wireless Application Protocol) – standard
for how internet content should be formatted for portable users (Cell & PDA)
• WAP phones use micro browsers that process WML (Wireless Markup Language) instead of HTML
• WAP Gateway – Converts HTML to WML• WTLS (Wireless Transport Layer Security) –
Confidentiality, Integrity and Authentication for WAP. Provides security between the WAP gateway and the WAP device.
Information Security © 2006 Eric Vanderburg
Radio LAN Technologies• Narrow Band• Devices use known single frequency• Unregulated bands (902-928MHz,2.4GHz,5.72-5.85GHz)• No line of sight needed• Range of 70 meters• Possible to eavesdrop• High susceptibility to RFI
Information Security © 2006 Eric Vanderburg
Radio LAN Technologies• High powered technologies
– Long range to horizon– Towers used to redirect signal– Much more expensive– FCC licensing required
Information Security © 2006 Eric Vanderburg
Spread Spectrum Technologies• Uses multiple frequencies
– Less interference– Redundancy
• Frequency Range: 902-928MHz,2.4GHz, 5GHz• FHSS (Frequency Hopping Spread Spectrum)
– Changes frequencies at regular intervals– Uses high powered signals on only one frequency at a time – Lower bandwidth, more secure (except now scanning devices
can frequency hop very easily)• DSSS (Direct Sequence Spread Spectrum)
– Send different data chunks along multiple frequencies at lower power (just above noise)
• OFDM (Orthogonal Frequency Division Multiplexing)– Higher resistance to interference– More redundant data is spread across multiple frequencies
Information Security © 2006 Eric Vanderburg
802.11 WLAN (Wireless Local Area Networks)
• 802.11– 2Mbps– FHSS
• 802.11b– 11Mbps– 2.4GHz– DSSS
• 802.11a– 54Mbps– 5GHz– DSSS
• 802.11g– 54Mbps – 2.4GHz– OFDM
• 802.11n– 300Mbps– 2.4GHz– OFDM
Information Security © 2006 Eric Vanderburg
Wireless Encryption– WEP (Wired Equivalency Protocol)
• RC4 (Rivest Cipher 4) – stream cipher• Uses weak key generation techniques• IV (Initialization Vector), 24 bits, and key length (40
or 124 bit) are short– WPA (WiFi Protected Access)
• TKIP (Temporal Key Integrity Protocol) – changes keys per packet
• MIC (Message Integrity Code) – check number or hash
– WPA2 • AES (Advanced Encryption Standard)• Different keys for unicast and broadcast traffic
Information Security © 2006 Eric Vanderburg
Ad Hoc Wireless• Broadcasting/Flooding
Everyone except the recipient broadcasts the data to the nodes in their area.
• Temporary Infrastructure In this method, the mobile users set up a temporary infrastructure (mapping). But this method is complicated and it introduces overheads. It is useful only when there is a small number of mobile users.
Information Security © 2006 Eric Vanderburg
WLAN Access Devices• PCMCIA• Mini PCI• PCI• CF Card• USB
Information Security © 2006 Eric Vanderburg
Wireless• BSA (Basic Service Area)
– Influence of the APs (Access Points)– Depends on:
• Power of the transmitter• Environment
• BSS (Basic Service Set)– Stations belonging to an AP
• IBSS (Independent Basic Service Set)– Ad hoc network
• ESS (Extended Service Set) – multiple APs are used to service a single network. All APs use the same SSID (Service Set Identifier)
Information Security © 2006 Eric Vanderburg
Wireless Security• MAC Address filtering• Disable SSID broadcasting• Use Encryption• RADIUS Authentication• Enterprise Wireless Gateways with thin
APs
Information Security © 2006 Eric Vanderburg
802.16a Wireless MAN• WiMax (Worldwide Interoperability for
Microwave Access)• 40Mbps per channel• 3-10 Kilometers• Moving car access• Broadband to distant locations• Expect to see notebook cards by 2007
Information Security © 2006 Eric Vanderburg
More Microwave technology• CDPD (Cellular Digital Packet Data)
– 19.2kbps– Handheld connections
• Low orbit satellites– 10bps– Continental coverage
Information Security © 2006 Eric Vanderburg
Acronyms• AAA, Authentication Authorization & Auditing• AES, Advanced Encryption Standard• AP, Access Point• AH, Authentication Header• BSA, Basic Service Area• BSS, Basic Service Set• CDPD, Cellular Digital Packet Data• CRC, Cyclic Redundancy Check• DAP, Directory Access Protocol• DIB, Directory Information Base• DIT, Directory Information Tree• DSSS, Direct Sequence Spread Spectrum• EAP-MD5, EAP Message Digest 5• EAP-SIM, EAP Subscriber Identity Module
Information Security © 2006 Eric Vanderburg
Acronyms• EAP-TLS, Extensible Authentication Protocol Transport
Layer Security• EAP-TTLS, Extensible Authentication Protocol Tunneled
Transport Layer Security• ESP, Encapsulating Security Payload• ESS, Extended Service Set• EAP, Extensible Authentication Protocol• FAST, Flexible Authentication via Secure Tunneling• FHSS, Frequency Hopping Spread Spectrum• GSM, Global System for Mobile Communications• IBSS, Independent Basic Service Set• ISAKMP, Internet Security Association and Key
Management Protocol
Information Security © 2006 Eric Vanderburg
Acronyms• IPSec, Internet Protocol Security• L2TP, Layer 2 Tunneling Protocol• LDAP, Lightweight Directory Access Protocol• LEAP, Lightweight Extensible Authentication Protocol• LCP, Link Control Protocol• NAS, Network Access Server• OFDM, Orthogonal Frequency Division Multiplexing• PPP, Point to Point Protocol• PPTP, Point to Point Tunneling Protocol• PEAP, Protected Extensible Authentication Protocol• PRNG, Pseudo Random Number Generator• PSDN, Public Switched Data Network• RADIUS, Remote Authentication Dial In User Service• SSH, Secure Shell
Information Security © 2006 Eric Vanderburg
Acronyms• SSID, Service Set Identifier• TKIP, Temporal Key Integrity Protocol• TACACS, Terminal Access Control Access Control
System• VPDN, Virtual Private Dial Up Network• VPN, Virtual Private Network• WPA, WiFi Protected Access• WEP, Wired Equivalent Privacy• WAP, Wireless Application Protocol• WiMAX, Worldwide Interoperability for Microwave Access• WLAN, Wireless Local Area Network• WML, Wireless Markup Language• WTLS, Wireless Transport Layer Security• XOR, Exclusive Or