1 / 31

Security of NIS (YP)

Security of NIS (YP). Gary Lam Lamg@vwl.medc.umn.edu. Security of N I S. NIS Overview NIS benefits and Goals Possible attacks Possible solutions Conclusion. NIS overview. What is NIS ? A software package originated from SUN It operates in a distributed environment

azia
Télécharger la présentation

Security of NIS (YP)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security of NIS (YP) Gary Lam Lamg@vwl.medc.umn.edu

  2. Security of N I S • NIS Overview • NIS benefits and Goals • Possible attacks • Possible solutions • Conclusion

  3. NIS overview • What is NIS ? • A software package originated from SUN • It operates in a distributed environment • It has its own domain(s) • It has master servers and client hosts • It has unique maps as its database files • Assume the connected systems are trusted

  4. A typical scenario • User logs in to a machine(Client) on the network Client A Client B Client C Server Username: Password: bob Network providing NIS services

  5. NIS Domain(s) • Machines share the same NIS maps are logically grouped together • Each domain needs a master server • Can have slave servers that act as backup • Client hosts must be in the domain to use NIS services

  6. NIS main components • Mater server, slave servers • ypserv, rpc.passwdd, ypbind • Client hosts • ypbind • NIS maps • NIS database is comprised of a group of files known as maps

  7. NIS maps • Maps are in the dbm format(database management) • Maps are composed of keys and values • Key: a field in the map client must specify whenever it queries the map • Values: attributes of the key returned from the query • For example: /etc/hosts Key Value moose 123.123.123.100 Generates the “hosts.byname” & “hosts.byaddr” map KEY name Hosts map KEY address

  8. NIS netgroup • Netgroups are used to name sets of users and machines for easy reference • Format of a netgroup entry is: • Groupname list-of-members Bobcat (hostname, username, domainname) • For example: • /etc/netgroup file contains: Bobcats (gopher,,)

  9. How does it work? • A client – Server model • A NIS client requires “ypbind” to request data from an NIS server database. • ypbind remembers which server and its port for binding • A NIS server “ypserv” provides data from the NIS database to the requesting client.

  10. The big picture ypbind ypbind ypserv rpc.passwdd ypbind ypserv c s Slave Server M c c ypbind Master Server ypbind

  11. NIS Operation Application ypserv portmap C Library ypbind C Library NIS Maps

  12. NIS benefits & Goals • Users • One password goes any where!! • Use the global UID and GID • System administrators • Ease of network administration • Never bother with individual file on machines • Save time !!!

  13. Why is NIS not secure? • Its connection is wide open • No protection between the client/server connection • Mounting an attack is easy • The domain concept is flawed • Could mount a dictionary attack • It is based on trust in a distributed environment • Allow intrusion unintentionally • None or insufficient authentication • Leads to Spoofing the server

  14. Trusting relationship…? Part 1: Trusted Hosts • Host level equivalence • /etc/hosts.equiv file • Contains a list of hostnames • Can log in to any hosts in the domain without password Falcon Gopher Gopher Badger Raven No password checking

  15. Trusting Relationship…? Part 2: Trusted account • Account level equivalence • $HOME/.rhosts file • File contains a list of hostname and usernames • Format: hostname [username, username,..] .rhosts file Falcon Gopher Gopher Tom Badger Drew Raven Brad No password checking

  16. Implication of trust • Trust relationships are transitive • If B trusts A and C trusts B then A trusts C • If A is compromised, then B and C is also compromised! A B C A B

  17. Using the Domain • Hosts are authenticated by the Domain • Attack can be done by guessing the NIS domain name Scenario: An user can obtain the password map file. e.g. use the “ypcat” command

  18. Dictionary Attack • Given a thousand people each to choose their own password, the odds are excellent that at least one person will choose a password in the attacker’s dictionary. • Attacker can crack your password offline. • Password of six characters or less could be cracked in 2 days or less

  19. Spoofing attack • 3 little steps!! Scenario: Moose(server), gopher(hosts), and Hacky(intruder). • Take Moose out of the network • Guess gopher’s IP sequence number • Pretend to be Moose Gopher Hacky Moose

  20. Spoofing (cont.) Take moose out • Attacker(hacky) can forge a series of connection requests to moose using an improper protocol • A connection request packet with non-existent return address • Server is busy handling those bogus connection requests from hacky • Server’s queue filled up and no longer can handle requests from other hosts

  21. Spoofing (cont.) Guess gopher’s IP sequence number • Attacker can then guess IP sequence number • Sounds difficult in reality but it is NOT • Because many implementations use a well defined algorithm to generate initial sequence number • Can make an educated guess!!

  22. Spoofing (cont.) Moose Hacky Gopher Respond Attack packet Fake packet Internal network

  23. Denial of Service Attack • Bring down the NIS network service • Use the finger service • e.g. finger bob@gopher.com • client send its NIS request to find “bob” • Over load NIS server with NIS requests • The NIS server searches the map to find bob. • NIS “finger” traffic eventually congests the network • Other NIS services are disrupted.(e.g. password lookup)

  24. Possible Solutions • Against login equivalence • Do not use the login equivalence • If you have to use it, then: • Use full qualified host name(no “moose”) • Use: moose.cs.umn.edu • Ask for password no matter who is requesting the connection • Limited to specific , trusted hosts • Never be granted to hosts outside of Sys.Admin control • Restrict equivalence to host-based which can be placed directly under the administrator’s control

  25. Possible Solution (cont.) • Against Dictionary attack • Do not choose password from a dictionary! • Disable or block ypcat command • Have good password selection strategies • Perform password checking • Proactive checker • Reactive checker

  26. Possible Solution (cont.) • Against spoofing • Use encrypted IP Sequence number • Packet filtering firewall that checks “from” field • Session encryption

  27. Possible Solution (cont.) • Against Denial-of-Service attack • Disable finger service on any NIS based system • Restrict service to the minimum number of hosts or to host that do not participate in NIS.

  28. Conclusion • NIS is great but at the cost of security • Try a different approach for distributing files • Do not use it if possible!!

  29. Thank you!

  30. yppasswd data structure Struct yppasswd{ Char* oldpass; /* unencrypted passwd */ struct passwd newpasswd; };

  31. NIS vs. NIS+

More Related