Addressing Network Security Issues Fengmin Gong Advanced Networking Research MCNC www.mcnc.org/HTML/ITD/ANR/ANR.html January 12, 1999 Not A Second Too Early
The Message... • Security issues can no longer be ignored • Network security issues are critical to every information infrastructure • There are short-term and long-term solutions, but all are important • Integrated approaches must be taken in order to be successful
Security & Security Attacks • Security is a state of well-being of information and infrastructures in which the possibility of successful yet un-detected theft, tamper-with, and disruption of information and services is kept low • A security attack is any action that threatens this state of well-being
Where Is Our Network Going? • More bandwidth - DWDM, 128xOC-192 • More sophisticated services - guaranteed QoS, RSVP/DiffServ, UNI4.0/PNNI • More integrated service capabilities - E-commerce, voice/video over IP and/or ATM • More ubiquitous access - ADSL, Cable modem, WLAN, LEOS constellations • Better (killer?) application-enabling technologies - WWW
Security Implications? • Abundant vulnerabilities - weak design, “feature-rich” implementation, & compromised components • Heterogeneous networking technologies adds to security complexity • Higher-speed communication puts more info at risk in a given time period • Ubiquitous access increases risk exposure
Consequence of Attacks • Theft of confidential information • Unauthorized use of • network bandwidth • computing resource • Spread of false information • Disruption of legitimate services All attacks are related and dangerous!
Close-Knit Attack Family Active Attacks Passive attacks re-target jam/cut it sniff for content capture & modify re-target traffic analysis - who is talking pretend who to impersonate I need to be Bill
Security Mechanisms • Security mechanisms implement functions that help prevent, detect, and respond to security attacks • Security functions are typically made available to users as a set of security services through APIs or integrated interfaces • Cryptography underlies all security mechanisms
Type Of Security Services • Confidentiality: protection of any information from being exposed to un-intended entities • information content • identity of parties involved • where they are, how they communicate, how often etc.
Security Services - cont’d • Authentication: assurance that an entity of concern or the origin of a communication is authentic - it’s what it claims to be or from • Integrity: assurance that the information has not been tampered with • Nonrepudiation: offer of evidence that a party is indeed the sender or a receiver of certain information
Security Services - cont’d • Access control: facilities to determine and enforce who is allowed access to what resources, hosts, software, network connections etc. • Detection & Response: facilities for detecting security attacks, generating indications/warning, and recovering from attacks
Security Services - cont’d • Security management: facilities for coordinating service requirements, mechanism implementations, and operation, throughout enterprises and across the internetwork • security policy • trust model - representation & communication • trust management - trust relationship & risk assessment
Known vulnerabilities are too many and new vulnerabilities are being discovered every day!
Mail-Related Vulnerabilities • Anonymous email via UNIX sendmail program talking SMTP (mail gateway hijack) • Unauthorized access using UNIX /bin/mail -d to steal others' mailboxes or gain root privilege • Long named attachment exploit in Microsoft’s Outlook & Outlook Express 98 and Netscape Mail (Communicator 4.05)
IP Spoofing & SYN Flood • X establishes a TCP connection with B assuming A’s IP address (4) SYN(seq=n)ACK(seq=m+1) A B (2) predict B’s TCP seq. behavior SYN(seq=m),src=A (1) SYN Flood (3) (5) ACK(seq=n+1) X
Smurf Attack • Generate ping stream (ICMP Echo Req) to a network broadcast address with a spoofedsource IP set to a victim host • Every host on the ping target network will generate a ping reply (ICMP Echo Reply) stream, all towards the victim host • Amplified ping reply stream can easily overwhelm the victim’s network connection
DNS-Related Vulnerabilities • Reverse query buffer overrun in BIND Releases 4.9 (4.9.7 prior) and Releases 8 (8.1.2 prior) • gain root access • abort DNS service • MS DNS for NT 4.0 (service pack 3 and prior) • crashes on chargen stream • telnet ntbox 19 | telnet ntbox 53
Cryptographic Issues • Secure & efficient cryptographic algorithms • RC4, IDEA • RSA, DSA • Secure cryptographic key storage & usage • Crypto token / smart card • Secure & efficient key distribution • RSA based • Diffie-Hellman phonebook mode • Public key infrastructure
Design Issues - Positioning • How/where should security services be implemented? • Embedding in network protocols only: e.g., IPSEC, SSL/TLS, or DNS-SEC • Integrating into every applications: e.g., SSH, PGP or PEM • Implemented in a separate service API, GSS-API or Crypto API • Combinations of all above
Design Issues - Trust • Authentication underlies any trust • You have certain level of trust and expectation for a given entity (person, organization) • Authenticity gives assurance for the relationship between the object of concern and an entity • Authenticity also serves as legal evidence of such relationship between the object and the entity
Design Issues - Third-Party Mediation • Mediator helps to reduce the complexity of “cold-start” trust relationship from order n2to n • Third-party reference - CA or KDC • Trusted by all as a witness • Issues certificate/ticket for object/entity/capability bindings
Specific Roadblocks • Fast & efficient algorithms • Security vs. speed tradeoff : • RSA <secure, flexible, slow> vs. DES <less secure, less flexible, fast> • Fine granularity authentication is not affordable (protection vs. speed tradeoff) • Integrity protection for multi-part structured messages? • Ubiquitous service availability • Dynamic key distribution requires authenticity/integrity services
Network Specific Security Issues • Attack channel - network-borne! • Attack targets - network management/control information: • Steal of service • Steal of user data • Injection of disrupting data/control packets • Interception and modification of data/control packets • Compromising network entities, routers & switches
Best Approaches to Protect Information Infrastructure? • Prevention - the best ‘medicine’ • System and protocol designs contain no security vulnerabilities • Implementations verifiably secure with respect to the design spec • No bugs in either hardware or software • All systems are properly configured to avoid any security holes • Everyone practice secure networking...
Best Approaches to Protect Information Infrastructure... • Effective preventionremains a nicedream • Detection - the first step to protection when a security breach happens • breaches due to hardware and software failures (faults and bugs) • breaches due to user error (system administrator and end user etc.) • breaches caused by malicious attackers
Best Approaches to Protect Information Infrastructure... • Response - Yes, we’ve got to do something! • source isolation • intrusion containment • damage control • system reconstitution • intention and trend analysis • system security (re)assessment • detection & response reconfiguration • system hardening
Prevention Response Detection Circle of Security Continues...
Network System Security End-to-End Security Network Infrastructure QoS Security Communication Middleware Firewall Technology Network Control Protocol Network Management Protocol Secure Routing Protocols Network Security Areas... There are many security attacks that will not be detectable without coordination involving end applications and network nodes - global coordination and integrated mechanisms!
State-Of-The-Art • Virus detection - very good success • Application with integrated privacy protection • PGP, SSH, Netscape browser, sftp • Access or boundary control • Firewalls of all trade - effective mostly at stopping the ignorant & the novice, also annoying the innocent
State-Of-The-Art ... • Security infrastructure • Kerberos - effective for many enterprise needs • SNMPv3, GSS-API, DNS-SEC • IPSEC/ISAKMP/IPKI - far-reaching impact, very promising • Intrusion detection systems • Commercial systems - very good at detecting replayed known attacks but hopeless with new attacks • Standards (format/protocol) are lacking • Many active research effort underway - DARPA/ITO, CIDF, IETF IDWG