1. Trang chủ
  2. » Giáo án - Bài giảng

Network security CIS534 l2

119 239 0

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 119
Dung lượng 737,5 KB

Nội dung

Network Security Lecture 2, Part Network Components and Protocols Objectives of Lecture CINS/F1-01 • Understand the different components that are likely to be found in a network • Study the major network protocols (focussing on TCP/IP networks) • Develop an awareness of the inherent security risks of using these components and protocols • Study a few ‘classic’ attacks on networks: ARP spoofing,TCP Denial of Service, network sniffing Contents In this lecture, we take a layer-by-layer look at the most important network components and protocols, and associated security issues: 2.1 Cabling and Hubs (Layer 1); Sniffers 2.2 Switches and ARP (Layer 2) 2.3 Routers and IP (Layer 3) 2.4 TCP and ICMP (Layer 4) 2.1 Cabling, Hubs and Sniffers • Cabling and Hubs – TCP/IP Layer (physical) devices – Cabling connects other components together – Hubs provide a point where data on one cable can be transferred to another cable – We study their basic operation and associated security issues • Sniffers – Layer devices for capturing and analysing network traffic Network Cabling • Different Cabling Types: – Thin Ethernet – 10BASE-2 • 10Mbps, 200m range – Thick Ethernet – 10BASE-5 • 10Mbps, 500m range – Unshielded Twisted Pair (UTP) • Telephone (Cat 1), 10BASE-T (Cat 3), 100BASE-T (Cat 5) – Shielded Twisted Pair (STP) • Token ring networks and high-interference environments Other Layer options • Fibre Optic – – – – Cable between hub and device is a single entity, Tapping or altering the cable is difficult, Installation is more difficult, Much higher speeds – Gigabit Ethernet • Wireless LAN – – – – Popular where building restrictions apply, IEEE 802.11b, 802.11g, Advertised at 11Mbps, 54 Mbps, Several disadvantages: • Radio signals are subject to interference, interception, and alteration • Difficult to restrict to building perimeter – Security must be built in from initial network design – Discussed further in Lecture Cabling in OSI Protocol Stack Application Presentation Session Transport Network DataLink Physical Cabling Cabling Security Issues • All four fundamental threats can be realised by attacks on cabling: – Information Leakage: attacker taps cabling and reads traffic – Integrity Violation: attacker taps and injects traffic, or traffic corrupted in transit – Denial of Service: cabling damaged – Illegitimate Use: attacker taps cabling and uses network resources • Some contributory factors in assessing risk: – – – – – Single or multi-occupancy building? How is access controlled to floor/building? Does network cabling pass through public areas? Is the network infrastructure easily accessible or is it shared? What is the electromagnetic environment like? • Safeguards: protective trunking, dedicated closets, electromagnetic shielding Thin Ethernet • Short overall cable runs, daisy-chaining of devices • Vulnerability: information broadcast to all devices – Threat: Information Leakage • Vulnerability: One cable fault disables network – Threat: Denial of Service • Easy to install & attach additional devices – Threats: All four fundamental threats • Rarely seen now Thin Ethernet UTP and Hub • Cable between hub and device is single entity • Only connectors are at the cable ends • Disconnection/cable break rarely affects other devices • Easy to install UTP hub 10/100BASE-T 10 Trap Examples • Cisco router traps – authentication • device is the addressee of an SNMP protocol message that is not properly authenticated (SNMPv1 - incorrect community string) – linkup • device recognizes that one of the communication links represented in the agent's configuration has come up – linkdown • device recognizes a failure in one of the communication links represented in the agent's configuration – coldstart • device is reinitializing itself so that the configuration may be altered – warmstart • device is reinitializing itself, but the configuration will not be altered 105 2.11 SNMP Security • SNMPv1 provides the following security services: – Data origin authentication service • Assures a destination device that an SNMP PDU does come from the source that it claims to be – Access control service • Limits the SNMP operations that a device can request according to the device’s identity • These services implemented using an authentication mechanism and an access control mechanism • They provide only trivial security 106 SNMP v1 Authentication Mechanism • Based on the community name, included in every SNMP message from a management station to a device • This name functions as a password : the message is assumed to be authentic if the sender knows the password • No protection (e.g encryption) of the community name 107 SNMPv1 Access Control Mechanism • Each device has a store of community profiles • A community profile consists of the combination of : – a defined subset of MIB objects (an MIB view), – an access mode for those objects (READ-ONLY or READWRITE) • A community profile is stored for each community that a device can recognise • Access decision based on community name and profile 108 SNMPv1 Security Threats • Two primary threats: – Data modification • An SNMP message can be modified in transit, causing the wrong management operation to occur – Masquerade • An impersonator might send false SNMP messages, causing a wrong management operation to occur • Two secondary threats: – Message stream modification – reordering, replay and/or delay of SNMP messages • May be easy to achieve because of use of connectionless UDP for SNMP messages – Eavesdropping • May cause unintended disclosure of management info SNMPv1 Key Vulnerabilities • No integrity protection on SNMPv1 messages • No timeliness guarantee in SNMPv1 messages • No replay protection • Weak authentication mechanism – Attacker with network access can sniff SNMP messages and record community name – Or attacker can try to use common community names • Weak access control mechanism – Once a community name is known, all access types specified in the corresponding community profile are allowed • No confidentiality mechanism 110 Security of SNMPv1? • If an attacker has network access and can sniff or guess the community name, then he can take control of network devices – May allow reconfiguration of switches and routers • Leading to Information Leakage, Illegitimate Use – May allow Denial of Service attack • e.g repeatedly reboot network devices • SNMPv1 designed under the assumption that the network and all devices on it are trusted • In practice, this assumption does not often hold, yet SNMPv1 is still widely used 111 Beyond SNMPv1 • Later versions of SNMP have identified security services required to meet threats: – data origin authentication, – data integrity, – message sequence integrity, – data confidentiality, – message timeliness & limited replay protection • SNMPv2 transitional, SNMPv3 has more complete security provision SNMPv3 User-Based Security Model • A User, identified by UserName holds: – Secret keys – Other security information such as cryptographic algorithms to be used • SNMPv3 entities are identified by snmpEngineID – Each managed device or management station has an snmpEngineID 113 Authoritative SNMP Entities • Whenever a message is sent, one entity is authoritative – For get or set, receiver is authoritative – For trap, response or report, sender is authoritative • Authoritative entity has: – Localised keys – Timeliness indicators 114 Timeliness Indicators • Prevent replay of messages • Each authoritative entity maintains a clock • A non-authoritative entity has to retrieve the time from the authoritative entity, confirm the received value, then maintain a synchronised clock • Messages can arrive within 150 seconds of their generated time 115 Keys • Keys generated from user password • User provides password to all entities • Each entity generates a key from the password and generates two further keys using the entity’s snmpEngineID – One for data integrity/authentication (K1) – One for confidentiality (K2) 116 Data Integrity and Authenticity • Generate a MAC (cryptographic “fingerprint”) of any message to be protected • Use HMAC algorithm with keys derived from localized user key K1 • Send the “fingerprint” with the message • Recipient with same key can check fingerprint and be assured of integrity and authenticity of SNMP message 117 Data Confidentiality • DES in Cipher Block Chaining mode • Second localised key K2 • Has to be used together with Data Integrity and Authenticity to prevent certain attacks 118 Management of SNMP security • Following data needs to be managed: – secret (authentication and privacy) keys, – clock synchronisation (for replay detection), – SNMP party information • SNMP can be used to provide key management and clock synchronisation • After manually setting up some SNMP parties, rest can be managed using SNMP • Security issues arise from use of shared password for generating all cryptographic keys • SNMPv3 not yet widely used in practice – Now supported by some vendors, details at: http://www.ietf.org/IESG/Implementations/2571-2575Deployment.txt ... components that are likely to be found in a network • Study the major network protocols (focussing on TCP/IP networks) • Develop an awareness of the inherent security risks of using these components... networks: ARP spoofing,TCP Denial of Service, network sniffing Contents In this lecture, we take a layer-by-layer look at the most important network components and protocols, and associated security. .. cable – We study their basic operation and associated security issues • Sniffers – Layer devices for capturing and analysing network traffic Network Cabling • Different Cabling Types: – Thin Ethernet

Ngày đăng: 09/01/2018, 11:51