1 / 114

Pondering and Patrolling Network Perimeters

Pondering and Patrolling Network Perimeters. Bill Cheswick ches@lumeta.com http://www.lumeta.com. Perimeter Defenses have a long history. Lorton Prison. Perimeter Defense of the US Capitol Building. Flower pots. Security doesn’t have to be ugly. Delta barriers.

Mercy
Download Presentation

Pondering and Patrolling Network Perimeters

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Pondering and Patrolling Network Perimeters Bill Cheswick ches@lumeta.com http://www.lumeta.com NLUUG: Pondering Perimeters

  2. Perimeter Defenses have a long history NLUUG: Pondering Perimeters

  3. Lorton Prison NLUUG: Pondering Perimeters

  4. NLUUG: Pondering Perimeters

  5. Perimeter Defense of the US Capitol Building NLUUG: Pondering Perimeters

  6. Flower pots NLUUG: Pondering Perimeters

  7. NLUUG: Pondering Perimeters

  8. Security doesn’t have to be ugly NLUUG: Pondering Perimeters

  9. NLUUG: Pondering Perimeters

  10. NLUUG: Pondering Perimeters

  11. NLUUG: Pondering Perimeters

  12. NLUUG: Pondering Perimeters

  13. Delta barriers NLUUG: Pondering Perimeters

  14. Why use a perimeter defense? • It is cheaper • A man’s home is his castle, but most people can’t afford the moat • You can concentrate your equipment and your expertise in a few areas • It is simpler, and simpler security is usually better • Easier to understand and audit • Easier to spot broken parts NLUUG: Pondering Perimeters

  15. What’s wrong with perimeter defenses • They are useless against insider attacks • They provide a false sense of security • You still need to toughen up the inside, at least some • You need to hire enough defenders • They don’t scale well NLUUG: Pondering Perimeters

  16. The Pretty Good Wall of China NLUUG: Pondering Perimeters

  17. NLUUG: Pondering Perimeters

  18. NLUUG: Pondering Perimeters

  19. NLUUG: Pondering Perimeters

  20. Heidelberg Castlestarted in the 1300s NLUUG: Pondering Perimeters

  21. NLUUG: Pondering Perimeters

  22. NLUUG: Pondering Perimeters

  23. Perimeters need gateways • Let the good stuff in and keep out the bad stuff • This requires a bit of technology in any case • Doors, gates, murder holes, etc. • A place to focus your defenses NLUUG: Pondering Perimeters

  24. NLUUG: Pondering Perimeters

  25. Parliament: entrance NLUUG: Pondering Perimeters

  26. Parliament: exit NLUUG: Pondering Perimeters

  27. One gate is not enough • Too much infrastructure • Low-budget gates • Sally ports • Postern gates NLUUG: Pondering Perimeters

  28. Warsaw gate NLUUG: Pondering Perimeters

  29. Edinburgh Castle NLUUG: Pondering Perimeters

  30. Postern gate (Sterling castle) NLUUG: Pondering Perimeters

  31. A short bio regarding Internet perimeters • Started at Bell Labs in December 1987 • Immediately took over postmaster and firewall duties • Good way to learn the ropes, which was my intention NLUUG: Pondering Perimeters

  32. Morris worm hit on Nov 1988 • Heard about it on NPR • Had a “sinking feeling” about it • The home-made firewall worked • No fingerd • No sendmail (we rewrote the mailer) • Intranet connection to Bellcore • We got lucky • Bell Labs had 1330 hosts • Corporate HQ didn’t know or care NLUUG: Pondering Perimeters

  33. Action items • Shut down the unprotected connection to Bellcore • What we now call a “routing leak” • Redesign the firewall for much more capacity, and no “sinking feeling” • (VAX 750, load average of 15) • Write a paper on it • “if you don’t write it up, you didn’t do the work” NLUUG: Pondering Perimeters

  34. Old gateway: NLUUG: Pondering Perimeters

  35. New gateway: NLUUG: Pondering Perimeters

  36. New gateway:(one referee’s suggestion) NLUUG: Pondering Perimeters

  37. “Design of a Secure Internet Gateway” – Anaheim Usenix, Jan 1990 • My first real academic paper • It was pretty good, I think • Coined the work “proxy” in its current use (this was for a circuit level gateway • Predated socks by three years) • Coined the expression “crunchy outside and soft chewy center” NLUUG: Pondering Perimeters

  38. NLUUG: Pondering Perimeters

  39. Lucent now (1997) (sort of)We’d circled the wagons around Wyoming The Internet Columbus Murray Hill Murray Hill Holmdel Allentown SLIP PPP ISDN X.25 cable ... Lucent - 130,000, 266K IP addresses, 3000 nets ann. thousands of telecommuters ~200 business partners NLUUG: Pondering Perimeters

  40. Anything large enough to be called an ‘intranet’ is probably out of control NLUUG: Pondering Perimeters

  41. Controlling an intranet is hard, even if you care a lot about it • End-to-end philosophy is not helpful if you are the phone company • New networks and hosts are easily connected without the knowledge and permission of the network owner • Security scan tools are not helpful if you don’t know where to point them • This is not the fault of the network managers! They didn’t have the right tools! NLUUG: Pondering Perimeters

  42. Highlands forum, Annapolis, Dec 1996 • A Rand corp. game to help brief a member of the new President’s Infrastructure Protection Commission • Met Esther Dyson and Fred Cohen there • Personal assessment by intel profiler • “Day after” scenario • Gosh it would be great to figure out where these networks actually go NLUUG: Pondering Perimeters

  43. The basic problem on intranets (1996) • The CIO doesn’t know where his network goes • Technical people • Are too busy to document their network consistently • Change jobs relatively often, leaving legacy connections with unknown properties • TCP/IP networks are, by design, decentralized NLUUG: Pondering Perimeters

  44. Goals Consistent, reasonably thorough description of the important topology of the Internet A light touch, so Internet denizens wouldn’t be angry (or even notice) me. Use a technology that doesn’t require access to routers Traceroute-style probes are fast, informative, and recognized as harmless by most network administrators Clean up Lucent’s intranet NLUUG: Pondering Perimeters

  45. Methods - network discovery (ND) Obtain master network list network lists from Merit, RIPE, APNIC, etc. BGP data or routing data from customers hand-assembled list of Yugoslavia/Bosnia Run a TTL-type (traceroute) scan towards each network Stop on error, completion, no data Keep the natives happy NLUUG: Pondering Perimeters

  46. Advantages • We don’t need access (I.e. SNMP) to the routers • It’s very fast • Standard Internet tool: it doesn’t break things • Insignificant load on the routers • Not likely to show up on IDS reports • We can probe with many packet types NLUUG: Pondering Perimeters

  47. Limitations • View is from scanning host only • Multiple scan sources gives a better view • Outgoing paths only • Level 3 (IP) only • ATM networks appear as a single node • Not all routers respond • Some are silent • Others are “shy” (RFC 1123 compliant), limited to one response per second NLUUG: Pondering Perimeters

  48. Data collection complaints Australian parliament was the first to complain List of whiners (25 nets) On the Internet, these complaints are a thing of the past Internet background radiation predominates NLUUG: Pondering Perimeters

  49. Visualization goals make a map show interesting features debug our database and collection methods geography doesn’t matter use colors to show further meaning NLUUG: Pondering Perimeters

  50. NLUUG: Pondering Perimeters

More Related