1 / 31

Tunneling and Securing TCP Services

Learn about tunneling concepts and protocols like SSL, SSH, and SOCKS to secure TCP services against vulnerabilities like sniffing, hijacking, false authentication, and more. Understand low and high-level tunneling protocols with examples.

fredas
Download Presentation

Tunneling and Securing TCP Services

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Tunneling and Securing TCP Services Nathan Green

  2. Outline • Concept of Tunneling • Tunneling Protocols • SSL • SSH • SOCKS • Examples of Useful Tunnels

  3. Introduction • Many popular protocols were designed before security became a major issue • FTP • POP • Telnet • HTTP

  4. Vulnerabilities • Sniffing – a problem because many protocols (SMTP, POP, HTTP, etc) transmit data in clear text. • Connection hijacking – after a successful authentication, an attacker can take over the connection and initiate requests/intercept replies

  5. Vulnerabilities • False Authentication – many protocols rely solely on IP or domain names • Data Spoofing – attackers can easily manipulate/inject packets (MitM) • Implementation/configuration – misconfigured systems can put machines at risk • DoS Attacks

  6. Unfortunately, most companies can’t afford to discontinue the use of POP or FTP since many still use them A solution to this problem is tunneling

  7. Tunneling • Tunneling is the transmission of data intended for private use through a public network • Tunnel: a virtual link between two network nodes • Generally accomplished by encapsulating the private data and protocol information within public network packets so the private protocol appears to the public as ordinary data

  8. Low Level Tunneling Protocols • Layer 2 • L2F: Layer 2 Forwarding • PPTP: Point-To-Point Tunneling Protocol • L2TP: Layer 2 Tunneling Protocol • Layer 3 • IPSec: IP Security Protocol • VTP: Virtual Terminal Protocol • ATMP: Ascend Tunnel Management Protocol

  9. High-Level Tunneling Protocols SSL SSH SOCKS

  10. SSL: Secure Sockets Layer • Encrypts communications between Web servers and Web browsers for tunneling over the Internet. • SSL alone is nothing but a handshake and encryption. • Developed by Netscape for securing HTTP • Not clear at what level it is implemented. Transport? Session? Application layer?

  11. SSL: Secure Sockets Layer http://www.nortelnetworks.com/solutions/ip_vpn/collateral/nn102260-10802.pdf

  12. SSL Architecture • Has two layers of protocols...

  13. SSL Architecture • SSL Handshake Protocol • Negotiation of security algorithms and parameters • Key exchange • Server/client authentication • SSL Alert Protocol • Error messages • SSL Change Cipher Spec Protocol • A single message that indicates the end of the SSL handshake • SSL Record Protocol • Fragmentation • Compression • Message authentication • Encryption

  14. SSL Handshake Protocol • Establishes a TCP/IP connection • Client/server negotiate encryption and MAC algorithms • Negotiate cryptographic keys to be used. The client and server agree on the level of security they will use

  15. SSL Handshake Protocol INTERNET 2) The server sends the client the server's SSL version number, cipher settings, session-specific data, and other information that the client needs to communicate with the server over SSL. The server also sends its own certificate. 1)The client sends the server the client's SSL version number, cipher settings, session-specific data, and other information that the server needs to communicate with the client using SSL.

  16. Server Authentication Sample Certificate

  17. SSL Handshake Protocol INTERNET 5) Both the client and the server use the master secret to generate the session keys, which are symmetric keys used to encrypt and decrypt information exchanged during the SSL session and to verify its integrity (that is, to detect any changes in the data between the time it was sent and the time it is received over the SSL connection). 7) The server sends a message to the client informing it that future messages from the server will be encrypted with the session key. It then sends a separate (encrypted) message indicating that the server portion of the handshake is finished. 6) The client sends a message to the server informing it that future messages from the client will be encrypted with the session key. It then sends a separate (encrypted) message indicating that the client portion of the handshake is finished. Optional: Server requests client authentication: the client also signs another piece of data that is unique to this handshake and known by both the client and server. In this case, the client sends both the signed data and the client's own certificate to the server along with the encrypted pre-master secret. The server then authenticates the client 4) The server uses its private key to decrypt the pre-master secret, and then performs a series of steps (which the client also performs, starting from the same pre-master secret) to generate the master secret. Does this different ways: RSA, Fixed DH, Ephemeral DH, Anonymous DH, Fortezza 3) The client creates the pre-master secret for the session, encrypts it with the server’s public key obtained from the server’s certificate, and sends it to the server

  18. In the case of server authentication, the client encrypts the pre-master secret with the server's public key. Only the corresponding private key can correctly decrypt the secret, so the client has some assurance that the identity associated with the public key is in fact the server with which the client is connected. Otherwise, the server cannot decrypt the pre-master secret and cannot generate the symmetric keys required for the session, and the session will be terminated. • This is the normal operation condition of the secure channel. At any time, due to internal or external stimulus (either automation or user intervention), either side may renegotiate the connection, in which case, the process repeats itself.

  19. SSL Change Cipher Spec Protocol • Single message that indicates end of handshake

  20. SSL Alert Protocol • Fatal alerts and warnings

  21. SSL Record Protocol • Fragment: separated into blocks • Compress • MAC: Message Authentication Code, a cryptographic checksum • Encrypt

  22. SSL Record Protocol Format

  23. Difference Between SSL and TLS • Not much • TLS is the IETF protocol standard that grew out of SSL 3.0, documented by RFC 2246 • TLS doesn’t support Fortezza key exchange/encryption • More alert codes in SSL • TLS current version number is 3.1

  24. SSH • SSH is a protocol for secure remote login, shell, and file copying other secure network services over an insecure network • Replace RSH, RCP, RLOGIN • Runs at application layer • Uses RSA public key cryptography • Data flow directions client->server and server->client are independent, may use different algos (i.e. 3DES+SHA1 and Blowfish+MD5) • Currently SSH v2 is the standard

  25. SSH Components • The Transport Layer Protocol provides server authentication, confidentiality, and integrity. It may optionally also provide compression. The transport layer will typically be run over a TCP/IP connection. • The User Authentication Protocol authenticates the client-side user to the server. It runs over the transport layer protocol. • The Connection Protocol multiplexes the encrypted tunnel into several logical channels. It runs over the user authentication protocol. • these logical channels can be used for a wide range of purposes • secure interactive shell sessions • TCP port forwarding

  26. SSL originally intended for web sessions SSL is a drop-in which other applications run over Server authentication optional SSL alone is just a handshake and encryption SSH originally intended for replacing telnet and FTP SSH is a Swiss-army-knife designed to do many different things Server authentication required SSH alone allows you to do lots of different things Difference Between SSL and SSH http://www.rpatrick.com/tech/ssh-ssl/ http://www.snailbook.com/faq/ssl.auto.html

  27. SOCKS • A security protocol used to communicate through a firewall or proxy server • Defined in RFC 1928

  28. SOCKS • When a TCP-based client wishes to establish a connection to an object that is reachable only via a firewall, it must open a TCP connection to the appropriate SOCKS port on the SOCKS server system. • The SOCKS service is conventionally located on TCP port 1080. • If the connection request succeeds, the client enters a negotiation for the authentication method to be used, authenticates with the chosen method, then sends a relay request. • The SOCKS server evaluates the request, and either establishes the appropriate connection or denies it.

  29. Example of Useful Tunnels • POP3 • Open a secure tunnel using SSH • Needs an accessible shell account on the server • $ ssh -L 110:mail.my.org:110 tunnel.my.org • Set mail client to query ‘localhost’ as the POP3 server • IMAP • Same setup, different port number (220) • Telnet • $ ssh -L 23:server.my.org:23 tunnel.my.org • $ telnet localhost

  30. Alternatives • IPv6 • VPN • IPSec

More Related