1 / 118

Identifying and Patrolling your True Network Perimeter

Identifying and Patrolling your True Network Perimeter. Bill Cheswick ches@lumeta.com http://www.lumeta.com. Brief personal history. Started at Bell Labs in December 1987 Immediately took over postmaster and firewall duties Good way to learn the ropes, which was my intention.

jrhoades
Download Presentation

Identifying and Patrolling your True Network Perimeter

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Identifying and Patrolling your True Network Perimeter Bill Cheswick ches@lumeta.com http://www.lumeta.com Pondering Perimeters: DOE

  2. Brief personal history • Started at Bell Labs in December 1987 • Immediately took over postmaster and firewall duties • Good way to learn the ropes, which was my intention Pondering Perimeters: DOE

  3. Morris worm hit on Nov 1988 • Heard about it on NPR • Had a “sinking feeling” about it • The home-made firewall worked • No fingerd • No sendmail (we rewrote the mailer) • Intranet connection to Bellcore • We got lucky • Bell Labs had 1330 hosts • Corporate HQ didn’t know or care Pondering Perimeters: DOE

  4. Action items • Shut down the unprotected connection to Bellcore • What we now call a “routing leak” • Redesign the firewall for much more capacity, and no “sinking feeling” • (VAX 750, load average of 15) • Write a paper on it • “if you don’t write it up, you didn’t do the work” Pondering Perimeters: DOE

  5. Old gateway: Pondering Perimeters: DOE

  6. New gateway: suspenders belt Pondering Perimeters: DOE

  7. New gateway:(one referee’s suggestion) Pondering Perimeters: DOE

  8. “Design of a Secure Internet Gateway” – Anaheim Usenix, Jun 1990 • My first real academic paper • It was pretty good, I think • It didn’t have much impact, except for two pieces: • Coined the work “proxy” in its current use (this was for a circuit level gateway • Predated “socks by three years) • Coined the expression “crunchy outside and soft chewy center” Pondering Perimeters: DOE

  9. Why wasn’t the paper more influential? • Because the hard part isn’t the firewall, it is the perimeter • I built a high security firewall for USSS from scratch in about 2 hours in Sept. 2001. • I raised our firewall security from “low medium” to “high” • (that’s about as good as computer and network security measurement gets) • The perimeter security was “dumb luck”, which we raised to “probably none” Pondering Perimeters: DOE

  10. Network and host security levels • Dumb luck • None • Low • Medium • High = no “sinking feeling” Pondering Perimeters: DOE

  11. By 1996, AT&T’s intranet • Firewall security: high, and sometimes quite a pain, which meant • Perimeter security: dumb luck • Trivestiture didn’t change the intranet configuration that much Pondering Perimeters: DOE

  12. Lucent 1997:Circling the wagons around Wyoming The Internet Columbus Murray Hill Murray Hill Holmdel Allentown SLIP PPP ISDN X.25 cable ... Lucent - 130,000, 266K IP addresses, 3000 nets ann. thousands of telecommuters ~200 business partners Pondering Perimeters: DOE

  13. Pondering Perimeters: DOE

  14. Highlands forum, Annapolis, Dec 1996 • A Rand corp. game to help brief a member of the new President’s Infrastructure Protection Commission • Met Esther Dyson and Fred Cohen there • Personal assessment by intel profiler • “Day after” scenario • Gosh it would be great to figure out where these networks actually go Pondering Perimeters: DOE

  15. Perimeter Defenses have a long history Pondering Perimeters: DOE

  16. Lorton Prison Pondering Perimeters: DOE

  17. The Pretty Good Wall of China Pondering Perimeters: DOE

  18. Pondering Perimeters: DOE

  19. Pondering Perimeters: DOE

  20. Pondering Perimeters: DOE

  21. Perimeter Defense Pondering Perimeters: DOE

  22. Flower pots Pondering Perimeters: DOE

  23. Pondering Perimeters: DOE

  24. Security doesn’t have to be ugly Pondering Perimeters: DOE

  25. Pondering Perimeters: DOE

  26. Pondering Perimeters: DOE

  27. Pondering Perimeters: DOE

  28. Pondering Perimeters: DOE

  29. Delta barriers Pondering Perimeters: DOE

  30. Edinburgh Castle Pondering Perimeters: DOE

  31. Warwick Castle Pondering Perimeters: DOE

  32. Heidelberg Castlestarted in the 1300s Pondering Perimeters: DOE

  33. Pondering Perimeters: DOE

  34. Berwick Castle Pondering Perimeters: DOE

  35. Pondering Perimeters: DOE

  36. Pondering Perimeters: DOE

  37. Parliament: entrance Pondering Perimeters: DOE

  38. Parliament: exit Pondering Perimeters: DOE

  39. Why use a perimeter defense? • It is cheaper • A man’s home is his castle, but most people can’t afford the moat • You can concentrate your equipment and your expertise in a few areas • It is simpler, and simpler security is usually better • Easier to understand and audit • Easier to spot broken parts Pondering Perimeters: DOE

  40. Pondering Perimeters: DOE

  41. What’s wrong with perimeter defenses • They are useless against insider attacks • They provide a false sense of security • You still need to toughen up the inside, at least some • You need to hire enough defenders • They don’t scale well Pondering Perimeters: DOE

  42. Anything large enough to be called an ‘intranet’ is out of control Pondering Perimeters: DOE

  43. Project 1:Can we live without an intranet? Strong host security Mid 1990s Pondering Perimeters: DOE

  44. I can, but you probably can’t • “Skinny-dipping” on the Internet since the mid 1990s • The exposure focuses one clearly on the threats and proactive security • It’s very convenient, for the services I dare to use • Many important network services are difficult to harden Pondering Perimeters: DOE

  45. Skinny dipping rules • Only minimal services are offered to the general public • Ssh • Web server (jailed Apache) • DNS (self chrooted) • SMTP (postfix, not sendmail) • Children (like employees) and MSFT clients are untrustworthy • Offer hardened local services at home, like SAMBA (chroot), POP3 (chroot) • I’d like to offer other services, but they are hard to secure Pondering Perimeters: DOE

  46. Skinny dipping requires strong host security • FreeBSD and Linux machines • I am told that one can lock down a Microsoft host, • hundreds of steps, and I don’t know how • Not just operating systems: the most popular client applications are, in theory and practice very dangerous • Web browsers and mail readers have many dangerous features Pondering Perimeters: DOE

  47. Skinny dipping flaws • Less defense in depth • No protection from denial-of-service attacks Pondering Perimeters: DOE

  48. Project 2:The Internet Mapping Project An experiment in exploring network connectivity 1998 Pondering Perimeters: DOE

  49. Methods - network discovery (ND) Obtain master network list network lists from Merit, RIPE, APNIC, etc. BGP data or routing data from customers hand-assembled list of Yugoslavia/Bosnia Run a TTL-type (traceroute) scan towards each network Stop on error, completion, no data Keep the natives happy Pondering Perimeters: DOE

  50. Methods - data collection Single reliable host connected at the company perimeter Daily full scan of Lucent Daily partial scan of Internet, monthly full scan One line of text per network scanned Unix tools Use a light touch, so we don’t bother Internet denizens Pondering Perimeters: DOE

More Related