1 / 21

Security - Systems

Security - Systems. Design Considerations. Layer 2 Design. L2 Control protocols - 802.1q, STP and ARP 802.1q for Ethernet switches to exchange VLAN info Primary Issues: VLAN hopping Spanning Tree Protocol for L2 loop avoidance Primary Issues: No authentication on bridge PDUs

neo
Download Presentation

Security - Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security - Systems • Design Considerations

  2. Layer 2 Design • L2 Control protocols - 802.1q, STP and ARP • 802.1q • for Ethernet switches to exchange VLAN info • Primary Issues: VLAN hopping • Spanning Tree Protocol • for L2 loop avoidance • Primary Issues: No authentication on bridge PDUs • Attacks: Cause link failure; pretend to be root of tree. • Defense: Control participation in STP (switch level)

  3. Layer 2 Design • ARP • for MAC <-- IP mapping • Primary Issues: gARP messages for high availability • Defense: VLANs, static ARP entries • DHCP • for IP allocation • Issues: MAC Spoofing, rogue DHCP server • allow/deny for specific ports to respond to DHCP requests

  4. Layer 2 Design • Wireless Networks – Medium Access • Boundary is diffused (not hard) • Intruders do not have to intercept wires – all messages are broadcast (in a shared medium) • Unauthenticated access modes may cause problems • Contention resolution – Fairness issues • Easy to limit / eliminate availability

  5. IP Addressing Design • Subnetting • Administrative / Physical separation • Primary Issues: Access Control • Defense: VLANs, Level 3 ACLs (Access Control Lists)

  6. Ingress / Egress Filtering • Private address traffic not seen outside. • Incoming traffic only from outside world • Filtering at edge or close to edge - not necessarily only at the firewall.

  7. NAT • Private addresses translated to public addresses • Incoming traffic - reverse translation • static, 1-1, many-1 • avoid using NAT (many-1) for security

  8. ICMP Design Issues • ping messages • essential for admin. - turning off is not a solution except in specific cases. • Primary issue - Echo request/reply messages - variable length data field • ping-of-death attacks, DoS attacks, buffer overflows • covert channels (w/ software on host) • Solutions: “Explicitly permit - implicitly deny” • Permit ICMP echo request/reply messages w/ networks of necessity and for required users • Deny all other echo messages

  9. ICMP - Design Issues • Other required ICMP messages • (some types of ) Destination Unreachable messages • TTL 0 messages needed by traceroute • lCMP filtering • ACLs for permitting specific messages (seen above) and for denying all others

  10. Routing - Issues • Possible attacks: • Traffic Redirection • Traffic sent to a black-hole • Router DoS (Denial of Service) - Attack on Availability • Routing protocol DoS • Unauthorized router prefix origination

  11. Routing - Issues • Attack methods & possible solutions: • Configuration modification of routers • Secure routers - Device Hardening • Rogue Router Introduction • Add message authentication to routing protocol • Use ACLs to block routing protocol message types from unwanted networks • Spoofing / Modifying of routing messages • Message authentication; TCP seq. #s help; • Sending malformed or excess packets • DoS mitigation for excess; no easy soln. for malformed packets

  12. Router - Device hardening • Disable Unneeded Services • No DNS lookup for router • no echo or fingering services • no bootp service (if not needed) • no source routing and directed broadcast • no ICMP redirects • Password Encryption • Authentication • Use hashed passwords • Use secure protocols (say SSH) for line access • Setup usernames and access controls

  13. Routing Protocol - Message Auth. • Passwords with routing update messages • MD5 digest authentication with secret keying • Protocol Specific: • Avoid RIP v1. - has no auth. mechanism • OSPF (widely userd for interior gateways) - supports keyed MD5 • BGP (widely used for cross-domain routing) - supports keyed MD5 through TCP option

  14. Routing - Issues • Asymmetric Routing & State-Aware Security • Asymetric traffic - different paths for request and return; per packet routing • Can happen at switches, over the Internet or at ISP. • Causes problems for state-aware security devices and mechanisms - Firewalls, IDS etc.

  15. Routing - Issues • Asymmetric Routing - Solutions • Use Symmetric Routing • hard to do and impractical • Load balance per flow (rather than per packet) • cannot avoid request-return asymmetry. • Manipulate flows using NAT or routing • Use state-sharing security devices - e.g exchange info. bet. firewalls • significant traffic overhead • Use stateless security features - e.g. ACLs • works only for easy situations - simple traffic categorizations

  16. Transport Protocol - Design Issues • Denial Of Service attacks • easy to launch and cannot be completely stopped. • network flooding (consume bw) vs. transport flooding (consume host resources) • Network Flooding • Detection: thru’ Network Intrusion Detection, routers and firewalls (i.e. their log data) • Stopping: often thru’ Service provider only; stops good as well as bad traffic

  17. Transport Protocol - Design Issues • Stopping Network Flooding • Basic ACL: drop all traffic destined for an IP address; configure this throughout the ISP’s network. • Black Hole Filtering: Propagate static routes to divert traffic to a black hole. Faster than basic ACL approach; much less CPU impact. • Sinkhole Routing: Traffic diverted to a specific location so that it can be studied.

  18. Transport Protocol - Design Issues • Trace Back (DoS) • Manual ACL trace back : create an ACL with broad permits that are made more specific as more information about attack is gained. • Backscatter Trace back : • combine black hole and sinkhole routing • black hole routing results in ICMP unreachable messages • use a chunk of unallocated IP addresses for internal routing within ISP to forward to a sinkhole. • Tracebacks are useless if the attacker is spoofing a legitimately allocated address.

  19. Transport Protocol - Design Issues • DoS Mitigation • QoS techniques - • limit traffic by type (UDP 10 Mbps, ICMP 200Kbps etc.) ;use token system for traffic to limit it; • application specific filtering • (e.g. in ecommerce scenarios UDP traffic is needed) • use a distributed design • content delivery networks

  20. Transport Protocol - Design Issues • (back to) Denial Of Service attacks • easy to launch and cannot be completely stopped. • network flooding (consume bw) vs. transport flooding (consume host resources) • Transport Flooding • TCP SYN flooding - use a SYN packet (part of a 3-way handshake) but never respond to the acknowledgment; TCP is connection oriented : connections kept open for a time; connection queues overflow;

  21. Transport Protocol - Design Issues • SYN cookies • host specific method of mitigating SYN flooding attacks; • avoid storing SYN packets in queue; use challenge-response model for handshake. • TCP intercept • network-level protection for SYN floods • intercept connection requests at an intermediate node which transparently forwards TCP packets to server; SYN packets are acked ASAP; if client does not respond use a backoff protocol; (e.g PIX firewalls)

More Related