Post on 23-Feb-2016
description
Network Layers (in) SecurityPaula JanuszkiewiczIT Security Auditor, MVP, MCTCQUREpaula@cqure.pl
Marcus MurraySecurity Team Manager, MVP, MCTTrueSec Marcus.Murray@truesec.se
SIM314
Agenda
Introduction
Transport Layer
Application Layer
Presentation Layer
Session Layer
Summary
Network Layer
Data-Link Layer
Physical Layer
The Issue
No matter how well we secure our hosts we are always “vulnerable” on some layers of the infrastructure
Security is a prime concern for networkingWhile access to the network is enough to break its integrityStill tiny malicious actions can do a lot of damage
Usability stands in front of the securityInteroperability is based on protocols created more then 30 years ago!
So what is this “Network Security” about?
Physical Layer
IssuesLoss of power or environmental controlDisconnection, damage or theft of physical resourcesUnauthorized access: wired or wirelessKey loggers or other data interception method
Countermeasures Use appropriate physical access control f.e. electronic locks or retina scanningRecord video and audio in the company premisesEmployee trainingPhysical network isolation
Transport Layer
Application Layer
Presentation Layer
Session Layer
Network Layer
Data-Link Layer
Physical Layer
Sniff fiber
TP-Cables
demoWireless Attack BasicsThe scenario of physical access
Data-Link Layer
IssuesMAC address spoofing Wireless accessibilitySpanning tree malfunctionsTraffic flooding on the switch level
Countermeasures Segmentation (VLANs)Use corporate-level wireless solutionsDisable all unnecessary switch ports
Transport Layer
Application Layer
Presentation Layer
Session Layer
Network Layer
Data-Link Layer
Physical Layer
demo
802.1x (IN)Security
Shadow Host Scenario
demoUntrustedComputer
RadiusServer
Client
DomainController
CAServer
Network Layer
IssuesSpoofingIP AddressingRouting protocolsTunneling protocols
Countermeasures IPSecUse firewalls between different network segmentsUse route filtering on the edgePerform broadcast and multicast monitoringManaged IP Addressing
Transport Layer
Application Layer
Presentation Layer
Session Layer
Network Layer
Data-Link Layer
Physical Layer
demoPacket ModificationPlaying with protocols
demoDenial of ServiceIPv6 vulnerabilities and others
Evil Hacker
HackerComputer
FileServer
DomainController
WebServer
UntrustedComputerClient
UntrustedComputerClient
UntrustedComputerClient Untrusted
ComputerClient
NEW IPv6 ROUTER ADVERTICEMENTS
Transport Layer
IssuesConnectionless nature of UDPWeak TCP implementations
Predictable sequence numbersMay be disturbed by crafted packets Performance may impact traffic qualification and filtering
Countermeasures Host and network based firewallsIPS/IDSStrong session handling
Transport Layer
Application Layer
Presentation Layer
Session Layer
Network Layer
Data-Link Layer
Physical Layer
demoCommon TCP/UDP Attacks Network Trace Scenario
Session Layer
IssuesWeak or even lack of authenticationUnlimited number of failed authentication attemptsSession data may be spoofed and hijackedExposure of identification tokens
Countermeasures Rely on strong authentication
KeysMethods
Use account and session expiration time Use timing to limit failed authentication attempts
Transport Layer
Application Layer
Presentation Layer
Session Layer
Network Layer
Data-Link Layer
Physical Layer
Presentation Layer
IssuesPoor handling of data types and structuresCryptographic flaws may be exploited to circumvent privacy protections
Countermeasures Sanitizing the input – user data should be separated from the control functionsCryptographic solutions must be up to date
Transport Layer
Application Layer
Presentation Layer
Session Layer
Network Layer
Data-Link Layer
Physical Layer
demo
Null Byte Injection%00
Application Layer
IssuesThe most exposed layer todayBadly designed application may bypass security controlsComplex protocols and applicationError handling…
Countermeasures Application level access controlsUsing standards and testing application codeIDS/ Firewall to monitor application activity
Transport Layer
Application Layer
Presentation Layer
Session Layer
Network Layer
Data-Link Layer
Physical Layer
demoBinary Patching Over HTTPUnsecure protocol scenario
Poor ImplementationUser authentication scenario
Agenda
Introduction
Transport Layer
Application Layer
Presentation Layer
Session Layer
Summary
Network Layer
Data-Link Layer
Physical Layer
Remember
Do inventory of services and protocolsLower layers are not dependent on upper layersUse Network/Application layer for Integrity & ConfidentialitySecure all layers for accessibiliyTCP/IP is more than 30 years old
It is not idealBut has many security extensions
Safety and Security Centerhttp://www.microsoft.com/security
Security Development Lifecyclehttp://www.microsoft.com/sdl
Security Intelligence Reporthttp://www.microsoft.com/sir
End to End Trusthttp://www.microsoft.com/endtoendtrust
Trustworthy Computing
Resources
www.microsoft.com/teched
Sessions On-Demand & Community Microsoft Certification & Training Resources
Resources for IT Professionals Resources for Developers
www.microsoft.com/learning
http://microsoft.com/technet http://microsoft.com/msdn
Learning
http://northamerica.msteched.com
Connect. Share. Discuss.
Complete an evaluation on CommNet and enter to win!
Scan the Tag to evaluate this session now on myTech•Ed Mobile
Thank You!