Security Overview & Cryptography - wiki.apnictraining.net · Internet Evolution Security (threats...
81
1 Security Overview & Cryptography
Transcript of Security Overview & Cryptography - wiki.apnictraining.net · Internet Evolution Security (threats...
1
Security Overview & Cryptography
Drawing some correlations
2
Why Security?
• The Internet was designed for connectivity – Trust was assumed
– Security protocols added on top of the TCP/IP
• The Internet has become fundamental to our daily activities (business, work, and personal)
3
Internet Evolution
Security (threats and challenges) change as the Internet evolves!
LAN connectivity Content driven (email, web, music, video)
Data on the Cloud
4
Recent Incidents
• Slingshot (March 2018) - APT
– Active since 2012!
– Compromise MikroTik routers• not much clarity to on how they do it, but assumed to be based on the
ChimayRed exploit - https://github.com/BigNerd95/Chimay-Red
– replace one of the dll in the router's file system with a malicious one (ipv4.dll)• loaded into user's computer when they run the Winbox tool
– Once infected• capture screenshots, collect network info, passwords on browsers,. key
strokes etc
5
Recent Incidents
• Meltdown/Spectre (Jan 2018)
– Exploits processor vulnerabilities!• Intel, AMD, ARM
– Meltdown (CVE-2017-5754):• Breaks the isolation between programs & OS
• An application could read kernel memory locations
– Spectre (CVE-2017-5753/CVE-2017-5715)• Breaks isolation between applications
• An application could read other application memory
6
Recent Incidents
• (Not)Petya Ransomware/Wiper (June 2017)– Exploited a backdoor in MeDoc accounting suite
• Update pushed on June 22 from an update server (stolen credentials)
• proxied to the attacker’s machine (176.31.182.167)
– Spread laterally across the network (June 27)• EternalBlue exploit (SMB exploit: MS17-010)
• through PsExec/WMIC using clear-text passwords from memory
• C:\Windows\perfc.dat hosted the post-exploit code (called by rundll32.exe)
7
Recent Incidents• WannaCry Ransomware (May 2017)
– As of 12 May, 45K attacks across 74 countries
– Remote code execution in SMBv1 using EternalBlue exploit• TCP 445, or via NetBIOS (UDP/TCP 135-139)
– Patch released on 14 March 2017 (MS17-010)• https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
– Exploit released on 14 April 2017
8
Not-so Recent Incident
• SHA-1 is broken (Feb 23, 2017)– colliding PDF files: obtain same SHA-1 hash of two different
pdf files, which can be abused as a valid signature on the second PDF file.• https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
9
shodan.io
10
• Find any internet connected device
Securing the device (Hardening)
12
Think of ALL devices
• 21 Sept 2016– 600Gbps+ attack on Brian Krebs site (hosted by Akamai)
• https://krebsonsecurity.com
• 30 Sept 2016 – Mirai source code released to https://hackforums.net– More (smarter and competing) variants
• 21 Oct 2016– ~1Tbps attack on Dyn
• 26 Nov 2016– 900K+ Deutsche Telecom subscribers offline
• Feb 2018– 1.35Tbps attack on Github– Memcache (UDP11211) with spoofed source addresses
• 10000x!
What caused all these?
• “Internet of STUPID Things (IoT)” – Geoff Huston– CPEs, IP Cameras/webcams, DVRs, etc
• The issue?– Admin password exposed via web interface
– Factory (OEM) default admin credentials
– WAN management allowed (this means anyone on Internet)• TR-069 (CWMP)
And the techniques?
• Attack techniques were common (and not so common ones too)
– SYN floods
– Low bandwidth HTTP floods
– DNS water torture (Query floods reported since 2014)
– GRE floods*
Password visible - Web Interface
Allow remote access
How difficult is it to find one?
Source: https://www.flickr.com/photos/kylaborg/12887906353/
Mirai brute force –OEM default UN and PW
19
https://www.incapsula.com/blog/malware-analysis-mirai-ddos-botnet.html
root xc3511 root vizxv root admin admin admin root 888888 root xmhdipc root default root juantech root 123456 root 54321 support support root (none) admin password root root root 12345 user user admin (none) root pass admin admin1234 root 1111 admin smcadmin admin 1111 root 666666 root password root 1234 root klv123 Administrator admin service service supervisor supervisor guest guest guest 12345 guest 12345 admin1 password administrator 1234 666666 666666 888888 888888 ubnt ubnt root klv1234 root Zte521 root hi3518 root jvbzd root anko root zlxx. root 7ujMko0vizxv root 7ujMko0admin root system root ikwb root dreambox root user root realtek root 00000000 admin 1111111 admin 1234 admin 12345 admin 54321 admin 123456 admin 7ujMko0admin admin 1234 admin pass admin meinsm tech tech
What was/is the scale?
• Geo-locations of Mirai-infected devices as of Oct 2016
https://www.incapsula.com/blog/malware-analysis-mirai-ddos-botnet.html
What was/is the scale?• As many as 20 million devices vulnerable to CWMP
exploits (Oct 2017)
https://maps.shodan.io
Current Status?• Please check shodan maps and update here!
https://maps.shodan.io
Packet Filtering
23
Firewalls in Network?
• Run a dirty but fast network – Maz (IIJ)– FWs in front of your services/applications
• Firewall in modern networks (Randy Bush –IIJ):
iACL– IPv4 (equivalent for v6!) ip access-list extended TRAFFIC-INdeny udp/tcp any any eq 19 ! Chargendeny udp/tcp any any range 135 139 ! netbios stuff deny udp any any eq 123 ! no one should use our NTP deny tcp any any eq 445 ! Blaster/SMB worm deny tcp any any eq 1025 ! uSoft RPC exploit deny tcp any any eq 1337 ! Redshell backdoor deny tcp any any eq 1433 ! MS SQL worm deny udp any any eq 1434 ! MS SQL worm deny udp any any eq 2049 ! Sun NFS deny tcp any any eq 2745 ! Blaster worm deny tcp any any eq 3001 ! NessusD backdoor deny tcp any any eq 3127 ! MyDoom worm deny tcp any any eq 3128 ! MyDoom worm deny tcp any any eq 5000 ! WindowsXP UPnP port deny tcp any any eq 6129 ! Dameware backdoordeny udp/tcp any any eq 11211 ! Memcached exploitdeny tcp any any eq 11768 ! Dipnet/Oddbob worm deny tcp any any eq 15118 ! Dipnet/Oddbob wormdeny icmp any any fragments ! Block ICMP fragmentspermit icmp any anydeny ip <your-address> <wildcard> anypermit ip any any
Source IP spoofing – Defense
• BCP38 (RFC2827)– Since 1998!
– https://tools.ietf.org/html/bcp38
• Only allow traffic with valid source addresses to– Leave your network
• Only packets with source address from your own address space
– To enter/transit your network• Only source addresses from downstream customer address space
26
uRPF – Unicast Reverse Path
• Unicast Reverse Path Forwarding (uRPF)– Router verifies if the source address of any packets received
is in the FIB table and reachable (routing table)• Drop if not!
– Recommended on customer facing interfaces
27
(config-if)#ipv6 verify unicast source reachable-via {rx | any}
uRPF – Unicast Reverse Path
28
• Modes of Operation:
– Strict: verifies both source address and incoming interface with FIB entries
– Loose: verifies existence of route to source address
pos0/0ge0/0
Src = 2406:6400:100::1
Src = 2406:6400:200::1
FIB:2400:6400:100:/48 ge0/02400:6400:200:/48 fa0/0
pos0/0ge0/0
Src = 2406:6400:100::1
Src = 2406:6400:200::1
Image source: “Cisco ISP Essentials”, Barry Greene & Philip Smith 2002
Configuration backup/ archiving
29
Configuration Files
• Careful sending config files - people can snoop the wire– MD5 validation
– SCP to copy files/images• Avoid TFTP and FTP!
• Use tools like ‘rancid’ or ‘oxidized’ to periodically check them against modified configuration files
scp <file|image> user@router-ip:bootflash:<file-image>!scp user@router-ip:bootflash:<file-image> .
#verify /md5 nvram:startup-config.Done!verify /md5 (nvram:startup-config) = 7b9e589178bd133fecb975195701447d
OOB Management
31
• OOB device management should be used - DoS attacks do not hinder access to critical devices
• Reverse Telnet is a good tool in emergencies!AUX <-> Console
telnet <your-IP>:<2000+TTY#>
sh line
Acknowledgment
• Most of the content is from:
– Steven M.Bellovin’s “Thinking Security”
– https://www.cs.columbia.edu/~smb/
32
Before we start…
• What are we protecting?, and
• Against whom?
33
• All security system designs should be based on these questions!
Attack Motivation (Who are your Enemies?)
• Nation states want SECRETS
• Organized criminals want MONEY
• Protesters or activists want ATTENTION
• Hackers and researchers want KNOWLEDGE
34
Source: NANOG60 keynote presentation by Jeff Moss, Feb 2014
http://cartoonsmix.com/cartoons/national-security-agency-cartoon.html
Who are your Enemies?
35
• Script kiddies: little real ability, but can cause damage if you’re careless
• Money makers: Hack into machines, turn them into spam engines, etc.
• Government intelligence agencies, AKA Nation State Adversaries
The Threat Matrix
36
Degree of Focus
Opportunistic hacks
Joy hacks Targeted attacks
Advanced Persistent Threats
Source: Thinking Security – Steve M. Bellovin
Joy Hacks
• For fun – with little skill using known exploits
• Minimal damage– especially unpatched machines
• Random targets– anyone they can hit
• Most hackers start this way– learning curve
37
Opportunistic Hacks
• Skilled (often very skilled) - also don’t care whom they hit– Know many different vulnerabilities and techniques
• Profiting is the goal - bank account thefts, botnets, ransomwares….– WannaCry?
• Most phishers, virus writers, etc.
38
Targeted Attacks
• Have a specific target!
• Research the target and tailor attacks– physical reconnaissance
• At worst, an insider (behind all your defenses)– Not-so happy employee
• Watch for “spear-phishing”
• May use 0-days
39
Advanced Persistent Threats
• Highly skilled (well funded) - specific targets– Mostly 0-days
• Sometimes (not always) working for a nation-state– Think Stuxnet (up to four 0-days were used)
• May use non-cyber means:– burglary, bribery, and blackmail
• Note: many lesser attacks blamed on APTs
40
Are you a Target?
• Biggest risk?– assuming you are not interesting enough!
• Vendors/System Integrators and their take on security:– Either underwhelming or Overwhelming
41
Defense Strategies
• Depends on what you’re trying to protect
• Tactics that keep out teenagers won’t keep out a well-funded agency
• But stronger defenses are often much more expensive and cause great inconvenience
42
What Are You Protecting?
• Identify your critical Assets– Both tangible and intangible (patents, methodologies) assets
• Hardware, software, data, people, documents
– Who would be interested?
• Place a Value on the asset– Different assets require different level of protection
– Security measures must be in proportion with asset value• How much can you afford?
• Determine Likelihood of breaches– threats and vulnerabilities ?
43
Against Joy Hacks
• By definition, joy hackers use known exploits
• Patches exist for known exploits:– Up to date system patches
– Up to date antivirus database
• Ordinary enterprise-grade firewalls will also repel them
44
Against Opportunistic Hacks
• Sophisticated techniques used
• You need multiple layers of defense– Up to date patches and anti-virus
– Firewalls
– Intrusion detection
– Lots of attention to log files
45
Against Targeted Attacks
• Targeted attacks exploit knowledge of target– Try to block or detect reconnaissance
– Security policies and procedures matter a lot• How do you respond to phone callers?
• What do people do with unexpected email attachments?
• USB sticks in the parking lot?
• Hardest case: disgruntled employee or ex-employee– Already behind your defenses
– Think Manning & Snowden
46
Against APTs
• VERY VERY hard to defend against!
• Use all of the previous defenses– There are no sure answers
• Pay special attention to policies and procedures
• Investigate all oddities
47
Varying Defenses
• Don’t use the same defenses for everything– Keep them guessing ☺
• Layer them– protect valuable systems more carefully
• Maybe you can’t afford to encrypt everything– but you probably can encrypt all communications among
and to/from your high-value machines
48
However…
• Every machine (connected) is valuable
• They could be turned into bots– Send spam, launch DDoS, host phishing sites
– Sniff your local traffic
• Defense: – watch outbound traffic from your network
49
Summary
• Use proper crypto
• Multi-layered security– Updated patches and AVs
– Backup important data
– Firewalls
– IDS/IPS (anomaly detection)
• Strictly follow security procedures– Revise and audit frequently
50
Target
• Targets could be:– Network infrastructure
– Network services
– Application services
– End user machines
Uneven Playing Field
• The defender has to think about the entire perimeter– all the weakness
• The attacker has to find only one weakness
• This is not good news for defenders
52
Attack Surface
• Entire Perimeter you have to Defend
53
Web ServerDNS
SMTP
Power Fiber
Application
Firewall
Soft Gooey Inside
• But it is not just the perimeter!
54
Web Server DNS
SMTP
PowerFiber
Application
Firewall
USB SticksSpearfishingPasswords
Ex-EmployeesSysAdmins
Cryptography
55
• All about hiding information in plain sight!
Key is the key
• key length is a measure in bits
• key space is the number of possibilities that can be generated by a specific key length
• Example : – 22 key = a keyspace of 4
– 24 key = a keyspace of 16
– 240 key = a keyspace of 1,099,511,627,776
56
• Assume everyone knows your encryption/decryption algorithm– Security of encryption lies in the secrecy of the keys, not the
algorithm! • Kerckhoff’s Principle (1883)
• How do we keep them safe and secure?
57
Key is the key
Work Factor
• The amount of processing power and time to break a crypto system– No system is unbreakable!
• The idea is to make it “expensive” to break/guess
58
Encryption and Decryption
Plaintext (P) Cipher Text (C) Plaintext (P)
ENCRYPTION
ALGORITHM
DECRYPTION
ALGORITHM
Encryption Key Decryption Key
59
Symmetric & Asymmetric keys
• Two categories of cryptographic methods– Symmetric and Asymmetric key encryption
60
Symmetric Encryption
• Same key is used to encrypt and decrypt – Both sender and receiver needs to know the key
• Also called shared secret-key cryptography
– The key must be kept a “secret” to maintain security
• Follows the more traditional form of cryptography (pre 1970) – key lengths ranging from 40 to 256 bits
• Widely used examples:– DES/3DES, AES, RC4/6
61
Same shared secret-key
Plain text
ENCRYPTION
ALGORITHM
DECRYPTION
ALGORITHM
Cipher text Plaintext
Encryption Key Decryption Key
Symmetric Encryption
62
Symmetric Encryption
• Advantages– fast computation since the algorithms require small number
of operations
• Disadvantages:– The sender and receiver needs to know the shared secret
key before any encrypted conversation starts• How do we securely distribute the shared secret-key between the sender
and receiver?
– What if you want to communicate with multiple people, and each communication needs to be confidential?• How many keys do we have to manage? A key for each!
• Key EXPLOSION!
63
Diffie-Hellman key ‘exchange’
• DH algorithm– secure way to generate a shared secret between two
parties
– The key is NEVER exchanged or transmitted
64
DH key ‘exchange’
– Alice and Bob agree on two random primes (x and y)
– Alice and Bob pick a secret number each (a and b)
• Which they DON’T share
– Alice computes and sends to Bob
– Bob computes and sends to Alice
– Alice then computes:
– Bob also computes:
65
A = xa mod y
B = xb mod y
S = Ba mod y
S = Ab mod y
= (xb mod y)a mod y = xba mod y
= (xa mod y)b mod y = xab mod y
DH in Colour ☺
66
+ +
+ +
Image source: https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
Diffie-Hellman key ‘exchange’
• Without even knowing what secret each used, Alice and Bob generated the same result!– The shared-secret
– Even if evil “Eve” is listening on the wire • Can see x, y, A, B
– She cannot compute the same result since she would not know Bob and Alice’s secret
67
• Unlike normal exponentiation, which we can compute by
• modular exponentiation or modular log(x) is difficult to compute!
ey=logey
Asymmetric Encryption
• Also called public-key cryptography
• Use of Public-Private key pair– The key pairs are mathematically linked
– Messages encrypted with one key can only be decrypted by the other key of the key pair
• The decryption key cannot, at least in a reasonable
amount of time, be calculated from the encryption key and vice-versa
68
Asymmetric Encryption
69
Public KeyPrivate Key🗝 🔑
Plaintext
ENCRYPTION
ALGORITHM
DECRYPTION
ALGORITHM
Ciphertext Plaintext
Encryption Key Decryption Key
🔑
🗝🔑
🗝
Asymmetric Encryption
• Advantages:– Solves the key explosion and distribution problem
– No exchange of confidential information before communication• Public key is published (everyone knows)
• Private key is kept secret (only the owner knows)
• Disadvantages– Much slower than symmetric algorithms
70
Hash Functions
• Takes a message of arbitrary length and outputs a small fixed-length code– called the hash or message digest, or digital fingerprint
• One-way mathematical function– Easy to compute, difficult to reverse
• Single bit change in input => large indeterminate change in output
• Uses: – Verifying integrity
– Digitally signing documents
– Authentication (Hashing passwords)
71
Hash Functions
• A form of signature that uniquely represents a data
72
Hash Function
Arbitrary lengthdata
a88997dfha234Fixed-lengthHash value
Well-known Hash Functions
• Message Digest (MD) Algorithm – Outputs a 128-bit fingerprint of an arbitrary-length input
– MD5 is widely-used
• Secure Hash Algorithm (SHA)– SHA-1 produces a 160-bit message digest similar to MD5
• Widely-used (TLS, SSL, PGP, SSH, S/MIME, IPsec)
– SHA-256, SHA-384, SHA-512 produce longer hash values
73
Digital Signature
• Electronic documents can be signed– to prove the identity of the sender, and
– the integrity of the message
• Encrypted hash of the message– Hash the data
– Encrypt the hash with the sender’s private key
74
HashDigital
SignatureDocument
Encryption
(Sender’s Private Key)
🗝Hashing
Digital Signature Validation
• Sender– Appends the signature to the original document
– Sends to receiver
• Receiver– Computes the hash of the received data
• Using same hash function
– Decrypts the encrypted hash (signature) using sender’s public key• Authentication
– Compares the hashes• If match, the data was not modified (integrity) and signed by the sender
75
Digital Signature Validation
76
Digital
Signature
Document
SENDER RECEIVER
Document HashHash
Function Equal?
Digital
SignatureDecryption
(Sender's Public Key)
Hash🔑
Example
77
https://www.gpg4win.org (Windows)
https://www.gpgtools.org (OS X)
Complexity vs Length
• Entropy: randomness in the password
• Bits of Entropy: indicates how difficult it is to crack a password
• Difficulty to guess =
H (bits) = log(C) / log(2) * L
Where C – character setL – password length
– Character sets• Numbers: 0-9
• Alphas (upper): A-Z
• Alphas (lower): a-z
• Specials: *+-%&$#![]{}\@/~ etc
2H
Complexity vs Length
• Password length is more important than complexity!– Ex:
• Same/more level of entropy using passwords with a 26 character set (12 characters long), as a character set of 94 (all possible ASCII) that’s 8 characters long!
Password Length8 12 16 20 24 28 32
Alphanumeric + specials 94 52.4367 78.65507 104.873 131.092 157.3101 183.528 209.7468
Bits of Entropy
Alphanumeric 62 47.6336 71.45036 95.2671 119.084 142.9007 166.717 190.5343
Upper and Lower alpha 52 45.6035 68.40528 91.207 114.009 136.8106 159.612 182.4141
Upper or Lower alpha 26 37.6035 56.40528 75.207 94.0088 112.8106 131.612 150.4141
Numbers 10 26.5754 39.86314 53.1508 66.4386 79.72627 93.014 106.3017
81
