8/2/2019 VPN In Security
1/31
VPNInsecurityDan Goldberg
MADJiC Consulting, Inc
http://www.madjic.net
8/2/2019 VPN In Security
2/31
VPN Insecurity
Agenda What are VPNs How do VPNs work A brief crypto side trip VPN anatomy Basic WAN designs VPN risks Risk mitigation
8/2/2019 VPN In Security
3/31
What is a
Virtual Private Network (VPN) Two working definitions
Private communications over a non-private
medium A network transporting trusted data over an
untrusted network (Internet)
VPN formats Host to host
Host to gateway (Remote access)
Gateway to gateway (Site to site)
8/2/2019 VPN In Security
4/31
VPN Implementations
SSH Secure Shell SSL Secure Sockets Layer
OpenSSL & Stunnel OpenVPN
Commercial SSL VPN
Cryptcat (netcat with crypto) L2TP Layer 2 transport protocol PPTP Point to point tunneling protocol
IPSec Internet Protocol Security
8/2/2019 VPN In Security
5/31
VPN Limitations
SSH, supports TCP traffic only Depend on Client Port forwarding
SSH Secure Shell SSL Secure Sockets Layer
Symmetric or weak Crypto
Cryptcat L2TP Layer 2 transport protocol
PPTP Point to point tunneling protocol
Unicast traffic only IPSec Internet Protocol Security
8/2/2019 VPN In Security
6/31
The least you need to know
about crypto Cryptography is used to permit Alice to talk
to Bob
Elvis can listen in but not change orunderstand the message
There are two tools used to produce this end
in IPSec VPNs and Public Key Crypto Encryption algorithm
Cryptographic Hash algorithm
8/2/2019 VPN In Security
7/31
Encryption and hashes
Encryption example: plaintext >|< agfoel23.!0clw
Cryptographic Hash MD5 creates a 128 bit checksum
SHA1 creates 160 byte checksum
[dbg@madjic-box ~]$ sha1sum -t myfile.txt07f775c5982e14ed7e8840016a0cf0f15bea599e
myfile.txt
Used as a checksum to validate two inputs are
the same
8/2/2019 VPN In Security
8/31
A cryptographic side show
Hey! I heard that hashes are broken!?! http://www.cits.rub.de/MD5Collisions/ Hashes are not supposed to collide
No two inputs are supposed to produce the
same output
Some do! The link above tells the story of Alice and her
Boss (Bob) in which Boss signs a document
with a known collision; ouch!
8/2/2019 VPN In Security
9/31
Why Internet Protocol Security
(IPSec)? Internet Protocol version 4 offers no payloadsecurity
Simple checksumming on headers IPSec provides
Transport mode (Authentication header AH) Adds authentication to existing IP header
Tunnel mode (Encapsulating Security Protocol
ESP) Encrypts and packages original IP packet inside a
new IP header transmitted by security gateway Receiving gateway reverses the process
8/2/2019 VPN In Security
10/31
Tunnel vs. Transport mode
Tunnel mode uses IP in IP Encapsulated Security Protocol (ESP)
Encrypts entire packet at security gatewayincluding original header
Adds entire IP new header to packet
Transports to security gateway based on policy Protects data and IP addresses of hosts behind
security gateway
8/2/2019 VPN In Security
11/31
Transport vs. Tunnel Mode
Transport mode adds to original IP header Signs payload and transports to next hop
Does not include dynamic header data in signature
(TTL etc)
Inserts additional headers in IP header with hash
/ checksum
Protects data from man in the middle Does not provide privacy of data in payload or IP
addresses!
NAT breaks transport mode
8/2/2019 VPN In Security
12/31
IPSec Anatomy
IKE Internet key exchange ISAKMP - Internet Security Association and
Key Management Protocol AH - Authentication Header ESP Encapsulating Security Protocol
8/2/2019 VPN In Security
13/31
Authentication & Key Exchange
Policy ISAKMP (IKE)
Authentication method certificate shared secret
Encryption algorithm DES 3DES
Hashing algorithm MD5 SHA1
Identify endpoints by DNS or IP
Key Lifetime measured in megabytes and or time(minutes or hours)
8/2/2019 VPN In Security
14/31
Security Associations
Policy must match on both ends One side initiates communications; a Security
Policy Identifier (SPI) is created which identifiesa Security Association (SA) in a Security Policy
Database (SPD).
SPD holds all the SPIs a host knows about
The Security association identifies the
instance of IPSec and its parameters
8/2/2019 VPN In Security
15/31
Keys! Keys! Who's got the
keys? Crypto key material is sensitive How do we exchange keys
IKE Internet key exchange Hybrid ISAKMP, and Oakley
UDP port 500
Manage key exchange, security associations,and key management
It is critical to re-key periodically
8/2/2019 VPN In Security
16/31
IPSec Policy requirements
IPSec Policy Encryption algorithm
DES 3DES
Hashing algorithm SHA1 MD5
Key lifetime Bytes (many implementations default to 8 megabytes) Minutes or hours (many implementations default to 24
hours)
8/2/2019 VPN In Security
17/31
Some things to look out for
IPSec as a Tunnel Combine AH and ESP
Site 2 site VPNs
Remote Access Man in the middle attacks
Modify unencrypted portions of IP header in transit See http://isc.sans.org/diary.php?date=2005-05-09 http://www.niscc.gov.uk/niscc/docs/re-20050509-00385.pdf?lang=en
IPSec as a Transport Combine AH and ESP to protect payload
Host to host communications Validate communications on a private network
8/2/2019 VPN In Security
18/31
ESP IP header
Payload
Some packets with IPSec
Three packets and the IPSec transforms
Protocol headerIP header Payload
An IP Packet
An IP Packet in transport mode
Protocol headerIP header AH header
An IP Packet in tunnel mode
IP header PayloadProtocol header
8/2/2019 VPN In Security
19/31
In host to host mode communications
between specified hosts use IPSec Useful in server to server connections Typically does not require additional security
at upper layers such as AAA All other communications are clear
Host to host
8/2/2019 VPN In Security
20/31
Host to gateway
Commonly used for remote access systems Requires AAA for access Does not replace AAA for systems on the
network Split tunneling unintended access
8/2/2019 VPN In Security
21/31
Gateway to gateway
(Site to site) Commonly used for WAN Does not require AAA for access Does not replace AAA for systems on the
network Network controls must be implemented
8/2/2019 VPN In Security
22/31
Some WAN designs
Hub and Spoke Ring Mesh WAN consider:
Routing
complexity and number of links VPN specific
Impact of crypto on CPU utilization
Per tunnel impact on VPN gateway
8/2/2019 VPN In Security
23/31
Site 2 site VPN Risks
Treat VPN tunnels as WAN links Determine trust level
Trusted - Internal Semi-trusted - remote users, business partners
with common risk model
Untrusted - everyone else
Note: research shows that some 85% of
attacks are internal
8/2/2019 VPN In Security
24/31
Where are VPNs used?
Connection types Internal
Business to business Business to customer
Remote users Remote workers Contractors
8/2/2019 VPN In Security
25/31
Risk Mitigation
Consider the risk model for each location that
is connected and; For each network, host, & service level
consider appropriate Authentication
Access control Ports and protocols Services
Logging
Virus vectors
8/2/2019 VPN In Security
26/31
Mitigation example
Always consider Implied Access Site A and Site B share a site to site VPN Policy permits all hosts at site A to access
FTP server by IP address FTP server has FTPd, and SSHd running FTP user accounts are stored in /etc/passwd What is the actual access between the two
sites?
8/2/2019 VPN In Security
27/31
8/2/2019 VPN In Security
28/31
Mitigation example II
Company A and Company B share a site to
site VPN
Company A's packet filter policy limitsaccess between hosts (by IP) and ports
which are permitted between them
Company B permits all traffic between bothsites
During a technical con call no one can
identify the policy owner at company B
8/2/2019 VPN In Security
29/31
Additional mitigation
Terminate all VPNs on a separate LAN
segment
Firewall the VPN segment from the internalLAN
Permit access by source and destination IP
and port/protocol as required This requires planning and understanding
what the communication needs of all groups
Be aware of implied access via split tunnels
8/2/2019 VPN In Security
30/31
Recent VPN Product
Vulnerabilities Cisco's VPN concentrator:http://www.niscc.gov.uk/niscc/docs/br-20050627-
00520.html?lang=en Nortel vpn clear text password issue: http://www.net-
security.org/vuln.php?id=4065 Nortel malformed IKE packet vulnerability:
http://addict3d.org/index.php?page=viewarticle&type=security&ID=4094
Cisco's malformed IKE packet vulnerability:
http://www.cisco.com/en/US/products/products_security_advisory09186a00802126a3.shtml
8/2/2019 VPN In Security
31/31
Conclusion
Treat VPNs like any WAN link Employ the principle of least privilege When deploying VPNs determine security
and access requirements in advance Limit access between VPN segments and
LAN segments then permit traffic as needed
Top Related