Network Management Security in distributed and remote network management protocols
Network Management l What is it? l Why do we need it? l What are our options with regard to selecting a network management scheme? l What are the security flaws it can introduce l What can be done to minimize the risk of these security flaws?
Network Management: What is it? l Hardware l Software l Protocols l Allows for remote management of the network from convenient, centralized sites
Network Management: Why is it needed? l Lowers costs by eliminating the need for many administrators at multiple locations performing the same function l Makes network administration and monitoring easier and more convenient l Coherent presentation of data
Major NM Options l SNMPv1 l SNMPv2 l SNMPv2c l DCE l Vendor proprietary solutions l SNMPv3 (future)
SNMPv1 History l Why was it created? l RFC 1157, 1990: “A Simple Network Management Protocol (SNMP)” l RFC 1155, 1158, 1990: Original specification2 of the MIBII
SNMPv1 Overview l Information to be stored laid out in the Management Information Base (MIB) l Specification of fields to be collected, data types, formatting, access controls l Written in ASN.1
SNMPv1 Protocol Five Simple Messages: l get-request l get-next-request l get-response l set-request l trap
SNMPv1 Protocol continued... Manager Agent get_request get_next_request get_response port 161 port 162 get_response set_request trap
SNMPv1 Protocol continued... l UDP Transport Mechanism l Community: Shared “password” between agent and manager l PDU: Specifies request type l Request ID l Error Status l Error Index
SNMPv1 Packet Format UDP Header VersionCommunity PDU Type Request ID Error Status Error Index namevaluename...
SNMPv1 Security Flaws l Transport Mechanism Data manipulation Denial of Service Replay l Authentication Host Based Community Based l Information Disclosure
SNMPv1 Transport Mechanism Flaws UDP Based l Unreliable - packets may or may not be received l Easily forged - trivial to forge source of packets
SNMPv1 Authentication Flaws l Host Based Fails due to UDP transport DNS cache poisoning l Community Based Cleartext community Community name prediction/brute forcing Default communities
SNMPv1 Information Disclosure l Routing tables l Network topology l Network traffic patterns l Filter rules
SNMPv1 Security Flaw Implications l Altering/Manipulation of network by unauthorized individuals l Denial of Service on whole networks l Modification of ACL’s l Clear topology of network behind router l Makes creation of more sophisticated host based attacks easier
SNMPv2 History l RFC 1441, 1993: “Introduction to version 2 of the Internet-standard Network Management Framework” l RFC 1446, 1993: “Security Protocols for version 2 of the Simple Network Management Protocol” l Written to address security and feature deficiencies in SNMPv1
SNMPv2 Protocol l Extension to SNMPv1 l Provided security model l 2 new commands get-bulk-request inform-request
SNMPv2 Protocol continued... privDst dstPartysrcPartycontextPDU privDst dstPartysrcPartycontextPDU privDst dstPartysrcPartycontextPDU privDst authInfo 0-length OCTET STRING General Format Nonsecure Message digestdstTimesrcTime dstPartysrcPartycontextPDU digestdstTimesrcTime dstPartysrcPartycontextPDU 0-length OCTET STRING Authenticated, not encrypted Private, not authenticated Private and authenticated
SNMPv2 Security Flaws l Replay 4 types of time error conditions manager’s version of agent’s clock greater than agent’s actual clock manager’s clock greater then agent’s version of manager’s clock agent’s clock greater than manager’s version of agent’s clock agent’s version of manager’s clock greater than the manager’s version of the manager’s clock
SNMPv2 Security flaws... l Replay attacks possible via complex clock attacks l Implementation specific, typically in violation of protocol
SNMPv2 Security Flaws Attacks against DES l Duplication of privDst in dstPty allows for known plaintext attacks l 16 character, user defined DES pass phrase, l Allows easy dictionary attacks
SNMPv2 Security Flaws MD5 attacks l Again, user defined l 16 character secret offset l Dictionary attackable l Offset guessing
SNMPv2 Security l Still uses UDP transport l SNMPv1 Compatibility can compromise security l Default DES and MD5 phrases l Does not prevent D.O.S or traffic analysis
SNMPv2C l What is it? l Why does it exist
SNMPv2C Protocol l SNMPv2 additional PDU types l SNMPv1 Community based authentication l UDP transport l All the features of SNMPv2 with the security of SNMPv1
RMON and RMON2 Security l SNMPv1’s flaws l additional hazards by introducing “action invocation” objects l collects extensive info on subnet l packet captures
Future Options l SNMPv3 New IETF draft just released Similar to SNMPv2 Addresses time drift and replay attacks l IPsec Offers cure/fix to existing implementations Some theoretical attacks described
Network Management Ideal l Reliable transport TCP T/TCP IPsec (IPv6) UDP l Authentication MD5 or SHA Randomly generated keys Secure bulk encryption (3des, IDEA, blowfish)
Network Management Ideal l Ticket based systems (kerberized?) l Secure key distribution (PK?)
Securing existing implementations l Risk assessment l Minimization of use l Allow get-*’s only, no remote setting l Eliminate defaults l Filtering from outside l Secure vendor implementations
Questions?