47th IETF - Adelaide Chris Lonvick

Slides:

Advertisements

Similar presentations

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

Advertisements

Computer Security and Penetration Testing

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.

IPv6 Site Renumbering Gap Analysis draft-ietf-6renum-gap-analysis-02 draft-ietf-6renum-gap-analysis-02 Bing Liu (speaker), Sheng Jiang, Brian.E.Carpenter,

Firewall and Internet Access Mechanism that control (1)Internet access, (2)Handle the problem of screening a particular network or an organization from.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

BEHAVE BOF (Behavior Engineering for Hindrance AVoidancE) Cullen Jennings Jiri Kuthan.

Authentication Mechanism for Port Control Protocol (PCP) draft-wasserman-pcp-authentication-01.txt Margaret Wasserman Sam Hartman Painless Security Dacheng.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

Internet A simple introduction 黃韻文申逸慈.

FTP File Transfer Protocol Graeme Strachan. Agenda  An Overview  A Demonstration  An Activity.

IPv6 WORKING GROUP (IPv6 a.k.a. IPNGWG) August 2001 London IETF Bob Hinden / Nokia Steve Deering / Cisco Systems Co-Chairs.

CONEX BoF. Welcome to CONEX! Chairs: –Leslie Daigle –Philip Eardley Scribe Note well.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 11: Network Address Translation for IPv4 Routing And Switching.

ISDS 4120 Project 1 DWAYNE CARRAL JR 3/27/15. There are seven layers which make up the OSI (Open Systems Interconnection Model) which is the model for.

Requirements and Selection Process for RADIUS Crypto-Agility December 5, 2007 David B. Nelson IETF 70 Vancouver, BC.

GEONET Brainstorming Document. Content Purpose of the document Brainstorming process / plan Proposed charter Assumptions Use cases Problem description.

IS3220 Information Technology Infrastructure Security

Dhc WG 3/2/2004, IETF 59, Seoul. 3/2/2004dhc WG - IETF 59, Seoul2 Agenda Administrivia, Agenda bashing Ralph Droms 05 minutes DHCP Option for Proxy Server.

SNMP (Simple Network Management Protocol) Overview

Chapter 7: Transport Layer

CompTIA Security+ Study Guide (SY0-401)

UNIT 7- IP Security 1.IP SEC 2.IP Security Architecture

Chapter 9: Transport Layer

Cryptography: an overview

Block 5: An application layer protocol: HTTP

Instructor Materials Chapter 9: Transport Layer

Thierry Ernst (INRIA and WIDE) Hesham Soliman (Ericsson)

Encryption and Network Security

56th IETF syslog WG Chair: Chris Lonvick

Chapter 18 IP Security  IP Security (IPSec)

ITIS 3110 IT Infrastructure II

Outline Basics of network security Definitions Sample attacks

Host of Troubles : Multiple Host Ambiguities in HTTP Implementations

Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made.

IETF57 Vienna July 2003 Bob Hinden & Margaret Wasserman Chairs

SNMP (Simple Network Management Protocol) Overview

IPSec VPN Chapter 13 of Malik.

CIT 480: Securing Computer Systems

NAT , Device Discovery Chapter 9 , chapter 10.

NET323 D: Network Protocols

CompTIA Security+ Study Guide (SY0-401)

Packet Sniffing.

– Chapter 3 – Device Security (B)

CompTIA Security+ Study Guide (SY0-501)

* Essential Network Security Book Slides.

Charles Clancy Katrin Hoeper IETF 73 Minneapolis, USA 17 November 2008

Chapter 8: Monitoring the Network

draft-ipdvb-sec-01.txt ULE Security Requirements

NET323 D: Network Protocols

IS4680 Security Auditing for Compliance

– Chapter 3 – Device Security (B)

NET 536 Network Security Lecture 5: IPSec and VPN

Firewalls Jiang Long Spring 2002.

Cryptography: an overview

Andy Wang Operating Systems COP 4610 / CGS 5765

1 ADDRESS RESOLUTION PROTOCOL (ARP) & REVERSE ADDRESS RESOLUTION PROTOCOL ( RARP) K. PALANIVEL Systems Analyst, Computer Centre Pondicherry University,

SNMP (Simple Network Management Protocol) based Network Management

Chapter 11: Network Address Translation for IPv4

Binary Floor Control Protocol BIS (BFCPBIS)

PAA-2-EP protocol PANA wg - IETF 58 Minneapolis

Advanced Computer Networks

Virtual Private Networks (VPN)

Outline Basics of network security Definitions Sample attacks

Transport Layer 9/22/2019.

IETF-104 (Prague) DHC WG Next steps

IETF 87 DHC WG Berlin, Germany Thursday, 1 August, 2013

Presentation transcript:

47th IETF - Adelaide Chris Lonvick clonvick@cisco.com Syslog BoF 47th IETF - Adelaide Chris Lonvick clonvick@cisco.com

Agenda Agenda bashing Introduction and Level Setting -30 minutes Definition, Use and History Perceived Weaknesses Goals of a Secure Syslog Working Group -20 minutes Proposed Charter and Subsequent Bashing Proposed Deliverables, Timetable and Subsequent Bashing

Syslog Use Event Notification Common OS devices (e.g. Unix, Linux, NT, etc) and their applications Routers Switches Firewalls Printers Thin clients

Generally Accepted Syslog Packet Contents Facility & Severity (required) Time (usual) Message (required)

Syslog Protocol UDP/514 Stateless between the “Client” and “Server” No authentication of sender nor reciprocal authentication of receiver No acknowledgement of receipt No coordinated timestamping No standardized (or even suggested) message content or format

Syslog Protocol Potential Vulnerabilities (1) An Attacker may transmit messages (either from the machine that the messages purport to be sent from, or from any other machine) to a server to: fill the disk or otherwise overwhelm the server hide the true nature of an attack amidst many other messages give false indications of events

Syslog Protocol Potential Vulnerabilities (2) An Attacker may disable syslog message transmissions from a device to hide an attack on, or the compromise of the device

Syslog Protocol Potential Vulnerabilities (3) An Attacker may view, delete, modify, or redirect syslog messages while in transit to hide activities modify event times insert fictitious events determine the status of a machine/application

syslog References in RFCs RFC 1060/1340/1700 Assigned numbers - J.K. Reynolds, J. Postel RFC 1244/2196 Site Security Handbook - J.P. Holbrook, J.K. Reynolds / B. Fraser RFC 1912 Common DNS Operational and Configuration Errors - D. Barr RFC 1919 Classical versus Transparent IP Proxies - M. Chatel RFC 2072 Router Renumbering Guide - H. Berkowitz RFC 2179 Network Security For Trade Shows - A. Gwinn RFC 2194 Review of Roaming Implementations - B. Aboba, J. Lu, J. Alsop, J. Ding, W. Wang RFC 2669 DOCSIS Cable Device MIB Cable Device Management Information Base for DOCSIS compliant Cable Modems and Cable Modem Termination Systems - M. St. Johns, Ed.

Solvable Problems Message Authentication Message Integrity Feedback mechanism for verifiable receipt Confidentiality may be delivered through SSL/TLS or IPSec

Solutions Requirements Focus on the protocol Message content is outside the scope of this charter Deployment must not interrupt the existing mechanism

Goals of a Secure Syslog Working Group Proposed WG Charter

Description Syslog is a de facto standard for logging system events. However, the protocol component of this event logging system has not been formerly documented. While the protocol has been very useful and scaleable, it has some known but undocumented security problems. For instance, the messages are unauthenticated and there is no mechanism to provide verified delivery and message integrity. The goal of this working group is to document and address the security and integrity problems of the existing Syslog mechanism. In order to accomplish this task we will document the existing protocol. The working group will also explore and develop a standard to address the security problems. Message authentication can be addressed in well-known ways using shared secrets or public keys. Because an important component of any solution will be the ease of transition from the existing mechanism, we will initially explore the use of shared secrets within the existing protocol with the intent of not impacting non-participants. Verifiable delivery, message integrity and authentication can also be explored in a tcp-based message delivery protocol.

Goals and Milestones May 2000 Post as an Internet Draft the observed behavior of the Syslog protocol for consideration as a Standards Track RFC. Jul 2000 Post as an Internet Draft the specification for an authenticated Syslog for consideration as a Standards Track RFC. Aug 2000 Post as an Internet Draft the specification for an authenticated Syslog with verifiable delivery and message integrity for consideration as a Standards Track RFC. Dec 2000 Revise drafts as necessary and advance these Internet Drafts to Standards Track RFCs.