EN.600.424 Lecture Notes Spring 2016 Secure Network Design EN.600.424 Lecture Notes Spring 2016

Security! But How? Everyone wants a secure network. But how? “Whoever thinks his problem can be solved using cryptography, doesn’t understand his problem and doesn’t understand cryptography. — Attributed by Roger Needham and Butler Lampson to Each Other Let’s start our discussion by finding “vectors” Remember, Delivery/Vector Payload

How Are Networks Attacked? Automated attack vectors: Servers, services on TCP/UDP ports Vulnerabilities Misconfiguration Mobile code Compromised local machines Compromised third-party code/servers (e.g., Google hacking, DNS, update) Human attack vectors: Email Honeypot websites/downloads

Attacks On Local Networks Eavesdropping Many local protocols are still “in the clear” Masquerade as a machine with higher privileges Abuse shared resources The common problem is we generally have to assume trust locally Can’t be so “secure” that work doesn’t get done.

Protocol Attacks (Remote) Syn Flooding Principle: Perverse Incentives (see, e.g., spam) Smurfing (Fixed in 2007) Send packet to broadcast domain from target address Principle: Force Multiplier DDoS Principle: Brute Force? Spam (especially malicious/malware) TCP hijacking

Malware Attacks Virus, Worm, Trojan Horse Fred Cohen: Viruses can’t be stopped (Halting problem) Viruses work by corrupting real executables Virus polymorphism Worms spread using a known vulnerability Trojan horses look “useful” but aren’t Rootkit Especially used for botnets, etc Spyware and Adware

Approaches to Network Defenses Management Filtering Intrusion Detection Encryption (at rest and in motion) and protocols

Configuration Management Patches Updates Misc, such as disabling unsafe defaults, etc Disable unnecessary services Topology, architecture, network defense programs, etc Operational security: Training

Filtering Firewalls Only allow traffic that you know you need Packet Filters Application Firewalls (mostly obsolete) Deperimeterism Spam Filters Censoreware Don’t allow secrets out Wiretaps Maintain logs

AntiVirus/Malware Defenses Scanners Static Heuristics Emulation Checksummers System hardening Only allow writes to specific directories Block driver modifications, etc Anti-keylogging

Host/Network Deployments Antivirus can run on hosts Can also run on the network Mail server, especially Firewall, if it does content scanning Nowadays: Cloud See also Intrusion Detection Software (host-based, network based)

Intrusion Detection Use rules, heuristics to detect “anomalies” Generally, detects after the fact! Useful for generating subsequent signatures Often combined into firewalls now

Limitations for IDS Internet is “noisy”, see also, halting problem Too few attacks Software/version specific Encrypted, tunneled traffic Intelligent design

Cryptography SSH WiFi As you all know, WEP is broken. You should try it some time WPA is fairly safe in the right mode with the right config Homeplug (I used this…) IPSec TLS PKI Biggest problem with all of these? KEY MANAGEMENT

Side Bar: Data In Motion Protecting data as it moves from one node to another. Generally, this is done with network protocols, but can be “in the mail” Assumption is that the endpoints are secure Biggest issue is generally key management and authentication (of people and data)

Side Bar: Data At Rest Data stored at an endpoint, or in a temporary location Interesting issues with third parties: Insiders? Reliability/Availability Secure Fail? (fail open or fail closed?) Long term keys, passwords? Survivorship of access?