COMP3123 Internet Security Richard Henson University of Worcester November 2010

Week 7: Communications: Securing LAN–LAN data using VPNs and secure protocols n Objectives:  Relate Internet security problems to the TCP/IP protocol stack  Explain Internet security solutions that use the principles of a VPN  Explain Internet security solutions at OSI levels above IP routing

Security and the OSI layers n Actually 7 layers in original OSI model… n Unix TCP/IP leaves out level 1 (physical) level 2 (data link), and level 5 (session) TELNETFTP NFSDNS SNMP TCP (transport) UDP IP (network) SMTP

TCP/IP and the Seven Layers n TCP (Transport Control Protocol) and IP (Internet Protocol) only make up part (layers 3 & 4) of the seven layers  lower layers are required to interface with IP to create/convert electrical signals  upper layers interface with TCP to produce the screen display n Each layer interface represents a potential security problem… IP hardware screen TCP

Intranets n Definition:  An in-house Web site that serves the employees of the enterprise. Although intranet pages may link to the Internet, an intranet is not a site accessed by the general public. n Achieved by organisations using http to share data in a www-compatible format n Implemented as:  single LAN with a web server  several interconnected LANs »cover a larger geographic area »use secure user authentication »use secure data transmission system

Extranets n Definition:  organisational web sites for employees and existing customers rather than the general public n An extension of the Intranet to cover selected trusted “links”  e.g. for an organisation the “trusted” links might be to customers and business partners  uses the public Internet as its transmission system, but requires passwords to gain access n Can provide access to:  paid research  current inventories  internal databases  OR virtually any information that is private and not published for everyone

Issues in creating an Extranet n As with the Intranet, use of public networks means that security must be handled through the appropriate use of secure authentication and transmission technologies… n Private leased lines between sites do not need to use http, etc.  therefore more secure, but expensive (BALANCE) n If using the Internet…  can use client-server web applications across different sites  BUT security issues need resolving

Securing Authentication through Extranets n Kerberos and trusted domains…  Windows 2000 Solution: n Potential security problem…  several TCP ports used for e.g. Kerberos authentication when establishing a session… n Solution:  firewall configured to allow relevant ports to be opened only for “trusted” hosts

Securing Sharing of Data through Extranets n An Extranet client uses the web server & browser for user interaction  standard level 7 www protocol to display html data n Raw HTML data will pass through the firewall to the Internet  could be “sensitive” for the organisation… n Under IETF guidance, developers came up with RFCs for a secure version of http…  standardised as http-s (secure http)

The Internet generally uses IP - HOW can data be secured? 2010: more than 600 million hosts!

Securing the Extranet n Problem:  IP protocol sends packets off in different directions according to: »destination IP address »routing data  packets can be intercepted/redirected n Solution:  secure level 7 application layer www protocols developed »https: ensure that pages are only available to authenticated users »ssh : secure download of files »sftp: as above  secure level 4 transport (TLS) protocol to restrict use of IP navigation to only include secure sites n Protection against interception at lower OSI layers  Virtual Private Networks: use of level 2 & 3

SSH (Secure Shell) n Designed 1995, University of Helsinki, for secure file transfer SSH-1  server listens on TCP port 22  runs on a variety of platforms n Enhanced version SSH-2  using the PKI  including digital certificates  RFC 4252 – recent, 2006 n By contrast, Telnet and FTP:  can use authentication  BUT DO NOT use encrypted text…

Secure http (http-s) n IETF set up WTS (Web Transaction Security) in 1995 to:  look at proposals for a secure version of http  ensure secure embedding of any emerging protocol with HTML n Proposals agreed in 1999  defined as: »RFC #2659 – secure HTML documents »RFC #2660 – the secure protocol itself

More about Secure http n Modification of http:  works with Netscape’s SSL/TLS and the PKI  ensures security of HTML data sent through the Internet n When a browser requests a web page…  normally, just downloaded  HOWEVER, if the page is held on a HTTP-S server it must be downloaded using the https protocol »will ONLY be downloaded and displayed if its URL has been authenticated and certificated n Authentication handled by a PKI-affiliated body (e.g. Verisign)  therefore considered to be very secure

SSL (Secure Sockets Layer) n Developed by Netscape in 1995  so browsers could participation in secure Internet transactions  soon became most commonly used protocol for e- commerce transactions  still not been accessed by hackers (so far…) n Excellent upper layer security:  RSA public key en/decryption of http packets at the session layer (OSI 5) before sending/after receiving between Internet hosts  PKI-compatibility means that digital certificates are supported as well

Extending SSL n SSL standard submitted by Netscape to IETF for further development  working party set up in 1996  worked with Netscape to standardise SSL v3.0 »RFC draft same year  agreed standard RFC #2246: TLS (Transport Layer Security) n TLS was the result of IETF development of components of Netscape’s SSL lower down the OSI layers »SSL – level 5 »TLS – level 4

Secure HTTP, SSL and TLS n Together, HTTPS/SSL/TLS can provide a secure interface between TCP (level 4) and HTML (level 7)  very secure conduit for message transfer across the Internet…

VPNs: restricted use of the Physical Internet VPN shown in green

VPNs (Virtual Private Networks) n Two pronged defence:  physically keeping the data away from unsecured servers… »several protocols available for sending packets along a pre-defined route  data encapsulated and encrypted so it appears to travel as if on a point-point link but is still secure even if intercepted n Whichever protocol is used, the result is a secure system with pre-determined pathways for all packets

Principles of VPN protocols n The tunnel the private data is encapsulated n The tunnel - where the private data is encapsulated n The VPN connection - where the private data is encrypted

Principles of VPN protocols n To emulate a point-to-point link:  data encapsulated, or wrapped, with a header »provides routing information »allows packets to traverse the shared public network to its endpoint n To emulate a private link:  data encrypted for confidentiality n Any packets intercepted on the shared public network are indecipherable without the encryption keys…

Potential weakness of the VPN n Once the data is encrypted and in the tunnel it is very secure n BUT  to be secure, it MUST be encrypted and tunnelled throughout its whole journey  if any part of that journey is outside the tunnel… »e.g. network path to an outsourced VPN provider »obvious scope for security breaches

Using a VPN as part of an Extranet

Using a VPN for point-to-point

Using a VPN to connect a remote computer to a Secured Network

VPN-related protocols offering even greater Internet security n Two possibilities are available for creating a secure VPN:  Layer 3: »IPsec – fixed point routing protocol  Layer 2 “tunnelling” protocols »encapsulate the data within other data before converting it to binary data: n PPTP (Point-point tunnelling protocol) n L2TP (Layer 2 tunnelling protocol)

IPsec n First VPN system  defined by IETF RFC 2401  uses ESP (encapsulating security protocol) at the IP packet level n IPsec provides security services at the IP layer by:  enabling a system to select required security protocols (ESP possible with a number of encryption protocols)  determining the algorithm(s) to use for the chosen service(s)  putting in place any cryptographic keys required to provide the requested services

More about IPSec in practice n Depends on PKI for authentication  both ends must be IPSec compliant, but not the various network systems that may be between them… n Can therefore be used to protect paths between  a pair of hosts  a pair of security gateways  a security gateway and a host n Can work with IPv4 and IPv6

PPTP n Sponsored by Microsoft  proposal submitted for consideration by IETF n Extension of PPP  Uses PPP authentication and Microsoft’s own encryption  allow organisations to extend their own corporate network by using private “tunnels” over public Internet  effectively using WAN as a single large LAN n Claimed to provide a secure connection over public networks  but not universally accepted as secure…

L2TP n Microsoft hybrid of:  their own PPTP  CISCO’s L2F (layer 2 forwarding) n With L2TP, IPSec is optional:  like PPTP: »it can use PPP authentication and access controls (PAP and CHAP!) »It uses NCP to handle remote address assignment of remote client  as no IPSec, no overhead of reliance on PKI

Implementation of Secure HTTP n Like http, http-s is a client-server protocol  Server end: »PKI-compliant Web Server configured to provide https access »valid server certificate to authenticate server to client  Client end »browser needs to be able to identify & authenticate secure http traffic: n URL header n “lock” sign at bottom of screen

Configuring a Web Server for https… n Any properly configured web server will offer unsecured links to many www pages (http) n A secure web server can ADDITIONALLY offer secure links to specified folders (https)  BUT… it must first acquire that PKI server certificate from e.g. Verisign or an affiliate…  the server certificate needs to be viewable by a client browser to verify trust in the web page provider

IIS Configuration to support SSL and https n A “wizard” drives the whole process  need administrator access to IIS in “webserver” mode  access the “directory security” tab  click on “server certificate”… »and the process begins n Once IIS has downloaded & installed that server certificate, developments of a secure website can begin in specific folders

Web Server Configuration for client-end https n IF the webserver is properly configured for https…  IS username/password protected  HAS a Server Certificate… »viewable by client browsers not revoked or out of date n THEN, via username/password authentication  browser will allow https access via the web  “lock” symbol appears below the web page display »click on “lock” symbol for server certificate details n Otherwise, a “not authorised” message will be displayed

The Server Certificate n Both encryption and identity checking require the owner of the server to obtain and install a Digital SSL (Server) Certificate  more expensive than a personal certificate  Verisign again a suitable source… n SSL Certificate has to be:  downloaded from source website  installed onto the relevant web server  authenticated by a named individual (administrator?) at the server end

Ways to “sign” an SSL Certificate n Three possibilities:  Commercial »usually recognised silently by browsers, with no pop-up or alert  Self-signing »almost always produce an alert on the browser »shows the identity asserted (but not proved) by the server owner »the user is likely to be offered the option to recognise this certificate in future (effectively silencing the alert)  Organisation-signed »also likely to result in an alert that names the organisation »an organisation with an existing relationship with most of its users can instruct them to configure their browsers to silently recognise certificates signed by their own organisation