Download presentation
Presentation is loading. Please wait.
Published byKendall Sorrell Modified over 10 years ago
1
EDUCAUSE Security Professionals Conference 2007 Monkey-in-the-Middle Attacks on Campus Networks Andrew J. KortySean KrulewitchIndiana University April 12, 2007
2
Copyright © 2007 The Trustees of Indiana University. This work is the intellectual property of the authors. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the authors. To disseminate otherwise or to republish requires written permission from the authors.
3
Agenda What is a MitM attack? Target: Web authentication Target: Kerberos authentication Target: SSH protocol Prevention: Vendors Prevention: Sysadmins, site owners Prevention: Users Q&A Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints
4
What is a MitM attack? Short Definition: A Monkey-in-the-middle attack is when an attacker controls both sides of conversation, posing as the sender to the receiver *and* the receiver to the sender. Active attack, i.e., we’re writing data to the network Eavesdropping/Sniffing Insertion/Modification/Deletion Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints
5
Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints
6
Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints
7
Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints
8
Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints
9
Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints
10
Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints
11
Target: Web authentication Initial web page requested by user is not authenticated Vulnerability Attacker directs victim to location of attacker’s choice Exploit http form : https form action http GET : https 3xx redirect, meta REFRESH Common examples Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints
12
Common examples Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints
13
Common examples Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints
14
Common examples Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints
15
Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints
16
Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints
17
Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints
18
Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints
19
Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints
20
Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints
21
Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints
22
MitM: Web authentication demo Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints
23
Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints Kerberos example
24
Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints Kerberos example
25
Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints Kerberos at the console
26
Target: Kerberos authentication Kerberos responses are not validated Vulnerability Spoof ticket encrypted with key of attacker’s choice Exploit KDC Verify off Pam_krb5, mod_auth_kerb, etc. without a keytab Common examples Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints
27
Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints Spoofed ticket
28
MitM: Kerberos demo Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints
29
Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints SSH key agreement
30
Target: SSH protocol Client doesn’t verify host-key Vulnerability Attacker offers a different key from a spoofed server Exploit Fingerprints aren’t validated on new/changed host keys SSH servers in compatibility mode (i.e., version 1.99) Common examples Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints
31
Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints SSH – New key
32
Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints SSH – Key change
33
Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints SSH – New key type
34
Prevention: Vendors Target: Web authentication Check for https by default Disable unencrypted password submit Target: Kerberos authentication Required KDC Verification Target: SSH protocol Enforce StrictHostKeyChecking and offer stronger warning messages Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints
35
Prevention: Sysadmins, site owners Target: Web authentication Make https URLs obvious (i.e., the same) Disable http? Target: Kerberos authentication Always use keytabs Enable KDC verification Target: SSH protocol Deploy clients with StrictHostKeyChecking Pre-distribute keys of both types (RSA, DSA) Other prevention techniques DNSSEC SiteKey? Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints
36
Login improvement Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints
37
Prevention: Users Target: Web authentication Always try https first Use bookmarks Proxy Target: SSH protocol Always validate host-key fingerprints out-of-band Enable StrictHostKeyChecking Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints
38
HTTP::Proxy Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints
39
Q & A Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.