Transcript EE579S Computer Security
EE579T / CS525T Network Security 11: Intrusion Detection Systems; Wireless Security
Prof. Richard A. Stanley Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #1
Overview of Tonight’s Class
• Review last week’s lesson • Final Exam – On the web page – Due to me electronically in 2 weeks (26 Apr) • Project Scheduling – Presentations on 15 April – Keep presentations to 25 minutes including Q&A – Let’s have volunteers for each time slot, keeping in mind your work schedules • Intrusion detection systems • Wireless security Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #2
Summary
• SNMP is widely-used for managing clients distributed across a network • SNMPv1 is simple, effective, and provides the majority of SNMP service in the field • SNMPv2 adds some functionality to v1 • SNMPv3 is a security overlay for either version, not a standalone replacement • SNMP security is a major issue!
Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #3
Intrusion Detection Systems
• Oddly enough, these are systems designed to detect intrusions into protected systems • Security intrusion (per RFC 2828): – A security event, or a combination of multiple security events, that constitutes a security incident in which an intruder gains, or attempts to gain, access to a system (or system resource) without having authorization to do so.
Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #4
What’s a Security Incident?
• A security event that involves a security violation. (See: CERT, GRIP, security event, security intrusion, security violation.) • In other words, a security-relevant system
event in which the system's security policy is disobeyed or otherwise breached
. • "Any adverse event which compromises some aspect of computer or network security." [R2350] Source: RFC 2828, page 152; emphasis added Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #5
Why Do We Need This?
• With the exception of authentication systems, most of the defenses we have studied up to now are directed towards intruders coming from outside the firewall • These systems are not perfect--some intruders will get through • Moreover, defenses such as firewalls cannot protect against intruders on the inside Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #6
Intrusion Detection Functions
• Monitor protected networks and computers in real time (or as close to real time as is practicable) • Detect security incidents – Requires a policy, and a way for the IDS to know what that policy is • Respond – Raise an alarm – Send some automated response to the attacker Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #7
IDS vs. Auditing
• Audits tend to be
a posteriori
– But an IDS can be seen as performing a constant, near real time audit function • To perform an audit, you need to know what the policy is – Audits measure departures from the policy norms – Audits depend on system logs Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #8
Early IDS’s
• Emulated the audit function – Crawled the logs, looking for deviations from policy-permitted actions – Intent was to speed up the audit, making it nearly real time – Still a useful approach • IDS technology has been around only since the early 1990’s; not too mature Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #9
IDS Uses
• Monitor system usage – Determine access, usage patterns – Plan for capacity engineering • Monitor specific problem areas • Serve as a deterrent – Sort of like the “burglar alarm” label on a house, even if there is really no alarm Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #10
Log Files
• Are evidence if an intrusion occurs – Must be stored in their original, unmodified form, otherwise inadmissible in court – Provide data from which trends can be deduced – Can be subjected to forensic analysis – Probably needed to assess level of system compromise/damage and to restore to state prior to intrusion Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #11
Legal Issues - 1
• Privacy of your employees – Courts have held that employees have little expectation of privacy in the workplace, especially if told so at the outset • email can be monitored at work by employer • phone calls can be monitored at work by employer • doing either of these things outside the workplace violates the wiretap statutes (18 USC § 2516, etc.) Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #12
Legal Issues - 2
• What if the IDS discovers illegal acts being performed on/by your network?
– Employees using the network for illegal activities – Outsiders having planted zombie programs so that your system attacks others – What is your responsibility and liability?
Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #13
Legal Issues - 3
• This may be a Catch-22 issue – If an attacker is using your system, law enforcement may want you to continue to allow that to happen so they can apprehend the attacker • If you interrupt the attack, could be interpreted as obstruction of justice – But, if you allow the attack to continue, you may be liable for damages to those attacked • Get legal advice--beforehand!
Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #14
What About Automated Response?
• Tempting capability • If attacking your system is illegal, what makes your attack on the attacker in response less illegal?
• What if you are, or are acting on behalf of, a governmental entity and the attacker is also a governmental entity?
–
Casus belli
Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #15
Sensor
IDS Architecture
Management Console Sensor Sensor Sensor Sensor Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #16
Console
• Monitors and controls sensors – Sets policy, alarm levels, etc.
– Stores logs • Must have secure communications with sensors – Encrypted connection – Out of band (OOB) Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #17
IDS Types
• Network-based (NIDS) – Monitors the network backbone • Network node-based (NNIDS) – Monitors network nodes, not the backbone • Host-based (HIDS) – This is the “log crawler” that started it all • Gateway (GIDS) – NIDS in series with the network Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #18
What Can It See?
• Network packets • OS API calls • System logs • How do we merge this data to detect intrusions?
Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #19
Host-Based
• Sits on a host as a background task • Monitors (potentially) – traffic to and from the host – OS API calls – system logs • Adds to processing load on the host, so host must be able to support the extra load Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #20
Network-based
• NIDS sensors placed on network backbone – Can view only packet traffic passing by, much like a classic passive sniffer – Does not place processing load on network, but the NIDS platform must be capable of dealing with network traffic speeds • Software can usually handle 100 Mbps • Hardware only 2-3 times faster • If network is faster, looks only at subset of packets Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #21
Network Node-based
• Used to inspect intrusions directly into network nodes – Effectively a blending of HIDS and NIDS – Used to protect mission-critical machines – Again, a background process on existing nodes, so node must be able to handle added processing load Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #22
Gateway
• In series with network – Often set to block prohibited traffic automatically – Think of it as an in-network firewall with an extended rule set – Must be able to keep up with network load Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #23
Intrusion Protection Systems
• Latest trend in IDS technology • Idea is to use what the IDS identifies to change the network rules
ad hoc
, in theory preventing further exploitation • Very similar to GIDS Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #24
IPS Issues
• Attack signatures generally known only
a posteriori
• Heuristic analysis has not worked very well in other venues, such as virus detection • How long to maintain the “new” rules before reverting to the original ones?
• Exploitation of the IPS Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #25
Deployment
• Putting in an IDS is a complex and time consuming affair – Typically, start simple and add functionality as you learn more about the network – NIDS tends to see more and load network least – Follow up with HIDS on selected hosts, perhaps NNIDS on critical nodes • Policy has to be in place first Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #26
Attack Signatures
• Critical to success of any IDS • Must be maintained, just like virus signatures – You want some visibility into this – Do you want strangers deciding what is an attack on your critical systems?
• Some IDS’s let you write/modify signatures, others do not • CVE: http://www.cve.mitre.org/ Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #27
IDS Deployment
• First, design the IDS sensor and management layout • Next, deploy the IDS – Test the network for normal operation – Test the IDS • Run packaged attacks to see if all are detected • Document performance and repeat test regularly – Tune the IDS Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #28
Sampling of IDS Products
• RealSecure: http://www.iss.net/products_services/enterp rise_protection/rsnetwork/sensor.php
• NFR: http://www.nfr.net/ • Snort: http://www.snort.org/ • SnortSnarf: http://www.silicondefense.com/software/sn ortsnarf/ Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #29
IDS Summary
• IDS’s can be useful in monitoring networks for intrusions and policy violations • Up-to-date attack signatures and policy implementations essential • Many types of IDS available, at least one as freeware • Serious potential legal implications • Automated responses to be avoided Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #30
Wireless Network Security
• Wireless networks growing at a rapid pace – Gartner Group predicts wireless installations will multiply >7X by 2007 to over 31M • Business drivers – Installation cost and time – Mobility – Flexibility – Operating costs Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #31
Wireless Inherently Insecure
• Wired networks contain (or try) signals to a wired path, which must be physically tapped to compromise line security – Possible to physically discover the tap • Wireless networks deliberately broadcast data into space, where it can be intercepted by anyone with proper receiver – Data tap impossible to discover Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #32
This Isn’t New News
• Since early days, wireless vendors strove to provide privacy equivalent to that available on the wired network – WEP = wired equivalent privacy – This is not a high standard to meet • They succeeded, but that wasn’t good enough for user requirements Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #33
Wireless Security Issues
• How does a wireless network work?
• How can you “join up?” • What about the encryption?
• Can it
really
be secure?
Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #34
How It Works
• Clients send probes • Access points broadcast beacons and, often, their Server Set ID (SSID) • When a client finds an access point with an acceptable signal level and a matching SSID, a connection is established • Many networks are built precisely to facilitate connection by “foreign” users Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #35
Wireless LAN Elements
[AP] [STA]
EE579T/11 #36 Spring 2005 © 2000-2005, Richard A. Stanley
Origins of WEP
• Marketing and Political Issues: – Developed as part of a wireless LAN research project at Apple Computer, Inc..
– Eavesdropping was perceived as a barrier to market acceptance.
– Apple sells into a worldwide market so solution had to be exportable.
– NSA only allowed 40-bit encryption to be exported.
Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #37
Origins of WEP (cont.)
• Technical Issues: – Eavesdropping on wireless link => privacy and authentication problems.
– Multiple network protocols (in 1993) => solution required at data link layer.
– Data link layer is “best effort” => crypto-state (other than shared key) must accompany each frame.
Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #38
WEP Solution
• • Apple had unlimited RC4 license from RSA, Inc.
Method and apparatus for variable overhead cached encryption
, US Patent 5,345,508 applied for 23 Aug 1993, granted 6 Sept 1994.
• Licensed for export in mid-1994.
Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #39
Initialization Vector (IV) Secret Key Plaintext
WEP Encryption
IV + Seed PRNG RC4() Key Sequence Cache
(MAX_MSG_SZ)
+ Ciphertext Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #40
IEEE 802.11’s use of WEP
• IEEE runs by Robert’s Rules; “one man, one vote” • Simple majority required to add text, 75% vote to change text in draft standard • WEP introduced in March 1994 • Strong pushback in committee regarding cost and overhead of encryption • Dilution of proposal; privacy made
optional
Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #41
WEP Security Problems
• Papers submitted to 802.11 committee highlight the problems with WEP; “Unsafe at any Key Size” presented in October 2000 • 802.11 Task Group I formed to solve WEP security problems • Press gets wind of the issue • Public domain attacks; “war driving” Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #42
WEP Security Problems (cont.)
• Passive attacks to decrypt traffic based on statistical analysis • Active ‘known plaintext’ attack to inject new traffic from unauthorized mobile stations • Active attacks to decrypt traffic, based on tricking the access point • Dictionary-building attack; real-time automated decryption of all traffic after a day’s sampling Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #43
802.11 Task Group I
• Long term security architecture for 802.11
• Based on 802.1X authentication standard and two new encryption protocols (TKIP and CCMP) – Labeled Robust Security Network (RSN) • Uses Upper Layer Authentication (ULA) protocols outside the scope of 802.11i (e.g. EAP/TLS, PEAP) Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #44
Robust Security Network
Includes: • Better key derivation/distribution based on 802.1X
– For TKIP: per message 128 bit key derivation • Improved encryption (TKIP, CCMP) • Stronger keyed Message Integrity Checks – Custom MIC for TKIP with 22 bit effective strength – Strong AES based MIC for CCMP • IV sequencing to control message replay – 44 bits to avoid re-keying (4 bits for QoS) Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #45
RSN Data Privacy Protocols
• Temporal Key Integrity Protocol (TKIP) – a cipher suite enhancing the WEP protocol on pre-RSN hardware • Counter Mode/CBC-MAC Protocol – based on AES and Counter-Mode/CBC-MAC (CCM) – Mandatory for RSN compliance Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #46
802.1X
• Originally designed as port-based network access control for PPP • Provides support for a centralized management model • Primary encryption keys are unique to each station and generated dynamically • Provides support for strong upper layer authentication Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #47
802.1X Architectural Framework
• • Employs Extensible Authentication Protocol (EAP) – EAP built around challenge-response paradigm – operates at network layer = flexibility • Provides transport for ULA protocols – EAP/TLS, PEAP, EAP-TTLS, LEAP Two sets of keys dynamically generated – Session Keys, Group Keys Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #48
Authentication and Key Mgmt.
Supplicant
STA EAPoL Spring 2005 © 2000-2005, Richard A. Stanley Controlled Port Unauthorized Port Wired LAN Services
Authenticator
AP
Authentication Server
Uncontrolled Port AS RADIUS EAP EE579T/11 #49 EAP
Existing Solutions & Other Methods
• MAC address filtering • Access Point Placement • Virtual Private Networks (VPNs) Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #50
Enter The Wi-Fi Alliance
• Wi-Fi Alliance – nonprofit International association formed in 1999 • 176 member companies as of today • Mission: Certify interoperability of Wireless LAN products based on IEEE 802.11 specification Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #51
Wi-Fi Protected Access - WPA
• WPA is a response by the industry to offer strong and immediate security solution that would replace WEP • It is a subset of 802.11i draft standard and is going to maintain forward compatibility • Main idea - “Bring what is ready now to the market” • Increases the level of security for Wireless LAN • It is a standards-based, interoperable security specification Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #52
WPA
• Provides user authentication – Central authentication server (like RADIUS) – Via 802.1x and EAP • Improves data encryption – Temporal Key Integrity Protocol (TKIP) • Eventually will support full 802.11i compliance Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #53
802.11i Status?
• Many devices fielded since 2003 have silicon implementations in them to support full 802.11i
– Supports AES – Other features – Firmware updates should turn on features • Standard ratified in late 2004 Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #54
NetStumbler
Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #55
Exploitation Tools
• Wardriving: http://www.wardriving.com/ • Warchalking: http://www.warchalking.org/ • Airsnort: http://airsnort.shmoo.com/ • WEPCrack: http://wepcrack.sourceforge.net/ What other little “gifts” await us?
Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #56
Best Practice for now
• WEP is better than nothing; change keys often • Physical placement of Access Points • Upgrade firmware and drivers on APs and Wireless Cards as they are released • VPN (treat wireless users as you would dial-in users) • Check for 802.1x support before buying Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #57
Wireless Security Summary
• It’s a problem, owing to the nature of wireless transmission • So far, security implementations have left a lot to be desired • Project presentations will provide added details • Growth is explosive, both in legitimate and illegitimate wireless activity Spring 2005 © 2000-2005, Richard A. Stanley EE579T/11 #58