Professional Documents
Culture Documents
Cryptography
Network Security Page Network Security Tools . . . . . . . . . . . . . . . . . . . . . . . . 2 Network Security Related Standards . . . . . . . . . . . . . . . 3 Authentication Schemes . . . . . . . . . . . . . . . . . . . . . . . 3 Authorization Policy . . . . . . . . . . . . . . . . . . . . . . . . . 4 Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Perimeter Security . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Content Inspection . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Data in Motion Security . . . . . . . . . . . . . . . . . . . . . . . 8 Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Wireless Security Issues . . . . . . . . . . . . . . . . . . . . . . 10 Incident Response . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Glossary of Network Security Terms . . . . . . . . . . . . . . . 12 Security Threats Threat Categories . . . . . . . . . . . . . . . . . . Profiles . . . . . . . . . . . . . . . . . . . . . . . . Info Gathering Techniques . . . . . . . . . . . . Impersonation / Spoofing . . . . . . . . . . . . Social Engineering (Attacks against people) Computer Virus . . . . . . . . . . . . . . . . . . . Avenues of Attack . . . . . . . . . . . . . . . . . Vulnerabilities . . . . . . . . . . . . . . . . . . . . General Hacking . . . . . . . . . . . . . . . . . . Denial of Service . . . . . . . . . . . . . . . . . Cracking . . . . . . . . . . . . . . . . . . . . . . . Hybrid Techniques . . . . . . . . . . . . . . . . . Piracy & Digital Rights Management (DRM) . Noteworthy Organizations & Response Teams Web Site Hacking . . . . . . . . . . . . . . . . . Physical Threats . . . . . . . . . . . . . . . . . . Glossary of Security Threats Terms . . . . . . .
. . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . .
24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
Cryptography Basic Functionality of Crypto . . . . . . . . . . . . Crypto Primary Function . . . . . . . . . . . . . . . Symmetric/Asymmetric Function . . . . . . . . . . Trust Models . . . . . . . . . . . . . . . . . . . . . . . Certificate Comparison . . . . . . . . . . . . . . . . Secure Messaging with Public Key Cryptography Public-Key Infrastructure & Digital Certificates Relative Strength Comparisons . . . . . . . . . . . ISO Reference/Security Protocols . . . . . . . . . Related Standards . . . . . . . . . . . . . . . . . . . IKE: Key Negotiation . . . . . . . . . . . . . . . . . Time Stamping . . . . . . . . . . . . . . . . . . . . . Protocol Using Crypto . . . . . . . . . . . . . . . . Secure Messaging . . . . . . . . . . . . . . . . . . . Glossary of Cryptography Terms . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
. . . . . . . . . . . . . . .
46 47 48 49 50 51 52 53 54 55 56 57 58 59 61
About Symantec
Symantec, a world leader in Internet security technology, provides a broad range of content and network security solutions to individuals and enterprises. The company is a leading provider of virus protection, firewall and virtual private network, vulnerability management, intrusion detection, Internet content and e-mail filtering, remote management technologies and security services to enterprises around the world. Symantecs Norton brand of consumer security products leads the market in worldwide retail sales and industry awards. Headquartered in Cupertino, Calif., Symantec has worldwide operations in 37 countries. For more information, please visit www.symantec.com.
Network
ESM, crack, localmail, smrsh, logdaemon, npasswd, op, passwd+, S4-kit, sfingerd sudo, swatch, watcher, wuftpd, LPRng Firewall, Proxy amd Filtering Tools: Raptor, fwtk, ipfilter, ipfirewall, portmap v3, SOCKS, tcp_wrappers, smapd Network-Based Vulnerability Assessment Tools: NetRecon, nmap, nessus, SATAN, Internet Scanner Encryption Tools: md5, md5check, PGP, rpem, UFC-crypt One-Time Password Tools: OPIE, S/Key Secure Remote Access and Authorization Tools: RADIUS, TACACS+, SSL, SSH, Kerberos
IETF:
IETF:
ANSI (ISO/IEC):
ANSI
NCITS (ITI): Information Technology (includes X3, NCITS, ANSI/ISO) ANSI NCITS 118-1998 Personal Identification Number X9 TG-8-1995 Check Security Guideline X9 TG-5-1992 Information Security ISO/IEC TR 13335: Management of IT Security ISO/IEC 9979: Registration of crypto algorithms ISO/IEC 9798: Authentication, D-Sig... ISO/IEC 9797: Message Authentication Codes ISO/IEC 15408: Common criteria for IT ISO/IEC 14888: Digital Signatures ISO/IEC 11770: Key management ISO/IEC 10118: Hash Functions ISO 9735: Electronic data interchange (EDIFACT) ISO 13491: Banking, Mag stripe card systems ISO 10202: Financial transaction cards
BS7799:
http://www.bsi-global.com/group.xhtml http://www.c-cure.org
W3C:
http://www.ietf.org/
Working Groups: Open Specification for PGP (openpgp) Authenticated Firewall Traversal (aft) Common Authentication Tech (cat) IP Security Policy (ipsp) IP Security Protocol (ipsec) IP Security Remote Access (ipsra) Intrusion Detection Exchange (idwg) Kerberized Internet Negoc. Keys (kink) Kerberos WG (krb-wg) One Time Password Authentication (otp) Public-Key Infrastructure (X.509) (pkix) S/MIME Mail Security (smime) Secure Network Time Protocol (stime) Secure Shell (secsh) Securely Available Credentials (sacred) Sec Issues Network Event Log (syslog) Simple Public Key Infrastructure (spki) Transport Layer Security (tls) Web Transaction Security (wts) XML Digital Signatures (xmldsig)
British Standard BS7799, first published in February 1995, revised May 1999. "Code of Practice for Information Security Management", due to become an international standard (ISO/IEC 13335). 1. Business Continuity Planning 2. System Access Control 3. System Dev & Maintenance 4. Physical & Environmental 5. Compliance 6. Personnel Security 7. Security Organization 8. Computer & Network Management 9. Asset Classification
W3C Security http://www.w3.org/Security/ Platform for Privacy Preferences (P3P) XML-Signature WG (xmldsig) Metadata Public Policy Role PICS Signed Labels (Dsig) Vendor-Driven Secure XML S2ML, AuthXML
Threats
Common Criteria:
http://csrc.nist.gov/cc/ (CTCPEC, FC, TCSEC and ITSEC Common Criteria for Information Technology Security Evaluation (CC) version 2.1, (ISO) 15408 Smart Card Security Users Group (SCSUG): SCSUG Smart Card Protection Profile: SCPP v2.0
IEEE:
http://ieee-security.org/ 802.10c LAN/MAN Security (SILS) Key Management 1363-2000 Public Key Cryptography 1244.2 -2000 MMS session Security
CVE:
CVE:
http://www.cve.mitre.org/ A list of standardized Names for publicly known vulnerabilities and other information security exposures
WAP:
WAP
http://www.wapforum.org Wireless Transport Layer Security (like SSL) Class1: Anonymous Auth, Class 2: Server Auth, Class 3: Client Auth WPKI: Wireless PKI, (Like IETF PKIX) WML: Wireless Mark-up Language WML Script Crypto Library
Cryptography
Network
3. Authentication Schemes
Authentication enhancements
Two-factor authentication Password and token, or biometric and password One-time passwords Single sign-on Challenge Response Methods
4. Authorization Policy
POLICIES
IDENTITIES
Threats
Gatekeepers such as Network Access Servers, Routers, remote access server, Dial-In devices possibly linked via LDAP to a directory or database
DEVICES
Cryptography
1. 2. 3. 4. 5. 6.
Simple permission rights (read, write, delete) (ACL): Access Control List Operating systems (NT or UNIX) functions, NT active directory Single sign-on schemes Object oriented databases (Active Directory - NDS) Privilege Management Infrastructure: (PMI)
METHODS
Network
5. Administration
Routine Basis
12 9 6 3
V.
Periodical
Minimal
Properly configured event & alarm notification utilities on critical devices (Servers, Routers, Firewalls) Apply security patches
6
Techniques to prevent unauthorized access and unwanted payloads to and from a network.
Threats Cryptography
INTERNET
Network
Packet-filtering Firewall Controlling access to and from a network by analyzing the incoming and outgoing packet headers (IP address & port #) and letting them pass or blocking the packets. Statefull Inspection Analyze, track and follow each connection in a statetable and monitor for policy violations Proxy-based Firewall / Server Terminates all sessions entering and leaving a network, and reestablishes those sessions using its own version of the protocol. This ensures that the protocol is authentic according to the firewall and limits the services function.
Intrusion Detection System (IDS) A near real-time detection system either network-based, host-based or combination of both, that provides notification of an attack or exploit. It should promptly diagnose & notify the staff when an attack is in progress. Remote Access Server (RAS), Access Control Server Enables users to connect to a private network using a modem and supports protocols like TCP/IP, IPX, and NetBeui. VPN clients over the Internet to a corporation network are taking over traditional RAS connections. Application Gateway An application specific process providing proxy and translation services.It can apply security to specific applications, such as FTP and Telnet servers. Content Inspection Device A device that inspects data for unwanted payloads (Virus), blocks specific URLs, blocks pre-identified fingerprinted data, or performs key-word search & blocking. The device inspects both incoming and outgoing data. Air Gap Techniques A device that sits in between internal & external networks transferring data between the networks. Using shared memory to maintain a physical barrier between the networks. Imagine someone swapping floppy disks between two machines really quickly. Demilitarized Zone (DMZ) A segment of the network that sits between the Internet and an internal network's line of defense. Typically, the DMZ contains devices accessible to Internet traffic, such as Web (HTTP) servers, FTP servers, SMTP (e-mail) servers and DNS servers.
VPN Server / Router A device to create a secure private network over public networks to connect nodes. These systems use encryption and other security mechanisms to ensure that only authorized users can access the network and that the cipher text data in transit is unintelligible. Circuit-level Gateway Creates a client / server connection without interpreting the application protocol, similar to Packetfiltering. Once the connection has been made, packets can flow between the hosts without further checking. Network Address Translator (NAT) Changes internal addresses, which might not be routable, to a valid external address for delivery over a public network. It also changes the external address to an internally useable format. NAT provides a basic type of firewall by hiding internal IP addresses.
7. Content Inspection
Source
1
Payload
Malicious Code Virues Macros Trojans Active content Mobile code
Te c h n o l o g i e s
Signatures Heuristics Keyword search Script based behavior blocking & recognition Patter n matching of known targets via overlapping hash values Suppor t vector machine analysis Allow /Deny Lists
(Web site or E-mail)
Threats
Inbound
We b P a g e
2 Unwanted Content Inappropriate Material Confidential Spam Non-Work related Redundant messages (Jokes) Large files (Videos)
DDR
TM
Files
Cryptography
Network
Network Server
END STATION (E.S.) INTERMEDIATE STATION (I .S.) Internet Cloud
LNS
END STATION (E . S. )
10
Certifying Authority
(Issues, Revokes Certificates)
IPsec Manager
(Creates, Modifies, Deletes Security Associations/Rules)
IPsec Host
Any Networked Device
Edge Device
(Firewall/Router)
V P N - V i r t u a l P r i v a t e N e t w o r k ( Tu n n e l - M o d e )
E n d - t o - E n d ( Tr a n s p o r t - M o d e )
LT2P PPP IP
Po l ic y Ag e n t
P ol i c y A g e n t
Threats
11
A p p l i c a t i on
Tr a n s p or t TCP/UDP
IP S e c D r ive r
IPSec Driver
Cryptography
IP HDR
Tu n n e l M o d e
D a ta
IP HDR
Data
Transport Mode
New IP HDR
IPSec HDR
IP HDR
Data
IP HDR
IPSec HDR
Encr ypted
Network
c) SSL (TLS)
SSL/TLS
(https://)
Browser
First time exchange of messages with no client authentication no session id, no client authentication
12
Message Type Direction Data Transferred
challenge data connection-id, server-certificate, cipher-specs cipher-kind, clear-master-key, {secret-masterkey} server-public-key {connection-id} client-write-key {connection-data} server-write-key {session-id} server-write-key
9. Best Practices
Rules to Live by
1. Top Management MUST buy into the security initiative 2. Meet standard of due care 3. Some degree of security is better than nothing 4. Nothing is completely secure, so why aim for perfection 5. Youre only secure as your weakest link 6. Security is an Investment, not an expense 7. Protect valuable assets against probable threats 8. Layer security solutions by users & app plus logical entities
L
Intranet
min
o
Ad
istrative Autho
rit
mm Sys tem l Co ca
End Systems
Threats
Internet
13
Developing a Plan 1. Preparation Create Security Usage Policy Conduct Risk Analysis Establish a Security Team Structure 2. Prevention Approving Security Changes/Modifications Ongoing Monitoring & Administration 3. Response Security Violations Restoration Review & Forensics Security Usage Policy Risk assessment Security architecture guide
Cryptography
Periodic re-evaluation
Network
Threats
Threat: Eavesdropping (2-5 MHz at 1w) Protection: Threat: Location independence, attackers physical location flexibility Protection: Link-level ciphering by MAC-entities Authentication mechanism is critical
Threat: Employees cobbling together wireless net without IT involvement Protection: Notify employee of corp. regulations and scan for devices Threat: Spamming a carriers wireless customers Protection: Use content filtering technology (BrightMail) Threat: Denial-of-Service via powerful interference transceiver Protection: Very expensive tempest or faraday environment or use of spread spectrum transmission (direct sequences)
14
WAP (WTLS, WPKI) TDMA (EPE: Enhanced Privacy and Encryption) SME: Message Encryption, CMEA: Cellular Message Encryption Algorithm CAVE: authentication algorithm, DCCH: Digital Control Channel DTC: Digital Traffic Channel keys, VPM: Voice Privacy Mask
Security Protocols
802.11 WEP
Services
Accounting, Billing, WAP, SMS (Short Message Service), AntiVirus, Content Filtering, Vulnerability Assessment, IDS Free-Based Local Area Access, Network Management, AntiVirus, Content Filtering, Vulnerability Assessment, IDS
Device O/S
General OEMed Multivendor: Palm, PocketPC (MS-CE), EPOC MOBILE PHONE PROPRIETARY: Nokia, Motorola, Ericcson Other: iMODE (DoCoMo), StarFISH MS-Windows, Palm, PocketPC (MS-CE), Psion, EPOC
Transmission
VOICE-CENTRIC W/SLOW DATA: TDMA, CDMA, GSM DATA-CENTRIC W/VOICE: CDPD, EDGE, GPRS BROADBAND VOICE/DATA: UTMS (3G-G3PP, 3GPP/2) IEEE 802.11, IrDA, BlueTooth
VOICE-CENTRIC W/SLOW DATA: TDMA, CDMA, GSM DATA-CENTRIC W/VOICE: CDPD, EDGE, GPRS BROADBAND VOICE/DATA: UTMS (3G-G3PP, 3GPP/2)
Application
Application
Application
Threats
RFCOMM
Security Manager
4
Service Database
15
Device Database
L2CAP
1 6 5
1. 2. 3. 4. 5.
Connect request to L2CAP L2CAP request access from the security manager Security manager: lookup in service database Security manager: lookup in device database If necessary, security manager enforces authentication and encryption 6. Security manager grants access 7. L2CAP continues to set-up the connection
Cryptography
Network
8. Collect and protect information associated with an intrusion 9. Apply short-term solutions to contain an intrusion 10. Eliminate all means of intruder access 11. Return systems to normal operation 12. Identify and implement security lessons learned Computer Forensics (After the fact, Preserve data for admissibility) Rules
1. Never mishandle evidence 2. Never work with the original evidence by using Ghost to make copy disks and work with ghosted copy 3. Never trust the suspects operating system, (use a forensic Boot Disk) 4. Document everything!
Lessons
Threats
17
Prepare Policy
Prepare Policy
Cryptography
Time
T0
T1
T2
T3
Tn
Tn+1
Network
18
Threats Cryptography
19
Network
20
Smart Card: A credit-card sized device containing one or more integrated circuit chips, which perform the functions of a computer's central processor, memory, and input/output interface. SMS (short message service): A globally accepted wireless service for transmitting alphanumeric messages between mobile and external systems. SOCKS: An Internet protocol [R1928] that provides a generalized proxy server that enables client-server applications. Survivability: The ability of a system to remain in operation or existence despite adverse conditions. Standards for Interoperable LAN/MAN Security (SILS): A developing set of IEEE standards including security management, Secure Data Exchange protocol, Key Management, SDE Sublayer Management, SDE Security Labels, and PICS Conformance. Strength of Function (SOF): A qualification of a TOE security function expressing the minimum efforts assumed necessary to defeat its expected security behavior by directly attacking its underlying security mechanisms. S/WAN (Secure Wide Area Network): RSA Data Security, Inc. driven specifications for implementing IPSEC to ensure interoperability among firewall and TCP/IP products. S/WAN's goal is to use IPSEC to allow companies to mix-and-match firewall and TCP/IP stack products to build Internet-based Virtual Private Networks (VPNs). System Integrity: The quality that a system has when it can perform its intended function in a unimpaired manner, free from deliberate or inadvertent unauthorized manipulation. TACACS+ (Terminal Access Controller Access Control System): a protocol that provides remote access authentication, authorization, and related accounting and logging services, used by Cisco Systems.
Threats Cryptography
21
Network
22
Threats Cryptography
23
Network
1. Threat Categories
SECURITY THREATS
Human
Non-Human (Hardware/Software/Network) Bugs, Trap Doors Product Failure (MTBF) A/C or Power Failure
(events that can be open security Breaches)
Threats
Malicious
Non-Malicious
24
Ignorant Employees
The Culprits
Corporate Spies Governments
(Intelligence Agencies)
Skill
Med- High High Med High Med - High Low Med - High Med - High Med - High Med - High
Knowledge of target
Med - High Med - High High Med Med Low High Med No target Med - High
Resources
Med - High High Med Med - High Med Low Med Med Med Lo - Med
Motivation
Financial, Competitive Gain National Interests Financial, Revenge Religious, Political Ideals Financial, control/power Intellectual curiosity, recognition Recognition, professed security improvement Playing both black & white hat roles, for hire or not Improved Security
(but write tools that are used by Novices)
(Employees, Contractors) NOTE: Usually they have authority and access to some degree 25
(Script Kiddie, Wannabe) NOTE: They have lots of time and are dangerous because they dont always know what they are doing
Cryptography
Hacktivist
Network
Social Engineering techniques to gather account numbers, passwords, etc. Accessing Public Material
1. Government websites, search engines, InterNIC and other online services 2. Bulletin boards, log-in screens, phone directories, articles, news clippings, financial statements 3. Investigative services
Threats
IP Address Scanning; ping, TJping, traceroute Port Scanning; Ultrascan, NMAP, Slow Scan Attack, used to avoid detection Utilities & Unix/NT Commands; Finger, Netstat, Rpcinfo, nslookup, whois, Browser to View Source,
26 Telnet to connect to any available port and see what you get, for example s/w version numbers expn root @foo.com, rlogin, rsh, rexecd, look for /etc/shadow, /etc/passwd, /etc/aliases and try to mail these files back to yourself
Man-in-the-middle;
Packet sniffing via protocol analyzers (ethfind, sniff, netmon, tcpdump, for example) that have: 1. Physical network access: tapping in via a phone closet, unused network jack, or cable modem 2. Compromise a host in the network path 3. Rerouting data via spoofed RIP, DNS, or ICMP redirect packets War Dialing; an automated tool that finds internal modems to exploit. ToneLOC, AIO, Modem Hunter and Demon Dialer are other examples
Rogue Applications; GetAdmin, NetBUS, BackOrifice to get info, passwords... Dumpster Diving; After hours digging through corporate trash Shoulder Surfing; or overhearing conversations on Airplane, Bus, Restroom, anywhere in public Malicious Web Crawlers; search internet for vulnerable web sites (ie cgi bin vulnerabilities)
4. Impersonation / Spoofing
Type of spoof
Email
Scenario
Send bogus message with a fake From line to an SMTP server Attacker sends email via anonymous remailer account Use someone else's login and password to get on a host Send bogus RIP or ICMP redirect packets to a router, or send a source-routed packet to a host Send bogus email to the InterNIC requesting bogus domain name change or alternate IP address Send an unsolicited reply containing a bogus domain name/address pair to victim's DNS server Send a packet with a bogus source IP address to a trusting host Attacker inserts bogus packets into an established sesson, HUNT and Juggernaut are examples Attacker creates a shadow copy of the entire website, traffic is funneled through the attackers machine, allowing monitoring of the victims activities, passwords, account numbers
How to prevent it
Check source IP address of raw message or use digital signatures Use digital signatures
Anonymous remailer
No authentication in SMTP
Login
Protect passwords or use strong authentication Don't use them with untrusted networks
Routing
No authentication in RIP, ICMP redirects, source routed packets InterNIC doesn't fully authenticate unless customer requests it No authentication in DNS
Third party
Have InterNIC authenticate changes to your domain Use modified DNS that doesn't cache entries
27
DNS spoofing
IP address
Cryptography
Session hijacking
Encrypt sessions
A "man in the middle attack" where the attacker rewrites all of the URLs on some Web page so that they point to the attacker's server rather than to some real server
Disable JavaScript, make sure your browser's location line is always visible, pay attention to the URLs displayed
Network
The 10 Attack
Using a sexually attractive individual to gain info or access
Rubber-Hose Attack
Brute force, threatening, gun-to-head or blackmail
Pay-olla Attack
Bribery, plain and simple $$$
Threats
Baiting someone to add, deny or clarify pseudo knowledge of the attacker, claiming to know more than you do, to solicit more info
28
Persistent Attack
12 9 6 3
Continuos harassment using guilt, intimidation and other negative ways to reveal info
Stake-Out Attack
Analyzing activity over time, people movement & actions, deliveries of supplies
6. Computer Virus
Classes of Viruses
Pure Virus Malicious program that inserts some or all of its own code into another file. These "infected" files are usually program files or data files that contain executable content. Worm Malicious program that has the ability to distribute itself to other users. The most common method of distribution is email. Trojan Horse Malicious program that masquerades as a useful or fun program, but actually performs malicious activity, such as destroying data. Although there are three distinct classes of malicious programs, sometimes virus writers create programs that have attributes of more than one class, such as a trojan horse that deletes files and sends itself out to other users via email.
Malicious Activity
Network-aware infection Mass mailing
Description
The ability to enumerate available network file stores and infect files on those stores. Sends emails out to other users, usually with the malicious code body embedded in or attached to the email. Various files are removed from the system or corrupted. The files that are targeted for deletion may be particular file types or all files on the system. Finds personal information, such as passwords or credit card numbers, and sends it to a predetermined email or Internet location. Hooks are inserted into various system components to allow monitoring or disabling of those components or possibly the alteration of their functionality. Sometimes hooks are used to automatically launch the malicious program. Attempt to flash the BIOS or erase the CMOS settings. Displays messages or graphics. Once installed on a system, these threats listen for commands coming from other computers and then execute them. Method that the virus writer users to falsely describe the malicious program to the user so that the user will be enticed to run the program.
Symptoms
Infected files detected on file servers or systems with open shares. Viruses with this capability can spread through a network rapidly. Email servers become slower and sometimes crash. The impact these types of threats have can be considered a denial of service attack. Programs may no longer launch; data files may no longer be available; general system instability.
Examples
W32.Funlove, W32.HLLW.Bymer, Worm.ExploreZip VBS.LoveLetter, Wscript.Kakworm, W32.Prolin.Worm, Worm.ExploreZip W32.Kriz, Worm.ExploreZip, VBS.NewLove.A
File destruction
Data export
Generally there are no outward signs of this activity, other than possible higher Internet access charges.
Buddylist, PWSteal.Trojan
29
System interception
Additional emails may be sent with normal outgoing mail; browser functionality may be limited or altered.
Power On Self Test may not begin, hard drives may not be properly identified. Various messages or graphical images may appear. New icons may appear in the system tray. Excess network traffic, unusual activity on IP/UDP ports. Threats that perform denial of service attacks often use these backdoor mechanisms to carry out the attack. The user may get an email that has an intriguing or enticing subject or message. Sometimes users encounter files that have been posted to news groups that purport to be pictures of a risque nature.
Social engineering
Note: Information on these and other malicious programs can be found on the Symantec AntiVirus Research Center Web site at http://www.sarc.com.
Network
7. Avenues of Attack
Employee, Contractor or Access to a Wiring Closet on-site
INTERNAL THREAT
Tr a n s p o r t a t i o n
(Removable Media, Jazz, Zip, CD)
INTERNET
Threats
Modem
or
Com
Server
30
BACK
ISP 1 Com Server ISP 2
VPN
DOOR
Switch
POP
UNIVERSITY
POP
Head End Device
TRUSTED
Internal Net
LINK
Web
System Administrator
VPN Server Server Mail Gateway DNS
Com Server
PA R T N E R OF XYZ Co.
Router
Router
FRONT
xDSL
DOOR
XYZ Co.
EXTERNAL THREAT
Outside Inside
8. Vulnerabilities
1. Easily Guessed Passwords Too short Too simple (not using numbers, both cases and special characters) Using common (dictionary) words Using simple tricks (adding a number or reversing the login name) 2. Out of date Software (Security Patches Not Installed) 3. Misadministration of Systems Services left on (lots of defaults come with every OS) Accounts not closed, or too many accounts Default accounts left in Trusted services not sufficiently restricted 4. Not Keeping Secrets Writing passwords down (where people can see them) Sending confidential data in email (its like a postcard!) Using protocols that transmit passwords in the clear (FTP, HTTP, POP3, Telnet, SNMP) Sending confidential data in FTP or HTTP 5. Untrained Personnel with lack of Security Awareness Naivete to social engineering techniques Dont understand reasons and methods for protecting private information
6. Running Trusted Services Over Untrusted Networks NFS Windows Disk Sharing R commands (rsh, rlogin, rexec) X Windows 7. Trusting Protocols that dont Authenticate DNS ICMP Redirect SMTP Source Routing Option RIP
8. Trusting things you get from others Executable code (Trojan Horses, Virii) Active content (a special form of executable code. Examples: JavaScript, ActiveX, Java, Macros, PostScript) Input data to your scripts (may contain special characters, hidden commands or overflow buffers) 9. Stupid Vendor Tricks Trapdoors left in Security not designed in Poor applied cryptography, or using 40-bit ciphers
31
Cryptography
Network
9. General Hacking
1. Exploit misadministration
- Guess or use purloined password to access account via hole in firewall or dial-up modem. - Access services left on that are insecure TFTP, etc. - Use leftover debugging tool to gain access phf.cgi, files.pl
Threats
3. Get victim to run Trojan Horse program (like a game or cute display) to install backdoor program
NetBus, BackOrifice which gives attacker access.
6. E-shoplifting
- Modified html returned to vendor site
Attack Upload large files via FTP Causing large error messages in logs SYN Flood Teardrop Smurf Snork UDP Bomb OOB attack Ping of Death Flood Ping WinNuke Land Mailbombs, spam
Disk X X
Network Bandwidth
Notes Fill the disk with junk data Overflow disk or buffer Lock up port for short time Overlapping IP fragments Redirected broadcast, spoof IP address of victim a source Send spoofed error message to NT RPC port 135 Spoof packet between echo and chargen ports Uses bogus urgent data pointer values Buffer overflow of the IP datagram Swamps the network Send garbage to port 139 on NT Send spoof of victim as source Overloading email server/gateway or users mailbox
LiquidNuker
X X X X X X X X X
X X X X X X X
33
Examples:
Nuker
Cryptography
Distributed Denial of Service Attack (DDos) Examples: Trinoo, TFN, TFN2K, Stacheldraht A very serious threat that involves many machines in a coordinated attack to exhaust bandwidth, router processing capacity and network stack resources to break connectivity 1) Create a DDoS network of machines by breaking in, gain root access & remote control, install attack software 2) Send command packets to instruct all captured machines about type of flood attack, duration and target address 3) The network of DDoS machines send streams of packets (with forged source addresses) to the victim (i.e. smurf attack to provoke multiple echoes aimed at victim)
Network
11. Cracking
Welter-weight (Mostly time consuming) Dictionary Attacks based on 1.Collegiate wordlist/namelist, 2. English wordlist 3. International wordlist & pattern list 4. Substitution filters; o=0, 1=!, for=4, to=2, E=3 Examples of Password/ Passphrase Guessing Crack v5.0 L0pht Crack v2.0 for NT NetBUS FastZip Password Jack the Ripper
Threats
Middle-weight (Requires both brains and computer resources) Bruteforce/Exhaustive Key Search Asymmetric/Symmetric Cipher this may take a very long time depending on key length 40-bit: Minutes 56-bit: Hours/Days 128-bit: Forget it! SSL PKCS#1 Saltine Cracker
Heavy-weight (Hard - Rocket Science) Linear Crypto Analysis Differential Crypto Analysis Ciphertext-only attack Known-plaintext attack Chosen-plaintext attack Adaptive chosen-plain text attack Chosen Cipher-text attack Chosen-key attack
34
No password at all, and youre in Look around for password written down on something Finding a "Joe" account User name=password Password derived from User name (5-10% effective) Use back door left behind by a previous attacker
An infinite number of hybrid attacks exist that use any combination of methods in different sequences depending on the target, level of knowledge and expertise of the attaker(s). The vast majority of attacks are Hybrid and this panel understates the possible number of combinations!
A few examples... Note: 80% of breakins include steps involving exploiting 1) known holes not patched 2) easy to guess passwords.
35
Information Gathering Port Scanning Packet Sniffing Social Engineering War Dialing
Break-In & Gain Control Exploit well known defects, weak configurations in O/SS's Password Guessing/ Cracking install rootkit Add user & privileges for remote control
Exploit: Modfy, Steal, Destroy... DDoS, Deface Website Manipulate Data,Copy Intellectual Property
(HR database, Payroll Info, Credit Cards...)
Cryptography
Network
Two different ways to think about anti-piracy... Copying & Distributing Software Cracking time-out & lic. code utilities, Shared valid Lic. Code Music Napster, on-the-fly format changing, Audio jackers (sound card hacks) Video Macrovision hacks, std. Copying & format converting techniques Documents, PicturesCut & paste, screen print & scan, simple photo editor & scanners
1) Try to prevent theft of Intellectual Property 2) Locate & audit Intellectual Property violations Noteworthy Organizations: Business Software Alliance http://www.bsa.org/ Software & Information Industry Association http://www.siia.net/
Threats
36
Organizations
CERIAS www.cerias.purdue.edu CERT Coordination Center www.cert.org CVE (Common Vulnerabilities & Exposures) cve.mitre.org FIRST (Forum of Incident & Response Security Teams) www.first.com ISSATM (Information Systems Security Association) www.issa-tntl.org NSI National Security Institute www.nsi.org SANS Institute (System Administration, Networking, and Security) www.sans.org USENIX / SAGE www.usenix.org
Vulnerabilities lists
Security Focus www.securityfocus.com CERT Coordination Center www.cert.org CVE (Common Vulnerabilities & Exposures) cve.mitre.org SANS Institute (System Administration, Networking, and Security) www.sans.org
Government
DOJ (Department of Justice) FBI (Federal Bureau of Investigation) ICAT NIST (National Institute of Stds & Technology) NSA (National Security Agency) www.usdoj.gov www.fbi.gov.scitech.htm http://icat.nist.gov www.nist.gov www.nsa.gov
37
Miscellaneous Sites
2600 magazme AntiOnline Ardent-Hacker.net Cult of the Dead Cow Def Con DigiCrime EFF (Electronic Frontier Foundation) Hack Factor X, HFX Hacker News Network Happy Hacker Technotronic The Hideaway WebFringe Attrition Information Assurance Technology Analysis Center www.2600.com www.antionline.com www.ardent-hacker.net www.cultdeadcow.net www.defcon.org www.digicrime.com/dc.html www.eff.org www.hfactorx.org www.hackernews.com www.happyhacker.org www.technotronic.com www.hideaway.net www.webfringe.com www.attrition.org iac.dtic.mil/iatac
Cryptography
Certification Centers
CheckmarkTM ICSATM VB100% (West Coast Labs) Virus Test Center Common Criteria www.check-mark.com www.truesecure.com www.av-test.com/ http://agn-www.informatik.uni-hamburg.de/vtc/ http://csrc.nist.gov/cc/aa/aalist.htm
Network
Threats
38
Masquerade, Impersonate
Spoofing DNS exploits
General
- Picking a mechanical lock, obtaining or duplicating keys - Activate Door Open button on the inside or slide flat panel under door to activate the motion unlock sensor
39
- Wire tapping & recording video or audio - Trojan attacks (undetected/unattended agent) - Keyboard typing, swap out keyboard for similar looking recording kb or one that sends data out by RF signal - Smart card tampering, may be very difficult - RF transmitter, van Eck radiation, CRT image capture - Exploiting BIOS faults (special password, certain key combo) - Obtaining keying material/private key of a CA, or local key ring then crack it
Sophisticated
- Badge systems / card reader / FOBS / LC tuned circuits man-in-the-middle attack between panel and control machine - Hack card reader or duplicate cards - relatively easy - (12 bit Person Code, 8 bit Install code) - Biometrics access control attack false positive (design flaws) hacks on fingerprint readers, replay
Cryptography
Network
Birthday attack: Based on the statistical probability that finding two identical elements in a known finite space, the expected effort takes the square root of the key space number of steps. With only 23 people in a room, there is a better chance than even, that two have the same birthday. Black-Hat hacker: A criminal or malicious hacker, opposite of a white hat hacker. Data Diddling: The act of intentionally entering false information into a system or modifying existing data. Also known as a darkside hacker. Bomb: A general synonym for crash, normally of software or operating system failures. Brute force attack: Typically a known-plaintext attack that exhausts all possible key or password combinations. Carding: The act of generating and or creating phony credit cards or calling cards, usually by knowing something about the card numbering algorithm. Chosen ciphertext attack: A cryptanalytic attack by choosing known ciphertext to be decrypted and have access to the decrypted plaintext. For example, having access to a tamperproof blackbox that does automatic decryption. Chosen-key attack: The attacker does not possess the key, but only some knowledge about the relationship between different keys. This is an obscure and usually impractical attack. Correlation attack: Combining the output of several stream ciphertext sequences in some nonlinear manner. Thus revealing a correlation with the combined keystream and attacked using linear algebra. Countermeasures: An active process that responds to an attack, putting up a defense or launching a retaliatory response.
40
Active attack: An attack which results in an unauthorized state change, such as the manipulation of files or the adding of unauthorized files or programs. Active cheater: An attacker that is one of the parties involved in the protocol and disrupts the process in an attempt to cheat (PKCS #1 SSL attack). Anonymous remailer: usually an Internet email service, in which you can send and receive email without knowing its origins (sender) or receiver. Attack: An attempt to bypass security controls on a computer. The attack may alter, release, or deny data. Whether an attack will succeed depends on the vulnerability of the computer system and the effectiveness of existing countermeasures. Audit trail: In computer security systems, a chronological record of system resource usage. This includes user login, file access, other various activities, and whether any actual or attempted security violations occurred, legitimate and unauthorized. Back Door: A hole in the security of a computer system deliberately left in place by designers or maintainers. Synonymous with trap door; a hidden software or hardware mechanism used to circumvent security controls. A secret way to enter a computer or program that bypasses normal operating mode.
Threats
Crack: A popular hacking tool used to decode encrypted passwords. System administrators also use Crack to assess weak passwords by novice users in order to enhance the security. Cracker: One who breaks into computer systems or accounts. Cracking: The act of breaking into a computer system or account; what a cracker does. Contrary to widespread myth, this does not usually involve some mysterious leap of hackerly brilliance, but rather persistence and the dogged repetition of a handful of fairly well-known tricks that exploit common weaknesses in the security of target systems. Craming: A subtle scam used to get someone to change telephone long distance carriers without their knowledge. Cryptanalysis: 1) The analysis of a cryptographic system and/or its inputs and outputs to derive confidential variables and/or sensitive data including cleartext. 2) Operations performed in converting encrypted messages to plaintext without initial knowledge of the crypto-algorithm and/or key employed in the encryption. Data driven attack: A form of attack that is encoded in innocuous seeming data that is executed by a user or a process to implement an attack. A data driven attack is a concern for firewalls, since it may get through the firewall in data form and launch an attack against a system behind the firewall. Data mining (warehousing): The act of collecting information to build a database or personal dossier. Demon dialer (see war dialer): A program, which repeatedly calls the same telephone number. This is benign and legitimate for access to a BBS or malicious when used as a denial of service attack. Denial of service: Action(s) that prevents any part of an information system from functioning in accordance with its intended purpose. Usually flooding a system to prevent it from servicing normal and legitimate requests.
Derf: Gaining physical access to a computer that is currently logged in by an absent minded individual. Dictionary attack: Trying to discover a password by comparing a password file with a list of known hashed values of password. Differential linear cryptanalysis: A relatively new attack that combines both differential and linear cryptanalysis. DNS spoofing: Assuming the DNS name of another system by either corrupting the name service cache of a victim system, or by compromising a domain name server for a valid domain. Eavesdropping: Surreptitious interception of information sent over a network by an entity for which the information was not intended. FIN attack: Using the FINish flag within the TCP header to tear down a session or as a method of stealth scanning against ports. Firewall: A system or combination of systems that enforces a boundary between two or more networks. Gateway that limits access between networks in accordance with local security policy. Fork Bomb: (see Logic Bomb): Also known as Logic Bomb - Code that can be written in one line of code on any Unix system; used to recursively spawn copies of itself, "explodes" eventually eating all the process table entries and effectively locks up the system. Hacker: A person who enjoys exploring the details of computers and how to stretch their capabilities. A malicious or inquisitive meddler who tries to discover information by poking around. A person who enjoys learning the details of programming systems and how to stretch their capabilities, as opposed to most users who prefer to learn only the minimum necessary. Hacking: Unauthorized use, or attempts to circumvent or bypass the security mechanisms of an information system or network.
41
Cryptography
Network
42
Hijacking (IP): An action whereby an active, established session is intercepted and co-opted by the unauthorized user. IP splicing attacks may occur after an authentication has been made, permitting the attacker to assume the role of an already authorized user. Primary protections against IP splicing rely on encryption at the session or network layer. ICMP Flood: A denial of service attack that sends a host more ICMP echo requests (ping) packets than the protocol implementation can handle. Indirection: Covering your tracks so that the target cannot identify or prove who is attacking them. Internet worm: A worm program that was unleashed on the Internet in 1988. Robert T. Morris wrote it as an experiment that got out of hand. Intrusion detection: Pertaining to techniques, which attempt to detect intrusion into a computer or network by observation of actions, security, logs, or audit data. Detection of break-ins or attempts either manually or via software expert systems that operate on logs or other information available on the network. IP spoofing: An attack whereby a system attempts to impersonate another system by using a false source IP address. Joe account: An account where the user name and password are the same. Keystroke logger: A program that records everything a user enters via a keyboard. Known-plaintext attack: The cryptanalyst has access not only to the ciphertext of several messages, and also the plaintext. The challenge is to deduce the key or keys used to encrypt or an algorithm to decrypt any new messages encrypted with the same key or keys.
Leapfrog attack: Use of user-id and password information obtained illicitly from one host to compromise another host. The act of TELNETing through one or more hosts in order to preclude a trace (a standard cracker procedure). Letterbomb: A piece of email containing live data intended to do malicious things to the recipient's machine or terminal. Under UNIX, a letterbomb can also try to get part of its contents interpreted as a shell command to the mailer. The results of this could range from silly to denial of service. Linear crypt analysis: An attack using linear approximations to describe the action of a block cipher. If you XOR some plaintext, XOR ciphertext, then the results, you get a single bit that is the XOR of some of the key bits. Logic Bomb: Also known as a Fork Bomb - A resident computer program which, when executed, checks for a particular condition or particular state of the system which, when satisfied, triggers the perpetration of an unauthorized act. Mail bomb: The mail sent to urge others to send massive amounts of email to a single system or person, with the intent to crash the recipient's system. Mail bombing is widely regarded as a serious offense. Malicious code: Hardware, software, of firmware that is intentionally included in a system for an unauthorized purpose; e.g. a Trojan horse. Man-in-the-middle: An active attack that typically is gaining information by sniffing or tapping a line between two unsuspecting parties. Misrepresentation: The presentation of an entity as a person or organization that it is not. For example, a web site might pretend to be a furniture store when it is really just a site that takes credit-card payments but never sends any goods. Misrepresentation is one form of impersonation. See also spoofing.
Threats
NAK attack: Negative Acknowledgment - A penetration technique which capitalizes on a potential weakness in an operating system that does not handle asynchronous interrupts properly and thus, leaves the system in an unprotected state during such interrupts. Pagejacking: A masquerade attack in which the attacker copies (steals) a home page or other material from the target server, diverting browsers from the target server to the attackers server. Packet sniffing: The act of monitoring the packets on a network segment to pick up useful information like logins and passwords. See also Sniffer. Passive attack: Attack, which does not result in an unauthorized state change, such as an attack that only monitors and/or records data. Penetration: The successful unauthorized access to an automated system. Perimeter security: The technique of securing a network by controlling access to all entry and exit points of the network. Usually associated with firewalls and/or filters. Phage: A program that modifies other programs or databases in unauthorized ways; especially one that propagates a virus or Trojan horse. PHF hack: The phf.cgi script which comes with some web servers as a diagnostic tool can be used by an attacker to run other commands at a privileged level. Phracker: An individual who combines phone phreaking with computer hacking. Phreaker: An individual fascinated by the telephone system. Commonly, an individual who uses his knowledge of the telephone system to make calls at the expense of another. Piggyback attack: The gaining of unauthorized access to a system via another user's legitimate connection.
Ping-of-Death: An attack using an echo request (ping) IP datagram with over 65,507 bytes of data (creating an illegal, oversized IP datagram). This buffer overflow causes some systems to crash or lock up. Ping sweep: An attack that sends ICMP echo requests (pings) to a range of IP addresses, with the goal of finding hosts that can be probed for vulnerabilities. Port scanning: An attack that sends client requests to a range of server port addresses on a host, with the goal of finding an active port and exploiting a known vulnerability. Probe: Any effort to gather information about a machine or its users for the apparent purpose of gaining unauthorized access to the system at a later date. Prowler: A daemon that is run periodically to seek out and erase core files, truncate administrative log files, nuke lost & found directories, and otherwise clean up. Replay attack: A attack in which a valid data transmission is maliciously or fraudulently repeated, either by the originator or by an adversary who intercepts the data and retransmits. Replicator: Any program that acts to produce copies of itself. Examples include; a program, a worm, a fork bomb or virus. It is even claimed by some that UNIX and C are the symbiotic halves of an extremely successful replicator. Retro-Virus: A retro-virus is a virus that waits until all possible backup media are infected too, so that it is not possible to restore the system to an uninfected state. Root kit: A collection of tools that allows a hacker to provide a backdoor into a system, collect information on other systems on the network, mask the fact that the system is compromised, and much more. Rootkit is a classic example of Trojan Horse software.
43
Cryptography
Network
44
Root: The highest level of access to a Unix computer. SATAN: Security Administrator Tool for Analyzing Networks - A tool for remotely probing and identifying the vulnerabilities of systems on IP networks. A freeware program which helps to identify system security weaknesses. Scanner/port scanning: An information gathering method or tool in which all possible port numbers are accessed to determine which services are running or available on a host. Script-Kiddie: A person who aspires to be a hacker/cracker but has very limited knowledge or skills related to information system. Usually associated with young teens that collect and use simple malicious programs obtained from the Internet. Secure shell: A completely encrypted shell connection between two machines protected by a super long pass-phrase. Sequence number: A number used to coordinate an upcoming TCP session. Has been guessed as part of a spoofing attack. Session hijacking: A sophisticated attack in which the attacker spoofs both ends of a TCP session in progress, thereby gaining unauthorized access to the session and system. Slamming: The act of changing a telephone customer's long distance service provider without their knowledge or permission. Shell: A software layer that provides the interface between a user and the operating system of a computer. Shoulder surf: To look over someones shoulder to view a passphrase or pin to gain access at a later time. Smurfing: A denial of service attack in which an attacker spoofs the source address of an echo-request ICMP (ping) packet to the broadcast address for a network, causing the machines in the network to respond en masse to the victim thereby clogging its network. Snarf: To grab a large document or file for the purpose of using it with or without the author's permission.
Sniffer/sniffing: A program running on a computer or device that's attached to a network that filters, captures, and records network traffic, i.e. packets. Comes from a Network General (now Network Associates) protocol analyzer product known as Sniffer. Social engineering: A euphemism for non-technical or low-technology means such as lies, impersonation, tricks, bribes, blackmail, and threats - used to attack information systems. Spam: Unsolicited commercial email (UCE). The electronic mail equivalent of junk mail. Spoofing: Pretending to be someone else. The deliberate inducement of a user or a resource to take an incorrect action. Attempt to gain access to a system by pretending to be an authorized user. Impersonating, masquerading, and mimicking are forms of spoofing. Steganography: The practice of hiding secrets in otherwise normal looking data files, like JPEG pictures, etc. Subversion: Occurs when an intruder modifies the operation of the intrusion detector to force false negatives to occur. SYN flood attack: When the SYN queue is flooded, no new connection can be opened. Threat: The means through which the ability or intent of a threat agent to adversely affect an automated system, facility, or operation can be manifest. A potential violation of security. Trapdoor: A hidden computer flaw known to an intruder, or a hidden computer mechanism (usually software) installed by an intruder, who can activate the trap door to gain access to a computer. Traffic analysis: Monitoring data or encrypted data to or from a specific target to learn patterns. Tripwire: A software tool that generates one way hash signatures of sensitive files which are used to detect tampering or alteration.
Threats
Trojan Horse: An apparently useful and innocent program containing additional hidden code which allows the unauthorized collection, exploitation, falsification, or destruction of data. TTY watcher: A hacker tool that allows hackers with even a small amount of skill to hijack terminals. It has a GUI interface. Virus: A program that can "infect" other programs by modifying them to include a, possibly evolved, copy of itself. Wannabe hacker: A novice hacker, see Script-Kiddie. War dialer: A program that will automatically dial a range of telephone number looking for a modem/computer to answer. A program that dials a given list or range of numbers and records those, which answer with handshake tones, which might be entry, points to computer or telecommunications systems. White Hat Hacker: One who usually does not break into unauthorized systems, but they do sometimes write the tools that get used by the novices and black hat hackers. Whitemail: The dissemination of false information for financial gain via email. Worm: Independent program that replicates from machine to machine across network connections often clogging networks and information systems as it spreads.
45
Cryptography
Cryptography Reference
47
Cryptography
Threats
Network
48
Confidentiality: Pri v a cy / E n cr y p t i on
4 In te g ri ty: N ot ch a n ge d or m od i f i e d
Non-Reputation: D i gi t a l si gn atur e.
Cryptography
ENCRYPTION
(Private & Confidential)
D I G I TA L S I G N AT U R E S
( Authentic/Non-Repudiation) (Message Integrity)
Key Management ISA/KMP SKIP Photuris Diffie-Hellman ElGamal IKE (ISA/KMP w/OAKLEY)
49
Block Cipher
Discrete Log
DES, 3DES RC2, RC5, RC6 IDEA CAST Blowfish,Twofish MARS RIJNDAEL (AES) Serpent
Network
Threats
Al
ice
Shared Key
Bo
50
Al
ice
Plaintext
Encryption Algorithm
Ciphertext
Decryption Algorithm
Plaintext
Cryptography
4. Trust Models
DISTRIBUTED (Web of Trust) DIRECT (Peer to peer)
HIERARCHIAL
Root CA
USA
Japan
France
Brazil
Employer Spouse USA Gov. USA Corp. Japan Corp. French Gov. Brazil Brazil Corp. Univ. You Affects One Affects Very Many
Affects Few
Affects All
51
Signee
Registration Authority
3 Carol and Alice exchange keys in a secure fashion; Carol trusts Alice as an introducer
Key Generator
Bob
4 Bob sends Carol his key, signed by Alice. Carol can now trust Bob's key.
Carol
Certificate Directory
Network
5. Certificate Comparison
X.509 v3
VERSION (OF CERTIFICATE FORMAT)
Certification Authority's Private Key
CERTIFICATE SERIAL NUMBER SIGNATURE ALGORITHM IDENTIFIER (FOR CERTIFICATE ISSUER'S SIGNATURE
Threats
ISSUER (CERTIFICATION AUTHORITY) X.500 NAME VALIDITY PERIOD (START AND EXPIRATION DATES/TIMES) SUBJECT X.500 NAME SUBJECT PUBLIC KEY INFORMATION ALGORITHM IDENTIFIER PUBLIC KEY VALUE
52
SIGNATURE: Spouse SIGNATURE: Co-worker SIGNATURE: Employer Packet header field Timestamp Version number Signer Key ID Length of following info, MD Calc. Signature classification Public-Key Type Message Digest Algorithm String of data holding the signed digest
ISSUER UNIQUE IDENTIFIER ISSUER UNIQUE IDENTIFIER TYPE TYPE CRITICAL NON-CRITICAL FIELD VALUE FIELD VALUE EXTENSIONS
Cryptography
S U B K E Y PA C K E T Packet header field Similar to Main Public-Key Packet S U B K E Y S I G N AT U R E PA C K E T Packet header field Similar to signature packet ASSERTION
Bill
Sue
Bob
INTERNET
To:
b Bo
Router
To:
Bo
b
Al
Bo ice
To:
53
S T E P 5 : T R A N S PA R E N T P R O C E D U R E
S T E P 2 : T R A N S PA R E N T P R O C E D U R E
A Seal message
(MD5, SHA1)
C Compress message
(ZIP)
D Encrypt message with random session key (IDEA, CAST, Triple DES) and Bobs public key
(RSA, Diffie-Hellman)
ice
To:
A Decompress message
(UNZIP)
Al ic Al e
ice
Al
Al
ice
ic Al
e Al ice
Private Key
Al
ice
Bo
Network
OCSP Status Request Resource Valid Certificate! OCSP Client and Toolkit 5
Access Granted!
Retrieve Cert
End User
Threats
54
either Approved Certificate Authority receives request (Vetting Process) Pending () Rejected Registration Authority receives request (Vetting Process) Signed OCSP Response OCSP PROCESS Issuing CA OCSP Responder
1. A user presents a certificate and requests to access a protected Enterprise resource. The request is signed with the users private key corresponding to their certificate. The Enterprise OCSP client and toolkit verify that the certificate chain and signature are correct. 2. The Enterprise OCSP client then composes and sends an OCSP request to the OCSP Responder of the Certificate Authority that issued the users certificate.
Cryptography
Status Notification
3. The CA OCSP Responder obtains the certificate status in real tirne from the certificate status database. 4. The CA OCSP Responder generates an OCSP response that states the certificate status, signs the response, and sends it to the Enterprise OCSP client. 5. The Enterprise OCSP client parses the response and verifies its signature to determine that the response is legitimate. 6. If the response states that the certificate is valid, the Enterprise OCSP client application verifies that the user is authorized for access to the resource. If so, the OCSP client grants the user access to the requested resource.
Key Lengths
Public Key
Key Individual Length Attacker (bits) 40 56 64 80 128 weeks centuries millennia infeasible infeasible
55
Assumptions are based on 1997 technology: Individual Attacker: one high-end desktop machine and software (217 2 24 keys/second) Small Group: 16 high-end machines and software (221 2 24 keys/second) Academic Network: 256 high-end machines and software (225 2 28 keys/second) Large Company: $1,000,000 hardware budget (243 keys/second) Military Intelligence Agency: $1,000,000,000 hardware budget and advanced technology (255 keys/second)
Using easy-to-remember English words results in approximately 1.3 bits of entropy per character, (word space) vs. purely random characters (total space).
complexity 25 (lowercase) 62 (alphanumeric) 95 (full keyboard) word space 12 bits 24 bits 40 bits total space 23.5 bits 41.7 bits 65.7 bits time-to-break total space 40 minutes 22 years infeasible (3.8 x 108yrs)
# of characters 5 7 10
Network
Us er A ppl ic at ion
ISO Reference Model
Pr o x y Ba se d F ir e w a ll S S L Pr o t o co l S S L H a n d sh a k e Pr o t o co l
Di s tr i b u ted d a ta se r vice
Pla n Da ta Str ea m
Threats
S S L R e co r d Pr o t o co l S o ck s, Pr o x i e s
56
Se s s ion Layer
Net w o rk independent mes s a ges
4 3 2
Pa ck e t F il t e r - ci r cuit l a yer IPse c/V PN L2TP, L2F, PPTP LinkLayer Point-to-Point Hardware Encr yptors Mac Layer Filtering (switches)
Cryptography
D at a Net work
57
PKCS
No. 1 3 5 6 7 PKCS title RSA encryption standard Diffie-Hellman key-agreement standard Password-based encryption standard Extended-certificate syntax standard Cryptographic message syntax standard No. 8 9 10 11 12 PKCS title Private-Key information syntax standard Selected attribute types Certification request syntax standard Cryptographic token interface standard Personal information exchange syntax standard
Network
IPSec
Threats
FUNCTIONS
58
SA Request IPSec (triggered by ACL)
Alice
Bob
In the clear
Cryptography
ISAKMP Phase1
Alice Authenticate D-H apply SHA Hash Bob IKE SA Inbound Established Outbound Established Bob Authenticate D-H apply SHA Hash Alice IKE SA Inbound Established Outbound Established
1. Calculate a hash or fingerprint for data file of any size and is a unique value that is based on the exact content of the data file.
Fingerprint (HASH)
DigiStamps server
15March2000 9:24am
01010010011010
12 9 6 3
01010010011010
01010010011010
2. An internet-based server adds the current time to the fingerprint, signs that intermediate product (SHA-1 digest + current time) using public key encryption, generating a time stamp. The time stamp is delivered back to the client software for storage.
59
Private Key
3. The time stamp is delivered back to the client software for storage.
Threats
Network
60
3 Compressed file encrypted with one-time session key (IDEA, CAST Triple DES).
4 Encrypted copy of session key added (DH) using receivers public key.
Alice
Original Plaintext
Signed
Compressed
Encrypted
Keyed
Armored
Attacker
Cryptography
9 One-time (IDEA, CAST, Triple DES) session key recovered using recipients private key.
10 File decrypted using one-time session key (IDEA, CAST, Triple DES).
61
Attacker
Dearmor
Dekey
Decrypt
Decompress
Verify
Original Plaintext
Bob
Network
Applications
Protocols
Status
RFC #s
Public Key RSA RSA RSA RSA, DH RSA, DH RSA RSA, DH RSA RSA RSA DH RSA RSA
Symmetric DES, 3DES, IDEA DES DES IDEA, CAST, 3DES IDEA, CAST, 3DES RC2, RC4, 3DES
Hash MD5 MD5 MD5 MD5, SHA-1 MD5, SHA-1 MD5, SHA-1 MD5, SHA MD5, SHA MD2, MD5
Cert Type X.509 X.509 X.509 PGP PGP X.509 X.509 X.509 X.509
Threats
Store & Forward DMS (MSP) (e-mail) MOSS PEM PGP PGP/MIME S/MIME Network Transport (Browser) Voice TLS (SSL) PCT SHTTP Clipper PGPfone IKE SKIP Kerberos PAP CHAP TACACS RADIUS CAT OTP
62
3DES, RC2, RC4, DES-CBC40,128 DES, RC2, RC4, IDEA DES, 3DES, DES, CBC Skipjack 80 Blowfish, CAST, 3DES 160,128 RC2, DES, 3DES DES, IDEA, RC4 DES-CBC, DES
base 64
GSM, ADPCM MD5, SHA-1 MD5 MD4, MD5, CRC32 MD5 MD5 ASN.I X.509
D D, H D, H
RFC
Cryptography
DES
56
X.509 X.509
D, H D, H
Legend
Algorithm
Symmetric/Conventional Asymmetric/Public Key Message Digest/Hash Organization RED = Algorithm BLUE = Protocol/API/Standard
Methods
Certificate Standard Protocol API GREEN = Organization
A5: a trade-secret cryptographic algorithm used in European cellular telephones. AES (Advanced Encryption Standard): NIST approved standards, assumed for next 20 - 30 years. AKEP (Authentication Key Exchange Protocol): Key transport based on symmetric encryption allowing two parties to exchange a shared secret key, secure against passive adversaries. Algorithm (encryption): A set of mathematical rules (logic) used in the processes of encryption and decryption. ASN.1 (Abstract Syntax Notation One): ISO/IEC standard for encoding rules used in X.509 certificates, two types exist; DER (Distinguished Encoding Rules), BER (Basic Encoding Rules).
Attribute Certificate: A digital certificate that binds a set of descriptive data items, either directly to a subject name or to the identifier of another certificate that is a public-key certificate. Asymmetric keys: a separate but integrated user key-pair, comprised of one public-key and one private-key. Each key is one way, meaning that a key used to encrypt information cannot be used to decrypt the same data. Authorization Certificate: an electronic document to prove ones access or privilege rights; also to prove one is who they say they are. Blind Signature: ability to sign documents without knowledge of content, similar to a notary public. Block Cipher: a symmetric cipher operating on blocks of plaintext and ciphertext, usually 64 bits. Blowfish: a 64-bit block symmetric cipher consisting of key expansion and data encryption. A fast, simple, and compact algorithm in the public domain written by Bruce Schneier. CA (Certificate Authority): a trusted third party (TTP) who creates certificates that consist of assertions on various attributes and binds them to an entity and or to their public key. CAPI (Crypto API): Microsofts crypto API for Windows-based operating systems and applications. CAST: A 64-bit block cipher using 64-bit key, six S-boxes with 8-bit input and 32-bit output, developed in Canada by Carlisle Adams and Stafford Tavares.
63
Network
64
Cryptography
CBC (Cipher Block Chaining): the process of having plaintext XORed with the previous ciphertext block before it is encrypted, thus adding a feedback mechanism to a block cipher. Certificate (digital certificate): An electronic document attached to a public key by a trusted third party, which provides proof that the public key belongs to a legitimate owner and has not been compromised. Certificate Enrollment Protocol (CEP): Specifies how a device communicates with a CA, including how to retrieve the CA's public key, how to enroll a device with the CA, and how to retrieve a CRL. CEP uses PKCS #7 and PKCS #10. Certificate Extensions: An X.509 v3 certificate contains an extensions field that permits any number of additional fields to be added to the certificate. Certificate extensions provide a way of adding information such as alternative subject names and usage restrictions to certificates. CFB (Cipher Feedback Mode): A block cipher that has been implemented as a self-synchronizing stream cipher. Certification: endorsement of information by a trusted entity. Certificate Management Messages over Cryptographic Message Syntax (CMC): Message format used to convey a request for a certificate to a Registration Manager or Certificate Manager. Certificate Management Message Formats (CMMF): Message formats used to convey certificate requests and revocation requests from end entities to a Registration Manager or Certificate Manager and to send a variety of information to end entities.
Certificate Management Systems (CMS): A highly configurable set of software components and tools for creating, deploying, and managing certificates. CMS comprises three major subsystems that can be installed in different CMS instances in different physical locations: Certificate Manager, Registration Manager, and Data Recovery Manager. Certificate Revocation Tree (CRT): A mechanism for distributing notice of certificate revocations. CHAP (Challenge Handshake Authentication Protocol): a session-based, two-way password authentication scheme. Ciphertext: the results of manipulating either characters or bits via substitution, transposition or cryptographic operations. Cleartext: characters in a human readable form or bits in a machine readable form (also called plaintext). CPS (Certificate Practice Statement): Describe the policies, practices, and procedures employed by a CA. (Certificate Authority) CRL (Certificate Revocation List): an online, up-to-date list of previously issued certificates that are no longer valid. Cross-certification: two or more organizations or Certificate Authorities that share some level of trust. Cryptanalysis: The art or science of transferring ciphertext into plaintext without initial knowledge of the key used to encrypt the plaintext. Cryptography: the art and science of creating messages that have some combination of being private, signed, unmodified, with non-repudiation.
Threats
Cryptoperiod: specific time span during which a cryptographic key is authorized, or for which a key setting remains in effect. Cryptosystem: a system comprised of cryptographic algorithms, all possible plaintext, ciphertext, and keys. Data Integrity: a method of ensuring information has not been altered by unauthorized or unknown means. Decryption: the process of turning ciphertext back into plaintext. DES (Data Encryption Standard): a 64-bit block cipher, symmetric algorithm also known as Data Encryption Algorithm (DEA) by ANSI and DEA-1 by ISO. Widely used for over 20 years, adopted in 1976 as FIPS 46. Diffie-Hellman: the first public key algorithm, invented in 1976, using discrete logarithms in a finite field. Digital Signature: The digital equivalent of a written signature, providing cryptographic evidence that the original document is authentic unaltered, not forged and non-repudiable, almost always using a public-key algorithm. Direct Trust: an establishment of peer-to-peer confidence. Discrete Logarithm: the underlying mathematical problem used by asymmetric algorithms, like Diffie-Hellman and Elliptic Curve. It is the inverse problem of modular exponentiation, which is a one-way function. DSA (Digital Signature Algorithm): a public-key digital signature algorithm proposed by NIST for use in DSS. DSS (Digital Signature Standard): a NIST proposed standard (FIPS) for digital signatures using DSA.
ECC (Elliptic Curve Cryptosystem): a unique method for creating public-key algorithms based on mathematical curves over finite fields or with large prime numbers. EES (Escrowed Encryption Standard): a proposed U.S. government standard for escrowing private keys. ElGamal Scheme: used for both digital signatures and encryption based on discrete logarithms in a finite field, can be used with the DSA function. Encryption: the process of disguising a message in such a way as to hide its substance. Entropy: a mathematical measurement of the amount of uncertainty or randomness. FIPS (Federal Information Processing Standard): U.S. government standards published by NIST. GAK (Government Access to Keys): a method for the government to escrow individuals private keys. GSS-API (Generic Security Services API): IETF RFC 1508 is a high level security API, which isolates session-oriented application code from implementation details. Hash: a one-way function - a function that produces a message digest that cannot be reversed to produce the original. Hierarchical Trust: a graded series of entities that distribute trust in an organized fashion, commonly used in X.509 issuing certifying authorities. IDEA (International Data Encryption Algorithm): a 64-bit block symmetric cipher using 128-bit keys based on mixing operations from different algebraic groups. Considered one of the strongest algorithms.
65
Network
66
Cryptography
Identity Certificate: a signed statement which binds a key to the name of an individual and has the intended purpose of delegating authority from that named individual to the public key. IKE (Internet Key Exchange): a manual and automatic key exchange method combining ISA/KMP and Oakley Key Exchange, as described in IETF IPsec specification. ISO (International Organization for Standardization): responsible for a wide range of standards, like the OSI model and international relationship with ANSI on X.509. ITU-T (International Telecommunication Union Telecommunication): formally the CCITT (Consultative Committee for International Telegraph and Telephone), a worldwide telecommunications technology standards organization. Kerberos: a trusted-third-party authentication protocol developed at MIT. Key: a means of gaining or preventing access, possession, or control represented by any one of a large number of values. Key Escrow/Recovery: a mechanism that allows a third party to retrieve the cryptographic keys used for data confidentiality, with the ultimate goal of recovery of encrypted data. Key Exchange: a scheme for two or more nodes to transfer a secret session key across an unsecured channel. Key Length: the number of bits representing the key size; the longer the key, the stronger it is. Key Management: the process and procedure for safely storing and distributing accurate cryptographic keys, the overall process of generating and distributing cryptographic key to authorized recipients in a secure manner.
Key Splitting: a process for dividing portions of a single key between multiple parties, none having the ability to reconstruct the whole key. KTC (Key Translation Center): a trusted server that makes a key chosen by one party available to another party by reencrypting (translating) it by a key shared with the requesting party. LRA (Local Registration Agent): an entity appointed by a CA or RA to assist other entities in applying for certificates, revoking their certificates or both. MAA (Message Authenticator Algorithm): an ISO standard that produces a 32-bit hash, designed for IBM mainframes. MAC (Message Authentication Code): a key-dependent oneway hash function, requiring the use of the identical key to verify the hash. MD2 (Message Digest 2): 128-bit one-way hash function designed by Ron Rivest, dependent on a random permutation of bytes. MD4 (Message Digest 4): The predecessor of MD5, later found to be weak. MD5 (Message Digest 5): 128-bit one-way hash function designed by Ron Rivest, very widely used. Message Digest (also MD): A number that is derived from a message. Change a single character in the message and the message will have a different message digest. MIC (Message Integrity Check): Same as Message Digest. Micalg (MIC algorithm) used to identify the MIC algorithm used in signing MIME Messages.
Threats
MIME (Multipurpose Internet Mail Extensions): a freely available set of specifications that offers a way to interchange text in languages with different character sets, and multi-media email among many different computer systems that use Internet mail standards. Modulus: The defining constant in modular arithmetic, and usually a part of the public key in asymmetric cryptography NIST (National Institute for Standards and Technology): a division of the U.S. Dept. of Commerce that publishes open, interoperability standards called FIPS. Non-repudiation: preventing the denial of previous commitments or actions. NSA (National Security Agency): a United States cryptologic organization tasked with making and breaking codes and ciphers. Oakley: The "Oakley Session Key Exchange" provides a hybrid Diffie-Hellman session key exchange for use within the ISA/KMP framework. Oakley provides the important property of "Perfect Forward Secrecy. One-Time Pad: a large nonrepeating set of truly random key letters used for encryption, considered the only perfect encryption scheme, invented by Major J. Mauborgne and G. Vernam in 1917. Not widely used because key management is impractical. One-Way function: a function of a variable string to create a fixed length value representing the original pre-image, also called message digest, fingerprint, message integrity check (MIC).
PAP (Password Authentication Protocol): an authentication protocol that allows PPP peers to authenticate one another, does not prevent unauthorized access but merely identifies the remote end. Passphrase: an easy-to-remember phrase used for better security than a single password, key crunching converts it into a random key. Password: a sequence of characters or word that a subject submits to a system for purposes of authentication, validation, or verification. Perfect Forward Secrecy: a cryptosystem in which the ciphertext yields no possible information about the plaintext, except possibly the length. PGP (Pretty Good Privacy): an application & protocol (RFC 1991) for secure email and file encryption developed by Phillip R. Zimmermann, originally published as Freeware, the source code has always been available for public scrutiny. PGP uses a variety of algorithms, like IDEA, RSA, Diffie-Hellman, CAST, DSA, MD5, SHA-1 for providing encryption, authentication, message integrity, and key management. PGP is based on the Web-of-Trust model and has world-wide deployment. PGP/MIME: an IETF standard (RFC 2015) that provides privacy and authentication using the Multipurpose Internet Mail Extensions (MIME) security content types described in RFC 1847, currently deployed in PGP 5.0 and later.
67
Network
68
Cryptography
PKCS (Public Key Crypto Standards): set of de facto standards for public key cryptography developed in cooperation with an informal consortium (Apple, DEC, Lotus, Microsoft, MIT, RSA and Sun) that includes algorithm specific and algorithm independent implementation standards. Specifications defining message syntax and other protocols controlled by RSA Data Security Inc. PKI (Public Key Infrastructure): a widely available and accessible certificate system for obtaining an entitys public-key with some degree of certainty that you have the right key and it has not been revoked. PKIX: A contraction of "Public-Key Infrastructure (X.509)", the name of the IETF working group that is specifying an architecture and set of protocols needed to support an X.509-based PKI for the Internet. Plaintext (or cleartext): the human readable data or message before it is encrypted. Private Key: the privately held secret component of an integrated asymmetric key pair, often referred to as the decryption key. Public Key: the publicly available component of an integrated asymmetric key pair often referred to as the encryption key. RA (Registration Authority): responsible for authorizing entities or LRA, distinguished by unique names, as members of a security domain, this involves associated a user with specific key material. RAs work on behalf of the CA. Random Number: an important aspect to many cryptosystems, and a necessary element in generating a unique key(s) that are unpredictable to an adversary .
RC2 (Rivest Cipher 2): variable key size, 64-bit block symmetric cipher, once a proprietary algorithm of RSA, Data Security Inc. RC4 (Rivest Cipher 4): variable key size stream cipher, once a proprietary algorithm of RSA Data Security, Inc. RC5 (Rivest Cipher 5): a block cipher with a variety of parameters, block size, key size, and number of rounds. RIPE-MD: an algorithm developed for the European Communitys RIPE project, designed to resist known cryptanalysis attacks and produce a 128/160-bit hash value, a variation of MD4. Revocation: retraction of certification or authorization. ROT-13 (Rotation Cipher): a simple substitution (Caesar) cipher, rotating each 26 letters 13 places. RSA: short for RSA Data Security, Inc.; or referring to: Ron Rivest, Adi Shamir, and Len Adleman; or to the algorithm they invented. The RSA algorithm is used in public-key cryptography and is based on the fact that it is easy to multiply two large prime numbers together, but hard to factor them out of the product. S-Box: A nonlinear substitution function (thus S-Box) basic to block ciphers (eg. DES and CAST), where an input is XOR-ed and converted to an output (6 bits and 4 bits, respectively, in DES) and which provides the core of such ciphers security. SA (Security Association): a simplex (uni-directional) logical connection that specifies a security process through the use of AH and ESP. SAFER (Secure And Fast Encryption Routine): a non-proprietary block cipher 64-bit key encryption algorithm. Not patented, available license free. Developed by Massey, who developed IDEA.
Threats
69
Network
70
Cryptography
Symmetric algorithm: an encryption algorithm in which the same secret key is used for both encryption and decryption. Also known as conventional, secret-key and single-key algorithms. Block and stream ciphers are classes of symmetric algorithms. Timestamping: recording the time of creation or existence of information. TLSP (Transport Layer Security Protocol): ISO 10736, draft international standard. Transposition cipher: the plain text remains the same but the order of the characters is transposed. Triple DES: an encryption configuration in which the DES algorithm is used three times with three different keys. Trust: a firm belief or confidence in the honesty, integrity, justice, reliability, etc., of a person, company, and so forth. TTP (Trusted Third-Party): a responsible party in which all participants involved agree upon in advance to provide a service or function, such as certification, by binding a public-key to an entity, time-stamping, or key-escrow. Web of Trust: a distributed trust model used by PGP to validate the ownership of a public key where the level of trust is cumulative, based on the individuals knowledge of the introducers. XOR (eXclusive Or opeRation): exclusive - or operation, a mathematical way to represent differences.
X.509v3: an ITU-T digital certificate that is an internationally recognized electronic document used to prove identity and public key ownership over a communication network. It contains the issuers name, the users identifying information, and the issuers digital signature, as well as other possible extensions in version 3. Zeroed: the degaussing, erasing or overwriting of electronically stored data.
Threats
Cryptography
Threats
Network
The information in this document is subject to change without notice and must not be construed as a commitment on the part of Symantec Corporation. Symantec assumes no responsibility for any errors that may appear in this document. No part of this document may be reproduced, stored in a retrieval system, or transmitted, in any form a by any means - graphic, electronic, or mechanical, including photocopying and recording - without the ,prior written permission of the copyright owner. Symantec and the Symantec logo are U.S. registered trademarks of Symantec Corporation. Other brands and products are trademarks of their respective holders). Copyright 2001 Symantec Corporation. All Rights Reserved. Printed in the United States of America 08/01 09-71-00385