4 - Network security - chapters 4,5
Contents
1. 42 4MMSR Network Security 2010 201 1 ECOLE NATIONALE SUPERIEURE D INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES N A 5 1 Protocoles IP UDP et TCP rappels cime J T IP Internet Protocol v4 v6 UDP User Datagram Protocol e Sans garantie d ordre d arriv e e Pas de retransmission TCP Transport Control Protocol Connexion garantie circuits virtuels Correction d erreurs Cf vos Cours de r seaux 43 4MMSR Network Security 2010 2011 ECOLE NATIONALE SUPERIEURE D INFORMATIQUE ET OE MATHEMATIQUES APPLIQUEES 5 2 IPv4 paquet rappel ses ig 4 bytes 3l version im Be total length fragment offset protocol header checksum source address destination address options padding e Un paquet IP comprend Une charge data Un Header comprenant o L adresse source IP o L adresse destination IP 44 4MMSR Network Security 2010 201 1 ECOLE NATIONALE SUPERIEURE D INFORMATIQUE ET OE MATHEMATIQUES APPLIQUEES 5 2 IPSec extension de IPv4 ie Y S curisation de IPv4 e RFC 2401 IP Security Architecture RFC 2402 IP Authentication Header AH e RFC 2406 IP Encapsulating Security Payload ESP e RFC 2408 Internet Security Associations and Key Management Protocol ISAKMP IPv6 inclus IPse2. 4 encrypted Authenticated integrity Tunnel mode gt encrypted Authenticated integrity e IP header NOT protected Formation DirectAccess Youssef Zizi amp Cyril Voisin Microsoft 2010 49 4MMSR Network Security 2010 2011 ECOLE NATIONALE SUPERIEURE D INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES 5 2 IPSec SA amp IKE sc jn SA Security Association D crit comment seront utilis s les services de s curit lors d un change o L algorithme de chiffrement utilis o L algorithme d authentification utilis o Une cl de session partag e donc sym trique pour raison de performance e unidirectionnel e lie des adresses IP Windows Firewall with Advance AP ers E3 Inbound Rules mme IW Local A Rem 1st Authentication Method 2nd Authentication Method Encryption Inte Outbound Rules _ L C4 Connection Security Rules Wa 2002 2002 Computer certificate User NTLMv2 AES CBC SH 4 X Monitoring 852002 2002 Computer certificate User NTLMv2 AES CBC SH B Firewall amp Connection Security Rul Vye des SA dans le p
3. PAP Password Authentication Protocol unencrypted ASCII password CHAP Challenge Handshake AP Shared secret key eg user password Periodically a challenge is sent to the client Response hash challenge secret key e EAP Extensible AP e Several authentication methods o EAP TLS 58 4MMSR Network Security 2010 201 1 ECOLE NATIONALE SUPERIEURE INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES Vs 5 4 3 Tunnel protocols PPTP Grenoble INP Ensimag J PPTP Point to Point Tunelling Protocol Microsoft amp Alcatel Lucent 3Com PPP link over IP ONLY o GRE Generic Routine Encryption tunnel encapsulating PPP packets o Control channel over TCP 1723 permits confidentiality integrity and authentication PPTP packet PPP packet 4 lt lt eee encrypted 59 4MMSR Network Security 2010 2011 ECOLE NATIONALE SUPERIEURE INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES 3 P 5 4 3 PPTP data flow ensimag y PSINor Network Access KFFIF ISDN Server Server Private 3 4 Net worl O PPP Valid Internet ID addresses used PPP f PPP Eu Internal addressing IP IPX NetBEUI IP IPX NetBEUI IP IPX NetBEUI schemes use _ encrypted 60 4MMSR Network Security 2010 2011 RER srenoble We These ones have no encryption capabilities Necessary to use an additional protocol eg IPSec e L2F Layer 2
4. 4MMSR 2010 2011 Grenoble Ensimag Grenoble INP Ensimag S curit des r seaux Lecturers Fabien Duchene Dominique Vicard Chapters 4 Intranet el 5 protocols access D INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES N Plan nouveau sujet de l g res modifications en l o O Introduction apice 4 intranet G internet o Parano mode d emploi SHEIETUHCTUOH aii du Active Directory gt Proxy Socks o 1 Menaces vuln attaques Kerberos B o D finitions Conformance unu IDS IPS e 7 Navigateur Antimalware NAC Privacy mode o 2 Qqes algorithmes e 5 Protocoles Javascript XSS o St ganographie IPSec Flash ActiveX Java o Partage de secret RFID Sandbox o P2P lalgo Eigentrust RAS PPTP L2F L2TP HTLM5 o 3 Poste client SSL TLS o Certifications VPN o Principes de la s curit EAP amp RADIUS o Principaux m chanismes e 802 11 o NT4 e GSM o Unix 2 4MMSR Network Security 2010 201 1 OOOO OOOO UT OO P HR ECOLE NATIONALE SUPERIEURE 1 Introauction D INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES gt 4 Intranet dia iie y e Authentication Active Directory NT5 quelques protocoles e Kerberos IDS amp IPS e Conformance e Antimalware Network Access Control 3 4MMSR Network Security 2010 201 1 ECOLE NATIONALE SUPERIEURE D INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES Nx
5. clear text challenge RACA challenge WEP ke 80 4MMSR Network Security 2010 2011 ECOLE NATIONALE SUPERIEURE D INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES N VS 5 8 1 RC4 problem Vernam cipher ensimag Jj I if real randomness then one time pad Secret Key KE Pseudo Random Number Generator Random number r Unencrypted data ___ Ts gt Encrypted data d e d XORr e What if r is not so random 82 4MMSR Network Security 2010 2011 ECOLE NATIONALE SUPERIEURE D INFORMATIQUE ET OE MATHEMATIQUES APPLIQUEES 5 8 1 Stream cipher basic cryptanalysis te What if the same encryption key is used at least two times e1 d1 XOR r e2 d2 XOR r e Then e XOR e2 di XOR d2 From that we can deduce e reusing r is a VERY bad idea d1 and d2 are not random thus sensible to patterns attacks See aircrack ARP attacks 802 11 o ICV CRC could confirm we did find the value o r is IV wep password 83 4MMSR Network Security 2010 2011 ECOLE NATIONALE SUPERIEURE D INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES 5 8 1 the Birthday paradox with 802 11 IVs sss pn e Pn probability that 2 packets among n do use the same IV e IV 24 bits thus number of IV 2424 P2 1 2 24 e Pn Pn 1 n 1 1 Pn 1 2424 n gt 2 e Pn gt 50 e Starting from only n 4823 packets 84 4MMSR Net
6. 26C3 2010 o 2Torainbow tables available on Bittorrent o forless than 1 000 H W Wideband GSM Sniffing Karsten Nohl Sylvain Munaut 27C3 2011 AS 8 o Apractical Time attack on the A5 3 Cryptosystem Used in 3G telephony Orr Dunkelman Nathan Keller et Adi Shamir 2010 o 75 probability with 1Go of data 2H communication seems unpractical o However since multimedia usage do proliferate e Andin practise e Unfrequent TMSI changes e Unfrequent Hopping e No systematic rekeying before each call or SMS e Predictable padding gt confidentiality threatened 105 4MMSR Network Security 2010 2011 ECOLE NATIONALE SUPERIEURE D INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES Vs 5 9 GSM security in 2011 ensis GSM should currently be used as an untrusted network just like the Internet Threat Investment Scope Mitigation Low Local Mutual Fake base station authenti l Cell phone SE lo o o cation amp m networks do Passive intercept of Low Local mdi not provide voice SMS state of the art Q 7 security Passive intercept of Currently not data possible Protection BREL must be Phone virus Medium to Large embedded in malware high Trust the phones and IITIUEDULIIIIYTILULIIITIIT RS elc IS eID EE TS anchor locked away High Large from malware Phishing Wideband GSM Sniffing Karsten Nohl Sylvain Munaut 27C3 2011 106 4MMSR Network Security 2010 201 1 ECOLE NA
7. lt Child domain ms we uA UM y P ien ay ECOLE NATIONALE SUPERIEUR D INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES va s a s LT e 4 7 4MMSR Network Security 2010 201 1 4 1 1 ADDS relations d approbations ensimag 3 Ensimag J j Trust relationships one way trust A B one way transitive or not relation meaning a domain A considers the identities provided by B as valid A lt B AND B lt A Within a tree implicit transitive 2 way trust between child and parent domains two way trust A lt gt B Example of one way forest trust corp nintendo com trusts ms google biz tree 9 eee TRUSTED domain ECOLE NATIONALE SUPERIEURE D INFORMATIQUE ET DE MATHEMATI QUES APPLIQUEES Grenoble MI 4 1 2 Windows NT5 quelques protocoles ima NT5 Windows 2000 Protocoles cl partag s o Authentification NTLM domaines h t rogenes o Authentification Kerberos V5 cl publique o Secure Sockets Layer SSL transport Layer Security TLS o IPSec Active Directory peut g rer diff rents types de credentials SSP R les de machine Windows 11 4MMSR Network Security 2010 201 1 ECOLE NATIONALE SUPERIEURE D INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES 3 4 1 3 Kerberos crimes T Protocole authentification autorisation d velopp par le MIT Projet ATHENA oingle Sign On
8. 3 Kerberos acces au service 5 6 aia Client to Server ticket client_ID client_FQDN TCS_validity_period K_client svc K req svc K client SS session key between the client and the SS 65 5 1 Client to Server ticket 5 2 Authenticator 2 Client ID timestamp K client SS Service Server eg issuing CA Knows eg g K client K client SS 6 e timeStamp in 5 2 1 K client SS OK I can serve you Is timestamp timestamp 5 21 User com puter If so can trust that service 16 4MMSR Network Security 2010 2011 x E rte 4 1 3 Kerberos Acces inter domaine win l Unerelation de confiance est tablie par le biais d une cl partag e entre domaines gr ce laquelle des referals tickets TGT inter domaine sont envoy s TRUSTING domain TRUSTED domain contains ressources SS contains identities AY exo KR EMag fr ff K AS google TGS nintendo TGT inter domaine B Q User Service Server comput er eg issuing CA 20 4MMSR Network Security 2010 2011 ECOL D INFORMATIQUE ET DE MATHE OLE NATIONALE SUPERIEURE MATIQUES APPLI QUEES N 4 1 3 Kerberos Smart Card authentication crimes 1 l Client ID Security Principal Name username computername msg key chiffrement de msg avec la cl key e K client pub K client priv paire de cl assym trique e K client TGS Session key generated by
9. APPLIQUEES
10. Version actuelle vb RFC4120 Hypoth se le r seau peut tre non sur e Bas sur l existence d un tiers de confiance le KDC Key Distribution Center Cryptographie principlament sym trique ventuellement assym trique eg ice auth par carte puce Kerberos amp Herakles e D clinaisons Cerb re amp Hercules MIT Kerberos Microsoft Kerberos Windows NT gt 2000 Heimdal Kerberos Su de 12 4MMSR Network Security 2010 201 1 ECOLE NATIONALE SUPERIEURE D INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES Grenoble I L 4 1 3 Kerberos authentication amp service aCCeSS nsimag IL l Key Distribution Center KDC Identity provider Authentication Servet G am Mossen need a Ticket to Get Tickets TGT Here is a Service Ticket ere is a TGT you will only CO taining your information for accessing be able to decrypt if you want to access the know the shared secret Issuing CA service th Issuing CA service user comp pwd Here is a proof decrypted the TGT SS UserSID User ervice ui computer Ticket GroupMembershipsSIDs Service Server eg issuing CA Service communicati Introduction to the Microsoft PKI ADCS 2008 R2 2011 Fabien Duchene Sogeti ESEC ECOLE NATIONALE SUPERIEURE D INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES 13 4MMSR Network Security 2010 2011 Grenoble MI 4 1 3 Ke
11. identifiant de l abonn mobile connu l ext rieur du r seau GSM MSHRN Num ro attribu lors d un appel pour l acheminement des donn es 101 4MMSR Network Security 2010 201 1 ECOLE NATIONALE SUPERIEURE D INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES 5 9 GSM security protecting the renobte subscriber identity ims T MS Poste VMSC VLR HLR GMSC Appelant RAE MSISDN 1 O O MSISDN ay Ms 3 4 MSRN MSRN 6 TMSI QU IMSL 7 RE Note e VLR Visitor Location Register registre de la cellule ou se trouve le mobile e HLR Home Location Register registre de l op rateur du mobile e VMSC Visitor Mobile Service Switching Center tablissement hand over et SMS e GSMC Gateway SMC 102 4MMSR Network Security 2010 201 1 ECOLE NATIONALE SUPERIEURE D INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES Grenoble MI 9 9 GSM security subscriber privacy ensimag I Frequency Hopping Speard Spectrum FHSS Rapidly switching of carrier among many channels Using a pseudorandomness function Usage e Mainly for QoS But could and SHOULD be used for user privacy 103 4MMSR Network Security 2010 201 1 ECOLE NATIONALE SUPERIEURE D INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES VS 5 9 attacking the wideband GSM network eme Cryptosystem e A5 1 could be cracked in seconds GSM SRLSY Karsten Nohl
12. 10 201 1 ECOLE NATIONALE SUPERIEURE D INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES Grenoble M 5 Acces Protocoles a e Introduction IP IPSec RFID RAS PPP PPTP L2F L2TP e SSL TLS e VPN EAP RADIUS e 802 11 Witi e GSM 40 4MMSR Network Security 2010 2011 ECOLE NATIONALE SUPERIEURE D INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES 5 1 Introduction sss pn Les protocoles r seaux offrent dans leur impl mentations natives de nombreuses vuln rabilit s Tous les protocoles classiques disposent d une version endurcie hardened version 41 4MMSR Network Security 2010 201 1 ECOLE NATIONALE SUP RIEURE D INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES N Y Grenoble INP 9 1 Quelques protocoles ensimeg Jr Application Transport IP ICMP R seau Physique
13. 4 1 1 Active Directory ensima Active Directory Directory Services service d annuaire Ouverture de session unique Acces universel aux ressources Administration centralis e ou d l gu e e Service d authentification et de fourniture de donn es d authentification Fonctionnalit s Kerberos authentication e LDAP directory contains Security Principals amp other objects DNS resolution e Versions e 2000 native 2000 mixed 2003 2003 R2 2008 2008 R2 5 4MMSR Network Security 2010 201 1 ECOLE NATIONALE SUPERIEURE D INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES Grenoble MI 4 1 1 Role de machines Windows sim e Autonome Workgroup e Non membre d un domaine e Base de comptes SAM Security Account Manager locale Client membre d un domaine e Base SAM locale e Authentification o domaine o SAM locale Contr leur de domaine DC Copie des objets du domaine e Assure le r le KDC dans Kerberos o Authentifie les machines et utilisateurs ECOLE IONALE SUPERIEURE D INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES 6 4MMSR Network Security 2010 201 1 Grenoble MI 4 1 1 g ADDS m Domaines Forets ima Domaine domain 1 FQDN DNS 1 annuaire security principals politiques de s curit authentification Arbre tree hi rarchie de domaines DNS For t forest plusieurs hi rarchies DNS cf slide suivante Root domain Ee Loue a a Le
14. Forwarding protocol Cisco 1998 RFC2341 L2TP Layer 2 Tunelling Protocol e 1999 Cisco amp Microsoft RFC2661 L2TPv3 2005 RFC3931 Not necessarily over an IP network does support RADIUS 9 9 Secure Socket Layer SSL TLS sss pn e SSL 1 0 Netscape 1995 TLS Transport Security Layer Current version TLS 1 2 aka SSL 3 3 RFC5248 aug 2008 e Security properties o Communication HTTP FTP SIP Integrity MAC IMAP POP Confidentiality symmetric cryptography o Server authentication asymetric crypto o Key exchange RSA Diffie Hellman TCP o Eventually client authentication e Sub protocols o Handshake version algorithm authentication o Record data fragmentation app layer integrity confidentiality o Alert errors end of session Application O ChangeCipherSpec messages will be authenticated and eventually encrypted 63 awven Application application data IF D INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES 5 5 SSL handshake unauthenticated client sss pn MAC Message Authentication Code hash function key message ET ClientHello ciphers and compression it supports ClientNonce Cipher and compression choice 1 3 1 ServerHello chosen TLS version cipher compression and a ServerNonce 1 3 2 Certificate 1 3 3 ServerHelloDone ServerCertificate validation integrity validity time revocation ge PreMasterSec
15. IP and IPX networks May eventually require a Call Back RAS server Access Point PPP connection initialization the AP requests a PAP CHAP or EAP authentication lt gt enim e the user authenticates User computer the RAS server connects to the network eg PPTP L2F L2TP 4 connects to itself only i E X rejects the connection authorization or authentication fails requests a call back 55 4MMSR Network Security 2010 2011 ECOLE NATIONALE ask ERIEURE D INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES 56 Grenoble MI Ensimag Ji y e Data link protocol for a communication between two nodes Point to Point connection Authentication encryption compression Connection to a Remote Access Server 9 4 1 Point to Point Protocol PPP Application PPP dialup PPPoE amp PPPoA DSL Internet Network RFC http tools ietf org html rfc1661 4MMSR Network Security 2010 2011 ECOLE N IEURE D INFORMATIQUE ET OE MATHEMATIQUES APPLIQUEES N 5 4 2 RAS Authentication methods ensimag Jj ENsimag j
16. Keystream veey e oTi oTi S seed Plain text He ROO Wikipedia WEP e Flaws Cipher text if the same IV is used same as one time pad if number generator weak ability to gain some knowledge about the key Weaknesses in the Key Scheduling Algorithm of RC4 Scott Fluhrer Itsik Mantin Adi Shamir 78 4MMSR Network Security 2010 2011 ECOLE NATIONALE SUPERIEURE D INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES Grenoble MI 2 8 1 Wireless Equivalent Privacy WEP sima e Chiffre RC4 56 bits IV 24 bits e 802 11 does not prevent reusing the same IV Key WEP password 40 bits 40 24 64 bits WEP security 104 bits 128 bits WEP security ICV Integrity Check Value CRC 32 WEP encrypted frame RN NR RA RN ri PN e M a RR i a RR a a AA EE RUN GS ts ts a a a 79 4MMSR Network Security 2010 2011 ECOLE NATIONALE SUPERIEURE D INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES s 5 8 1 Shared Key Authentication SKA ensimeg e Four Way Handshake using the WEP password secret key Access Point o Client station shared secret key shared secret key Challenge decryption and comparison E WEP password WEP password Positive negative response E38 Authentication request
17. S 4 3 1 IDS IPS sss pn e Intrusion Detection System passif enregistre notifie o Composant qui monitore le r seau et ou le syst me o Reporte les comportements suspects ou violations de politiques e Intrusion Prevention System detects and reacts o Actions automatiques ou semi automatiques D tection o Comportement statistiquement anormal m triques o Signature attack patterns Probl mes e Faux positifs fausses alertes Faux n gatifs intrusions non d tect es Position NIDS NIPS Network HIDS HIPS Host server client 33 4MMSR Network Security 2010 201 1 ECOLE NATIONALE SUPERIEURE D INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES Grenoble MI 4 3 2 Antimalware ima D tection Classique hash du binaire e Heuristiques intelligence artificielle o Signature g n rique Variations l g res dans le code binaire o Comportement ex cution en sandbox ou environnement virtualis Op rations acces fichiers configuration du syst me Diff rences en environnement virtualis ou non e l D tection non parfaite Cf th orie de G del sur l incompl tude et l iacoh rence Probl me INDECIDABLE Configuration e Centralisee e Selon des mod les de poste KDC serveur web o Exclusions que scanner Processus dossiers Actions autoriser quarantaine supprimer demander Mises jour de d finitions Scans complets du syst me e Menaces les antimalwa
18. TIONALE SUPERIEURE D INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES N 5 Protocols access summary ensima JL l IPSec EAP VPN eUseful for VPN and for internal network eAuthentication framework eEncrypted tunnel over a public network Modes transport tunnel 802 1X RADIUS WPA 2 enterprise e PSec L2TP IPSec L2F HTTPS e AH ESP IKE SA SSL TLS 802 11 GSM eBtwn transport and application layer eWEP RC4 stream cipher eTMSI temporary identity eCertificate server eventually client eWPA adds TKIP not enough eHopping mainly for QoS could be for ehandshake eWPA2 AES block cipher privacy eCorporations WPA 2 enterprise mostly eRekeying each time the user authenticate EAP TLS A5 1 A5 2 should not be used real time attacks 107 4MMSR Network Security 2010 201 1 ECOLE NATIONALE SUPERIEURE D INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES Vs Interlude ensima JL l f MY BOSS 15 SO DUMB FF 23 my GOSS TS HE BROUGHT A TAPE AY d MEASURE TO A DISTANCE LEARNING CAN T SEE HIS FC SCREEN E mail SCOTTADAMS 2 CC COM DILBERT MY PC IS WARM I THINK OUR FIRE GALL IS HOW ABOUT YOU V DILBERT DO YOU M HAVE ANY DUMB BOSS JOKESP iiy re Unite Pemure Syndicats ine copyright 1999 United Feature Syndicate Inc tedistribution in whole or in part prohibited 108 4MMSR Network Security 2010 201 1 ECOLE NATIONALE SUPERIEURE D INFORMATIQUE ET DE MATHEMATIQUES
19. aft in 2004 amended in 2007 e WPA2 CCMP Counter Mode CipherBlockChaining Mac Protocol o AES FIPS 197 o 128 bit key 128 bits cipher block o 10 rounds of encoding 802 1x support in 802 11 Key distribution 92 4MMSR Network Security 2010 201 1 ECOLE NATIONALE SUPERIEURE D INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES Grenoble M 2 8 4 802 11 in corporations sime e WPA enterprise e WPA2 enterprise EAP for authentication and encryption Mostly used EAP TLS with certificates thus a PKI is needed e EAP TTLS e PEAP Microsoft 93 4MMSR Network Security 2010 2011 ECOLE NATIONALE SUPERIEURE D INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES D 5 9 GSM ensima jn 5 billion users e For the basics review your 15 year GSM course Main security services Subscriber authentication e Data and signalization confidentiality e Subcriber identity confidentiality privacy 94 4MMSR Network Security 2010 201 1 ECOLE NATIONALE SUP RIEURE D INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES Grenoble MI 9 9 GSM security global view ensimag jil N Subscriber ae Le triplet RAND SRES K est pass d un r seau l autre A5 algorithme de chiffrement n est toujours pas officiellement public A5 1 A5 3 A3 A8 est connu sous le nom de A38 96 4MMSR Network Security 2010 201 1 BODIE MATIONAIS SUPERISUAT 5 9 GSM security subscriber aut
20. are feu Windows 4 amp Security Associations I Main Mode NT6 Vista et ult rieur IKE Internet Key Exchange Distribution des cl s 52 4MMSR Network Security 2010 201 1 ATIONALE SUPERIEURE ECOLE N D INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES Nx 5 2 IPSec en entreprise cime l User 2 on Host B JDP Transport Layer IPSEC Driver 49104 AUN38S dl A3104 Ayunaag dl yS uoneisossy Ayunaas 53 4MMSR Network Security 2010 26 ECOLE NATIONALE SUPERIEURE D INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES Vs 5 3 Radio Frequency IDentification RFID crimes T e Reader tag s gt e tag two main types RFID e only replies its ID cleartext without reader authentication nor data encryption can perform cryptographic operations Applications Tracking Passport goods Access control Security issues Privacy eg chip inside hand contactless e Vulnerabilities o Replay attacks if no cryptoprocessor o Wireless thus antenna range amplification gt privacy o he ID is generally used within a web application thus classic web attacks SQL injection XSS gt check your Conceiving Web App lectures 54 4MMSR Network Security 2010 201 1 ECOLE NATIONALE SUPERIEURE D INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES 5 4 Remote Access Server RAS Grenoble MI Ensimag Ji y Permits a remote access to
21. c Cf vos Cours de r seaux INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES Y 5 2 IPSec integrity authentication encryption ens l AH 515 IP protocol Authentication integrity anti replay NO CONFIDENTIALITY integrity on PAYLOAD and IP header o problems with Network Address Translation Network lectures ESP 50 IP protocol Authentication integrity anti replay PAYLOAD CONFIDENTIALITY IP header unchanged only in tunnel mode e NAT Transversal Usages AH ESP or AH ESP Formation DirectAccess Youssef Zizi amp Cyril Voisin Microsoft 2010 47 4MMSR Network Security 2010 2011 ECOLE NATIONALE SUPERIEURE D INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES 5 2 IPSec Authentication Header AH on ENSIMAG e Transport mode authenticated integrity e Tunnel mode authenticated integrity Integrity hash covering the whole datagram except TypeOfService Fragment Offset Flags TTL IP header checksum Formation DirectAccess Youssef Zizi amp Cyril Voisin Microsoft 2010 48 4MMSR Network Security 2010 201 1 ECOLE NATIONALE SUPERIEURE D INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES Grenoble I t 5 2 IPSec Encapsulating Security Payload ESP 555 IL l e Transport mode
22. ent RADIUS server EAP request identity shared Secret key a EAP response identity RADIUS access request EAP a EAP request RADIUS access challenge EAP e MM M 2 EAP response credentials i RADIUS access request EAP gt EAP success RADIUS access accept EAP Eo B mods trolled port ressources If authentication or authorization error z access n m E 4MMSR Network CELL EE EE EE EE LtiL L LALLhLLILALIA Lio i1 sd 2010 2011 NATIONALE SUPERIEURE QUE ET a en HEMATIQUES APPLIQUEES 5 8 802 11 Wifi c n e 802 11 security 802 11 gt RCA gt WEP SKA WPA e 602 11i WPA2 802 11 security in corporations 15 4MMSR Network Security 2010 2011 ECOLE NATIONALE SUPERIEURE D INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES 5 8 1 802 11 ensimag jn e 802 11 a 1999 b 1999 g 2003 n 2009 e Review your network courses e Security 1999 e Data encryption Wireless Equivalent Privacy WEP Authentication o shared Key Authentication SKA WEP is used during authentication o Open System Authentication no authentication occurs 76 4MMSR Network Security 2010 2011 ECOLE NATIONALE SUPERIEURE D INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES 5 8 1 Reminder RC4 ia stream cipher e IV Initialisation Vector e Key shared between the parties __
23. hentication sss pn Ler seau envoit un challenge RAND R seau secrete Ki Stock e dans la carte E SIM et dans l AUC Centre d authentification L authentification sert g n rer une cl Kc de chiffrement des donn es et de la signalisation Tue AS one way hash param tr par cl Abonn Abonn authentifi interdit 98 4MMSR Network Security 2010 201 1 ECOLE NATIONALE SUPERIEURE D INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES 5 9 GSM security data and signalization sA confidentiality spl i A8 Lc sm SIM Interface Radio B X Ex Ler seau et le mobile MS R seau uel Kc A8 Ki RAND One way hash param tr e par cl mu RAND MM Ki RAND RAND lt 7 As symetric stream cipher specs secr tes chiffre les donn es et la signalisation A5 1 initially USA Europe AB5 2 initially others Store Kc S Kc A5 3 should be used everywhere 100 4MMSR Network Security 2010 201 1 ECOLE NATIONALE SUPERIEURE D INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES 5 9 GSM security protecting the subscriber Grenobie We identity enini t Identification de l abonne MS seul le num ro est connu IMSI Identit invariante de l abonn est gard e secrete l int rieur du r seau TMSI Identit temporaire attribu e apres une authentification r ussie e MSISDN Num ro de l abonn c est le seul
24. ic Tews et Martin Beck ont annonc avoir d couvert une faille de s curit dans le protocole WPA La faille situ e au niveau de l algorithme TKIP Temporal Key Integrity Protocol exploite l architecture du protocole WPA e TKIP se met en place apr s le protocole WEP or le code MAC est contenu dans un paquet WEP ce qui permet un pirate informatique de l intercepter Une fois intercept le paquet peut tre utilis pour r cup rer le code MAC et se faire passer pour le point d acc s Cette m thode est encore plus efficace en interceptant les paquets ARP puisque leur contenu est connu attaques par pattern Cette faille concerne exclusivement le protocole WPA utilisant TKIP Les protocoles utilisant AES restent s curis s e Les d tails concernant cette faille ont t expos s de facon d taill e durant la conf rence PacSec les 12 et 13 novembre 2008 Tokyo 2 Martin Beck a int gr l outil pour exploiter cette faille dans son outil de piratage des liaisons sans fil nnmm aircrack ng createur originel d aircrack Christophe Devine e Contre mesure Il est toutefois assez facile de contrevenir a cette faille en forcant la n gociation des cl s toutes les deux minutes ce qui ne laisse pas assez de temps pour que l attaque r ussisse 91 4MMSR Network Security 2010 201 1 COLE NATIONALE SUPERIEURE D INFORMATIQUE ET OF MATHEMATIQUES APPLIQUEES 9 8 3 802 111 Grenoble jn e IEEE standard 802 11 2007 dr
25. io Ily a5 minutes gt Cr er une tithe J Critique Contr le perdu La connexion n a pas t tabl Il y a 27 jours t UP Critique Kaspersky Anti Virus n est pas install j gt Lancer la t che Bh okivisible Derni re connexion au Serveur d administratio llyaSminutes X Protection n OKJVisible Derni re connexion au Serveur d administratio Il y a une minute J v nements SHIP okjvisible Derni re connexion au Serveur d administratio Ilyali2minutes 3 Avertissement Certains objets n ont pas t trait s Il y a 4 minutes X Consulter les propri t s du poste 7 Critique Contr le perdu Protection inactive La recherc Il y a 18 jours is MD critique Visible Protection inactive tl Il y a 12 minutes 35 4MMSR Network Security 2010 201 1 ECOLE NATIONALE SUPERIEURE D INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES VS I 4 3 3 Network Acces Control ee J Poste client Acc s certaines zones capacit de communication avec certaines machines en fonction NON de la topologie du r seau Mais d un ensemble de m triques du poste client o Pare feu activ o Mises jours install es antimalware OS applications o Chiffrement de la partition systeme o e M thodes d isolation DHCP 802 1X VPN IPSec e Produits MI A Cisco NAC EE Microsoft NAP Protection ean ciii 36 4MMSR Network Security 201 0 201 1 IPsec a
26. rberos authentification du client 1 2 ensimag I Client ID Security Principal Name username computername e msg key chiffrement de msg avec la cl key Do K client hash du mot de passe du client user comp Koonce e K client TGS session key generated by the AS K client QJ K TGS D K cli TGS Identity provider Authentication Server Knows K client 2 Ticket to Get Ticket client ID client FQDN TGT validity period K client TGS K TGS computer 14 4MMSR Network Security 2010 201 1 ECOLE ne pes ERIEURE D INFORMATIQUE ET DE MATHEM UES APPLIQUEES noble MI 4 1 3 Kerberos autorisation d acc s au service 3 4 e TGT client ID client FODN TGT validity period K client TGS K TGS e Req svc ID ID of the service the client requests access to WERE KDC e K client SS session key for the client and the requested ervice Knows K TGS EJ 3 1 TGT Req_svc_ID d K client TGS 3 2 Authenticator K req svc Client ID timestamp K client TGS K client SS Ticket Grantig Service TGS Knows K client K client TGS K client SS ient to Server ticket client ID client FQDN TCS validity period K client svc D K req svc User 4 2 K client SS K client TGS computer 15 4MMSR Network Security 2010 201 1 ECOLE sp ERIEURE D INFORMATIQUE ET DE MATHEM UES APPLIQUEES Grenoble 4 1
27. res disposent de privil ges SYSTEM iAWACS 2010 O O 34 4MMSR Network Security 2010 2011 ECOLE NATIONALE SUPERIEURE D INFORMATIQUE ET OF MATHEMATIQUES APPLIQUEES N Y 4 3 2 Antimalware screenshots crimes J Z Zone de confiance R gles d exclusion applications de confiance e Exclusions v windir ntds Res2 log v windir ntds Res1 log windir ntds EDB log windir intds Ntds pat owindir o SoftwareDistribution Data owindir o SoftwareDistribution Data owindir o SoftwareDistribution Data ES e Description cliquez sur les param tres soulign s pour les m L objet ne sera pas analys lorsque les conditions suivante Objet windir ntdsiNtds dit T ches sp cifique Antivirus Fichiers Monitoring Postes clients Administration des postes clients dans le Nom Etat Description de l tat Connexion au Serveu groupe d administration SBR okjvisible Derni re connexion au Serveur d administratio Ily aune minute 4 D but du fonctionnement SBE okivisible Derni re connexion au Serveur d administratio Ily 10 minutes ams n OKJVisible Derni re connexion au Serveur d administratio Il y a une minute gt Ajouter ordinateur n OKJVisible Derni re connexion au Serveur d administratio Il y a 8 minutes EJ assistant d installation distance HIP okivisible Derni re connexion au Serveur d administrat
28. ret encrypted using K server pub Server Eventually sends the serverNonce encrypted with K client priv Client Decryption of the PreMasterSecret using K Server priv MM ity Session keys function PreMasterKey ClientNonce ServerNonce 1 7 1 8 1 ChangeCipherSec next messages will be authenticated and encrypted 1 8 2 Finished z hash prev msgs MAC session key prev msgs 1 9 1 ChangeCipherSec 19 1 9 2 Finished hash prev msgs MAC session key prev msgs 65 4MMSR Network Security 2010 201 1 ECOLE NATIONALE SUPERIEURE D INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES 5 6 Virtual Private Network VPN sss pn e R seau Priv Virtuel Private confidential tunnel over a public network nterconnecting with remote office Connecting to the corporate network when outside Regional dw Internet Office dues Head office PPTP L2TP IPSec 3 HTTPS m Risks Remote roaming users the Internet can access inside the corporate network o Strong authentication at least 2 factors o operational network teams security teams 68 4MMSR Network Security 2010 2011 ECOLE NATIONALE SUPERIEURE D INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES 5 7 802 1X EAP RADIUS sss pn EAP authentication framework RFC5247 Used in 802 1X PPP could use RADIUS for authorization 802 1X supplicant 802 1 X authenticator 802 1 X authentication server EAP Peer EAPOL start RADIUS cli
29. t d obtenir des tickets sans avoir redonner son mot de passe o licket Granting Ticket TGT a faible dur e de vie o Le KDC donne des tickets sur pr sentation du TGT Param tres par d faut e Validit TGT210H e Validit TGS 10H Diff rence de 5 minutes MAX entre client AS TGS SS gt synchronisation NTP X Enforce user logon restrictions 3 Maodmum lifetime for service ticket 600 minutes Se Maximum lfetime for user ticket 10 hours C Windows Settings 3 Security Settings EP Account Policies 2 Password Policy P Account Lockout Policy Kerberos Policy REl Madum lifetime for user ticket renewal 7 days x Ma dmum tolerance for computer dock synchronization 5 minutes 24 4MMSR Network Security 2010 201 1 ECOLE N pores ALE si ERIEURE D INFORMATIQUE ET DE MATH e VES APPLIQUEES Grenoble MI 4 1 3 Kerberos some threats and attacks rina 1 y Threats single point of failure if only one KDC impersonation if at least one KDC compromised Any user could be impersonated Attacks e KDC spoofing old PAM KRB5 implementation no authorization Replay attack sniff and resend 5 KRB AP REP o KRB AP REP validity duration generally 5 minutes source IP o Service Server stores a cache of requests Multiple identitical KRP AP REP are ignored Cipher DES weak initially used Negotiation not authenticated o Windows 7 DES disabled for Kerberos authentication Ticket cache at
30. tack file on the client system Pass the Ticket ability to authenticate on the client Only Microsoft implementation is vulnerable and not yet corrected Taming the Beast Assess Kerberos Protected networks Emmanuel Bouillon Black Hat 2009 25 4MMSR Network Security 2010 201 1 ECOL c pain ALE iom EURE D INFORMATIQUE ET DE MA m UES APPLIQUEES 4 2 Virtualisation virtualization sss pn Mise en place d une version virtuelle gt Types Hardware CPU Memory NIC ES e de mat riel Hyperviseur Hyper V QE e de stockage RAM d OS e de bureau d application EE HW virtualization logical view e Vuln rabilit s Rajout d une couche suppl mentaire gt vuln rabilit additionnelles potentielles o Hyperviseur poss de des droits syst me sa compromission gt compromission de l ensemble des machines virtualis es sur le serveur 31 4MMSR Network Security 2010 2011 ECOLE NATIONALE SUPERIEURE D INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES 4 3 Conformit conformance sss pn D finition de modeles en fonction Du type de poste client serveur Des besoins m tiers quipe De la politique de s curit Mise en pratique des modeles agents install s sur les postes clients et serveurs Alerte en cas de non conformit monitoring audit 32 4MMSR Network Security 2010 201 1 ECOLE NATIONALE SUPERIEURE D INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEE
31. the AS e Knows K client PUB K TGS Y K cli TGS Identity provider Authentication Server dna 2 H n 2 jr RBREEREREREREEEREEREREREREREREREREREEHEREREEREREREEREREREEEREEHREERHEREERHN a 2 1 Client TGS Session key K client PUB j mi GTI 55 H 2 2 Ticket to Get Ticket client ID client FQDN TGT validity period K client TGS K TGS 1 Client ID K client PRIVI Knows K client PUB K client PRIV User computer 21 4MMSR Network Security 2010 201 1 ECOLE NATIONALE SUPERIEURE D INFORMATIQUE ET OE MATHEMATIQUES APPLIQUEES N A 4 1 3 Kerberos et Windows API et appels ess y P KRB AP REQ 5 SE KRB AP REP EncryptMessage Si acl Application Protocol DecryptMessage ecryptMessage MakeSignature VenfySignature Using Kerberos session key MakeSignature VenfySignature Using Kerberos session key Acquires redentialsHandle E Negotiate Local Security Authority oem Subsystem LSASS Negotiate Local Security Authority Subsystem LSASS KRB_AS_REQ KRB_AS_REP KRB TSG REQ BN Domain Controller KRB TGS REP Local Security Authonty Subsystem LSASS 23 4MMSR Network Security 2010 201 1 ECOLE NATIONALE SUPERIEURE D INFORMATIQUE ET OE MATHEMATIQUES APPLIQUEES Grenoble MI 4 1 3 Kerberos optimisations sima e Optimisations e Les tickets et le cl s de sessions sont en cache sur le client Un m canisme perme
32. uthenticated initiated communication ECOLE NATIONALE SUPERIEURE D INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES 4 Intranet summary eme Active Directory Kerberos Conformance e Features e Symetric cryptography e Models for computers e LDAP e Single Sign On server client team e DNS e Client wants to access a n e Kerberos Service Intrusion e Authentication e Trusted 3 d party KDC Detection Prevention Sys e ACL on objects e Asymetric crypto for e Attack models Smart Card authenticaion e Undecidable problem e Antimalware e Undecidable problem e Heuristics Network Access Control e workstation metrics e Different from topology segregation e DHCP 802 1X IPSec 37 4MMSR Network Security 2010 2011 ECOLE NATIONALE SUPERIEURE D INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES Grenoble XKCD interlude voting machines amp antimalware sme I PREMIER ELECTION SOLUTIONS FORMERLY DiESOLD HAS BLAMED OHIO VOTING MACHINE ERRORS ON PROBLEMS WITH THE MACHINES MCAFEE ANTIVIRUS SOFTWARE WANT WHY SECURITY IMAGINE YOU RE AT A PARENT AH STRICTLY SPEAKING IS GOOD RIGHT TEACHER CONFERENCE AND THE ITS BETTER THAN 22 ian TEACHER REASSURES YOU THAT THE ALTERNATIVE IN HINES f F SE HE ALWAYS WEARS A CONDOM YET SOMEONE YOURE DOING 17 WRONG de WHILE TEACHING IS CLEARLY DOING THEIR JOB HORRIBLY WRONG http xkcd com 462 38 4MMSR Network Security 20
33. work Security 2010 2011 ECOLE NATIONALE SUPERIEURE D INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES XN 5 8 1 WEP security cime l Attacking WEP only takes 3 minutes aircrack ng original work Christophe Devine Consequences Ability to modify the packets Integrity loss e Ability to authenticate Solutions increasing the size of the WEP key and or the possible space of the IV is not enough B day paradox e authentication we could use EAP see 802 11 WPA2 e we should rely on another kind of cipher eg block cipher see WPA 87 4MMSR Network Security 2010 2011 D INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES N 5 8 2 Wifi Protected Access WPA ensima e Intermediate measures to protect Wifi networks while waiting for full 802 11i specs aka WPA2 e 2002 e without changing the hardware only require a ram flash Authentication and integrity Temporary Key Integrity Protocol TKIP o Still RC4 but 128 bits key packet o rekeying mechanism frequently change avoiding collisions o the ICV field is replaced by a MICHAEL integrity check 64 bits sequence number for each packet replay protection AES block cipher optionnal o Mandatory in WPA2 90 4MMSR Network Security 2010 201 1 D INFORMATIQUE ET DE MATHEMATIQUES APPLIQUEES 5 8 2 WPA with TKIP attacks sss pn e En novembre 2008 deux chercheurs allemands en s curit Er
Download Pdf Manuals
Related Search