I

3YSTEMSAND)NTERNET
)NFRASTRUCTURE3ECURITY

.ETWORKAND3ECURITY2ESEARCH#ENTER
$EPARTMENTOF#OMPUTER3CIENCEAND%NGINEERING
0ENNSYLVANIA3TATE5NIVERSITY5NIVERSITY0ARK0!

Security Basics
CSE598K/CSE545 - Advanced Network Security
Prof. McDaniel - Spring 2008

CSE598K/CSE545 - Advanced Network Security - McDaniel

Page 1

A cautionary tale ...

"We have information, from multiple regions outside the United States,
of cyber intrusions into utilities, followed by extortion demands. We
suspect, but cannot confirm, that some of these attackers had the
benefit of inside knowledge. We have information that cyber attacks
have been used to disrupt power equipment in several regions outside
the United States. In at least one case, the disruption caused a power
outage affecting multiple cities. We do not know who executed these
attacks or why, but all involved intrusions through the Internet."
CSE598K/CSE545 - Advanced Network Security - McDaniel

Page 2

Network Security
Network security covers a spectrum of security from

global protections to single port firewalls.

Smaller

Host Security
(Personal Firewalls)

Larger

Enterprise Security
(VPNs)

Global Security
(BGP)

This course will sample from amongst these.

CSE598K/CSE545 - Advanced Network Security - McDaniel

Page 3

Network vs. Web

The network is a service ...
A conduit for data to be passed between systems.
Layers services (generally) to allow flexibility.
Highly scalable.
This is a public channel.

The Web is an application

This is an application for viewing/manipulating content.
The services are unbounded by services, e.g., Java.
This can either be public (as in CNNs website), or private (as

in enterprise internal HR websites).

CSE598K/CSE545 - Advanced Network Security - McDaniel

Page 4

The E2E Argument

Idea: most systems require end-to-end communication

service, but low-level features have costs (performance)

incurred by all users ... thus ...
It is important that the features provided at a low level

remain very simple ... yielding ...

Smart endpoints ... dumb minimal network

Consequence: the network is simple and not very

receptive to new (often complicated) security services

being added into them. Need to implement security as
a service (e.g., bump in the stack--IPsec)
CSE598K/CSE545 - Advanced Network Security - McDaniel

Page 5

Challenges
The network is ...
administered unevenly and often poorly
hard to change
very simple
unreliable
...

Not designed to be secure.

CSE598K/CSE545 - Advanced Network Security - McDaniel

Page 6

Security Terms
Guarantees

Attacks

Confidentiality

Passive vs. active

Integrity

Denial of service

Non-repudability

Traffic analysis

Availability

Make sure you have these in your head!

CSE598K/CSE545 - Advanced Network Security - McDaniel

Page 7

Case Study: Host Access

The first systems used telnet as the primary

utility for accessing systems remotely.

Telnet connects across the network on port tcp/23
Remotely allows a user access to the login prompt
Username/passwords are supplied, allowed access to shell

Everything is sent in cleartext across the network

(eavesdropping)
even the password!

CSE598K/CSE545 - Advanced Network Security - McDaniel

Page 8

RSH/RCP
Remote shell (rsh) was introduced as a means of

allowing remote access without having to login.

Users would assert their identity implicitly in the call, and

could invoke whatever scripts were allowed by that machine.

-c <cmd> run whatever scripts were needed

The /etc/hosts.equiv file indicates which machines should be

allowed to invoke whatever users they want.

The ~/.rhosts file allows users to identify trusted hosts

CSE598K/CSE545 - Advanced Network Security - McDaniel

Page 9

Problems?
Of course both of these models were terrible from a

security standpoint
Users could be asserted
Traffic could be eavesdropped
Passwords could be guessed

Sadly, the standard in remote access until about 2000.

CSE598K/CSE545 - Advanced Network Security - McDaniel

Page 10

SSH
Secure shell (ssh) - an alternate to telnet that looks

and feels just like telnet!

The difference is that it transparently uses cryptographic keys

to provide for confidentiality, integrity, and authentication

Concepts:
Each machine has an identity
recorded by each user

Ever user has an identity

Stored in each users home directory

They perform mutual authentication at startup, negotiate session

keys, and use it to secure all the session communication

CSE598K/CSE545 - Advanced Network Security - McDaniel

Page 11

SSH
Server Configuration files
/etc/ssh/ssh_host_key.pub (pub identifies host)
~/.ssh authorized_keys2 (pub user keys)
Client Configuration files
~/.ssh/known_hosts2 (pub keys of known hosts)
~/.ssh/id_dsa (priv key of user)

CSE598K/CSE545 - Advanced Network Security - McDaniel

Page 12

SSH Authentication

(1) SSH_MSG_USERAUTH_REQUEST
(user, service ....)

Client

(2) SSH_MSG_USERAUTH_INFO_REQUEST
(user, authtype, prompt, challenge, ...)

Server

(3) SSH_MSG_USERAUTH_INFO_RESPONSE
(user, response, ..)

CSE598K/CSE545 - Advanced Network Security - McDaniel

Page 13

What it means?
Security model of ssh:
I can configure a .rhosts if you want, but no longer forgable
Note: you can still use password if host not configured

You authenticate hosts based on first interaction

Build a map of known identities over time, warned when the

identity changes (typically upon reinstall, or refresh - most ignore)

Cant solve:
Password cracking
Traffic analysis
Covert channels

Thus: limited but highly usable way to access hosts.

CSE598K/CSE545 - Advanced Network Security - McDaniel

Page 14