User:Curos
CS 155 Network Security Notes 04.12.2007
- Types of Viruses that defeat signature detection
- Encrypted Virus
Has decryption code and encrypted body. Solution: Build signature on descrption code
- Oligomorphic Virus
Encrypted virus that ships with many decryption engines
- Memorial Virus
96 different encryption engines Solution: Build signature on all encryption engines
- Polymorphic (1998)
Slightly reencode the virus, randomize somehow. Use a random decoding algorithm. Solution: Emulate virus and scan memory for signature on the stack.
- Metamorphic Virus
Entire virus code changes after each infection
- Apparition Virus
Carries source code with it. Injects junk code in itself and recompiles itself
- Vecha Virus
metamorphosis by changing register allocation. Switches registers around.
- Zperm
Injects jump after every instruction. Geometry method protects against this by looking at the structure of the flow graph.
- Conclusion
No complete detection possible. Impossibility result. Fred Cohen (87) put forth claim that no perfect detector exists. Proof: Let A be a virus detector where A(F) outputs yes if virus present, no if not
Virus P in file F: Run A(F) If "yes", exit otherwise, spread
Run A on File F: Always produces incorrect result
If A(F)="yes" then answer is wrong because F is benign
If A(F)="no" then answer is wrong because F spreads
CS 155 Network Security Notes
04.17.2007
- View access control as matrix
Users (rows) and the files(columns) they want access to Complex to individualize, so groups of users or roles
- Access Control Lists (Slice along columns)
- Capability Systems (Slice along rows)
- Unix Security
Every process has numeric user id and one or more group ids. The system stores the user who owns the file and the group the file is in. Permissions also stored for user, group and other. `ls -l` shows: user group other owner and group drwx rwx rwx stevetan users
Execute a directory means use files in that directory Bypass: convince root process to do your bidding
- Time-of-check-to-time-of-use bug (TOCTTOU bug)
- Clearing old files in /tmp
- Time-of-check-to-time-of-use bug (TOCTTOU bug)
`find /tmp -atime +3 -exec rm -f -- {} \;`
Find files that are three days are older and execute rm on it. Braces
get replaced by the file name. `--` prevents path from being parsed as
option.
Problem: You can use a symbolic link to a file or directory you don't
own.
- setuid problems
Each process has real and effective uid/gid. 'Real' is user who has real and effective uid/gid. 'Effective' is owner/group of file, used in access checks.
- xterm
Needed to run with root privileges because of pseudo-terminal (pty) device - to own terminal you're typing in. Also needed to write tmp and wtmp to record usesrs. Had feature to log terminal session. Problem: If you have root privileges, then the output to file can be written anywhere. So have to make sure that the user also has the right prvileges. Solution: system call `access` checks permission with real uid instead of effective uid. BUT: Another TOCTTOU bug. access() is a potential secuirty hole!
- SSH configuration files
SSH 1.1.12 login program runs as root because needs to bind to TCP 1024 and read client private key (for host authentication). Also needs to read configuration file ~/.ssh/config and record server keys ~/.ssh/known_hosts
Plan: do setuid root and do root actions, then drop all permissions. Problem: ptrace bug. Dropping the privileges allowed user to "debug" SSH: use the prvileged port to connect to anywhere, read secret host key from memory, overwite local user name to get privileges of other user. Fix: restructured ssh into 3 processes and communicated kind of like network
- When can you send a signal and do a ptrace
Should restrict certain signals (eg SIGALARM might mean something to a process) Ptrace is a very powerful tool, that can modify memory of a process, so recommendation is to not let a process ptrace a more privelaged process. Disable setuid if executing a process thats being ptraced
- Old su linux bug
A ptraces B A run su user A, for now turns into root B runs su root B turns into root A can get root shell from process B
You can hardlink a file you don't have access to and then other user can never remove that file.
- The Confused Deputy (Norm Hardy)
Multi-user time sharing system. Fortran compiler keeps statistics. /sysx/fort records to /sysx/stat. Gave compiler "home files license" or "root" access. Problem: have fort executable compile/output to directory/file of choice.
- Capabilities
For each process store a list of objects it can access.
- Hydra
Invoke a method on object if you had that capability. If you acquired object then you have that object's capability.
- KeyKOS
Pure capability system referred to as "keys" for short. Can grant keys to others. To create a new key, had to have a prvileged operation.
- Single-level store
No distinction between memory and disk memory. Everything persistent. So don't have to worry about memory. No dynamic memory.
- KeyNIX: UNIX on KeyKOS
One kernel per process. Each file was its own system. A separate process for each file. To read a file, you would need to have the capability. Fault isolated because only can exploit that one section and not the whole file system. Made some functions extremely slow; fork, namei, pipes
- Self-Authenticating Capability - AMOEBA
Pass capabilities around in a string with encrypted check value
- Limitations of capabilities
The CPU is optimized for common code and not for context switches. Requires alot of Inter-process communication. Capability programming never took off. Capabilities are an OS concept of the future and they always will be.
- Discretionary Access Control Systems (DAC) vs Mandatory Access Control (MAC)
In DAC, can pass access along at your discretion. Can pass secret to friend who passes on to enemy. Military likes MAC.
- Bell-Lapadula Model
Access requests and outputs are decisions on these requests.
- Security level
A security level is a classification and category-set. Eg classified/top secret and nuclear info/cryptography. Must have classification to do actions. Secret files can never be written to lesser unsecret levels. It must be the case that the file being read is being dominated by one that can be written. No read up. No write down.
- Covert channels
Can be anything, disk read, cache miss Solution: No sharing.
CS 155 Network Security Notes 04.19.2007
How to confine untrusted code?
Biba integrity model
DoD Orange Book
Limitations of Orange Book
Common Criteria
LOMAC Uses integrity system, but doesn't care too much about covert channels
Flask Security Architecture Military attempt to make security system Prototyped in fluke and then integrated into SElinux Policy and mechanism separated
...
- Protecting your system, w/o changing the OS
- firewall
- chroot
- System call interposition
Enforce policy on system calls Problem: Symbolic links problem
- Sandboxing code
Protect code within an application. Then can safely use "unsafe" code. Cross-address-space/context-switch calls are expensive. Can ensure determinism. Every component has its own fault domain so if it messes up, it doesn't mess up the whole system.
- Segment matching
- Address sandboxing
Just set the top bits...
CS 155 Network Security Notes 04.20.2007 Problem Session
- URLs
protocol (http), username, password, hostname, port, path, query (?id=4), fragment (#heading1) very similar to URI
- Special character encodings
%0A = newline %20 or + = space %2b = +
Stop 8:08
CS 155 Network Security Notes 04.24.2007
- Cryptography
want communication security and cryptography can help
- Symmetric Encryption
Using a shared Key Message M and key K M is plaintext Encrypt(K, M) -> C ciphertext Decrypt(K, C) -> M
- One-time pad
XOR message with K and decrypt by XOR with K Advantage: Information theoretically secure Disadvantage: K must be as long as M
- Types of Encryption
- Stream ciphers
Encrypt one bit at a time with pseudo-random stream. Similar to one-time pad but isn't
- Block cipher
Encrypt in chunks 64 bit, 128 bit
- RC4 security hole
Second byte of RC4 is 0 twice expected probability Bad to use many related keys Should discard first 256 bytes of RC4 output
- Bad use of stream cipher
Know c1, know c2 and know c2's M then can get m = c1 XOR c2 XOR m2 Never reuse keys with stream cipher
- ECB (Electronic Codebook)
Message is divided into blocks and each block is encrypted separately. Attacker will know repeat plaintext blocks. Sees same block again.
- CBC (Cipher-block chaining)
Use initialization vector and then xor with previous block. So unique each time.
- Integrity Problem
attacker can tamper message Encryption does not guarantee integrity Solution: Message authentication codes
- Cryptographic hashes
Hash arbitrary length input to fixed size output
- Order of Encryption and Macs
Better to encrypt and then MAC then encrypt Mac and message together.
- Public key Encryption
Need opposite key to decrypt
CS 155 Network Security Notes 04.26.200
Web Security
Firewall IDS Application firewall (WAF)
- Web Application firewalls
Prevents common web attacks. At a high web server level instead of the link layer
- Common attacks
Denial of Service Web server attack Worms
- Cookies
Common fields include domain name, expiration data and secure (use SSL to send this cookie only)
- Browser limitation on cookies
Browser can only store 20 cookies/site and 3kb/cookie
- Same Origin Principle
Like OS and using different threads. Shouldn't interact with each other. Two origins are the same iff domain name, port and protocol are the same.
- Web Application Vulnerabilities
Cross site scripting SQL injection HTTP splitting Broken session management Insecure storage - store credit card data in clear
CS 155 Network Security Notes 05.01.2007
CS 155 Network Security Notes
05.03.2007
User Authentication
- Password based authentication
typically done over SSL
- Problems
1) humans are terrible at generating passwords;
low entropy secrets ~2^23 words
2) compromise password file on website
3) Phishing
- How to store passwords
Don't store in clear
- Store Hash(pwd) MD5 SHA1
Benefit for using slow hash functions because dictionary attack can be used
- Public Salt with hash
Attacker must hash for each salt
- Pepper (secret salt)
Make server do secret salt and brute force authentication
- Single sign on service
Microsoft's Passport
- Problems
cookie used for authentication is compromised Phishing attacks
- Phishing Solutions
Phishing URLS Phishing using VoIP, a phone call with emulation of voice system Check SSL certificates IE has Extended Validation Certificates which shows the name of the certificate in the address bar and a green bar
- Other attacks
Picture in picture attacks. Simulate what they should see in picture. IE7 now disables the disabling of the toolbar Man in the middle toolkits available to exploit one-time passwords
- PAKE Password Authentication Key Exchange
Partial solution to phishing attacks where both server and client must have password. They compare themselves and only get key to talk to each other if passwords are the same.CS 155 Network Security Notes
05.08.2007
- IP
- Medium Access Control (MAC)
- Address Resolution Protocol (ARP)
ARP tables kept on computer. Where is 128.12.61.2?
- Promiscuous mode
See all packets going over network. 802.11b still does this
- Ethernet switches
Sends packets only to machines that are listening on that network. Fixes promiscuous mode, however can do ARP spoofing
- Attacks
- ARP spoofing
get incorrect ARP entry into other peoples ARP tables.
- MAC table overflow
send a bunch of packets to old routers that then die
- ICMP redirect abuse
redirect packets, can affect routers routing tables
- BGP routing protocol abuse
used between ISPs, no secure binding between ips
- DHCP abuse
setup competing DHCP server
- UDP
user datagram protocol. Provides checksum on whole packet and demultiplexing.
- TCP
transmission control protocol. provides flow control and congestion control. TCP is supposed to be reliable, so retransmits
- Access control based on IP
bad assumption.
- Spoofing IP
Must be able to guess SEQ to use, can guess and predict based on real interaction RST from real client, so can flood server with SYN packets
- Desynchronize TCP connection
Send NULL data to both client and server and drive WINDOW up Inject data as needed and an ACK storm occurs as everyone is transmitting wrong window section.
- Domain name sytem (DNS) Port 53
represented as resource records name - domain name TTL - time to live in seconds class - usually internet type - type of record rdata - data dependent on type
- DNS RR types
A - Internet Address NS - name server MX - mail exchanger
dig www.stanford.edu
- PTR record
stores name given address
- Glue Records
dig +norec www.stanford.edu @a.root-servers.net Can fake glue records
CS 155 Network Security Notes 05.10.2007
- Port usage
well known ports below 600 priveleged ports < 1024 (proof they are root) /etc/services has well known ports
- Insecure network services
NFS - if can guess file handle, can read write entire filesystem Portmap - another layer of indirection for port numbers. Can make network requests appear to be from localhost FTP - client can specify third machine for bounc attack YP/NIS - serves password file
- Firewall
separate network into zones (finances and SS#'s) topology
- packet filtering
ip source/destination, protocol, TCP flags, ICMP message type
- block forgeries
packets that don't originate from in local network (spoofing)
- egress filtering
block forged outgoing packets
- Disallowing servers
block incoming packets with SYN flag (that means someone on the internal network is running server)
- Complications from fragmentation
Eg. Send two packets, second one for restricted port, but since allowed first, will allow second (connection established) then when reassemble packets, it goes to bad port
- keeping state in firewall
allow flows that have already existed
- NAT
translates private IP address to public
- application level proxies
policies for specific protocols FTP, http, etc. Can examine more in-depth
- IPsec
new IP protocol, embed one IP packet in another IP packet avoids replays with sequence numbers pad packets so don't know how big files you are sending
- Intrusion detection
- Subterfuge attacks
Change TTL field. and exploit fragmentation. So some packets don't even make it through
- Kerberos
CS 155 Network Security Notes 05.10.2007
- DoS
Denial of Service attacks. Make stuff not work. Take out infrastructure with little work.
- Amplification
technique of using small number of packets
- Amplifications due to bugs
- Amplification due to bot-net
- 80211b Network
NAV - reserve bandwidth for NAC seconds. So keep reserving. Doesn't work since most cards don't follow NAV standard
- Dauthentication bug
Deauth packet is a "I'm done using wireless slot, someone else use" Can send deauth packets on behalf of others.
- SMURF attack
Send ICMP to gateway with many computers and broadcast and make ICMP echo go to target.
- DNS Amplification
Similar to SMURF attack. EDNS response is much bigger. x40 amplification
- SYN Flood
Too much SYN to store Detect SYN floods with backscatter
- SYN-cookies
Have client store info. Only start connection once client echos back
- Take out a site's DNS server
- Puzzles
CS 155 Network Security Notes 05.10.2007
Worms CS 155 Network Security Notes 05.22.2007
Surf Anonymously
- How to surf anonymously
- Anonymizer
All users go through anonymizer Anonymizer knows who you are Traffic Analysis can determine things Protocol issues (http not meant to keep your privacy and anonymizer may fail certain things)
- Mix Nets
aka onion routing Use multiple onion routers. Pick random route each time. Onion levels of encryption. Include return onion for server to respond. This protocol is too high latency No forward secrecy
- TOR Network
TOR Network is stateful onion routing (a circuit-based method)
CS 155 Network Security Notes 05.24.2007
- Cryptographic file systems
Initialization vector to change cipher text each time