Lesson 11.0 - Network Security

Question 1

Why do we need network security?

Answer 1

May parts of the internet are susceptible to attacks

• Routing (BGP)
• Naming (DNS) - Reflection, Phishing

Question 2

What is “Reflection”?

Answer 2

A way of generating a very large amount of traffic directed toward a victim (DDoS)

Question 3

What is “Phishing”?

Answer 3

An attacker exploits the DNS to trick the user into revealing information

Question 4

Which design choices of the internet has made it vulnerable to attacks?

Answer 4

• Designed for simplicity
• “on by default”.
• Hosts are insecure
• Attacks can look like “normal” traffic
• Federated design - because it’s run by thousands of coordinated networks, it’s hard to have a common method of defense

Question 5

Which make the internet design fundamentally insecure?
A: On by default
B: IP Addresses are easy to guess
C: Attacks look like normal traffic
D: Federation

Answer 5

A, C, D

Question 6

What are resource exhaustion attacks ?

Answer 6

In a packet switch network, resources are not reserved and packets are self containment. Every packet has a destination IP address, and each packet travels independently to the destination host. In a packet switch network, a link may be shared by multiple senders at any given time, using statistical multiplexing

A large number of senders can overload a network resource, such as a node or a link. Note that circuit switch networks like the phone network do not have this problem because every connection effectively has allocated, dedicated resources. For that particular connection until it is terminated. So this problem that an attacker who sends allot of traffic might exhaust resources is unique to a packet switched network environment.

Question 7

What are the components of security?

Answer 7

Availability: ability to use a resource
Confidentiality: concealing information
Authenticity: assures the origin of information
Integrity: prevent unauthorized changes

Question 8

An attack on confidentiality

Answer 8

Eavesdropping (packet sniffing)

Question 9

An attack on authenticity

Answer 9

Interception and modification of packets, or a “man in the middle” attack.

Question 10

A denial of service attack is an attack on what?

1: availability
2: confidentiality
3: Authenticity
4: Integrity

Answer 10

1 availability

Question 11

What are the negative impacts of attacks?

Answer 11

Theft of confidential info
Unauthorized use
False information
Disruption of service

Question 12

What is the goal of control plane security/authentication?

Answer 12

To determine the veracity of routing advertisements

Question 13

What are the aspects of the routing protocol which we seek to verify?

Answer 13

1. Session authentication, which protects the point-to-point communication between routers
2. Path authentication, which protects the AS path, and sometimes other attributes.
3. Origin authentication, which protects the origin AS in the AS path. This promises that the AS which advertises a prefix is, in fact, the own of that prefix.

Question 14

A route hijack is an attack on which of the following forms of authentication?

1. Session: point-to-point between routers
2. Path: protects AS path
3. Origin: ensure that AS advertising prefix is the owner

Answer 14

3. A route hijack is an attack on the origin authentication, because the AS advertising a prefix, is not the actual owner of the prefix.

Question 15

how do attacks on routing happen in the first place?

Answer 15

A. The router could be simply be misconfigured.
B. A router may be compromised by an attacker. When this happens the attacker can reconfigure the router.
C. Unscrupulous ISPs might also decide to advertise routes they should not be advertising

Question 16

What are the means of attacks on routing?

Answer 16

A. May reconfigure the router, which is the most common way
B. Tamper with software
C. Temper with routing data

Most common attack is a “route hijack” on origin authentication

Question 17

What is Route poisoning?

Answer 17

a method that prevents a certain network from sending data packets to a path destination that has already become invalid. This is done when a distance vector routing protocol sees an invalid route or one with large routing loops.

Question 18

How can an attacker’s network hide from a trace-route sent by the origin AS?

Answer 18

if the routers in the attacker’s network never decrement the TTL, then no time exceeded messages would be generated by routers in the AS. Therefore the traceroute would never show AS

Question 19

What is Session Authentication?

Answer 19

It is a method that attempts to ensure that BGP routing messages sent between routers of AS’s are authentic.

This is easier than it appears, because the session is a TCP session. We do this by using TCP’s MD5 authentication option

Question 20

What is “Secure BGP”, or BGPSEC?

Answer 20

a proposal to modify the existing border gateway protocol to add signatures to various parts of the route advertisement.
1. origin attestation, which is a certificate that binds the IP prefix to the organization/owner. Must be signed by trusted party

2. Path Attestation: Signatures along AS path

Question 21

What is “Path attestation”?

Answer 21

Watch 14.16 (5 min)

Question 22

What can “path attestations” defend against?

Answer 22

1. Some hjacks
2. Path shortening attacks
3. Modification of the AS path

Question 23

What cannot path attestations defend against?

Answer 23

1. Suppression (if AS fails to advertise)
2. Replay attacks, such as premature re-advertisement of a withdrawn route.
3. No way to guarantee that data traffic travels along the advertised AS path, which is a significant weakness of DGP, and yet to be solved by any routing protocol.

Question 24

What does the architecture of DNS look like?

Answer 24

Observe figure in 14.17

Question 25

Why is DNS vulnerable?

Answer 25

1. The resolvers that issue the DNS query trust the responses that are received after they send out a query regardless of where that response comes from.
2. Responses can contain additional info unrelated to the query. There is no authentication here. This is possible because DNS queries are connectionless (UDP).

Question 26

Which aspects of DNS make it vunuerable to attack?
A: Queries over UDP
B: DNS names are human-readable
C: No authentication for query responses
D: Distributed / federation

Answer 26

A and C

Question 27

What is cache poisoning

Answer 27

When an attacker guesses that a recursive resolver will eventually issue a query, for something like google.com, the attacker can flood the recursive resolver with query replies, each with different IDs. If this response is received before the legitimate response, the RR will accept and cache this message.

Question 28

What are some defenses against cache poisoning?

Answer 28

1. ID (can be guesssed)
   2 Randomize ID (makes it harder, but still only 16-bit ID)
   Consider “birthday paradox”
2. Randomize src port (This can be resource intensive or de-randomized)
3. 0x20 encoding -> DNS is case insensitive, GoOgle.com == google.com. So the mix of caps would be used as the query, which makes it harder for attacker to guess.

Question 29

What is a Kaminsky attack?

Answer 29

A means of DNS cache poisoning by generating a stream of A record queries to generate a bunch of races, and then stuffing the A record responses bogus authoritative NS responses

Question 30

Why does the 0x20 make DNS more secure?
A: DNS names are case-sensitive
B: Additional entropy
C: Efficient encryption
D: Additional hierarchy

Answer 30

B: Additional entropy by tweaking capitialization

Question 31

What is the DNS amplification attack?

Answer 31

This attack exploits the asymmetry in size between DNS queries and their responses. So an attacker might send a DNS query for a particular domain, and that query might only be attacker might indicate that the source. For this query is some victim IP address. Thus the resolver might send a reply which is nearly two orders of magnitude larger to a victim.

This results in DDOS

Question 32

What are defenses against a DNS amplification attack?

Answer 32

1. Prevent Spoofing

2. Disable the ability for a DNS resolver to resolve queries from arbitrary locations on the internet.

Question 33

What does DNSSec do?

Answer 33

adds authentication to DNS responses simply by adding signatures to the responses that are returned for each DNS reply.