Network Security Flashcards

Question

VPN via private addressing

Answer 1

Network to be part of VPN use non-public addresses, so that they are unreachable from other networks (e.g. private IANA networks). Different addressing class to each customer, with ACL to control access. This protection can be easily defeated if: * somesone guesses or discovers the addresses. * can sniff packets during transmission * has access to the communication devices **NO REAL PROTECTION.**

Answer 2

* Routers encapsulate whole L3 packets as a payload inside another packet * IP in IP * IP over MPLS * other * Routers use Access Control List ( ACL ) to perform access control * Defeatable by anybody that manager a router or can sniff packets during transmission. * This is a protection only for Network Providers (from malicious end-users that change subnet of membership), customers are not protected (say network providers is malicious or has malicious employee).

Answer 3

**During transmission the packet can be readable, manipulated, injected.** Net1 and Net2 are part of the same subnet. If an IP tunnel is being used, when the packets goes from node A in subnet 1 to the node B in subnet 2, it reaches the border routers of subnet 1 which has the task to encapsulate it. In the picture it is shown the external IPv4 header of the tunnel. When packet will be received at router R2 it will be decapsulated and sent to the final destination. During transmission the packet can be readable, manipulated, injected (again, no real security for the end user of the VPN). IP tunnel has also a problem of performance: **fragmentation**. If the packet has size equal to the MTU, then encapsulation will only be possible with fragmentation. In this case, the maximum performance loss is equal to 50%, because two packets are generated instead of one, usually this happens in non-interactive applications (e.g. file transfer).

Answer 4

Also called (S-VPN) Same problems about performance of VPN via IP Tunnel. Before encapsulation, packets are protected with: * MAC (Integrity and authn) * encryption (confidentiality) * numbering (to partially avoid replay attacks) Digital signatures are not used because they are slow, it would be impossible to fit them at current network speed. If crypto algos are strong, only possible attack DoS. TAP (Tunnel Access Point) performs encryption/cryptographic protection before entering the network. TAP shouldn't be mangaed by the external network providers (otherwise this is fake security), it should be managed by the client.

Answer 5

Architecture for L3 security IPv4/IPv6 to create S-VPN over untrusted networks and to create end-to-end secure packet flows. Achieved using two protocols (with respective packet type): * AH (authentication Header): integrity, authentication, protection against replay attacks * ESP (Encapsulation Security Payload): nearly same as AH + payload confidentiality. IPsec also has a dedicated protocol for Key Exchange IKE (Internet Key Exchange), to create keys in IP networks. Security services: * IP packets authentication: * integrity: packet has been manipulated? (does not avoid manipulation) * sender authentication (formal proof of id of sender) !== IP address (never trust source IP address) * (Partial) replay-attack protection: work at L3 =\> packets can be lost and must be retransmitted. * Confidentiality of IP pacekts: data encryption for payload (not header)

Answer 6

IPsec security association: unidirection logic between two IPsec systems. Each SA possesses different security features. To achieve **bi-directional** protection between 2 nodes: 2 SA are needed (a-\>b b-\>a); in **theory** it is possible to have **different security features/algos** for the two directions, not applied normally. SA are managed through local DBs: * SPD( security policy database): * list of security policies to apply to different packet flows. * a-priori configured (e.g. manually) or conntected to automatic systems (e.g. ISPS (Security Policy System)) * SAD (SA database): contains list of active SA and their characteristics (algorithms, keys, parameters), used to create protected traffic for that specific SA. In picture: when a packet is ready to be sent, they IPsec module checks what security mechanisms are needed (if any).

Answer 7

IPsec ignores changing fields for creating hash in a syncronized way (the sender and the receiver must compute the same hash on the same parameters). Unfortunately, during the transmission some of these parameters change, such as: TTL, checksum. Source IP address typically does not change. Typically, NAT could not be used with IPsec, because by changing the source IP address, the hash changes as well and then the check performed at destination will fail. There are also some options (e.g. source routing i.e. the number of routers that should be traversed) which change.

Answer 8

used for end-to-end security, that is used by hosts, not gateways (exception: traffic for the gateway itself, e.g. SNMP, ICMP) pro: low computational load con: no protection of header variable fields The original packet is cut in two parts and a new header is put between IPv4 header and TCP/UDP header. Thence, the IPv4 header will assert that it is transporting IPsec (instead of TCP/UDP) and then, inside the IPsec header, there will be another field that will tell what is being actually transported.

Answer 9

Used to create a VPN, usually by **gateways** (not by routers, by gateways). Gateway: node at the border of a network, which is assumed to be secure. Pro: protection of header variable fields. Con: computationally heavy. Although not so common, IPsec in tunnel mode can be also used for end-to-end communication, even if it is usually adopted between border elements of the bigger networks: it is also called site-to-site VPN, since the entities are typically entire networks.

Answer 10

Authentication header. 1st version offers these mechanisms: data integrity and sender authentication, compulosry support of keyed-MD5, optional support of keyed-SHA-1. 2nd version offers these mechanisms: data integrity, sender authentication and partial protection from replay attacks; HMAC-MD5-96, HMAC-SHA-1-96. Header: * Next header: since this is a pseudo protocol, in the IP header will be written that the packet is transporting AH, then inside the AH there is the real transporting packet field. * Len: 1 byte to describe len of packet * SPI (Security Parameters Index): 32 bits for referring in a quick and easy way to all the parameters that are needed to verify the packet; * Sequence number to avoid replay attacks * Integrity Check value (ICV): 4 bytes of authentication data

Answer 11

Once the normalized IP packet is available, it is needed to compute the authentication value (ICV). For that, the Security Parameter Index (SPI) is being used inside the Database of the Security Association (SAD). If the two values are equal, then the sender is authentic, and the packet is integral. If the two values are not equal, there could be a fake sender and/or manipulated packet. Authentication is implicit. The authenticated sender is identified by a specific entry in the SAD, that entry negotiated with a specific node. The real authentication comes into play when we create the Security Association: this is the point in which the sender must prove its identity. Then the SA brings on that kind of authentication thanks to the usage of the correct algorithm/parameters.

Answer 12

The normalization is performed both at the sender and the receiver because the packet must be in the same state to compute ICV, this means that: * The field named TTL in IPv4 and Hop Limit field in IPv6 must be reset to perform the computation. * If the packet contains a Routing Header in the options, then: * Set the destination field to address of final destination; * Set the content of the routing header to the value that it will have at destination; * Set the Address Index field at the value that it will have at destination. * Reset all options with the C bit (change en route) set. HMAC-SHA1-96 (**trade-off between security and router efficiency**): * Given M normalize it to get M', then add padding (0x00) to get a multiple of 160bits. * B = HMAC-SHA1 (K, M' || padding) * ICV = 96 leftmost bits of B * IPsec version 3 mitigates this aspect.

Answer 13

(Encapsulating Security Payload) Provides **confidentiality**. Base mechanism works on DES-CBC, but others are possible. V2 provides also authentication (not for IP header), so coverage is not equivalent to AH. Advantage: packet dimension is reduced and one SA is saved. Pro: * payload is encrypted Con: * payload includes info needed for QoS by service providers, filtering and intrusion detection. * the header remain in clear

Answer 14

Pro: hides both the payload and the original header con: larger packet size

Answer 15

SPI parameter is needed in clear to get the key to read the encrypted data. In the exampled about DES-CBC we can see that Payload type field is encrypted, this makes impossible to implement QoS for network managers. If ESP is used not only for confidentiality but also for authN and integrity then, at the end there is a variable number of 4 bytes words containing the ICV (Integrity Check Value).

Answer 16

Many algorithms can be used, for interoperability RFC-4308 defines two crypto suites that should be implemented by everybody: * VPN-A: ESP with 3DES-CBC and HMAC-SHA1-96 (compatibility with legacy sys.) * VPN-B using ESP with AES-128-CBC and AES-XCBC-MAC-96: it is the one used nowdays. It's also possible to use null algorithms for ESP (either for authentication or privacy). Trade-off performance vs. protection. Sequence number: * partial protection from replay attacks * Minimum window of 32 packets (64 suggested)

Answer 17

In order to know if a packet, which in the sequence is before the last one that is received, is a duplicate the only way is to keep a list of the received packet and check if the packet was already received or not. The receiver cannot have a list of all the received packets, because that would be a huge number. Fixed window is used to mark received/not received packets. If packet already received (in window): we discard it, could be replay attack. If old packet(outside window) is received, there is now way to check it. It's a risk to accept it (could be a replay attack), if discarded a communication problem could arise. If traffic is protected by TCP it's not a big deal if we accept an old packet, cause the TCP will discard it. On the other hand, if L4=UDP the packet should be discarded. The window slides every time a new packet arrives. It doesn't wait for not received packets.

Answer 18

AH becomes option. ESP is compulsory =\> IPsec implementations in the wild only with ESP. + Support for single source multicast. + new field: ESN (Extended Sequence Number): to avoid overflow of the sequence number. The packets still have only 32-bit Sequence Number, but these are the LSB of the ESN. * This is default when using IKEv2. + Support for Authenticated Encryption: to avoi having ecryption of payload + MIC. + Clarifications on SA and SPI in order to get faster lookup.

Answer 19

MUST- === DISCOURAGED.

Answer 20

Traffic flow confidentiality: padding put after the payload and before the normal padding. This prevents disclosure of the real size of the payload that could be used to identify the type of traffic. IPsec v3 "dummy packets": made as a pseudo-protocol (next-header 59), needed so that it is possible to keep transmitting in absence of real data to send. Two peers communicating or not communicating can be valuable information.

Answer 21

* End-to-end security * Basic VPN * End-to-end security with basic VPN * Secure gateway * Secure remote access

Answer 22

End nodes create a transport mode SA between them, so that packets will be protected with the right level of sec. If the LAN/WAN is insecure, there is no problem, in fact with this architecture the only possible attack is DoS. Security is implemented independently from the rest of the network. Downsides: * IPsec must be installed on both machines communicating. Most OSes have an IPsec module, but not all kind of devices have one (e.g. Android, iOS, embedded systems, etc.), most importantly, not all devices have the computational power to support it. * If we want to protect all devices connected to a big LAN, then a security management system must be put in place. * If a Secure virtual channel ESP is adopted with non-null encryption algo, the traffic cannot be sniffed (not even from inside the LAN) =\> how do you implement an intrusion detection system? you have to put the at the node level, not at the LAN level.

Answer 23

IPsec at gateway level. These will protect the internal network from the outside. Since the channel must protect all the traffic, the gateway should adopt a tunnel-mode SA, because packets coming from one network and going to another must be encapsulated. Assumption: internal network is secure and trusted, only worry comes from attacks carried over WAN. This means that if the local network is not really secure and/or trusted, we are screwed. No authentication of the real end-points, just the gateways. (Site-to-Site VPN) Since gateways will be under some heavy computational load, they would be usually equipped with hardware accelerators. Management on the other hand is greatly simpliefied w.r.t. end-to-end mode; and there is also a way for inspecting internal traffic.

Answer 24

Example of Defense in-depth. ## Footnote In this way it is possible to have two defence lines or also to balance the security: for example the end-to-end connection, that is the transport mode SA, could be used for authentication and integrity only (e.g. to clearly identify who the sender is), while encryption could be activated only between the gateways to protect from sniffing in the WAN and maintain the possibility to inspect the traffic on the LAN. Problem: management here is even harder than in end-to-end mode.

Answer 25

IPsec module is installed on mobile devices, that create a secure virtual channel in tunnel mode SA. This allows the user to have access to any internal server in the company network. The gateway will also be able to to authorization and authentication.

Answer 26

Example of defense in-depth. ## Footnote Virtual secure channle between two end-nodes and tunnel-mode between the gateway and the mobile node. typically the tunnel mode is used only for authentication and authorization (to give access to the internal network), while the transport mode SA is typically used for end-to- end protection, according to the kind of protection needed.

Answer 27

Important compenent of IPsec. Provides parties symmetric keys used for packet authentication and/or encryption. Key distribution can be done OOB (possible if #nodes is limited) or automatically in-band. Protocols used: ISAKAMP and IKE.

Answer 28

Integral part of the IPsec architecture: Internet Security Association and Key Management Protocol ( RFC-2408). It describes the procedures to **negotiate**, **set-up**, **modify**, **and delete** a SA. The RFC doens't specify anything about the key exchange, could be OOB or in-band method (OAKLEY: authenticated exchange of symmetric keys).

Answer 29

Is defined as the use of ISAKMP with OAKLEY, that is widely adopted, and renamed IKE (Internet Key Exchange). One of the most complex protocols in security: 1. Creation of a SA to protect the ISAKMP exhachange 2. The SA created at step 1 is used to protect the negotiation of the SA needed by IPsec traffic 3. The same ISAKMP SA could be reused to negotiate different IPsec SAs. Image contains possible schema of operations. **Initiator**: takes initiative to open IPsec channel with aother machine (**responder**). Once the SA to protecte ISAKMP is set-up, any of the two nodes can act as **initiator**.

Answer 30

* Main mode * requires exchange of 6 messages (slow) * Protects parties (cryptographic) identities, IP addreses are always visible. * Aggressive mode * 3 messages, but does not protect parties identitied. * Quick mode * 3 messages * Negotation of the IPsec SA only. * New group mode * used to communicate to other peer a change of algo/keys used to protect the traffic * 2 messages.

Answer 31

* Digital signature * non-repudiation of the IKE negotiation =\> impossible to deny the request to open a secure channel * Public key encryption * identity protection in aggresive mode * Revised public key enryption * Less computationally expensive, only 2 public-key operations * Pre-shared key * Previously shared key that can be identified only by its IP address * issues with mobile users.

Answer 32

IPsec nowadays is mostly used to create site-to-site VPN. This means that there is the problem of the performance of gateways. The VPN concentrator is a special-purpose hardware used as a terminator of IPsec tunnel: * for remote acceess of single clients * to create site-to-site VPNs Very high performance w.r.t. costs. Should be considered in a company/institution scenario, where there's a lot of traffic and/or people connect remotely.

Answer 33

* Can only be used with unicast packets, because we need to know the peer in order to exchange keys. * Exception: IPsec v3 has single source multicast. * IPsec is applied between 2 parties that activated a SA by shared keys or x509 certs. * IPsec is of good use between closed groups, not suited for applications like e-commerce (users are unknown) * IPsec is providing security to the upper-layer traffic, carried inside ip packets. * Protocols carried over IP (without IPsec enabled) inherit ip insecurity, since packets are not authenticated nor protected. These protocols are targets of attackers, mostly "service" protocols (ICMP, IGMP, DNS, RIP).

Answer 34

ICMP (Internet Control and Management Protocol) is fundamental for net. management, since it isn't authenticated, many attacks are possible: * ICMP echo request/reply: * Ping flooding/bombing (DoS) * Destination unreachable (network/host/protocol/port number) * fake nodes could send this messages to make other nodes think the destination is unreachable. * Source quench (deprecated with RFC-6633, 2012) * provided as a mechanism for congestion control: other party should slow down transmission on the connection not to overflow buffers at intermediate nodes. * Leads to DoS * Redirect: sent by intermediate node when it detects that the packet has taken the wrong path * makes possible logical MITM: redirecting the send to a malicious ndoe under control of attacker. * Time exceeded for a datagram: normally sent by intermediate node when processing a packet with TTL=0 * usally means there are cycles in routing plan so the host closes connection * faking this message can cause DoS for sender This problems will always be there. Only thing to do is cooperate with network manger to detect them.

Answer 35

Type of DoS attack. The target A is attacked by creating a fake ICMP echo request (ping) with A address as source, this request destination is a broadcast address of a whole network. This will produce a pong by every node in the network (**reflector**). To prevent attacks of this kind from outside a network, every echo request is rejected at the border: * interface serial0 * no ip directed-broadcast

Answer 36

Very similar to smurfing, but performed using UDP instead of ICMP. Instead of ICMP echo request =\> UDP echo request. Nowdays these requests are rejected by default.

Answer 37

ARP = Address Resolution Protocol to get L2 addresses from L3 address knowledge. Results are cached in the ARP table. ARP poisoning: * Nodes accept ARP reply even if they didn't send the request, because it avoids them sending the request in the future. * We can send unsolicited ARP replies. * Nodes will overwrite ARP entries with dynamic ones (obtained from ARP replies) * Used by many attack tools.

Answer 38

TCP opens a connection through a 3-way handshake. 1. Sender sends a packet contains a SYN Flag 2. Receiver answers with an ACK flag + anther SYN 3. Normally the sender closes/open the channel with another ACK * A malicious actor could send the first message but never the last. After repeating this for sometime, the connection table will be full, preventing real users to connect. Note: the last packet could be lost due to connection issues, TCP-IP will close connection if there's no response after 75s. The table will be saturated until half-open connections are closed. Countermeasures: * Decrease the timeout * risk of deleting request of real slow users. * Increase table size * attackers can always send more requests :) * Use a router in front of the server: SYN interceptor * substitutes server in handshake * after the handshake, the channel is moved to the server * Use a router as SYN monitor * kills the pending connection requests * SYN cookie

Answer 39

by DJ Bernstein * only really effective approach * Uses TCP seq. number of SYN-ACK packet to transmit a keyed-digest (cookied), to later recognize clients that already sent SYN, the receiver doesn't need to store anything. * the client will answer back with ACK that is seq. number + 1 === keyed-digest + 1, the server then checks if the keyed diget was created by itself

Answer 40

Domain Name System: provides translation from names to addresses and viceversa. ## Footnote It works by means of **queries**, performed over port 53/UDP, and **zone transfers** (transfers of information between servers) over port 53/TCP. It has no intrinsic security: DNS-SEC is under development and it has not been implemented yet. Cache-miss: local dns will interrogate the top level DNS, that won't probably have answers, it will in turn ask the right nameserver. DNS mapping should not be stored on the clientside cache, DAMN YOU Microsoft!

Answer 41

If attacker is able to intercept and sniff the request to the local DNS, it can possibly provide a fake response. If the attacker is able to intercept queries from the local DNS server to the Root DNS, it's also possible to provide fake responses to the local name server that stores them in cache. The client could be greatly impacted if they had a caching system for DNS (watching you, MSFT)

Answer 42

A malicious domain is associated with a nameserver. If the address corresponding to the domain is queried by someone, we could add information that are unrelated to the request. If the victing (DNS server or client) is misconfigured or has flaws, it will accept the additional answers and overwrite available informations in its cache. The attack is difficult to perform because the victim must explicitly request the address corresponding to the malicious DNS server. Version 2 is much more effective, since it doesn't need the victim to visit a specific website, we could poison the DNS cache by asking a DNS server to recursively seach for an address and then suppliying to them the response with an authoritative NS ip address as a src address.

Answer 43

DoS attacks a routinely performed on DNS server, since if the nameserver goes down, all domains related to that server will become unreachable.

Answer 44

* OS component: name switch * decides which service is used to switch from a name to the corresponding address. * eth/hosts file has local data, if someone is able to add a name-address pair in the file, it is possible to force application to connect to a fake server * typically provides priority between local files and external services (typically the resolver * If the name is not found in local data, the resolver will be called to ask an external service (typically a caching server), the server can be eventually recursive (placing resolving queries on its own) * it will contact the needed servers, according to the nedded zones. * Each zone is managed by a master name server and a number of secondary name servers which maintain the zone file (name address mapping) * caching server may contact master or secondary servers. * Normally the zone master is updated manually by the admin. Microsoft added the possibility to perform dynamic updates directly by the clients. When a MSFT network is joined, an address is assigned, it is possible to inform the DNS master about the received ip address. Dangerous because it permits uncontrolled modifications of DNS data.

Answer 45

* **Data corruption to the local data**: if an attacker gets access to a client, it can try to insert wrong address mapping information. * **Unauthorized configuration** of name switch/resolver (point to fake name server instead of actual external ns) * **Server impersonation** in the communication between the resolver and the server, and between caching server and zone server. Possible bc no auth. * Anywhere these is a cache, there is **cache poisoning**. * **Data corruption** on the zone file if attacker can access the zone master * Dynamic updates could be performed by unauthorized nodes * **Server impersonation** from fake master to secondary servers.

Answer 46

* Digital signature of DNS records that prevent the creation of fake answers. * Problem: who is authoritative for a certain domain? Prof Lioy can give you a marks only for coursed he teaches. * digital signatures are not enough, we need infrastructure to tell us who is in right to sign answers. * each signature requires a cert. (PKI?) * Many servers have a complex management of the DNS infrastructure, thus we need: * Hierarchical and delegated signatures * Distributed signatures * Other problem: handling non-existend names * absence of name must be signed * requires sorting of the records

Answer 47

Signature is for answers only, we can't know whe queried a server. There is no root CA, but the level 1 keys are distributed OOB, makes nodes possible targets, if keys can be modified. There is no security in the dialogue between the DNS client and DNS (local) server. * Use of IPsec, TSIG or SIG(0) has been proposed, but not yet implemented. * Signatures to be perfomed by DNS server are: * computationally more expensive * a management overhead (on-line secure crypto host is required) * Bigger record size (normal record + signature) * Scarce experimental results about correct configuration.

Answer 48

Access to routers has a low security barrier (telnet or SNMP). In addition to routers management, there is low security in the exchange of routing tables: * Authentication based on IP addresses. Exloitable by inserting fake routing tables. * Optional protection with a keyed-digest is typically not implemented, because: * A shared key is required! Since it is shared, if many routers have it they can impersonate eachother. * Key management is required! Impossible to distribute keys OOB to all routers. Redirect attack on ICMP will allow variations on dynamic routing on end-nodes.

Answer 49

Impossible to prevent host from not using its address. Limiting the diffusion of IP spoofing it possible though: * Network address filtering * Ingress filtering From the internet it is possible to receive packets from any address, but not from internal networks (132.5.1 and 132.5.2). By filtering with this rule on all lines