Internet Security - Summary

Security objectives

• Confidentiality (keep from prying eyes)
• Integrity (protect data from loss, or unauthorised alteration)
• Control use of resources
• Maintain availability

• Hackers - usually do it just because they can
• Spies - from outside or within
• Equipment failure

Connecting to Internet

• Internet lets you connect to millions of hosts - but they can also connect to you!
• Many points of access (telephone, X-25 gateways, ...). Even if you can trace an attack to a point on the Internet, the real source may be untraceable

Authentication

• We want to ensure that access is limited only to those people who are genuinely authorised
• Methods of authentication - each has its own problems
  • Passwords
    • Can be guessed (users choose bad passwords)
    • If sent in cleartext, can be 'sniffed' from network and reused
  • Source IP address
    • Not verified by network (not used in delivery of datagrams)
    • Easily forged
  • Source host name
    • DNS is easily attacked, e.g. by loading false information into cache
  • Port authentication
    • Used by Berkeley r* protocols (rsh, rlogin, rcp etc) in combination with IP number
    • Relies on fact that under Unix, only "root" can make connections from ports 1 to 1023 - both TCP and UDP
    • Hackers can just use DOS to send false datagrams
    • Anybody can build their own Unix box and be "root"
  • Cryptographic methods
    • The best, really secure solution
    • Hard to implement, involving both clients and servers
    • Export and usage restrictions
    • Keys still subject to guessing if chosen by humans
    • Key management is vital
• Inherent protocol weaknesses - some protocols trust almost anything you tell them (e.g. NFS, X11). Should be blocked from outside access completely.

Encryption

• The only way to prevent "packet sniffers" seeing your data
• Encryption protocols usually include secure authentication too
• Confusing variety of choices, lack of standardisation, can be difficult to implement

Some security solutions

• Application layer
  • ssh (encrypted telnet)
  • pgp (encrypted E-mail)
  • s/key or opie (one-time passwords for telnet, ftp, su)
  • apop (challenge passwords for POP3)
  • kerberos (general authentication server)
• TCP layer
  • SSL - Secure Socket Layer (encrypts TCP sessions) - as used by Netscape
  • Proxy servers - provide controlled access from isolated network to outside
  • tcp_wrapper - some improvement to DNS-based authentication, and extra logging
• IP layer
  • Packet filtering - block all 'insecure' datagrams
  • Filter IP source address - prevent spoofing of 'internal' IP numbers from 'external' hosts
  • "Crypto walls" - available soon?
• Link layer
  • PPP encryption
  • PPP CHAP authentication