Скачать презентацию 22 Exploits and Defenses Up and Down the Скачать презентацию 22 Exploits and Defenses Up and Down the

51aee0c1f847b1eca3d16732ae4ea551.ppt

  • Количество слайдов: 44

22: Exploits and Defenses Up and Down the Stack Last Modified: 3/16/2018 11: 01: 22: Exploits and Defenses Up and Down the Stack Last Modified: 3/16/2018 11: 01: 50 PM Some slides based on notes from cs 515 at UMass 7: Network Security 1

Where in the stack is security? r Attacks can be targeted at any layer Where in the stack is security? r Attacks can be targeted at any layer of the protocol stack m m m Application layer: Password and data sniffing, Forged transactions, Security holes, Buffer Overflows? Transport Layer: TCP Session Stealing, Network Layer: IP Spoofing, False Dynamic Routing Updates, ICMP attacks Link Layer: ARP attacks Denial of Service, Intrusion r Defenses can be implemented at multiple levels of the protocol stack too m m Application Layer: PGP Transport Layer: SSL Network Layer: Ipsec Link Layer: Static ARP tables, Physical security 7: Network Security 2

Network Layer Security r Lots of potential problems at the IP layer m In Network Layer Security r Lots of potential problems at the IP layer m In Dynamic Routing Protocols, routers exchange messages containing known route information to reach consensus on the best routes through the system – any validation of these messages? m No authentication that a packet came from a machine with the IP address listed in the source field (Raw IP Interface) 7: Network Security 3

False Dynamic Routing Updates r Attacker injects a RIP update stating she has a False Dynamic Routing Updates r Attacker injects a RIP update stating she has a path to a particular unused host or network r All subsequent packets will be routed to her. r She replies with raw IP packets listing the IP address of the unused host concealing her identity r Similar attacks for interdomain routing. r Also allows a man in the middle attack and denial of service attacks m m Could instead listen/forward or modify incoming packets. Bad routing tables make a routing black hole where legitimate traffic does not reach 7: Network Security 4

ICMP Attack r Simply, send an ICMP redirect m Forces a machine to route ICMP Attack r Simply, send an ICMP redirect m Forces a machine to route through you. r Send destination unreachable spoofed from the gateway r Constantly send ICMP source squelches. 7: Network Security 5

IP Spoofing r can generate “raw” IP packets directly from application, putting any value IP Spoofing r can generate “raw” IP packets directly from application, putting any value into IP source address field r receiver can’t tell if source is spoofed r e. g. : C pretends to be B C A src: B dest: A payload B 7: Network Security 6

Defenses against IP spoofing r Good for routers not to forward datagrams with IP Defenses against IP spoofing r Good for routers not to forward datagrams with IP addresses not in their network r Doesn’t help attacks from local networks r Really need authentication based on more than IP address m Remember authentication using crptography 7: Network Security 7

Ipsec: Network Layer Security r Network-layer secrecy: sending host encrypts the data in IP Ipsec: Network Layer Security r Network-layer secrecy: sending host encrypts the data in IP datagram m TCP and UDP segments; ICMP and SNMP messages. r Network-layer authentication m destination host can authenticate source IP address r Two principle protocols: m authentication header (AH) protocol m encapsulation security payload (ESP) protocol m r For both AH and ESP, source, destination handshake: m create network-layer logical channel called a service agreement (SA) r Each SA unidirectional. r Uniquely determined by: m security protocol (AH or ESP) m source IP address m 32 -bit connection ID 7: Network Security 8

Authentication Header (AH) Protocol r Provides source host authentication, data integrity, but not secrecy. Authentication Header (AH) Protocol r Provides source host authentication, data integrity, but not secrecy. r AH header inserted between IP header and IP data field. r Protocol field = 51. r Intermediate routers process datagrams as usual. AH header includes: r connection identifier r authentication data: signed message digest, calculated over original IP datagram, providing source authentication, data integrity. r Next header field: specifies type of data (TCP, UDP, ICMP, etc. ) in plain text 7: Network Security 9

ESP Protocol r Provides secrecy, host authentication, data integrity. r Data, ESP trailer encrypted. ESP Protocol r Provides secrecy, host authentication, data integrity. r Data, ESP trailer encrypted. r Next header field is in ESP header. r ESP authentication field is similar to AH authentication field. r Protocol = 50. 7: Network Security 10

Application Layer Network Security r Many applications are designed with *HUGE* security problems r Application Layer Network Security r Many applications are designed with *HUGE* security problems r On purpose? No! many common applications designed when the goal was just to get it to work (security complicates that) m Sometimes the cure is worse than the problem m But some applications are bad enough that it makes you wonder m 7: Network Security 11

Clear Text Passwords r We saw many application level protocols where sending your password Clear Text Passwords r We saw many application level protocols where sending your password in the clear is required by the protocol m FTP, TELNET, POP, News r Attack: packet sniffing can capture passwords r Defenses: m Replace these applications with ones that do not send the password in the clear m Switched Networks and Physical Security of Backbone networks 7: Network Security 12

Rsh and rcp r Rsh and rcp are especially bad r rsh and rcp Rsh and rcp r Rsh and rcp are especially bad r rsh and rcp use the. rhosts file in your directory, which lists hosts and accounts to allows access from without a password. r Example. rhosts file: mymachine. cs. cornell. edu jnm * * Whats so bad about that? 7: Network Security 13

Exploiting rsh r Now that we know a machine is running rsh, how can Exploiting rsh r Now that we know a machine is running rsh, how can we pretend to be another machine to gain access? r Remember IP Spoofing 7: Network Security 14

Ssh r Program for logging into a remote machine and executing commands there r Ssh r Program for logging into a remote machine and executing commands there r Replaces telnet, rlogin and rsh r Provides encrypted communications between two untrusted hosts over an insecure network 7: Network Security 15

Ssh r Users run ssh_keygen on client to generate two keys m private key: Ssh r Users run ssh_keygen on client to generate two keys m private key: ~/. ssh/identity m public key: ~/. ssh/identity. pub r Users append the identity. pub to their ~/. ssh/authorized_keys on server r Machines running sshd maintain similar files /etc/ssh_host_key and /etc/ssh_host_key. pub 7: Network Security 16

Challenge r From client: “ssh machine” will send a message to the server with Challenge r From client: “ssh machine” will send a message to the server with the username and the client name r Server looks up in authorized_keys, finds the matching public_key, uses it to encrypt a random number, and send that back to the client r User uses the private key in ~/. ssh/identity to decrypt the message and send it back to the server 7: Network Security 17

Protection for the User r How does the user know they are talking to Protection for the User r How does the user know they are talking to the server they think? r User maintains a list of the public_keys for all hosts they have ever spoken with in ~/. ssh/known_hosts r When contact server, server tells user its public key, user must choose to accept or reject the first time r From then on if doesn’t match will warn user 7: Network Security 18

One final attempt r If authentication methods fail, server may request passwd from the One final attempt r If authentication methods fail, server may request passwd from the user r Client machine can still encrypt in the public key given by server and send r Server can decrypt using private key r Password did not go in clear but must trust server with the passwd 7: Network Security 19

Lack of Application Layer Authentication r Early applications that did not require you to Lack of Application Layer Authentication r Early applications that did not require you to send your password in cleartext required no authentication at all m SMTP server does not authenticate the sender in the MAIL FROM line r Problem worse than fix? r Attack: Send forged email r Defenses: m SMTP servers that log message ids and client connections m SMTP servers that do not accept outgoing mail from a client outside their domain and that only forward mail directly to the mail transfer agent of the recipient’s domain m Secure email? 7: Network Security 20

Secure e-mail • Alice wants to send secret e-mail message, m, to Bob. • Secure e-mail • Alice wants to send secret e-mail message, m, to Bob. • generates random symmetric private key, KS. • encrypts message with KS • also encrypts KS with Bob’s public key. • sends both KS(m) and e. B(KS) to Bob. 7: Network Security 21

Secure e-mail (continued) • Alice wants to provide sender authentication message integrity. • Alice Secure e-mail (continued) • Alice wants to provide sender authentication message integrity. • Alice digitally signs message. • sends both message (in the clear) and digital signature. 7: Network Security 22

Secure e-mail (continued) • Alice wants to provide secrecy, sender authentication, message integrity. Note: Secure e-mail (continued) • Alice wants to provide secrecy, sender authentication, message integrity. Note: Alice uses both her private key, Bob’s public key. 7: Network Security 23

Pretty good privacy (PGP) r Internet e-mail encryption scheme, a de-facto standard. r Uses Pretty good privacy (PGP) r Internet e-mail encryption scheme, a de-facto standard. r Uses symmetric key cryptography, public key cryptography, hash function, and digital signature as described. r Provides secrecy, sender authentication, integrity. r Inventor, Phil Zimmerman, was target of 3 -year federal investigation. A PGP signed message: ---BEGIN PGP SIGNED MESSAGE--Hash: SHA 1 Bob: My husband is out of town tonight. Passionately yours, Alice ---BEGIN PGP SIGNATURE--Version: PGP 5. 0 Charset: noconv yh. HJRHh. GJGhgg/12 Ep. J+lo 8 g. E 4 v. B 3 mq. Jh FEv. ZP 9 t 6 n 7 G 6 m 5 Gw 2 ---END PGP SIGNATURE--- 7: Network Security 24

Distributed Trust r Users get others they know to sign their public key indicating Distributed Trust r Users get others they know to sign their public key indicating that they know this person and this public key really go together r Users can collect this supporting evidence of their public key r Users can also collect certificates of others public keys into a “key ring” r Don’t need to trust a certificate authority or key distribution center 7: Network Security 25

PGP key rings r Allows arbitrary chains of certificates r PGP software allows users PGP key rings r Allows arbitrary chains of certificates r PGP software allows users to examine all “evidence” of someones public key m Users might require several certificates from people they don’t know well to trust a key or just one certificate from people they know well r If receive a message from x, search key ring for a public key you trust to use in decrypting the message 7: Network Security 26

Transport Layer Network Security r TCP will accept a segment with an acceptable IP Transport Layer Network Security r TCP will accept a segment with an acceptable IP address, port number and sequence number m m m The problems we saw at the IP layer mean forging the IP address part isn’t hard Port Number and Sequence number you can definitely get if you are using a packet sniffer Port number and sequence number are also pretty predictable r All this means an attacker has a good chance of inserting data into a TCP stream 7: Network Security 27

What might an attacker insert into an ongoing TCP stream? r RST or FIN What might an attacker insert into an ongoing TCP stream? r RST or FIN would kill the connection (denial of service) r Worse if you know how the stream is interpreted on the other side you could add in data m Telnet is an example of this because it is just echoing key strokes m If hijack a telnet session could insert any command you want (rm * ? !) 7: Network Security 28

Attacker-in-the-Middle r Data from the client can be re-packaged into a TCP packet and Attacker-in-the-Middle r Data from the client can be re-packaged into a TCP packet and sent to the server r Attacker can insert commands into the remote account. E. g. m echo “* attacker” >. rhosts r Clients connection not dropped r However, commands entered by the attacker might appear on a command line history. 7: Network Security 29

Defenses r Switched networks and physical security of the back bone links m Good Defenses r Switched networks and physical security of the back bone links m Good idea to do yes but to easy for someone to plug into network somewhere r Run applications that encyrpt the data stream m Hijacking ssh session vs telnet m Can still interupt stream but harder to take it over to do something active r Secure Socket layer 7: Network Security 30

Secure sockets layer (SSL) r SSL works at transport layer. Provides security to any Secure sockets layer (SSL) r SSL works at transport layer. Provides security to any TCP-based app using SSL services. r SSL: used between WWW browsers, servers for ecommerce (https). r SSL security services: m m m server authentication data encryption client authentication (optional) r Server authentication: m m m SSL-enabled browser includes public keys for trusted CAs. Browser requests server certificate, issued by trusted CA. Browser uses CA’s public key to extract server’s public key from certificate. r Visit your browser’s security menu to see its trusted CAs. 7: Network Security 31

HTTPS Encrypted SSL session: r Browser generates symmetric session key, encrypts it with server’s HTTPS Encrypted SSL session: r Browser generates symmetric session key, encrypts it with server’s public key, sends encrypted key to server. r Using its private key, server decrypts session key. r Browser, server agree that future msgs will be encrypted. r All data sent into TCP socket (by client or server) is encrypted with session key. r SSL: basis of IETF Transport Layer Security (TLS). r SSL can be used for non-Web applications, e. g. , IMAP. r Client authentication can be done with client certificates. r encrypt in the public key given by server and send r Server can decrypt using private key 7: Network Security 32

ARP Attacks r When a machines sends an ARP request out, you could answer ARP Attacks r When a machines sends an ARP request out, you could answer that you own the address. m But in a race condition with the real machine. r Unfortunately, ARP will just accept replies without requests! r Just send a spoofed reply message saying your MAC address owns a certain IP address. m Repeat frequently so that cache doesn’t timeout r Messages are routed through you to sniff or modify or squelch 7: Network Security 33

ARP Spoofing Countermeasures r “Publish” MAC address of router/default gateway and trusted hosts to ARP Spoofing Countermeasures r “Publish” MAC address of router/default gateway and trusted hosts to prevent ARP spoof. Statically defining the IP to Ethernet address mapping prevents someone from fooling the host into sending network traffic to a host masquerading as the router or another host via an ARP spoof. Example: arp -s hostname 00: 01: 02: 03: 04: ab pub r Hard to defend from attack on your own LAN 7: Network Security 34

SYN Flooding Do. S r Pick a machine, any machine. r Spoof packets to SYN Flooding Do. S r Pick a machine, any machine. r Spoof packets to it (so you don’t get caught) r Each packet is a the first hand of the 3 way handshake of TCP: send a SYN packet. r Send lots of SYN packets. r Each SYN packet received causes a buffer to be allocated, and the limits of the listen()call to be reached. 7: Network Security 35

Buffer Overflows r Program buffer overflows are the most common form of security vulnerability; Buffer Overflows r Program buffer overflows are the most common form of security vulnerability; in fact they dominate. r 9 of 13 CERT advisories from 1998 r Half of CERT advisories from 1999 r Two have a buffer overflow, you need two things m Arrange for root-grabbing code to be available in the program’s address space m Get the program to jump to that code. 7: Network Security 36

Processes in memory r Process state in memory consists of several items: m the Processes in memory r Process state in memory consists of several items: m the code for running the program m the static data for the running program m space for dynamic data (the heap) and the heap pointer (hp) m the program counter (PC), indicating the next instruction m an execution stack with the program’s function call chain (the stack) m values of CPU registers m a set of OS resources in use; e. g. , open files m process execution state (ready, running, waiting, etc) 7: Network Security 37

Processes in Memory r We need consider only four regions in memory: m static Processes in Memory r We need consider only four regions in memory: m static data: pre-allocation memory ( int array[9]; ) m text: instructions and read-only data m heap: re-sizeable portion containing data malloc()’d and free()’d by the user. m Stack: a push and pop data structure. Used to allocate local variables used in functions, pass variables, and return values from function calls. 7: Network Security 38

Calling a function r The stack consists of a logical stack of frames. r Calling a function r The stack consists of a logical stack of frames. r Frames are the parameters given to a function, local variables, and data used to pop back up to the previous frame (like which instruction to go back to). r Each frame in the stack looks like this: Local vars Saved frame return pointer addr b 7: Network Security 39

Buffer Overrun =Seg fault r In memory, if you read data into a buffer, Buffer Overrun =Seg fault r In memory, if you read data into a buffer, you might write over other variables necessary for program execution. r Normally this results in a seg fault. input[256]; buffer[16]; strcpy(buffer, input); 7: Network Security 40

Careful Buffer Overrun = Attack r When you read in too many characters into Careful Buffer Overrun = Attack r When you read in too many characters into a buffer, you can modify the rest of the stack, altering the flow of the program. r Normally, writing over array bounds causes a seg fault as you’ll actually overwrite into other variables in the program. r If you are careful about what you overwrite, then you can alter what the program does next without stepping far enough to cause a seg fault. 7: Network Security 41

Smashing the Stack Buffer[30] Saved frame return pointer addr b Execve(“/bin/sh/”); return 0 xd Smashing the Stack Buffer[30] Saved frame return pointer addr b Execve(“/bin/sh/”); return 0 xd 1 r If buffer[] gets input from the command line, and the input is longer than the allocated memory, the program will write into the return address r If you do it perfectly, you can write into the RA the memory location of your input. r When your function completes, it will execute next the first command in your input. 7: Network Security 42

Buffer overflow over the net: Morris Worm r Fingerd takes input about whom to Buffer overflow over the net: Morris Worm r Fingerd takes input about whom to finger without checking input size. r Morris wrote the following code after the buffer overflow to create the morris worm: pushl $68732 f ‘/sh’ pushl $6 e 69622 f ‘/bin’ movl sp, r 10 pushl $0 pushl r 10 pushl $3 movl sp, ap chmk $3 b upon return to main() execve(“/bin/sh”, 0, 0); was executed, opening a shell on the remote. machine. 7: Network Security 43

Defenses r How do you avoid this exploit? r Use a language with garbage Defenses r How do you avoid this exploit? r Use a language with garbage collection and input r r will never be able to smash the stack. (i. e. , java, lisp, etc) Use input functions carefully. Don’t use strcpy(), strcat(), sprintf(), gets(). Use instead strncpy(3), strncat(3), snprintf(3), and fgets(3). There are other problematic constructs: fscanf(3), vsprintf(3), realpath(3), getopt(3), getpass(3), streadd(3), strecpy(3), and strtrns(3). 7: Network Security 44