Wednesday, June 30, 2010

How Hackers Exploit Protocols

When two layers on the same node communicate, or when peer layers communicate, they rely on a well-defined protocol and precisely stated message formats. The protocol states who initiates the connection, how the session is terminated, the order of messages, what to do if an error occurs, and other characteristics of the session that are necessary for the exchange to succeed. A protocol also can be thought of as an algorithm because most protocols are defined as state machines.

As with other algorithms, order is important. If you want to bake a cake, getting the right ingredients is just one part of the process. Mixing and cooking the ingredients in the right order are required to achieve an edible result. The same is true for network communications protocols. If one half of the session decides to get creative with the protocol, the results will not be guaranteed.

Getting the order of messages right is important, but you also need to format the messages properly. A baking recipe is useless if the order of the steps is clear, but the steps are not accurately defined. For example, if the recipe is incorrectly copied from a friend and asks for one unit of butter instead of one unit of flour, you will end up with a different dessert. Similarly, in network message exchanges, if message integrity cannot be guaranteed, any dialogue between the peers will not succeed.

Designing a secure distributed protocol is more of an art than a science. When someone at your site invents a new distributed security protocol, alarm bells should sound. Unless this person is knowledgeable and has studied a number of references, a better-than-average chance exists for the protocol to have weaknesses.

Here are some examples from real-world situations:

  • A distributed authentication protocol was designed using a challenge-response technique, but the challenge and the response were the same value. A hacker impersonating the recipient could just replay the challenge when asked for the response.
  • A protocol was designed to accept incoming messages of a fixed length. Unfortunately, the program did not check the length of incoming messages (sound familiar?) and, because the system was a public Web server, any anonymous user on the Internet could crash the site.

Both of these examples appeared in commercial products developed by well-known companies with corporate offices on the West Coast. Network security is a complex beast. The merit badge for network security is earned only after years of study and trial-and-error. Designing network protocols is tough. Designing a new network security protocol is for experienced practitioners only.

Remote Access Network Security

Remote access networking is a necessity for any company that wants to remain competitive. However, it poses a security threat because it creates an openness that leaves valuable corporate resources vulnerable to attacks from unexpected directions. These attacks are launched for several reasons such as intellectual challenge, revenge, and greed. Regardless of the reason, an attack can sometimes be very costly to the company. For example, the intruder can gain access to company confidential files, corrupt company records, inject computer viruses into the network, or reconfigure the network. For these reasons, remote access network security is mandatory for companies with remote login facilities. A corporate network that provides remote access must provide enough security to authenticate users and protect the network resources from unauthorized access.

This article presents an overview of the security mechanisms used in remote access networks. The article discusses the types of attack that a network can be vulnerable to and the security services that are provided in a network. The first step in providing these services is to render data unintelligible to an unauthorized user through the process of encryption. The authorized user recovers the original data from the encrypted data through the inverse process of decryption. The article also covers Web security.

The network security market has become a major segment of the networking market. The information presented in this article is only an overview, but it attempts to provide an extensive and fairly comprehensive discussion on the subject.

Security Issues in Remote Access Networks

A network that can be accessed from remote locations is vulnerable to different types of attacks. The goal of network security is to prevent these attacks, which can be launched in a network in the following ways:

Network Packet Sniffing

This is an attack in which a program monitors the traffic on a network in order to gather user login names and passwords used to access the network. Sniffing can be foiled by scrambling user names and passwords. The process is called encryption and will be discussed later in this article.

IP Spoofing

IP spoofing is an attack in which an intruder is able to fake an IP address so that data sent over the Internet appears to be generated by an authorized user inside the network. The intent may be, for example, to conduct unauthorized business with a company’s clients. IP spoofing is particularly useful to an intruder in source routing. In source routing, the route taken by a packet from its source to its destination is specified in the packet’s header. In a network that supports source routing, the intruder can specify the source route and the receiver can send a reply under the pretense that the intruder is a legitimate user.

Brute Force Attack

This is an attack in which an intruder tries to crack passwords by trying every possible combination of characters until a match is found.

Man-in-the-Middle Attack

This is an attack in which an intruder places himself or herself between two communicating parties who believe they are interacting with each other. Unfortunately, the intruder is snooping and relaying information from one user to the other.

Denial-of-Service Attack

This attack is not aimed at gaining access to a corporate network. Instead, it focuses on making network service unavailable by crashing, jamming, or flooding the network. It is an attack that is difficult to prevent because as long as a network is connected to the Internet anyone can disrupt it.

Trojan Horse Attack

This is an attack in which software that appears to be harmless attaches itself to an authorized program. However, the software can monitor login user names and passwords and pass the information to the intruder. It can also generate viruses that damage data in host machines.

Social Engineering Attack

This is an attack in which the intruder poses as an employee, such as the network administrator, in order to gain unauthorized access to the network. For example, a remote access caller may contact the help desk late at night to request a password to access the network. In this case, the intruder is inadvertently given the password.

Basic Security Services

A good security system should provide services that help simplify the task of managing the security of corporate information assets. These services include authentication, data integrity, confidentiality, access control, and non-repudiation.

Authentication

Authentication verifies that a user is exactly who he or she claims to be. It provides the basis for access control in networks and other computer systems. Different authentication schemes are used for onsite and remote users. The most common authentication scheme for onsite users is the combination of user ID and password. For remote access users, the more common authentication schemes include restricted address, incoming call ID, callback, PAP, Challenge Handshake Authentication Protocol (CHAP), and Remote Authentication Dial-In User Service (RADIUS).

Restricted Address

In this service, a list of remote network addresses is stored in a database located in the corporate network. When a user dials into the network, the network address originating the call is checked against the list. If it is on the list, the call is allowed; otherwise, it is denied.

This scheme prevents unauthorized users from accessing sensitive resources, but it has some drawbacks. It validates the equipment rather than the user, meaning that any stolen equipment can be used to gain access to the network. In addition, it assumes that network addresses are statically assigned. Therefore, it cannot be used in environments where network addresses are dynamically issued by a DHCP server because an equipment’s IP address may change each time it requests an IP address.

Basic Networking Terminology

1. Networks and networking

Basic Networking Terminology

A network is an intricately connected system of objects or people. Networks are all around us, even inside us. Your own nervous system and cardiovascular system are networks. The cluster diagram in the figure shows several types of networks; you may think of others.

Notice the groupings:
* communications
* transportation
* social
* biological
* utilities

2. Data networks

Data networks came about as a result of computer applications that had been written for businesses. . However, at the time when these applications were written, businesses owned computers that were standalone devices and each one operated on its own, independent from any other computers. Therefore, it became apparent that this was not an efficient or cost effective manner in which to operate businesses.

They needed a solution that would successfully address the following three questions:
1. how to avoid duplication of equipment and resources
2. how to to communicate efficiently
3. how to set up and manage a network

Businesses recognized how much money they could save and how much productivity they could gain by using networking technology. They started adding networks and expanding existing networks almost as rapidly as new network technologies and products were introduced. As a result, the early 1980s saw a tremendous expansion in networking and however, the early development of networks was chaotic in many ways.

By the mid-1980s, growing pains were felt. Many of the network technologies that had emerged had been created with a variety of different hardware and software implementations. Consequently, many of the new network technologies were incompatible with each other. It became increasingly difficult for networks that used different specifications to communicate with each other.

One early solution to these problems was the creation of local area networks (LANs). Because they could connect all of the workstations, peripherals, terminals, and other devices in a single building, LANs made it possible for businesses using computer technology to efficiently share such things as files and printers.

As the use of computers in businesses grew, it soon became obvious that even LANs were not sufficient. In a LAN system, each department or company is a kind of electronic island.

What was needed was a way for information to move efficiently and quickly, not only within a company, but from one business to another. The solution, then, was the creation of the metropolitan area networks (MANs) and wide area networks (WANs). Because WANs could connect user networks over large geographic areas, they made it possible for businesses to communicate with each other across great distances.

3. Data Networking Solutions

For your studies, most data networks are classified as either local area networks (LANs) or wide area networks (WANs). LANs are usually located in single buildings or campuses, and handle interoffice communications. WANs cover a large geographical area, and connect cities and countries. Several useful examples of LANs and WANs appear in the figure; these examples should be referred back to whenever there’s a question about what constitutes a LAN or WAN. LANs and/or WANs can also be linked by internetworking.

Distance
Between CPUs
Location
of CPUs
Name
0.1 m Printed Circuit board. Motherboard
1.0 m Milimeter
Computer System Network
10 m Room Local Area Network
100 m Building Local Arena Network
1 km Campus Local Arena Network
100 km Country Wide Area Network
1,000 km Continent Wide Area Network
10,000 km Planet Wide Area Network
100,000 km Eart-moon Syatem Wide Area Network

4. Local area networks

One early solution to these problems was the creation of local area networks (LANs). Because they could connect all of the workstations, peripherals, terminals, and other devices in a single building, LANs made it possible for businesses using computer technology to efficiently share such things as files and printers.

Local area networks (LANs) consist of computers, network interface cards, networking media, network traffic control devices, and peripheral devices. LANs make it possible for businesses that use computer technology to share, efficiently, such items as files and printers, and to make possible communications such as e-mail. They tie together: data, communications, computing, and file servers.

LANs are designed to do the following:

* operate within a limited geographic area
* allow many users to access high-bandwidth media
* provide full-time connectivity to local services
* connect physically adjacent devices

There are many online resources for gaining the most recent information on LANs. Take a moment to browse some of these sites.

* Communications Week
* Data Communications
* InfoWorld
* Network Magazine
* LAN Times
* Network Computing

5. Wide area networks

As computer use in businesses grew, it soon became apparent that even LANs were not sufficient. In a LAN system, each department, or business was a kind of electronic island. What was needed was a way for information to move efficiently and quickly from one business to another.
The solution was the creation of wide area networks (WANs). WANs interconnected LANs, which then provided access to computers or file servers in other locations. Because WANs connected user networks over a large geographical area, they made it possible for businesses to communicate with each other across great distances. As a result of being networked or connected, computers, printers, and other devices on a WAN could communicate with each other to share information and resources, as well as to access the Internet.

Some common WAN technologies are:
* modems
* ISDN (Integrated Services Digital Network)
* DSL (Digital Subscriber Line)
* Frame relay
* ATM (Asynchronous Transfer Mode)
* The T (US) and E (Europe) Carrier Series: T1, E1, T3, E3, etc.
* SONET (Synchronous Optical Network)