Flashcards in Lesson 11.0 - Network Security Deck (33):
Why do we need network security?
May parts of the internet are susceptible to attacks
- Routing (BGP)
- Naming (DNS) - Reflection, Phishing
What is "Reflection"?
A way of generating a very large amount of traffic directed toward a victim (DDoS)
What is "Phishing"?
An attacker exploits the DNS to trick the user into revealing information
Which design choices of the internet has made it vulnerable to attacks?
- Designed for simplicity
- "on by default".
- Hosts are insecure
- Attacks can look like "normal" traffic
- Federated design - because it's run by thousands of coordinated networks, it's hard to have a common method of defense
Which make the internet design fundamentally insecure?
A: On by default
B: IP Addresses are easy to guess
C: Attacks look like normal traffic
A, C, D
What are resource exhaustion attacks ?
In a packet switch network, resources are not reserved and packets are self containment. Every packet has a destination IP address, and each packet travels independently to the destination host. In a packet switch network, a link may be shared by multiple senders at any given time, using statistical multiplexing
A large number of senders can overload a network resource, such as a node or a link. Note that circuit switch networks like the phone network do not have this problem because every connection effectively has allocated, dedicated resources. For that particular connection until it is terminated. So this problem that an attacker who sends allot of traffic might exhaust resources is unique to a packet switched network environment.
What are the components of security?
Availability: ability to use a resource
Confidentiality: concealing information
Authenticity: assures the origin of information
Integrity: prevent unauthorized changes
An attack on confidentiality
Eavesdropping (packet sniffing)
An attack on authenticity
Interception and modification of packets, or a "man in the middle" attack.
A denial of service attack is an attack on what?
What are the negative impacts of attacks?
Theft of confidential info
Disruption of service
What is the goal of control plane security/authentication?
To determine the veracity of routing advertisements
What are the aspects of the routing protocol which we seek to verify?
1. Session authentication, which protects the point-to-point communication between routers
2. Path authentication, which protects the AS path, and sometimes other attributes.
3. Origin authentication, which protects the origin AS in the AS path. This promises that the AS which advertises a prefix is, in fact, the own of that prefix.
A route hijack is an attack on which of the following forms of authentication?
1. Session: point-to-point between routers
2. Path: protects AS path
3. Origin: ensure that AS advertising prefix is the owner
3. A route hijack is an attack on the origin authentication, because the AS advertising a prefix, is not the actual owner of the prefix.
how do attacks on routing happen in the first place?
A. The router could be simply be misconfigured.
B. A router may be compromised by an attacker. When this happens the attacker can reconfigure the router.
C. Unscrupulous ISPs might also decide to advertise routes they should not be advertising
What are the means of attacks on routing?
A. May reconfigure the router, which is the most common way
B. Tamper with software
C. Temper with routing data
Most common attack is a "route hijack" on origin authentication
What is Route poisoning?
a method that prevents a certain network from sending data packets to a path destination that has already become invalid. This is done when a distance vector routing protocol sees an invalid route or one with large routing loops.
How can an attacker's network hide from a trace-route sent by the origin AS?
if the routers in the attacker's network never decrement the TTL, then no time exceeded messages would be generated by routers in the AS. Therefore the traceroute would never show AS
What is Session Authentication?
It is a method that attempts to ensure that BGP routing messages sent between routers of AS's are authentic.
This is easier than it appears, because the session is a TCP session. We do this by using TCP's MD5 authentication option
What is "Secure BGP", or BGPSEC?
a proposal to modify the existing border gateway protocol to add signatures to various parts of the route advertisement.
1. origin attestation, which is a certificate that binds the IP prefix to the organization/owner. Must be signed by trusted party
2. Path Attestation: Signatures along AS path
What is "Path attestation"?
Watch 14.16 (5 min)
What can "path attestations" defend against?
1. Some hjacks
2. Path shortening attacks
3. Modification of the AS path
What cannot path attestations defend against?
1. Suppression (if AS fails to advertise)
2. Replay attacks, such as premature re-advertisement of a withdrawn route.
3. No way to guarantee that data traffic travels along the advertised AS path, which is a significant weakness of DGP, and yet to be solved by any routing protocol.
What does the architecture of DNS look like?
Observe figure in 14.17
Why is DNS vulnerable?
1. The resolvers that issue the DNS query trust the responses that are received after they send out a query regardless of where that response comes from.
2. Responses can contain additional info unrelated to the query. There is no authentication here. This is possible because DNS queries are connectionless (UDP).
Which aspects of DNS make it vunuerable to attack?
A: Queries over UDP
B: DNS names are human-readable
C: No authentication for query responses
D: Distributed / federation
A and C
What is cache poisoning
When an attacker guesses that a recursive resolver will eventually issue a query, for something like google.com, the attacker can flood the recursive resolver with query replies, each with different IDs. If this response is received before the legitimate response, the RR will accept and cache this message.
What are some defenses against cache poisoning?
1. ID (can be guesssed)
2 Randomize ID (makes it harder, but still only 16-bit ID)
Consider "birthday paradox"
3. Randomize src port (This can be resource intensive or de-randomized)
4. 0x20 encoding -> DNS is case insensitive, GoOgle.com == google.com. So the mix of caps would be used as the query, which makes it harder for attacker to guess.
What is a Kaminsky attack?
A means of DNS cache poisoning by generating a stream of A record queries to generate a bunch of races, and then stuffing the A record responses bogus authoritative NS responses
Why does the 0x20 make DNS more secure?
A: DNS names are case-sensitive
B: Additional entropy
C: Efficient encryption
D: Additional hierarchy
B: Additional entropy by tweaking capitialization
What is the DNS amplification attack?
This attack exploits the asymmetry in size between DNS queries and their responses. So an attacker might send a DNS query for a particular domain, and that query might only be attacker might indicate that the source. For this query is some victim IP address. Thus the resolver might send a reply which is nearly two orders of magnitude larger to a victim.
This results in DDOS
What are defenses against a DNS amplification attack?
1. Prevent Spoofing
2. Disable the ability for a DNS resolver to resolve queries from arbitrary locations on the internet.