Assembling a security policy can be daunting if it is undertaken without guidance. For this reason, the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) have published a security standard document called ISO/IEC 27002. This document refers specifically to information technology and outlines a code of practice for information security management.
”A security policy is a formal statement of the rules by which people who are given access to an organization’s technology and information assets must abide.” (RFC 2196, Site Security Handbook)
The SANS Institute (http://www.sans.org) provides guidelines for developing comprehensive security policies for organizations large and small.
RIPv2, EIGRP, OSPF, IS-IS, and BGP all support various forms of MD5 authentication.
Over the years, network attack tools and methods have evolved. As shown in the figure, in 1985 an attacker had to have sophisticated computer, programming, and networking knowledge to make use of rudimentary tools and basic attacks. As time went on, and attackers’ methods and tools improved, attackers no longer required the same level of sophisticated knowledge. This has effectively lowered the entry-level requirements for attackers. People who previously would not have participated in computer crime are now able to do so.
As the types of threats, attacks, and exploits have evolved, various terms have been coined to describe the individuals involved. Some of the most common terms are as follows:
An individual who looks for vulnerabilities in systems or networks and then reports these vulnerabilities to the owners of the system so that they can be fixed. They are ethically opposed to the abuse of computer systems. A white hat generally focuses on securing IT systems, whereas a black hat (the opposite) would like to break into them.
A general term that has historically been used to describe a computer programming expert. More recently, this term is often used in a negative way to describe an individual that attempts to gain unauthorized access to network resources with malicious intent.
Another term for individuals who use their knowledge of computer systems to break into systems or networks that they are not authorized to use, usually for personal or financial gain. A cracker is an example of a black hat.
A more accurate term to describe someone who tries to gain unauthorized access to network resources with malicious intent.
An individual who manipulates the phone network to cause it to perform a function that is not allowed. A common goal of phreaking is breaking into the phone network, usually through a payphone, to make free long distance calls.
An individual who sends large quantities of unsolicited e-mail messages. Spammers often use viruses to take control of home computers and use them to send out their bulk messages.
Uses e-mail or other means to trick others into providing sensitive information, such as credit card numbers or passwords. A phisher masquerades as a trusted party that would have a legitimate need for the sensitive information.
As security measures have improved over the years, some of the most common types of attacks have diminished in frequency, while new ones have emerged. Conceiving of network security solutions begins with an appreciation of the complete scope of computer crime. These are the most commonly reported acts of computer crime that have network security implications:
When you think of network security, or even computer security, you may imagine attackers exploiting software vulnerabilities. A less glamorous, but no less important, class of threat is the physical security of devices. An attacker can deny the use of network resources if those resources can be physically compromised.
The four classes of physical threats are:
There are four primary classes of attacks.
Reconnaissance is the unauthorized discovery and mapping of systems, services, or vulnerabilities. It is also known as information gathering and, in most cases, it precedes another type of attack. Reconnaissance is similar to a thief casing a neighborhood for vulnerable homes to break into, such as an unoccupied residence, easy-to-open doors, or open windows.
Reconnaissance attacks can consist of the following:
Internet information queries Ping sweeps Port scans Packet sniffers
External attackers can use Internet tools, such as the nslookup and whois utilities, to easily determine the IP address space assigned to a given corporation or entity. After the IP address space is determined, an attacker can then ping the publicly available IP addresses to identify the addresses that are active. To help automate this step, an attacker may use a ping sweep tool, such as fping or gping, which systematically pings all network addresses in a given range or subnet. This is similar to going through a section of a telephone book and calling each number to see who answers.
When the active IP addresses are identified, the intruder uses a port scanner to determine which network services or ports are active on the live IP addresses. A port scanner is software, such as Nmap or Superscan, that is designed to search a network host for open ports. The port scanner queries the ports to determine the application type and version, as well as the type and version of operating system (OS) running on the target host. Based on this information, the intruder can determine if a possible vulnerability that can be exploited exists. As shown in the figure, a network exploration tool such as Nmap can be used to conduct host discovery, port scanning, version detection, and OS detection. Many of these tools are available and easy to use.
Internal attackers may attempt to ”eavesdrop” on network traffic.
Network snooping and packet sniffing are common terms for eavesdropping. The information gathered by eavesdropping can be used to pose other attacks to the network.
Two common uses of eavesdropping are as follows:
Information gathering-Network intruders can identify usernames, passwords, or information carried in a packet.
Information theft-The theft can occur as data is transmitted over the internal or external network. The network intruder can also steal data from networked computers by gaining unauthorized access. Examples include breaking into or eavesdropping on financial institutions and obtaining credit card numbers.
An example of data susceptible to eavesdropping is SNMP version 1 community strings, which are sent in clear text. SNMP is a management protocol that provides a means for network devices to collect information about their status and to send it to an administrator. An intruder could eavesdrop on SNMP queries and gather valuable data on network equipment configuration. Another example is the capture of usernames and passwords as they cross a network.
A common method for eavesdropping on communications is to capture TCP/IP or other protocol packets and decode the contents using a protocol analyzer or similar utility. An example of such a program is Wireshark, which you have been using extensively throughout the Exploration courses. After packets are captured, they can be examined for vulnerable information.
Three of the most effective methods for counteracting eavesdropping are as follows:
Using switched networks instead of hubs so that traffic is not forwarded to all endpoints or network hosts.
Using encryption that meets the data security needs of the organization without imposing an excessive burden on system resources or users.
Implementing and enforcing a policy directive that forbids the use of protocols with known susceptibilities to eavesdropping. For example, SNMP version 3 can encrypt community strings, so a company could forbid using SNMP version 1, but permit SNMP version 3.
Encryption provides protection for data susceptible to eavesdropping attacks, password crackers, or manipulation. Almost every company has transactions that could have negative consequences if viewed by an eavesdropper. Encryption ensures that when sensitive data passes over a medium susceptible to eavesdropping, it cannot be altered or observed. Decryption is necessary when the data reaches the destination host.
One method of encryption is called payload-only encryption. This method encrypts the payload section (data section) after a User Datagram Protocol (UDP) or TCP header. This enables Cisco IOS routers and switches to read the Network layer information and forward the traffic as any other IP packet. Payload-only encryption allows flow switching and all access-list features to work with the encrypted traffic just as they would with plain text traffic, thereby preserving desired quality of service (QoS) for all data.
System access is the ability for an intruder to gain access to a device for which the intruder does not have an account or a password. Entering or accessing systems usually involves running a hack, script, or tool that exploits a known vulnerability of the system or application being attacked.
Access attacks exploit known vulnerabilities in authentication services, FTP services, and web services to gain entry to web accounts, confidential databases, and other sensitive information.
Password attacks can be implemented using a packet sniffer to yield user accounts and passwords that are transmitted as clear text. Password attacks usually refer to repeated attempts to log in to a shared resource, such as a server or router, to identify a user account, password, or both. These repeated attempts are called dictionary attacks or brute-force attacks.
To conduct a dictionary attack, attackers can use tools such as L0phtCrack or Cain. These programs repeatedly attempt to log in as a user using words derived from a dictionary. Dictionary attacks often succeed because users have a tendency to choose simple passwords that are short, single words or are simple variations that are easy to predict, such as adding the number 1 to a word.
Another password attack method uses rainbow tables. A rainbow table is precomputed series of passwords which is constructed by building chains of possible plaintext passwords. Each chain is developed by starting with a randomly selected ”guess” of the plaintext password and then successively applying variations on it. The attack software will apply the passwords in the rainbow table until it solves the password. To conduct a rainbow table attack, attackers can use a tool such as L0phtCrack.
A brute-force attack tool is more sophisticated because it searches exhaustively using combinations of character sets to compute every possible password made up of those characters. The downside is that more time is required for completion of this type of attack. Brute-force attack tools have been known to solve simple passwords in less than a minute. Longer, more complex passwords may take days or weeks to resolve.
Password attacks can be mitigated by educating users to use complex passwords and specifying minimum password lengths. Brute-force attacks could be mitigated by restricting the number of failed login attempts. However, a brute-force attack can also be performed offline. For example, if an attacker snoops an encrypted password, either through eavesdropping or by accessing a configuration file, the attacker could then attempt to resolve the password without actually being connected to the host.
The goal of a trust exploitation attack is to compromise a trusted host, using it to stage attacks on other hosts in a network. If a host in a network of a company is protected by a firewall (inside host), but is accessible to a trusted host outside the firewall (outside host), the inside host can be attacked through the trusted outside host.
The means used by attackers to gain access to the trusted outside host as well as the details of trust exploitation are not discussed in this chapter. For information about trust exploitation, refer to the course Networking Academy Network Security course.
Trust exploitation-based attacks can be mitigated through tight constraints on trust levels within a network, for example, private VLANs can be deployed in public-service segments where multiple public servers are available. Systems on the outside of a firewall should never be absolutely trusted by systems on the inside of a firewall. Such trust should be limited to specific protocols and should be authenticated by something other than an IP address, where possible.
A port redirection attack is a type of trust exploitation attack that uses a compromised host to pass traffic through a firewall that would otherwise be blocked.
Consider a firewall with three interfaces and a host on each interface. The host on the outside can reach the host on the public services segment, but not the host on the inside. This publicly accessible segment is commonly referred to as a demilitarized zone (DMZ). The host on the public services segment can reach the host on both the outside and the inside. If attackers were able to compromise the public services segment host, they could install software to redirect traffic from the outside host directly to the inside host. Although neither communication violates the rules implemented in the firewall, the outside host has now achieved connectivity to the inside host through the port redirection process on the public services host. An example of a utility that can provide this type of access is netcat.
Port redirection can be mitigated primarily through the use of proper trust models, which are network specific (as mentioned earlier). When a system is under attack, a host-based intrusion detection system (IDS) can help detect an attacker and prevent installation of such utilities on a host.
Denial of service (DoS) is when an attacker disables or corrupts networks, systems, or services with the intent to deny services to intended users. DoS attacks involve either crashing the system or slowing it down to the point that it is unusable. But DoS can also be as simple as deleting or corrupting information. In most cases, performing the attack involves simply running a hack or script. For these reasons, DoS attacks are the most feared.
DoS attacks are the most publicized form of attack and also among the most difficult to eliminate. Even within the attacker community, DoS attacks are regarded as trivial and considered bad form, because they require so little effort to execute. But because of their ease of implementation and potentially significant damage, DoS attacks deserve special attention from security administrators.
DoS attacks take many forms. Ultimately, they prevent authorized people from using a service by consuming system resources. The following are some examples of common DoS threats:
A ping of death attack gained popularity back in the late 1990s. It took advantage of vulnerabilities in older operating systems. This attack modified the IP portion of a ping packet header to indicate that there is more data in the packet than there actually was. A ping is normally 64 or 84 bytes, while a ping of death could be up to 65,536 bytes. Sending a ping of this size may crash an older target computer. Most networks are no longer susceptible to this type of attack.
A SYN flood attack exploits the TCP three-way handshake. It involves sending multiple SYN requests (1,000+) to a targeted server. The server replies with the usual SYN-ACK response, but the malicious host never responds with the final ACK to complete the handshake. This ties up the server until it eventually runs out of resources and cannot respond to a valid host request.
Other types of DoS attacks include:
E-mail bombs - Programs send bulk e-mails to individuals, lists, or domains, monopolizing e-mail services.
Malicious applets - These attacks are Java, JavaScript, or ActiveX programs that cause destruction or tie up computer resources.
Distributed DoS (DDoS) attacks are designed to saturate network links with illegitimate data. This data can overwhelm an Internet link, causing legitimate traffic to be dropped. DDoS uses attack methods similar to standard DoS attacks, but operates on a much larger scale. Typically, hundreds or thousands of attack points attempt to overwhelm a target.
Typically, there are three components to a DDoS attack.
There is a Client who is typically a person who launches the attack. A Handler is a compromised host that is running the attacker program and each Handler is capable of controlling multiple Agents An Agent is a compromised host that is running the attacker program and is responsible for generating a stream of packets that is directed toward the intended victim
Examples of DDoS attacks include the following:
SMURF attack Tribe flood network (TFN) Stacheldraht MyDoom
The Smurf attack uses spoofed broadcast ping messages to flood a target system. It starts with an attacker sending a large number of ICMP echo requests to the network broadcast address from valid spoofed source IP addresses. A router could perform the Layer 3 broadcast-to-Layer 2 broadcast function, most hosts will each respond with an ICMP echo reply, multiplying the traffic by the number of hosts responding. On a multi-access broadcast network, there could potentially be hundreds of machines replying to each echo packet.
For example, assume that the network has 100 hosts and that the attacker has a high performance T1 link. The attacker sends a 768 kb/s stream of ICMP echo requests packets with a spoofed source address of the victim to the broadcast address of a targeted network (referred to as a bounce site). These ping packets hit the bounce site on the broadcast network of 100 hosts, and each of them takes the packet and responds to it, creating 100 outbound ping replies. A total of 76.8 megabits per second (Mb/s) of bandwidth is used outbound from the bounce site after the traffic is multiplied. This is then sent to the victim or the spoofed source of the originating packets.
Turning off directed broadcast capability in the network infrastructure prevents the network from being used as a bounce site. Directed broadcast capability is now turned off by default in Cisco IOS software since version 12.0.
DoS and DDoS attacks can be mitigated by implementing special anti-spoof and anti-DoS access control lists. ISPs can also implement traffic rate, limiting the amount of nonessential traffic that crosses network segments. A common example is to limit the amount of ICMP traffic that is allowed into a network, because this traffic is used only for diagnostic purposes.
Details of the operation of these attacks is beyond the scope of this course. For more information, refer to the Networking Academy Network Security course.
Malicious software can be inserted onto a host to damage or corrupt a system, replicate itself, or deny access to networks, systems, or services. Common names for this type of software are worms, viruses, and Trojan horses.
The primary vulnerabilities for end-user workstations are worm, virus, and Trojan horse attacks.
A worm executes code and installs copies of itself in the memory of the infected computer, which can, in turn, infect other hosts.
A virus is malicious software that is attached to another program for the purpose of executing a particular unwanted function on a workstation.
A Trojan horse is different from a worm or virus only in that the entire application was written to look like something else, when in fact it is an attack tool.
The anatomy of a worm attack is as follows:
The enabling vulnerability-A worm installs itself by exploiting known vulnerabilities in systems, such as naive end users who open unverified executable attachments in e-mails.
Propagation mechanism-After gaining access to a host, a worm copies itself to that host and then selects new targets.
Payload-Once a host is infected with a worm, the attacker has access to the host, often as a privileged user. Attackers could use a local exploit to escalate their privilege level to administrator.
Typically, worms are self-contained programs that attack a system and try to exploit a specific vulnerability in the target. Upon successful exploitation of the vulnerability, the worm copies its program from the attacking host to the newly exploited system to begin the cycle again. In January 2007, a worm infected the popular MySpace community. Unsuspecting users enabled propagation of the worm, which began to replicate itself on user sites with the defacement ”w0rm.EricAndrew”.
Worm attack mitigation requires diligence on the part of system and network administration staff. Coordination between system administration, network engineering, and security operations personnel is critical in responding effectively to a worm incident. The following are the recommended steps for worm attack mitigation:
Containment-Contain the spread of the worm in and within the network. Compartmentalize uninfected parts of the network.
Inoculation-Start patching all systems and, if possible, scanning for vulnerable systems.
Quarantine-Track down each infected machine inside the network. Disconnect, remove, or block infected machines from the network.
Treatment-Clean and patch each infected system. Some worms may require complete core system reinstallations to clean the system.
A virus is malicious software that is attached to another program to execute a particular unwanted function on a workstation. An example is a program that is attached to command.com (the primary interpreter for Windows systems) and deletes certain files and infects any other versions of command.com that it can find.
A Trojan horse is different only in that the entire application was written to look like something else, when in fact it is an attack tool. An example of a Trojan horse is a software application that runs a simple game on a workstation. While the user is occupied with the game, the Trojan horse mails a copy of itself to every address in the user’s address book. The other users receive the game and play it, thereby spreading the Trojan horse to the addresses in each address book.
A virus normally requires a delivery mechanism-a vector-such as a zip file or some other executable file attached to an e-mail, to carry the virus code from one system to another. The key element that distinguishes a computer worm from a computer virus is that human interaction is required to facilitate the spread of a virus.
These kinds of applications can be contained through the effective use of antivirus software at the user level, and potentially at the network level. Antivirus software can detect most viruses and many Trojan horse applications and prevent them from spreading in the network. Keeping up to date with the latest developments in these sorts of attacks can also lead to a more effective posture toward these attacks. As new virus or Trojan applications are released, enterprises need to keep current with the latest versions of antivirus software.
Sub7, or subseven, is a common Trojan horse that installs a backdoor program on user systems. It is popular for both unstructured and structured attacks. As an unstructured threat, inexperienced attackers can use the program to cause mouse cursers to disappear. As a structured threat, crackers can use it to install keystroke loggers (programs that record all user keystrokes) to capture sensitive information.
A man-in-the-middle (MITM) attack is carried out by attackers that manage to position themselves between two legitimate hosts. The attacker may allow the normal transactions between hosts to occur, and only periodically manipulate the conversation between the two.
There are many ways that an attacker gets position between two hosts. The details of these methods are beyond the scope of this course, but a brief description of one popular method, the transparent proxy, helps illustrate the nature of MITM attacks.
In a transparent proxy attack, an attacker may catch a victim with a phishing e-mail or by defacing a website. Then the URL of a legitimate website has the attackers URL added to the front of it (prepended). For instance http:www.legitimate.com becomes http:www.attacker.com/http://www.legitimate.com.
1. When a victim requests a webpage, the host of the victim makes the request to the host of the attacker’s.
2. The attacker’s host receives the request and fetches the real page from the legitimate website.
3. The attacker can alter the legitimate webpage and apply any transformations to the data they want to make.
4. The attacker forwards the requested page to the victim.
Other sorts of MITM attacks are potentially even more harmful. If attackers manage to get into a strategic position, they can steal information, hijack an ongoing session to gain access to private network resources, conduct DoS attacks, corrupt transmitted data, or introduce new information into network sessions.
WAN MITM attack mitigation is achieved by using VPN tunnels, which allow the attacker to see only the encrypted, undecipherable text. LAN MITM attacks use such tools as ettercap and ARP poisoning. Most LAN MITM attack mitigation can usually be mitigated by configuring port security on LAN switches.
The Internet is a worldwide, publicly accessible IP network. Because of its vast global proliferation, it has become an attractive way to interconnect remote sites. However, the fact that it is a public infrastructure poses security risks to enterprises and their internal networks. Fortunately, VPN technology enables organizations to create private networks over the public Internet infrastructure that maintain confidentiality and security.
A VPN creates a private network over a public network infrastructure while maintaining confidentiality and security. VPNs use cryptographic tunneling protocols to provide protection against packet sniffing, sender authentication, and message integrity.
Organizations use VPNs to provide a virtual WAN infrastructure that connects branch offices, home offices, business partner sites, and remote telecommuters to all or portions of their corporate network. To remain private, the traffic is encrypted. Instead of using a dedicated Layer 2 connection, such as a leased line, a VPN uses virtual connections that are routed through the Internet.
Organizations using VPNs benefit from increased flexibility and productivity. Remote sites and teleworkers can connect securely to the corporate network from almost any place. Data on a VPN is encrypted and undecipherable to anyone not entitled to have it. VPNs bring remote hosts inside the firewall, giving them close to the same levels of access to network devices as if they were in a corporate office.
VPNs use advanced encryption techniques and tunneling to permit organizations to establish secure, end-to-end, private network connections over the Internet.
The foundation of a secure VPN is data confidentiality, data integrity, and authentication:
Tunneling allows the use of public networks like the Internet to carry data for users as though the users had access to a private network. Tunneling encapsulates an entire packet within another packet and sends the new, composite packet over a network.
VPN encryption encrypts the data and renders it unreadable to unauthorized receivers. VPN encryption rules include an algorithm and a key. An algorithm is a mathematical function that combines a message, text, digits, or all three with a key. The output is an unreadable cipher string. Decryption is extremely difficult or impossible without the correct key.
The degree of security provided by any encryption algorithm depends on the length of the key. For any given key length, the time that it takes to process all of the possibilities to decrypt cipher text is a function of the computing power of the computer. Therefore, the shorter the key, the easier it is to break, but at the same time, the easier it is to pass the message.
Some of the more common encryption algorithms and the length of keys they use are as follows:
Encryption algorithms such as DES and 3DES require a shared secret key to perform encryption and decryption. Each of the two computers must know the key to decode the information. With symmetric key encryption, also called secret key encryption, each computer encrypts the information before sending it over the network to the other computer. Symmetric key encryption requires knowledge of which computers will be talking to each other so that the same key can be configured on each computer.
For example, a sender creates a coded message where each letter is substituted with the letter that is two letters down in the alphabet; ”A” becomes ”C,” and ”B” becomes ”D”, and so on. In this case, the word SECRET becomes UGETGV. The sender has already told the recipient that the secret key is ”shift by 2.” When the recipient receives the message UGETGV, the recipient computer decodes the message by shifting back two letters and calculating SECRET. Anyone else who sees the message sees only the encrypted message, which looks like nonsense unless the person knows the secret key.
The question is, how do the encrypting and decrypting devices both have the shared secret key? You could use e-mail, courier, or overnight express to send the shared secret keys to the administrators of the devices. Another easier and more secure method is asymmetric encryption.
Asymmetric encryption uses different keys for encryption and decryption. Knowing one of the keys does not allow a hacker to deduce the second key and decode the information. One key encrypts the message, while a second key decrypts the message. It is not possible to encrypt and decrypt with the same key.
Public key encryption is a variant of asymmetric encryption that uses a combination of a private key and a public key. The recipient gives a public key to any sender with whom the recipient wants to communicate. The sender uses a private key combined with the recipient’s public key to encrypt the message. Also, the sender must share their public key with the recipient. To decrypt a message, the recipient will use the public key of the sender with their own private key.
Bob has been given two keys. One of Bob’s keys is called a Public Key, the other is called a Private Key. Bob’s Public key is available to anyone who needs it, but he keeps his Private Key to himself. Keys are used to encrypt information. Encrypting information means ”scrambling it up”, so that only a person with the appropriate key can make it readable again. Either one of Bob’s two keys can encrypt data, and the other key can decrypt that data. Susan (shown below) can encrypt a message using Bob’s Public Key. Bob uses his Private Key to decrypt the message. Any of Bob’s coworkers might have access to the message Susan encrypted, but without Bob’s Private Key, the data is worthless.
Hashes contribute to data integrity and authentication by ensuring that unauthorized persons do not tamper with transmitted messages. A hash, also called a message digest, is a number generated from a string of text. The hash is smaller than the text itself. It is generated using a formula in such a way that it is extremely unlikely that some other text will produce the same hash value.
The original sender generates a hash of the message and sends it with the message itself. The recipient decrypts the message and the hash, produces another hash from the received message, and compares the two hashes. If they are the same, the recipient can be reasonably sure the integrity of the message has not been affected.
With his private key and the right software, Bob can put digital signatures on documents and other data. A digital signature is a ”stamp” Bob places on the data which is unique to Bob, and is very difficult to forge. In addition, the signature assures that any changes made to the data that has been signed can not go undetected. To sign a document, Bob’s software will crunch down the data into just a few lines by a process called ”hashing”. These few lines are called a message digest. (It is not possible to change a message digest back into the original data from which it was created.) Bob’s software then encrypts (*only*) the message digest with his private key. The result is the digital signature. Finally, Bob’s software appends the digital signature to document. All of the data that was hashed has been signed. Bob now passes the document on to Pat. First, Pat’s software decrypts the signature (using Bob’s public key) changing it back into a message digest. If this worked, then it proves that Bob signed the document, because only Bob has his private key. Pat’s software then hashes the document data into a message digest. If the message digest is the same as the message digest created when the signature was decrypted, then Pat knows that the signed data has not been changed.
Plot complication...
Doug (our disgruntled employee) wishes to deceive Pat. Doug makes sure that Pat receives a signed message and a public key that appears to belong to Bob. Unbeknownst to Pat, Doug deceitfully sent a key pair he created using Bob’s name. Short of receiving Bob’s public key from him in person, how can Pat be sure that Bob’s public key is authentic? It just so happens that Susan works at the company’s certificate authority center. Susan can create a digital certificate for Bob simply by signing Bob’s public key as well as some information about Bob (Name, Address, etc.). Now Bob’s co-workers can check Bob’s trusted certificate to make sure that his public key truly belongs to him. In fact, no one at Bob’s company accepts a signature for which there does not exist a certificate generated by Susan. This gives Susan the power to revoke signatures if private keys are compromised, or no longer needed. There are even more widely accepted certificate authorities that certify Susan.
Let’s say that Bob sends a signed document to Pat. To verify the signature on the document, Pat’s software first uses Susan’s (the certificate authority’s) public key to check the signature on Bob’s certificate. Successful de-encryption of the certificate proves that Susan created it. After the certificate is de-encrypted, Pat’s software can check if Bob is in good standing with the certificate authority and that all of the certificate information concerning Bob’s identity has not been altered. Pat’s software then takes Bob’s public key from the certificate and uses it to check Bob’s signature. If Bob’s public key de-encrypts the signature successfully, then Pat is assured that the signature was created using Bob’s private key, for Susan has certified the matching public key. And of course, if the signature is valid, then we know that Doug didn’t try to change the signed content.
VPNs use a message authentication code to verify the integrity and the authenticity of a message, without using any additional mechanisms. A keyed hashed message authentication code (HMAC) is a data integrity algorithm that guarantees the integrity of the message.
A HMAC has two parameters: a message input and a secret key known only to the message originator and intended receivers. The message sender uses a HMAC function to produce a value (the message authentication code), formed by condensing the secret key and the message input. The message authentication code is sent along with the message. The receiver computes the message authentication code on the received message using the same key and HMAC function as the sender used, and compares the result computed with the received message authentication code. If the two values match, the message has been correctly received and the receiver is assured that the sender is a member of the community of users that share the key. The cryptographic strength of the HMAC depends upon the cryptographic strength of the underlying hash function, on the size and quality of the key, and the size of the hash output length in bits.
There are two common HMAC algorithms:
Message Digest 5 (MD5) - Uses a 128-bit shared secret key. The variable length message and 128-bit shared secret key are combined and run through the HMAC-MD5 hash algorithm. The output is a 128-bit hash. The hash is appended to the original message and forwarded to the remote end.
Secure Hash Algorithm 1 (SHA-1) - Uses a 160-bit secret key. The variable length message and the 160-bit shared secret key are combined and run through the HMAC-SHA-1 hash algorithm. The output is a 160-bit hash. The hash is appended to the original message and forwarded to the remote end.
When conducting business long distance, it is necessary to know who is at the other end of the phone, e-mail, or fax. The same is true of VPN networks. The device on the other end of the VPN tunnel must be authenticated before the communication path is considered secure. There are two peer authentication methods:
Pre-shared key (PSK) - A secret key that is shared between the two parties using a secure channel before it needs to be used. PSKs use symmetric key cryptographic algorithms. A PSK is entered into each peer manually and is used to authenticate the peer. At each end, the PSK is combined with other information to form the authentication key.
RSA signature - Uses the exchange of digital certificates to authenticate the peers. The local device derives a hash and encrypts it with its private key. The encrypted hash (digital signature) is attached to the message and forwarded to the remote end. At the remote end, the encrypted hash is decrypted using the public key of the local end. If the decrypted hash matches the recomputed hash, the signature is genuine.
IPsec is protocol suite for securing IP communications which provides encryption, integrity, and authentication. IPsec spells out the messaging necessary to secure VPN communications, but relies on existing algorithms.
There are two main IPsec framework protocols.
Authentication Header (AH) - Use when confidentiality is not required or permitted. AH provides data authentication and integrity for IP packets passed between two systems. It verifies that any message passed from R1 to R2 has not been modified during transit. It also verifies that the origin of the data was either R1 or R2. AH does not provide data confidentiality (encryption) of packets. Used alone, the AH protocol provides weak protection. Consequently, it is used with the ESP protocol to provide data encryption and tamper-aware security features.
Encapsulating Security Payload (ESP) - Provides confidentiality and authentication by encrypting the IP packet. IP packet encryption conceals the data and the identities of the source and destination. ESP authenticates the inner IP packet and ESP header. Authentication provides data origin authentication and data integrity. Although both encryption and authentication are optional in ESP, at a minimum, one of them must be selected.
IPsec relies on existing algorithms to implement encryption, authentication, and key exchange. Some of the standard algorithms that IPsec uses are as follows:
Encription = DES Authentication = MD5 DH = DH1
Encription = 3 DES Authentication = SHA DH = DH2
Encription = AES Authentication = - DH = DH5