VPN In Security

8/2/2019 VPN In Security

1/31

VPNInsecurityDan Goldberg

MADJiC Consulting, Inc

http://www.madjic.net

[email protected]


2/31

VPN Insecurity

Agenda What are VPNs How do VPNs work A brief crypto side trip VPN anatomy Basic WAN designs VPN risks Risk mitigation


3/31

What is a

Virtual Private Network (VPN) Two working definitions

Private communications over a non-private

medium A network transporting trusted data over an

untrusted network (Internet)

VPN formats Host to host

Host to gateway (Remote access)

Gateway to gateway (Site to site)


4/31

VPN Implementations

SSH Secure Shell SSL Secure Sockets Layer

OpenSSL & Stunnel OpenVPN

Commercial SSL VPN

Cryptcat (netcat with crypto) L2TP Layer 2 transport protocol PPTP Point to point tunneling protocol

IPSec Internet Protocol Security


5/31

VPN Limitations

SSH, supports TCP traffic only Depend on Client Port forwarding

SSH Secure Shell SSL Secure Sockets Layer

Symmetric or weak Crypto

Cryptcat L2TP Layer 2 transport protocol

PPTP Point to point tunneling protocol

Unicast traffic only IPSec Internet Protocol Security


6/31

The least you need to know

about crypto Cryptography is used to permit Alice to talk

to Bob

Elvis can listen in but not change orunderstand the message

There are two tools used to produce this end

in IPSec VPNs and Public Key Crypto Encryption algorithm

Cryptographic Hash algorithm


7/31

Encryption and hashes

Encryption example: plaintext >|< agfoel23.!0clw

Cryptographic Hash MD5 creates a 128 bit checksum

SHA1 creates 160 byte checksum

[dbg@madjic-box ~]$ sha1sum -t myfile.txt07f775c5982e14ed7e8840016a0cf0f15bea599e

myfile.txt

Used as a checksum to validate two inputs are

the same


8/31

A cryptographic side show

Hey! I heard that hashes are broken!?! http://www.cits.rub.de/MD5Collisions/ Hashes are not supposed to collide

No two inputs are supposed to produce the

same output

Some do! The link above tells the story of Alice and her

Boss (Bob) in which Boss signs a document

with a known collision; ouch!


9/31

Why Internet Protocol Security

(IPSec)? Internet Protocol version 4 offers no payloadsecurity

Simple checksumming on headers IPSec provides

Transport mode (Authentication header AH) Adds authentication to existing IP header

Tunnel mode (Encapsulating Security Protocol

ESP) Encrypts and packages original IP packet inside a

new IP header transmitted by security gateway Receiving gateway reverses the process


10/31

Tunnel vs. Transport mode

Tunnel mode uses IP in IP Encapsulated Security Protocol (ESP)

Encrypts entire packet at security gatewayincluding original header

Adds entire IP new header to packet

Transports to security gateway based on policy Protects data and IP addresses of hosts behind

security gateway


11/31

Transport vs. Tunnel Mode

Transport mode adds to original IP header Signs payload and transports to next hop

Does not include dynamic header data in signature

(TTL etc)

Inserts additional headers in IP header with hash

/ checksum

Protects data from man in the middle Does not provide privacy of data in payload or IP

addresses!

NAT breaks transport mode


12/31

IPSec Anatomy

IKE Internet key exchange ISAKMP - Internet Security Association and

Key Management Protocol AH - Authentication Header ESP Encapsulating Security Protocol


13/31

Authentication & Key Exchange

Policy ISAKMP (IKE)

Authentication method certificate shared secret

Encryption algorithm DES 3DES

Hashing algorithm MD5 SHA1

Identify endpoints by DNS or IP

Key Lifetime measured in megabytes and or time(minutes or hours)


14/31

Security Associations

Policy must match on both ends One side initiates communications; a Security

Policy Identifier (SPI) is created which identifiesa Security Association (SA) in a Security Policy

Database (SPD).

SPD holds all the SPIs a host knows about

The Security association identifies the

instance of IPSec and its parameters


15/31

Keys! Keys! Who's got the

keys? Crypto key material is sensitive How do we exchange keys

IKE Internet key exchange Hybrid ISAKMP, and Oakley

UDP port 500

Manage key exchange, security associations,and key management

It is critical to re-key periodically


16/31

IPSec Policy requirements

IPSec Policy Encryption algorithm

DES 3DES

Hashing algorithm SHA1 MD5

Key lifetime Bytes (many implementations default to 8 megabytes) Minutes or hours (many implementations default to 24

hours)


17/31

Some things to look out for

IPSec as a Tunnel Combine AH and ESP

Site 2 site VPNs

Remote Access Man in the middle attacks

Modify unencrypted portions of IP header in transit See http://isc.sans.org/diary.php?date=2005-05-09 http://www.niscc.gov.uk/niscc/docs/re-20050509-00385.pdf?lang=en

IPSec as a Transport Combine AH and ESP to protect payload

Host to host communications Validate communications on a private network


18/31

ESP IP header

Payload

Some packets with IPSec

Three packets and the IPSec transforms

Protocol headerIP header Payload

An IP Packet

An IP Packet in transport mode

Protocol headerIP header AH header

An IP Packet in tunnel mode

IP header PayloadProtocol header


19/31

In host to host mode communications

between specified hosts use IPSec Useful in server to server connections Typically does not require additional security

at upper layers such as AAA All other communications are clear

Host to host


20/31

Host to gateway

Commonly used for remote access systems Requires AAA for access Does not replace AAA for systems on the

network Split tunneling unintended access


21/31

Gateway to gateway

(Site to site) Commonly used for WAN Does not require AAA for access Does not replace AAA for systems on the

network Network controls must be implemented


22/31

Some WAN designs

Hub and Spoke Ring Mesh WAN consider:

Routing

complexity and number of links VPN specific

Impact of crypto on CPU utilization

Per tunnel impact on VPN gateway


23/31

Site 2 site VPN Risks

Treat VPN tunnels as WAN links Determine trust level

Trusted - Internal Semi-trusted - remote users, business partners

with common risk model

Untrusted - everyone else

Note: research shows that some 85% of

attacks are internal


24/31

Where are VPNs used?

Connection types Internal

Business to business Business to customer

Remote users Remote workers Contractors


25/31

Risk Mitigation

Consider the risk model for each location that

is connected and; For each network, host, & service level

consider appropriate Authentication

Access control Ports and protocols Services

Logging

Virus vectors


26/31

Mitigation example

Always consider Implied Access Site A and Site B share a site to site VPN Policy permits all hosts at site A to access

FTP server by IP address FTP server has FTPd, and SSHd running FTP user accounts are stored in /etc/passwd What is the actual access between the two

sites?


27/31


28/31

Mitigation example II

Company A and Company B share a site to

site VPN

Company A's packet filter policy limitsaccess between hosts (by IP) and ports

which are permitted between them

Company B permits all traffic between bothsites

During a technical con call no one can

identify the policy owner at company B


29/31

Additional mitigation

Terminate all VPNs on a separate LAN

segment

Firewall the VPN segment from the internalLAN

Permit access by source and destination IP

and port/protocol as required This requires planning and understanding

what the communication needs of all groups

Be aware of implied access via split tunnels


30/31

Recent VPN Product

Vulnerabilities Cisco's VPN concentrator:http://www.niscc.gov.uk/niscc/docs/br-20050627-

00520.html?lang=en Nortel vpn clear text password issue: http://www.net-

security.org/vuln.php?id=4065 Nortel malformed IKE packet vulnerability:

http://addict3d.org/index.php?page=viewarticle&type=security&ID=4094

Cisco's malformed IKE packet vulnerability:

http://www.cisco.com/en/US/products/products_security_advisory09186a00802126a3.shtml


31/31

Conclusion

Treat VPNs like any WAN link Employ the principle of least privilege When deploying VPNs determine security

and access requirements in advance Limit access between VPN segments and

LAN segments then permit traffic as needed

VPN In Security

Documents

Transcript of VPN In Security