Pondering and Patrolling Perimeters - PowerPoint PPT Presentation

About This Presentation
Title:

Pondering and Patrolling Perimeters

Description:

'Skinny-dipping' on the Internet since the mid 1990s ... Skinny dipping requires strong host security. FreeBSD and Linux machines ... – PowerPoint PPT presentation

Number of Views:122
Avg rating:3.0/5.0
Slides: 58
Provided by: billch
Category:

less

Transcript and Presenter's Notes

Title: Pondering and Patrolling Perimeters


1
Pondering and Patrolling Perimeters
  • Bill Cheswick
  • ches_at_lumeta.com
  • http//www.lumeta.com

2
Perimeter defenses are a traditional means of
protecting an area without hardening each of the
things in that area
3
Why use a perimeter defense?
  • It is cheaper
  • A mans home is his castle, but most people cant
    afford the moat
  • You can concentrate your equipment and your
    expertise in a few areas
  • It is simpler, and simpler security is usually
    better
  • Easier to understand and audit
  • Easier to spot broken parts

4
Perimeter Defense of the US Capitol Building
5
Flower pots
6
(No Transcript)
7
Security doesnt have to be ugly
8
(No Transcript)
9
(No Transcript)
10
(No Transcript)
11
(No Transcript)
12
Delta barriers
13
Parliament entrance
14
Parliament exit
15
Whats wrong with perimeter defenses
  • They are useless against insider attacks

16
Edinburgh Castle
  • fell through a hole in its perimeter
  • fell to siege in three years in 16th century
  • ran out of food and water
  • Unsuccessful attack by Bonnie Prince Charlie in
    1745
  • Devastated in 1544 by the Earl of Hertford

17
Whats wrong with perimeter defenses
  • They are useless against insider attacks
  • They provide a false sense of security
  • You still need to toughen up the inside, at least
    some
  • You need to hire enough defenders

18
(No Transcript)
19
(No Transcript)
20
Whats wrong with perimeter defenses
  • They are useless against insider attacks
  • They provide a false sense of security
  • You still need to toughen up the inside, at least
    some
  • They dont scale well

21
The Pretty Good Wall of China
22
(No Transcript)
23
(No Transcript)
24
(No Transcript)
25
Can we live without an intranet?
  • Strong host security

26
I can, but you probably cant
  • Skinny-dipping on the Internet since the mid
    1990s
  • The exposure focuses one clearly on the threats
    and proactive security
  • Its very convenient, for the services I dare to
    use
  • Many important network services are difficult to
    harden

27
Skinny dipping rules
  • Only minimal services are offered to the general
    public
  • Ssh
  • Web server (jailed Apache)
  • DNS (self chrooted)
  • SMTP (postfix, not sendmail)
  • Children (like employees) and MSFT clients are
    untrustworthy
  • Offer hardened local services at home, like SAMBA
    (chroot), POP3 (chroot)
  • Id like to offer other services, but they are
    hard to secure

28
Skinny dipping requires strong host security
  • FreeBSD and Linux machines
  • I am told that one can lock down an MSFT host,
    but there are hundreds of steps, and I dont know
    how to do it.
  • This isnt just about operating systems the
    most popular client applications are, in theory,
    very dangerous and, in practice, very dangerous.
  • Web browsers and mail readers have many dangerous
    features

29
Lately, I have been cheating
  • Backup hosts are unreachable from the Internet
    (which is a perimeter defense of sorts), and do
    not trust the exposed hosts
  • Public servers have lower privilege than my crown
    jewels
  • This means I can experiment a bit more with the
    exposed hosts

30
Skinny dipping flaws
  • Less depth to the defense

31
(No Transcript)
32
Skinny dipping flaws
  • Less defense in depth
  • No protection from denial-of-service attacks

33
Hopes for Microsoft client security?
  • Ill talk about it at the end of the talk.

34
Intranets
  • Networked perimeter defenses

35
Anything large enough to be called an intranet
is out of control
  • - me

36
Intranets have been out of control since they
were invented
  • This is not the fault of network administrators
  • The technology is amenable to abuse
  • Decentralization was a design goal of the
    Internet
  • CIO and CSOs want centralized control of their
    network
  • The legacy information is lost with rapid
    employee turnover
  • MA breaks carefully-planned networking

37
Perimeter security gives a false sense of security
  • Crunchy outside, and a soft, chewy center
  • Me
  • I think 40 hosts is about the most that I can
    control within a perimeter.
  • Others can probably do better
  • Internet worms are pop quizzes on perimeter
    security

38
Intranets the rest of the Internet
39
History of the Project and Lumeta
  • Started in August 1998 at Bell Labs
  • April-June 1999 Yugoslavia mapping
  • July 2000 first customer intranet scanned
  • Sept. 2000 spun off Lumeta from Lucent/Bell Labs
  • June 2002 B round funding completed
  • 2003 sales gt4MM
  • After three years of a service offering, we built
    IPSonar so you can run it yourself.

40
(No Transcript)
41
(No Transcript)
42
(No Transcript)
43
(No Transcript)
44
(No Transcript)
45
This was Supposed To be a VPN
46
(No Transcript)
47
(No Transcript)
48
This is useful, butcan we find hosts that have
access across the perimeter?
49
Leaks
  • We call the leaks shown in the maps routing
    leaks
  • Can we find hosts that dont forward packets, but
    straddle the perimeter?
  • Yes we call them host leaks, and detecting
    them is Lumetas special sauce

50
How to find host leaks
  • Run a census with ICMP and/or UDP packets
  • Test each machine to see if it can receive a
    probe from one network, and reply on another
  • Not just dual-homed hosts
  • DMZ hosts, business partner machines,
    misconfigured VPN access

51
Leak Detection
Mapping host
mitt
  • A sends packet to B, with spoofed return address
    of D
  • If B can, it will reply to D with a response,
    possibly through a different interface

A
D
Internet
intranet
C
B
Test host
52
Leak Detection
Mapping host
mitt
  • Packet must be crafted so the response wont be
    permitted through the firewall
  • A variety of packet types and responses are used
  • Either inside or outside address may be
    discovered
  • Packet is labeled so we know where it came from

A
D
Internet
intranet
C
B
Test host
53
Leaks are not always bad
  • Depends on the network policy
  • Often, outgoing leaks are ok
  • Sometimes our test packets get through, but not
    the services you are worrying about
  • Please dont call them leaks
  • Until this test, there was no way for the CIO to
    detect them, good or bad
  • Patent pending

54
We developed lot of stuff
  • Leak detection (thats the special sauce)
  • Route discovery
  • Host enumeration and identification
  • Server discovery
  • Lots of reportsthe hardest part
  • Wireless base station discovery
  • And moreask the sales people
  • The zeroth step in network intelligence
  • me

55
Case studies corp. networksSome intranet
statistics
56
Some Lumeta lessons
  • Reporting is the really hard part
  • Converting data to information
  • Tell me how we compare to other clients
  • Offering a service was good practice, for a while
  • We have gt70 Fortune-200 companies and government
    agencies as clients
  • Need-to-have vs. want-to-have

57
Defending Your Network Identifying and
Patrolling Your True Network Perimeter
  • Bill Cheswick
  • Chief Scientist, Lumeta Corp
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Pondering and Patrolling Perimeters" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!