The new network - functions, security and convergence - oh, my!

1
The new network - functions, security and
convergence - oh, my!

• Kevin Kealy
• Ph.D (Info Sec), CISSP
• ATT Laboratories

2
Talk outline

• This introduction
• New technology and its unforeseen consequences
• Infrastructures boundaries are blurring
• IP enabled control systems management
• Voice over IP
• Personal technology is starting to gossip
• Software and licensing schemes
• Bluetooth
• Wireless networks
• Conclusion

3
New technology

• We all demand more from our technology
• Industry is keen to meet our demands
• As chip prices continue to fall, functionality
  rises
• Devices functions start to converge
• PDA/Phone/Pager devices
• The data network is being bent to other functions
• Management of control and infrastructure systems
• Carriage of voice and fax traffic
• This can have unintended, and often negative
  consequences

4
IP enabled control systems

• Allowing management traffic to traverse a data
  network exposes it to new threats
• Back in the day, it was the modem we had to worry
  about
• Now, any fool with a network connection can see
  the control system
• Case studies
• Hotel
• Elevator control computer
• A/C plant at Law Enforcement Academy

5
Gossipy equipment

• Adobe software
• Sneaky connections to Adobe mothership
• Try scanning and editing a picture of a 20 bill
  using Photoshop CS
• Watch the network with a sniffer
• Microsoft Active Licensing
• XP likes to phone home
• UPnP
• Apples Rendezvous
• Printers
• Other computers

6
VoIP

• Carrying Voice over data networks is seen as
  desirable
• Cabling infrastructure savings
• IP Centrex benefits
• Use of 802.11 phones
• Cost savings
• However, VoIP has a number of problems
• Inherent problems with SIP
• By and large, the data is not encrypted
• Open to attack from a whole new direction
• Denial of service is quite simple to launch
• Theft of service
• Case study
• Voice spoofing attack

7
Bluetooth

• This exciting new technology is quickly becoming
  pervasive
• Acura, BMW and Daimler-Chrysler vehicles
• Nokia, Sony-Ericsson and Motorola cell phones
• Laptops
• PDAs
• The convenience and cool-factor are undeniable
• Lara Croft in Tomb Raider
• Wireless modems
• Wireless GPS modules
• Headsets and car phone kits
• Sometimes, there are (ahem) new and exciting uses
  that the manufacturers never imagined
• Toothing

8
Bluejacking or Bluesnarfing

• Theres a new sport - Warnibbling
• Using Bluesnarf, attackers can
• Download your contact list
• Your last-dialed number list
• Often, attackers can use your equipment without
  your knowledge or consent
• Wireless Internet access
• Outgoing phone calls
• Text messages
• Bluejacking
• Anonymous text messages to your phone
• The phone companies acknowledge the problem but
  have been slow to act

9
Wireless LANs

• Offering exciting possibilities, this technology
  also offers a whole new list of problems and
  threats
• Wireless LAN attacks
• War Driving/War Flying (!)
• War Chalking
• WEP cracking
• Other issues
• Drive-by spamming
• Drive-by worming
• Printer abuse
• VoIP over 802.11
• Theft of data and more
• Ubiquity of WLAN hardware - Centrino

10
Ad-Hoc WLANs

• Called Independent Basic Service Set (IBSS) or
  just BSS
• These are set up between computers
• Do not require an access point
• Allow for local file-sharing, printer sharing or
  sometimes, gaming
• There is a danger in leaving a WLAN card open and
  in Ad-Hoc mode
• Case study - plane hacking

11
Infrastructure WLANs

• Called Extended Service Set or ESS
• This is the most usual mode of operation
• Clients (PCs, printers) talk only to an Access
  Point
• Client-client communication always passes through
  the AP
• Often, services are provided as part of the APs
  function
• DHCP
• Firewall
• Router

12
Attacking the WLANs

• War Driving and War Chalking
• This is a concept that has recently gained much
  popularity
• Hackers will war walk or war drive around an
  area
• When they find a WLAN, they will make a chalk
  mark
• On a building or a sidewalk
• This mark gives information about the WLAN found
• The diagram at right is a wallet card showing
  some of the symbols and their meanings
• The objectives?
• Free Internet access, mostly
• Corporate or entity LAN hacking, sometimes
• Stealing service for example, hijacking
  someones MAC address at Starbucks
• VoIP eavesdropping

13
Drive-by Spamming

• New phenomenon
• Attackers equip a van with a toroidal antenna
• And a server farm
• Scout business districts and neighborhoods
  looking for WLANs
• Once they find an open network, they connect and
  look for a mail server
• Often, attackers dump upwards of 1,000,000 emails
  per day through corporate mail servers
• Case study
• School headmaster death threats
• Drive-by Worming
• Printer Abuse

14
What kind of security is needed?

• Layered security approach
• Defense in depth
• Separation of networks from one another
• WLAN/Data/VoIP/Control System VLANs
• Monitoring and management can help
• Clean up-front design
• The more layers, the better
• Dont put all your eggs in one basket
• Try to look for modes of failure in each layer

15
Conclusion

• Cool tech can often lead to uncool problems
• Opportunity is a matter of perspective
• Just because Im paranoid
• Be careful with your Bluetooth phone
• A combination of different methods works best
• Nothing is 100 effective

16
Security is similar to contraception...

• It can never be 100 effective.
• It contributes nothing to the performance.
• You can never be sure you actually need it at the
  time.
• You dont know whether it has worked until after
  the event sometimes long after!

• The only way to measure its effectiveness is in
  terms of its failures.
• A combination of methods gives the greatest
  reduction in risk.
• You should never rely on someone elses
  precautions - to be certain, you have to take
  care of it yourself.