40 Years of Internet Arms Races - PowerPoint PPT Presentation

Loading...

PPT – 40 Years of Internet Arms Races PowerPoint presentation | free to download - id: 1f5cc9-ZDc1Z



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

40 Years of Internet Arms Races

Description:

Five bad PINS, and it is gone. We already carry a bunch of keys, so why not one more ... Now the good guys are trying to obfuscate code! ... – PowerPoint PPT presentation

Number of Views:22
Avg rating:3.0/5.0
Slides: 80
Provided by: billch
Learn more at: http://web.cheswick.com
Category:
Tags: arms | five | for | friend | friends | guys | hack | hardware | how | internet | long | looking | lost | pc | races | to | years

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: 40 Years of Internet Arms Races


1
40 Years of Internet Arms Races
  • Bill Cheswick
  • ches_at_lumeta.com
  • http//www.lumeta.com

2
Thinking about security
3
Talk outline
  • Intro
  • Some thoughts on thinking bad thoughts
  • Various races
  • Predictions
  • You got that with the 40 years, right?
  • Wishes
  • My dads computer, and Windows OK
  • Windows SP2

4
Since some of you asked
  • Chief Scientist at Lumeta, a Bell Labs spin-off
  • Founded in 2000. 45 people in the company
  • We map large corporate and government networks,
    and find leaks in the network perimeter
  • I am still figuring out what a chief scientist
    does
  • Second edition of the firewalls book came out
    last year Cheswick, Bellovin, Rubin

5
(No Transcript)
6
Before the whining and predicting, something
useful
  • Lost friends web page
  • Cheap research web pages
  • Please give me feedback if I get something wrong
  • I do get out much from my little Internet startup
    (Lumeta)
  • You folks keep me honest.

7
Security People are Paid to Think Bad Thoughts
  • -Bob Morris

8
Fred Cohen and me
9
What do you do with bad thoughts?
  • The world is full of threats
  • One can get a bit pessimistic
  • CIA asked a number of us for some of our bad
    thoughts
  • Watch your ethics! Are you battling the forces
    of darkness?

10
Questions about an evil idea
  • Has it already been done? How would you detect
    it?
  • If not, why hasnt it happened yet?
  • What are the strategic preparations needed?
  • What are the tactical preparations needed just
    before the attack?
  • Can we detect strategic preparations?
  • Can we detect tactical preparations?

11
Minor example Internet mapping
12
Minor example Internet Mapping Project
  • Hal Burch and me, since 1998
  • AUCERT has corresponded (complained) to us a
    number of times
  • Basic technology 250,000 traceroutes/day
  • Question who else is doing this?

13
104542 udp 5 uma1.co.umatilla.or.us 112812
udp 1 64.d9b7d1.client.atlantech.net 105705
udp 4310124_at_0 omval.tednet.nl 105705
udp 431011456_at_24 omval.tednet.nl 105705
udp 43101625_at_1480 omval.tednet.nl 113059
udp 7 ns1.yamato.ibm.com
14
Minor example Internet Mapping Project
  • Andrew Gross and rstatd

15
Some thoughts on computing safety
  • Morris worm at Bell Labs (1988)
  • Best block is not be there
  • Karate Kid I
  • You got to get out of the game
  • Fred Grampp
  • Ive never detected a virus or worm on one of my
    important systems.

16
Dont let opposition practice on you during an
arms race
  • Dictionary attacks on passwords
  • Crashme tests on programs, protocols, and
    operating systems
  • Weakness using COTS!

17
(No Transcript)
18
The Internet security arms race
  • Defenders can control the battlefield
  • An uneasy truce may be good enough, if the
    business case can make usable predictions

19
The Internet is a fine place to practice attacks
  • Automated
  • Anonymous
  • Many volunteers
  • Dont give them a dictionary, oracle, or
    cribs to try automated attacks on
  • Monoculture of software in hosts and routers

20
The Internet is a fine place to practice defenses
  • MILnet has been under attack since the mid-1980s
  • That makes the threats much clearer
  • It gives the defenders a chance to get good at
    their job

21
Arms RacesEavesdropping
22
Arms raceEavesdropping
  • Ethernet, ftp, and telnet were poor starts
  • WEP, POP3, IMAP, AIM added to the confusion
  • POP3 passwords are the most common I sniff over
    the air at conferences like this
  • Crypto wars of the mid-1990s tied our hands
  • This race should be over, victory to the defenders

23
Eavesdropping victories
  • SSL ends direct credit card sniffing
  • Ssh lets me access secure machines from anywhere
  • IP/SEC is a bit of a pain to deploy, but that
    should get better
  • VPN products are very useful
  • CPUs have plenty of spare power now.
  • Check your work with dsniff

24
Eavesdropping problems
  • Casual web access and DNS queries still mostly in
    the clear.
  • Most ISPs still offer or insist on POP3 and IMAP,
    not SSL versions of these
  • Widespread use of client certificates could limit
    access to these possibly dangerous network
    services

25
Eavesdropping arms races
  • Attack patterns vs. snort
  • Tcpdump/libpcap vs. killer packets

26
Arms Race Battle for control of the computer and
data
27
The battle for control of the computer
  • Who owns the software in your computer? Who
    should be allowed to add and run programs?
  • Microsoft has assumed this since DOS
  • Viruses and worms
  • Pop-overs and pop-unders
  • Spyware
  • Automatic update systems
  • Same battle over data in computers controlling
    your car
  • Thermostat? Front door lock? Toaster?

28
Goals for this extraware
  • Zombie nets to assist with malfeasance, including
    forwarding of spam
  • Collect marketing data
  • Display advertisements
  • Enforce licensing restrictions

29
Solution operating system only executes known
programs
  • Virus problem goes away
  • Unix/Linux systems mostly do this already
  • OS updates and auxiliary program installs a
    problem
  • This feature not available on Microsoft operating
    systems (see below)

30
Extraware problems
  • Some business practices assume this ability is
    available
  • Some web page writers assume that I am willing to
    use possibly dangerous features in my browser (or
    a particular browser)

31
Virus arms race
  • Early on, detectors used viral signatures
  • Virus encryption and recompilation (!) has
    thwarted this
  • Virus detectors now simulate the code, looking
    for signature actions
  • Virus writers now detect emulation and behave
    differently
  • Virus emulators are slowing down, even with
    Moores Law.

32
Virus arms race
  • I suspect that virus writers are going to win the
    detection battle, if they havent already
  • Emulation may become too slow
  • Even though we have the home-field advantage
  • Will we know if an undetectable virus is
    released?
  • Best defense is to get out of the game.
  • Dont run portable programs, or
  • Improve our sandbox technology
  • People who really care about this worry about Ken
    Thompsons attack
  • Read and understand On Trusting Trust

33
The emulation arms race
  • Vmware versus the real thing
  • 4tphi
  • Honeypots vs. bulkers
  • http//www.sendsafe.com/honeypot-hunter.php

34
Arms RaceAuthentication and identification
35
Password cracking
  • Works 3 to 60 of the time using offline
    dictionary attacks
  • More, if the hashing is misdesigned
  • This will never get better, so
  • We have to get out of the game

36
Passwords sniffed at this conference
37
Authentication/Identification Arms races
  • Password/PIN selection vs. cracking
  • Human-chosen passwords and PINs can be ok if
    guessing is limited, and obvious choices are
    suppressed
  • Password cracking is getting better, thanks to
    Moores Law and perhaps even botnets

38
Tony Sale
Colossus (ver 2.0)
39
We dont know how to leave the user in charge of
security decisions, safely.
40
Authentication solutionstwo factor
authentication
  • In my laptop ssh key unlocked by long passphrase
  • Better USB key unlocked by PIN. Five bad
    PINS, and it is gone.
  • We already carry a bunch of keys, so why not one
    more

41
Hardware tokens
  • These need to be open source drivable, and cheap
  • The business model has never been one for global
    adoption
  • Challenge/response form factor is the safest, but
    not acceptable if humans are in the loop

42
Authentication arms racepredictions
  • Weve already won this, from a business model
    standpoint
  • Web SSL plus password is good enough for banking
  • USA needs two factor authentication for social
    security number. (Something better than MMN or
    birth date.)
  • I dont see this improving much, but a global USB
    dongle would do it
  • Dont wait for world-wide PKI.

43
Arms race (sort of)destructible hardware
44
Arms race (sort of)hardware destruction
  • IBM monochrome monitor
  • Some more recent monitors
  • Current ones?
  • Hard drives? Beat the heads up?
  • EEPROM write limits
  • Viral attack on .cn and .kr PC motherboards
  • Other equipment
  • Anything that requires a hardware on-site service
    call

45
Arms race (sort of)hardware destruction
  • Rendering the firmware useless
  • This can be fixed (mostly) with a secure trusted
    computing base.

46
Software upgrade race literally a race
  • Patches are analyzed to determine the weakness
  • Patch-to-exploit time is now down below 10 hours
  • NB spammers have incentive to do this work
  • Now the good guys are trying to obfuscate code!
  • Future difficult to say dark side obscures
    everything.

47
Arms Racesfirewalls
  • IP blocking
  • Ip aware (stateful)
  • More dangerous
  • Permits firewalking
  • Ultimately, firewalls are a hack, and should go
    away

48
Arms Racesdeception
49
Scarlet king snake
West coral Snake
50
(the west coral snake is venomous)
51
Arms Races deception
  • Jails
  • Cliff Stoll and SDInet
  • Honeypots
  • Honeynet
  • honeyd
  • The deception toolkit---Fred Cohen

52
Bulkers vs honeypots
  • http//www.send-safe.com/honeypothunter.php

53
User education vs. user deception
  • We will continue losing this one
  • Even experts sometimes dont understand the
    ramifications of choices they are offered

54
Historic Arms races
  • SYN packet attacks
  • TCP sequence number guessing

55
My Dads computer
  • Skinny-dipping with Microsoft

56
Case studyMy Dads computer
  • Windows XP, plenty of horsepower, two screens
  • Applications
  • Email (Outlook)
  • Bridge a fancy stock market monitoring system
  • AIM
  • Cable access, dynamic IP address, no NAT, no
    firewall, outdated virus software, no spyware
    checker

57
This computer was a software toxic waste dump
  • It was burning a liter of oil every 500 km
  • The popups seemed darned distracting to me
  • But he thought it was fine
  • Got his work done
  • Didnt want a system administrator to break his
    user interface somehow

58
A proposalWindows OK
59
Windows OK
  • Thin client implemented with Windows
  • It would be fine for maybe half the Windows users
  • Students, consumers, many corporate and
    government users
  • It would be reasonable to skinny dip with this
    client
  • Without firewall or virus checking software

60
Windows OK
  • No network listeners
  • None of those services are needed, except admin
    access for centrally-administered hosts
  • Default security settings
  • All security controls in one or two places
  • Security settings can be locked

61
Windows OK (cont)
  • There should be nothing you can click on, in
    email or a web page, that can hurt your computer
  • No portable programs are executed ever, except
  • ActiveX from approved parties
  • MSFT and one or two others. List is lockable

62
Windows OK
  • Reduce privileges in servers and all programs
  • Sandbox programs
  • Belt and suspenders

63
Office OK
  • No macros in Word or PowerPoint. No executable
    code in PowerPoint files
  • The only macros allowed in Excel perform
    arithmetic. They cannot create files, etc.

64
Vulnerabilities in OK
  • Buffer overflows in processing of data (not from
    the network)
  • Stop adding new features and focus on bug fixes
  • Programmers can clean up bugs, if they dont have
    a moving target
  • It converges, to some extent

65
Microsoft client security
  • It has been getting worse can they skinny-dip
    safely?

66
Windows ME
Active Connections - Win ME Proto Local
Address Foreign Address State
TCP 127.0.0.11032 0.0.0.00
LISTENING TCP 223.223.223.10139
0.0.0.00 LISTENING UDP
0.0.0.01025
UDP 0.0.0.01026
UDP 0.0.0.031337
UDP 0.0.0.0162
UDP 223.223.223.10137
UDP
223.223.223.10138
67
Windows 2000
Proto Local Address Foreign Address
State TCP 0.0.0.0135
0.0.0.00 LISTENING TCP
0.0.0.0445 0.0.0.00
LISTENING TCP 0.0.0.01029
0.0.0.00 LISTENING TCP
0.0.0.01036 0.0.0.00
LISTENING TCP 0.0.0.01078
0.0.0.00 LISTENING TCP
0.0.0.01080 0.0.0.00
LISTENING TCP 0.0.0.01086
0.0.0.00 LISTENING TCP
0.0.0.06515 0.0.0.00
LISTENING TCP 127.0.0.1139
0.0.0.00 LISTENING UDP
0.0.0.0445
UDP 0.0.0.01038
UDP 0.0.0.06514
UDP 0.0.0.06515
UDP 127.0.0.11108
UDP
223.223.223.96500
UDP 223.223.223.964500

68
Windows XP, this laptop
Proto Local Address Foreign Address
State TCP ches-pcepmap
ches-pc0 LISTENING TCP
ches-pcmicrosoft-ds ches-pc0
LISTENING TCP ches-pc1025
ches-pc0 LISTENING TCP
ches-pc1036 ches-pc0
LISTENING TCP ches-pc3115
ches-pc0 LISTENING TCP
ches-pc3118 ches-pc0
LISTENING TCP ches-pc3470
ches-pc0 LISTENING TCP
ches-pc3477 ches-pc0
LISTENING TCP ches-pc5000
ches-pc0 LISTENING TCP
ches-pc6515 ches-pc0
LISTENING TCP ches-pcnetbios-ssn
ches-pc0 LISTENING TCP
ches-pc3001 ches-pc0
LISTENING TCP ches-pc3002
ches-pc0 LISTENING TCP
ches-pc3003 ches-pc0
LISTENING TCP ches-pc5180
ches-pc0 LISTENING UDP
ches-pcmicrosoft-ds
UDP ches-pcisakmp
UDP ches-pc1027
UDP ches-pc3008
UDP ches-pc3473
UDP ches-pc6514
UDP
ches-pc6515
UDP ches-pcnetbios-ns
UDP ches-pcnetbios-dgm
UDP ches-pc1900
UDP ches-pcntp
UDP ches-pc1900
UDP
ches-pc3471
69
FreeBSD partition, this laptop
Active Internet connections (including
servers) Proto Recv-Q Send-Q Local Address
Foreign Address (state) tcp4 0
0 .22 .
LISTEN tcp6 0 0 .22
. LISTEN
70
XP SP2
  • Bill Gets It

71
Microsofts Augean Stablesa task for Hercules
  • 3000 oxen, 30 years, thats roughly one oxen-day
    per line of code in Windows
  • Its been getting worse since Windows 95

72
XP SP2 Bill gets it
  • a feature you dont use should not be a security
    problem for you.
  • Security by design
  • Too late for that, its all retrofitting now
  • Security by default
  • No network services on by default
  • Security control panel
  • Many things missing from it
  • Speaker could not find ActiveX security settings
  • There are a lot of details that remain to be seen.

73
Microsoft really means it about improving their
security
  • Their security commitment appears to be real
  • It is a huge job
  • Opposing forces are unclear to me
  • Its been a long time coming, and frustrating

74
Microsoft secure client arms race
  • We are likely to win, but it is going to be a
    while

75
Chess wish list
  • browsersandbox.org
  • Uses a .conf file, supplied with browser
  • Same .conf file for any major OS
  • Sandbox is impenetrable, no matter what
  • I know people have offered solutions for ten
    years
  • I need portability Linux, FreeBSD, maybe even
    MSFT, which needs sand boxing in their OS.

76
Chess wish list(cont.)
  • Self-jailing samba
  • Self-jailing apache

77
Chess wish list(cont.)
  • USB key for every computer
  • No big investment for centralized servers
  • Open source interface
  • Business model the dongle hardware, not the
    servers and software
  • Atalla had this in 1988!
  • Different key for system administrator
  • Software that doesnt abuse admin permission
  • I.e. least privilege

78
Conclusions
  • Computers are still like my Olds 88
  • They ought to stay that way, to foster creativity
    and alternatives
  • I think we will be getting better, over all

79
40 Years of Internet Arms Races
  • Bill Cheswick
  • ches_at_lumeta.com
  • http//www.lumeta.com
About PowerShow.com