Thursday, February 3, 2011

How Hackers Exploit Protocols

When two layers on the same node communicate, or when peer layers communicate, they rely on a well-defined protocol and precisely stated message formats. The protocol states who initiates the connection, how the session is terminated, the order of messages, what to do if an error occurs, and other characteristics of the session that are necessary for the exchange to succeed. A protocol also can be thought of as an algorithm because most protocols are defined as state machines.
As with other algorithms, order is important. If you want to bake a cake, getting the right ingredients is just one part of the process. Mixing and cooking the ingredients in the right order are required to achieve an edible result. The same is true for network communications protocols. If one half of the session decides to get creative with the protocol, the results will not be guaranteed.
Getting the order of messages right is important, but you also need to format the messages properly. A baking recipe is useless if the order of the steps is clear, but the steps are not accurately defined. For example, if the recipe is incorrectly copied from a friend and asks for one unit of butter instead of one unit of flour, you will end up with a different dessert. Similarly, in network message exchanges, if message integrity cannot be guaranteed, any dialogue between the peers will not succeed.
Designing a secure distributed protocol is more of an art than a science. When someone at your site invents a new distributed security protocol, alarm bells should sound. Unless this person is knowledgeable and has studied a number of references, a better-than-average chance exists for the protocol to have weaknesses.
Here are some examples from real-world situations:
  • A distributed authentication protocol was designed using a challenge-response technique, but the challenge and the response were the same value. A hacker impersonating the recipient could just replay the challenge when asked for the response.
  • A protocol was designed to accept incoming messages of a fixed length. Unfortunately, the program did not check the length of incoming messages (sound familiar?) and, because the system was a public Web server, any anonymous user on the Internet could crash the site.
Both of these examples appeared in commercial products developed by well-known companies with corporate offices on the West Coast. Network security is a complex beast. The merit badge for network security is earned only after years of study and trial-and-error. Designing network protocols is tough. Designing a new network security protocol is for experienced practitioners only.
Remote Access Network Security:

Remote access networking is a necessity for any company that wants to remain competitive. However, it poses a security threat because it creates an openness that leaves valuable corporate resources vulnerable to attacks from unexpected directions. These attacks are launched for several reasons such as intellectual challenge, revenge, and greed. Regardless of the reason, an attack can sometimes be very costly to the company. For example, the intruder can gain access to company confidential files, corrupt company records, inject computer viruses into the network, or reconfigure the network. For these reasons, remote access network security is mandatory for companies with remote login facilities. A corporate network that provides remote access must provide enough security to authenticate users and protect the network resources from unauthorized access.
This article presents an overview of the security mechanisms used in remote access networks. The article discusses the types of attack that a network can be vulnerable to and the security services that are provided in a network. The first step in providing these services is to render data unintelligible to an unauthorized user through the process of encryption. The authorized user recovers the original data from the encrypted data through the inverse process of decryption. The article also covers Web security.
The network security market has become a major segment of the networking market. The information presented in this article is only an overview, but it attempts to provide an extensive and fairly comprehensive discussion on the subject. 
Security Issues in Remote Access Networks:
A network that can be accessed from remote locations is vulnerable to different types of attacks. The goal of network security is to prevent these attacks, which can be launched in a network in the following ways: 
Network Packet Sniffing:
This is an attack in which a program monitors the traffic on a network in order to gather user login names and passwords used to access the network. Sniffing can be foiled by scrambling user names and passwords. The process is called encryption and will be discussed later in this article. 
IP Spoofing:
IP spoofing is an attack in which an intruder is able to fake an IP address so that data sent over the Internet appears to be generated by an authorized user inside the network. The intent may be, for example, to conduct unauthorized business with a company’s clients. IP spoofing is particularly useful to an intruder in source routing. In source routing, the route taken by a packet from its source to its destination is specified in the packet’s header. In a network that supports source routing, the intruder can specify the source route and the receiver can send a reply under the pretense that the intruder is a legitimate user. 
Brute Force Attack:
This is an attack in which an intruder tries to crack passwords by trying every possible combination of characters until a match is found. 
Man-in-the-Middle Attack:
This is an attack in which an intruder places himself or herself between two communicating parties who believe they are interacting with each other. Unfortunately, the intruder is snooping and relaying information from one user to the other. 
Denial-of-Service Attack:
This attack is not aimed at gaining access to a corporate network. Instead, it focuses on making network service unavailable by crashing, jamming, or flooding the network. It is an attack that is difficult to prevent because as long as a network is connected to the Internet anyone can disrupt it. 
Trojan Horse Attack:
This is an attack in which software that appears to be harmless attaches itself to an authorized program. However, the software can monitor login user names and passwords and pass the information to the intruder. It can also generate viruses that damage data in host machines. 
Social Engineering Attack:
This is an attack in which the intruder poses as an employee, such as the network administrator, in order to gain unauthorized access to the network. For example, a remote access caller may contact the help desk late at night to request a password to access the network. In this case, the intruder is inadvertently given the password. 
Basic Security Services:
A good security system should provide services that help simplify the task of managing the security of corporate information assets. These services include authentication, data integrity, confidentiality, access control, and non-repudiation. 
Authentication verifies that a user is exactly who he or she claims to be. It provides the basis for access control in networks and other computer systems. Different authentication schemes are used for onsite and remote users. The most common authentication scheme for onsite users is the combination of user ID and password. For remote access users, the more common authentication schemes include restricted address, incoming call ID, callback, PAP, Challenge Handshake Authentication Protocol (CHAP), and Remote Authentication Dial-In User Service (RADIUS). 
Restricted Address:
In this service, a list of remote network addresses is stored in a database located in the corporate network. When a user dials into the network, the network address originating the call is checked against the list. If it is on the list, the call is allowed; otherwise, it is denied.
This scheme prevents unauthorized users from accessing sensitive resources, but it has some drawbacks. It validates the equipment rather than the user, meaning that any stolen equipment can be used to gain access to the network. In addition, it assumes that network addresses are statically assigned. Therefore, it cannot be used in environments where network addresses are dynamically issued by a DHCP server because an equipment’s IP address may change each time it requests an IP address.