Networks and Network Security The easy version

1
Networks and Network SecurityThe easy version

• Simon Thompson
• IT Research and Development
• School of Health Science

2
Our Objective

• To look at what measures we can take to protect
  ourselves when connecting to a wireless network
  or a network other than our own such as in a
  hotel.

3
What we will look at .

• How networks work
• How is network traffic intercepted
• What's the threat
• Home broadband is a LAN how to protect from
  your neighbours
• Wireless networks
• Encryption
• WEP, WPA, VPN

4
What physically is a network

• Switch / Hub

5
What physically is a network
6
What physically is a network
7
How does it work ?

• Physically connected.
• Several different protocols available BUT TCP/IP
  dominant
• Each device (computer) has an IP addresses

8
What is an IP address ?

• A four part number
• Like a postal address backwards
• 137.44.141.155 (schools web server)
• Show IP address

9
?? 137.44.141.155 ??

• 137 JANET network (universities) County
• 044 Swansea university Town
• 141 SHS deprtment Street
• 155 Computer ID House No

10
But I dont use numbers ?

• DNS Domain Name Service
• Allows IP address and name to be interchanged
• Name www.healthscience.swan.ac.uk
• A Record 137.44.141.155

11
How to find the address I want to talk to

• TCP/IP developed by US Military during cold war.
• Designed to cope with lost communications due to
  strategic locations being lost
• Designed to find route to destination
• Very simple (compared with some things)

12
3 Things are needed

• My address 137.44.141.30
• My Gateway 137.44.141.254
• My Destination 212.58.224.113
  (www.bbc.co.uk)

13
Is the destination on my LAN

• My address 137.44.141.30
• My Gateway 137.44.141.254
• My destination 212.58.224.113
• 212 not equal to 137
• 58 not equal to 44
• 224 not equal to 141
• So NO not on my LAN
• As my LAN is 137.44.141. anything

14
If not an my LAN then use gateway

• Send information to 137.44.141.254
• Not my problem any more, get on with something
  else.
• 137.44.141.254 is a router which just means it
  has more than one connection each with a
  different IP address range. It will decide which
  one to send the information to next.

15
Whats nuclear war proof about this?
16
Whats nuclear war proof about this?

• Route taken

17
What nuclear war proof about this?

• NEW automatically Route taken

18
What happens on a LAN

• All communications between two devices on a LAN
  use the MAC address
• ARP is used to turn an IP address into a MAC
  address
• Machine maintains a table of MAC addresses for
  most recent traffic
• Command line Arp -a
• ARP is broadcast traffic

19
What happens on a LAN

• All network devices ignore traffic that is not
  addressed to its MAC address.
• Devices always listen to broadcasts and will
  answer an ARP broadcast if IP address matches the
  IP address given to this machine.
• Very useful for load balancing

20
How is traffic intercepted

• A HUB broadcasts ALL traffic to every device
  this is ignored by devices
• Networks cards can be put in promiscuous mode
  which means it will NOT ignore traffic
• A wireless network works like a hub

21
Home Broadband

• Always on connection to local exchange
• Your neighbourhood is basically a LAN
• NAT router should ALWAYS be used
• Allows multiple computers despite only 1 IP
  address
• Allows wireless access
• One ways tap
• Can only have a conversation with other systems
  if you started it
• Like WinXP SP2, ZoneAlarm better Why?

22
Network insecurities

• Attacking Switches
• ARP Poisoning
• Device falsely replies to ARP requests and
  generates ARP messages
• Man in the middle attacks
• Application Cain Abel

23
So you can see my traffic Who cares !!

• Virtually everything is in plain text
• POP3
• SMTP
• HTTP
• Telnet, FTP

24
Wireless networks

• Why should I not share my broadband with the
  world ?
• My traffic can be intercepted
• Your password and emails could be read
• You do not know who is connected and what they
  are up to
• The police will knock on your door
• If you must then use two NAT wireless routers

25
Wireless Security - Open

• No Security
• Anybody can connect
• 60 of all access points

26
Secure a wireless network

• Use encryption
• WEP, WPA, PSK, TKI, 3DES, AES, WPA2, etc
• NOT REAL Solutions
• Mac Address Filtering SSID hiding

27
Symmetric Encryption

• Very simple idea of encoding ring
• Move x places, e.g. 5

Plain Text every time Cipher Text _q_mtvodh_
28
Symmetric Encryption

• Best encryption is a one time pad
• Completely unbreakable

Pad 2,5,9,12,4,22,9,4,2,11,3,1..
Plain Text every time Cipher Text g_ncbvbmop
29
Stream Cipher

• Keys like a one time pad but the sequence is
  computable based on a passphrase

Weak Simplified Pad 2,5,9,12, 2,5,9,12,
2,5,9,12, 2,5,9,12, 2,5,9,12, .
Plain Text every time Cipher Text
g_nc_ebyoj Key length of 4 patterns still
exist Typically key length 40, 104 used by WEP
30
Stream Cipher

• Actually uses XOR
• Basic building block of a computer
• 0 xor 0 0
• 0 xor 1 1
• 1 xor 0 1
• 1 xor 1 0

31
Youve lost me now

• A 65 in numbers
• 65 01000001 in binary
• Key 23
• 23 00010111

32
Youve lost me now

• 01000001 (65) xor
• 00010111 (23)
• 01010110
• 01010110 xor
• 00010111 (23)
• 01000001 ? 65

33
Block Cipher

• Same idea but takes a block of characters at a
  time.
• Example 8 bits to encode, so 64bit key would
  encode 8 characters at a time
• Lookup table of all possible combinations created
  by a algorithm which uses the passphrase to
  create a unique table

34
Block Cipher
16 billion billion combinations Would take
10,000,000,000,000,000,000 years to try every
combination against an encoded string
35
Chained Block Ciphers

• Super strong
• Each block is XORd with the previous block so
  the resulting code is dependant of the actual
  message. This removes any patterns and means you
  can not change a character of the message without
  changing the whole message.

36
Random Numbers

• No such thing
• All algorithms will repeat eventually some better
  than others
• Weak pass phrases generate predictable outcomes
  from the generators

37
Wireless Security - WEP

• WEP first implementation, designed by
  engineering not security people.
• Early WEP
• Plain Text to client
• Encrypted reply to prove have correct key
• Too easy to break

38
Wireless Security - WEP

• WEP has 24 40 64bits keys
• First 24 bits increments by one on every use
• First 24 passed in clear so everybody know which
  key
• So different 40 bit key used each time.
• Based on RC4 very good encryption but poor
  implementation with a short PSK, Stream Ciphered
• On a busy network the keys will repeat every 7
  hours average time to break 1 hour
• Multiple WEP cracking applications available
• AirSnort and/or Kismet best

39
Wireless Security - WPA

• Industry / Military level security
• Proper design from ground up
• Chained Block Cipher
• Practically un-crackable 63 key would take 10
  to power of 19 years to try every combination.
• Master key used to generate other keys which are
  then used.
• Easier to use than WEP as PSK are alpha-numeric
  instead of a HEX string.

40
Wireless Security - WPA

• WPA uses AES which is a very strong cipher,
  although needs more processing power than RC4
• WPA, WPA-PSK
• AES
• TKI

41
Wireless Security WPA2

• WPA2 or Enterprise WPA
• Uses RADIUS servers to authenticate individual
  users
• Each user gets their own set of unique keys
• No inter machine sniffing
• Employees who leave can be excluded

42
Wireless Security at home

• Should implement WPA-PSK using a random maximum
  length key.
• https//www.grc.com/password
• If your hardware does not support WPA then WEP is
  better than nothing. Possible on some hardware
  to add TKI to WEP.

43
What if on public hotspot or connected to a
hotel LAN

• Wireless is not encrypted.
• LAN is probably a HUB, if not then still
  vulnerable to ARP-poisoning
• What can we do ?

44
SSL

• Secure socket level HTTPS//
• Encrypted traffic from end point to end point
• But only on this port 443
• So application would need to use this port to be
  encrypted. Email uses port 25(smtp) and 110(POP)

45
VPN Tunnelling

• Everything is encrypted regardless of the
  application or type of data.
• Uses very strong encryption
• L2TP - IPSEC AH and ESP
• PPTP
• NAT-T
• 3DES
• AES

46
VPN Tunnelling

• Need to connect to somewhere
• Company provided VPN server
• Home Server
• Microsoft RRAS OpenVPN
• Built into Router
• ISP
• PublicVPN.com HotSpotVPN.com

47
VPN to home or work

• Encrypted to location where VPN server is located
• What about ongoing traffic thats not encrypted ?
• You are out of the danger zone
• Mixed up with everything else

48
Alternative Solutions

• On a public workstation or unable to connect VPN
  due to firewall, etc
• LogMeIn.com or other providers
• HAMACHI
• Both use SSL
• No local applications used so no trace locally.

49
Summary

• Use WPA on your wireless network
• Use a VPN when out in the public

50
Any questions ?
51
Thank you for listening

• Have a good day