Network Security Hacking Defense 2 From Computer Security
- Slides: 42
Network Security Hacking & Defense 2 From Computer Security: Principles & Practice Chapter 3 Authentication
Objectives The student shall be able to: Ø Define these types of attacks: dictionary, rainbow table, eavesdrop, replay, brute force Ø Define purpose of salt and how it works Ø Describe features of password complexity and advantages of each Ø Show three ways of generating a secure password from a phrase Ø Calculate the number of possible combinations when lower case versus lower & upper case versus alphanumeric plus symbols are used. Ø Describe how remote user authentication works – packet sequence. Not in 2012: Class Time: The class shall be conducted as follows: Ø Lecture 1. 5 hour Ø Lab 1. 5 hour Ø Total 3 hours
Authenticated Attacks Once an attacker gains access: Escalating privilege: After obtaining a user account, next goal -> obtain Administrator status Ø Installing backdoors: To ensure future access Ø Covering tracks: Modifying logs, hiding existence Ø Making vulnerability secure, so system isn’t lost to other hackers. Ø
Privilege Escalation Hacker methods include: Ø Grabbing password hashes Ø DLL injection: Modify or replace the DLL with a Trojan (allowing back door entry) Ø Spoofing LPC Port Requests: Using Local Procedure Call (LPC) to impersonate a client and access a server Ø Install rootkit: includes installing backdoor, replacing existing utilities: ps, telnet
Many slides by William Stallings and Lawrie Brown: Computer Security COMPUTER SECURITY CHAPTER 3 – USER AUTHENTICATION FROM
User Authentication Ø fundamental security building block l basis of access control & user accountability Ø is the process of verifying an identity claimed by or for a system entity Ø has two steps: l l identification - specify identifier verification - bind entity (person) and identifier
Means of User Authentication Ø four means of authenticating user's identity Ø based on something the individual l l knows - e. g. password, PIN possesses - e. g. key, token, smartcard is (static biometrics) - e. g. fingerprint, retina does (dynamic biometrics) - e. g. voice, sign Ø can use alone or combined l ‘two-factor’ or ‘three-factor’ authentication Ø all can provide user authentication Ø all have issues
Password Authentication Ø widely used user authentication method l l user provides name/login and password system compares password with that saved for specified login Ø authenticates ID of user logging and l l l that the user is authorized to access system determines the user’s privileges is used in discretionary access control
Authentication Security Issues client attacks: keystroke monitoring host attacks: capture authentication file eavesdropping: observe or sniff password, keystroke monitor replay: play same password back trojan horse: captures authentication file denial-of-service: prevents access via flooding
Password Choices Ø users may pick short passwords l l e. g. 3% were 3 chars or less, easily guessed system can reject choices that are too short Ø users may pick guessable passwords l l l so crackers use lists of likely passwords e. g. one study of 14000 encrypted passwords guessed nearly 1/4 of them would take about 1 hour on fastest systems to compute all variants, and only need 1 break!
Password Cracking Ø dictionary attacks l try each word then obvious variants in large dictionary against hash in password file Ø rainbow table attacks l l precompute tables of hash values for all salts a mammoth table of hash values e. g. 1. 4 GB table cracks 99. 9% of alphanumeric Windows passwords in 13. 8 secs not feasible if larger salt values used
Dictionary Attack & Brute Force : How easy it is!
Password Cracking: Dictionary Attack & Brute Force Pattern Calculation Result Time to Guess (2. 6 x 1018/month) Personal Info: interests, relatives 20 Manual 5 minutes Social Engineering 1 Manual 2 minutes 80, 000 < 1 second American Dictionary 4 chars: lower case alpha 264 5 x 105 8 chars: lower case alpha 268 2 x 1011 8 chars: alpha 528 5 x 1013 8 chars: alphanumeric 628 2 x 1014 3. 4 min. 8 chars alphanumeric +10 728 7 x 1014 12 min. 8 chars: all keyboard 958 7 x 1015 2 hours 12 chars: alphanumeric 6212 3 x 1021 96 years 12 chars: alphanumeric + 10 7212 2 x 1022 500 years 12 chars: all keyboard 9512 5 x 1023 16 chars: alphanumeric 6216 5 x 1028
Password Vulnerabilities Single user focus Ø specific account attack Ø password guessing against known user Ø workstation hijacking: unattended console Ø exploiting user mistakes: write down passwd Ø exploiting same password: different machines Multi-user Ø electronic eavesdropping Ø offline dictionary attack Ø popular password attack
Password Complexity CIS Recommendations: Ø At least 8 (CIS: preferably 14) chars. Ø Password expires in 90 Days Ø Lockout after 5 bad login attempts Ø Reset count after 15 minutes Ø Lockout duration 15 minutes Ø Enforce password history (24 -count memory of passwords)
Creating a Good Password Merry Christmas Bad Password (Lengthen) Merry Xmas Merry. Chris. To. You (Synonym) (Intertwine Letters) (convert vowels to numeric) Merry. Jul (Abbreviate) Mary. Jul MXemrays Good Password Mer. Chr 2 You (Keypad shift Right …. Up) Glad. Jes. Birth , stuzc, sd M 5 rry. Xm 1 s Jq 46 Sjqw Mary*Jul m. Erc. Hr 2 y. Ou
Creating A Good Password Combine 2 unrelated Mail + phone = m@!lf 0 n 3 words Abbreviate a phrase My favorite color is blue= Mfciblue Music lyric Happy Birthday to you Happy Birthday dear Gene Happy Birthday to you HB 2 y. HBd. GHB 2 y
Password Recommendations Change the default passwords on firewalls, services, servers, etc. Ø Never use ‘admin’ or ‘root’ or ‘administrator’ as a login for the admin l Use a software firewall on each computer system, with antivirus & antispyware. Ø A good password is: Ø l l l l Ø private: it is used and known by one person only secret: it does not appear in clear text in any file or program or on a piece of paper pinned to the terminal changed regularly: periodically change your password. easily remembered: so there is no need to write it down at least 8 characters but preferably 12 -14 a mixture of at least 3 of the following: upper case letters, lower case letters, digits and punctuation not guessable by any program in a reasonable time, for instance less than one week. Why you must change passwords Even if you choose a good password, it can still be discovered: l l someone may see you typing it or snoop network. If you accidentally type your password instead of your login name, it can be in system log files
Using Better Passwords Ø clearly there are problems with passwords Ø goal is to eliminate guessable passwords Ø while still easy for user to remember Ø techniques: l l user education computer-generated passwords reactive password checking proactive password checking
Proactive Password Checking Ø rule enforcement plus user advice, e. g. l l 8+ chars, upper/lower/numeric/punctuation may not suffice Ø password cracker l time and space issues Ø Bloom Filter l l use to build table based on dictionary using hashes check proposed password against this table
Use of Hashed Passwords
Salt + Password Salt : Ø prevents identical passwords from giving the same encrypted value. Ø increases length of password without requiring user to remember additional characters
UNIX Implementation Ø original scheme l l 8 character password form 56 -bit key 12 -bit salt used to modify DES encryption into a one-way hash function 0 value repeatedly encrypted 25 times output translated to 11 character sequence Ø now regarded as woefully insecure l e. g. supercomputer, 50 million tests, 80 min Ø sometimes still used for compatibility
Improved Implementations Ø have other, stronger, hash/salt variants Ø many systems now use MD 5 l l with 48 -bit salt password length is unlimited is hashed with 1000 times inner loop produces 128 -bit hash Ø Open. BSD uses Blowfish block cipher based hash algorithm called Bcrypt l uses 128 -bit salt to create 192 -bit hash value
Password File Access Control Ø can block offline guessing attacks by denying access to encrypted passwords l l Ø make available only to privileged users often using a separate shadow password file still have vulnerabilities l l l exploit O/S bug keystroke logger accident with permissions making it readable users with same password on other systems access from unprotected backup media sniff passwords in unprotected network traffic
Token Authentication Ø object user possesses to authenticate, e. g. l l embossed card magnetic stripe card memory card smartcard
Memory Card Ø store but do not process data Ø magnetic stripe card, e. g. bank card Ø electronic memory card Ø used alone for physical access Ø with password/PIN for computer use Ø drawbacks of memory cards include: l l l need special reader loss of token issues user dissatisfaction
Smartcard credit-card like Ø has own processor, memory, I/O ports Ø l l wired or wireless access by reader may have crypto co-processor executes protocol to authenticate with reader/computer Ø also have USB dongles Ø
Remote User Authentication Ø authentication over network more complex l problems of eavesdropping, replay generally use challenge-response Ø protects against a number of attacks User System Identity Random Challenge (nonce) Ø [Calculate] Reply Accept or reject
Biometric Authentication Ø authenticate user based on one of their physical characteristics
Biometric Accuracy Ø never get identical templates Ø problems of false match / false non-match
Countermeasures - Admin Establish the Administrator account as having no or few privileges Ø Use admin (root) account only when necessary (e. g. , not to read email) Ø Use longer passwords for admin accounts Ø For any system, never retain default passwords! Ø Name Administrator account something else Ø Set an account lockout threshold Ø l ensure it applies to Administrator particularly for remote access
Countermeasures - User Ø Check for and remove invalid accounts (e. g. , accounts not used in 30 days) Ø Enforce strong password policy Ø Enable audit account logon failures and review event logs regularly Ø Implement training & enforcement of policies Ø Enable automatic workstation lockout or logoff
Countermeasures – User Access Apply Principle of Least Privilege: Ø Grant minimum Permissions necessary Ø Provide access to files and database segments only as necessary Ø Specify as limited permissions (rwx) as possible Ø Limit use of admin accounts – no email Ø Separation of Duties in System Administration – the Administrator and separate log reader
Countermeasures - Computer Ø Do not allow boots from floppy or CDs Ø Lock up servers to prevent physical access Ø Do not use the same password from one machine to the next. (Minimally compartmentalize passwords) Ø Stop unauthorized access to password file
Countermeasures - Network Ø Ø Ø Ø Restrict access or disable SMB services on TCP port 139 & 445 at firewalls Monitor with intrusion detection Counter sniffing with encrypted network links: e. g. , IPSec Avoid software which sends passwords or operate in the clear: rlogin, telnet, POP 3, alerter, clipbook, … Limit permission on Windows shares (from Everyone – Full Control or Read) Eliminate or reduce anonymous or guest access Use mail packages that check for viruses.
Active Directory (AD) Domain Controller is Windows Server Ø Computer accounts l Ø l Allowable computers AD acct: any domain node Local acct: local node Group policy settings l l Ø Active Directory DB User accounts l Ø Active Directory Domain Controller Replicated Domain Cntrl AD acct: distributed vs. Local only Controlled by Domain Admin Workstation 3 Workstation 1 Workstation 2 Local DB
Windows Permissions: NTFS Users: Ø Administrators l Includes Domain Admin (AD) System (O. S. ) Ø Individual users Permissions: Ø Full Control Ø Modify Ø Read & Execute Ø Read Ø Write Ø List Folder (Folder only) Ø Inherited Permissions when set Folder Permissions: Modify Read/Execute File 1 Permissions File 3 Permissions File 2 Permissions: Inherited: Modify Read/Execute
Locked Permissions
Windows Permissions: NTFS Permissions accessed via Inheritance: folder => (affects) file No inheritance: folder !=> file Inherited Permissions Permission Hierarchy: If combo permit & deny=>deny Folder Permissions: Modify Read/Execute File 1 Permissions File 2 Permissions: No inheritance: Read Files may also be Hidden (e. g. , ) OS files Sharing (folder): Available on network File 3 Permissions
Windows NTFS Permissions On Directory or File: Ø Right click-> Properties Ø Select Security tab Ø See Permitted users l l Ø Can add, delete users Select name to view permissions See Permissions
Advanced Security Settings: Does Write work…?
Tiger box hacking tools
Aldy bug
Nonspecific defense mechanisms
Topology in computer
Osi security model
Guide to network security
Wireless security in cryptography and network security
Electronic mail security in network security
Security guide to network security fundamentals
Security guide to network security fundamentals
Computer & network security
Computer and network security
Private securty
Guide to network defense and countermeasures
Guide to network defense and countermeasures
Guide to network defense and countermeasures
Guide to network defense and countermeasures
Three line of defense in security
Defense security service audit
Elisa.dtsa.mil
Anatomi hacking
Google hacking game
Astra greek hacker
What is ethical hacking wikipedia
Usb hacking tools
Hacking disclaimer
Linux kernel programming part 2
Ethical hacking terminologies
Ethicsl hacker
Hacking disclaimer
Linux kernel hacking
Gooscan
Hacking your head
Disadvantages of ethical hacking
Speech on ethical hacking
Hackingteam rcs console
Hacking exposed 9
Xss advanced
Hacking tamagotchi
Index.of.secret
Growth hacking case studies
Hacking exposed 9
Advanced website hacking
