Presentation is loading. Please wait.

Presentation is loading. Please wait.

EDUCAUSE Security Professionals Conference 2007 Monkey-in-the-Middle Attacks on Campus Networks Andrew J. KortySean KrulewitchIndiana University April.

Similar presentations


Presentation on theme: "EDUCAUSE Security Professionals Conference 2007 Monkey-in-the-Middle Attacks on Campus Networks Andrew J. KortySean KrulewitchIndiana University April."— Presentation transcript:

1 EDUCAUSE Security Professionals Conference 2007 Monkey-in-the-Middle Attacks on Campus Networks Andrew J. KortySean KrulewitchIndiana University April 12, 2007

2 Copyright © 2007 The Trustees of Indiana University. This work is the intellectual property of the authors. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the authors. To disseminate otherwise or to republish requires written permission from the authors.

3 Agenda What is a MitM attack? Target: Web authentication Target: Kerberos authentication Target: SSH protocol Prevention: Vendors Prevention: Sysadmins, site owners Prevention: Users Q&A Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

4 What is a MitM attack? Short Definition: A Monkey-in-the-middle attack is when an attacker controls both sides of conversation, posing as the sender to the receiver *and* the receiver to the sender. Active attack, i.e., we’re writing data to the network Eavesdropping/Sniffing Insertion/Modification/Deletion Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

5 Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

6 Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

7 Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

8 Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

9 Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

10 Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

11 Target: Web authentication Initial web page requested by user is not authenticated Vulnerability Attacker directs victim to location of attacker’s choice Exploit http form : https form action http GET : https 3xx redirect, meta REFRESH Common examples Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

12 Common examples Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

13 Common examples Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

14 Common examples Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

15 Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

16 Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

17 Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

18 Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

19 Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

20 Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

21 Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

22 MitM: Web authentication demo Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

23 Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints Kerberos example

24 Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints Kerberos example

25 Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints Kerberos at the console

26 Target: Kerberos authentication Kerberos responses are not validated Vulnerability Spoof ticket encrypted with key of attacker’s choice Exploit KDC Verify off Pam_krb5, mod_auth_kerb, etc. without a keytab Common examples Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

27 Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints Spoofed ticket

28 MitM: Kerberos demo Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

29 Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints SSH key agreement

30 Target: SSH protocol Client doesn’t verify host-key Vulnerability Attacker offers a different key from a spoofed server Exploit Fingerprints aren’t validated on new/changed host keys SSH servers in compatibility mode (i.e., version 1.99) Common examples Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

31 Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints SSH – New key

32 Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints SSH – Key change

33 Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints SSH – New key type

34 Prevention: Vendors Target: Web authentication Check for https by default Disable unencrypted password submit Target: Kerberos authentication Required KDC Verification Target: SSH protocol Enforce StrictHostKeyChecking and offer stronger warning messages Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

35 Prevention: Sysadmins, site owners Target: Web authentication Make https URLs obvious (i.e., the same) Disable http? Target: Kerberos authentication Always use keytabs Enable KDC verification Target: SSH protocol Deploy clients with StrictHostKeyChecking Pre-distribute keys of both types (RSA, DSA) Other prevention techniques DNSSEC SiteKey? Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

36 Login improvement Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

37 Prevention: Users Target: Web authentication Always try https first Use bookmarks Proxy Target: SSH protocol Always validate host-key fingerprints out-of-band Enable StrictHostKeyChecking Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

38 Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

39 Q & A Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

40


Download ppt "EDUCAUSE Security Professionals Conference 2007 Monkey-in-the-Middle Attacks on Campus Networks Andrew J. KortySean KrulewitchIndiana University April."

Similar presentations


Ads by Google