Presentation is loading. Please wait.

Presentation is loading. Please wait.

EDUCAUSE Security Professionals Conference 2007 Monkey-in-the-Middle Attacks on Campus Networks Andrew J. KortySean KrulewitchIndiana University April.

Published byKendall Sorrell Modified over 9 years ago

Similar presentations

Presentation on theme: "EDUCAUSE Security Professionals Conference 2007 Monkey-in-the-Middle Attacks on Campus Networks Andrew J. KortySean KrulewitchIndiana University April."— Presentation transcript:

1 EDUCAUSE Security Professionals Conference 2007 Monkey-in-the-Middle Attacks on Campus Networks Andrew J. KortySean KrulewitchIndiana University April 12, 2007

2 Copyright © 2007 The Trustees of Indiana University. This work is the intellectual property of the authors. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the authors. To disseminate otherwise or to republish requires written permission from the authors.

3 Agenda What is a MitM attack? Target: Web authentication Target: Kerberos authentication Target: SSH protocol Prevention: Vendors Prevention: Sysadmins, site owners Prevention: Users Q&A Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

4 What is a MitM attack? Short Definition: A Monkey-in-the-middle attack is when an attacker controls both sides of conversation, posing as the sender to the receiver *and* the receiver to the sender. Active attack, i.e., we’re writing data to the network Eavesdropping/Sniffing Insertion/Modification/Deletion Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

5 Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

6 Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

7 Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

8 Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

9 Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

10 Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

11 Target: Web authentication Initial web page requested by user is not authenticated Vulnerability Attacker directs victim to location of attacker’s choice Exploit http form : https form action http GET : https 3xx redirect, meta REFRESH Common examples Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

12 Common examples Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

13 Common examples Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

14 Common examples Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

15 Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

16 Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

17 Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

18 Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

19 Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

20 Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

21 Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

22 MitM: Web authentication demo Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

23 Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints Kerberos example

24 Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints Kerberos example

25 Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints Kerberos at the console

26 Target: Kerberos authentication Kerberos responses are not validated Vulnerability Spoof ticket encrypted with key of attacker’s choice Exploit KDC Verify off Pam_krb5, mod_auth_kerb, etc. without a keytab Common examples Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

27 Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints Spoofed ticket

28 MitM: Kerberos demo Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

29 Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints SSH key agreement

30 Target: SSH protocol Client doesn’t verify host-key Vulnerability Attacker offers a different key from a spoofed server Exploit Fingerprints aren’t validated on new/changed host keys SSH servers in compatibility mode (i.e., version 1.99) Common examples Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

31 Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints SSH – New key

32 Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints SSH – Key change

33 Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints SSH – New key type

34 Prevention: Vendors Target: Web authentication Check for https by default Disable unencrypted password submit Target: Kerberos authentication Required KDC Verification Target: SSH protocol Enforce StrictHostKeyChecking and offer stronger warning messages Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

35 Prevention: Sysadmins, site owners Target: Web authentication Make https URLs obvious (i.e., the same) Disable http? Target: Kerberos authentication Always use keytabs Enable KDC verification Target: SSH protocol Deploy clients with StrictHostKeyChecking Pre-distribute keys of both types (RSA, DSA) Other prevention techniques DNSSEC SiteKey? Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

36 Login improvement Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

37 Prevention: Users Target: Web authentication Always try https first Use bookmarks Proxy Target: SSH protocol Always validate host-key fingerprints out-of-band Enable StrictHostKeyChecking Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

38 HTTP::Proxy Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

39 Q & A Copyright © 2007 The Trustees of Indiana University | Copyright ComplaintsTrusteesIndiana UniversityCopyright Complaints

40

Download ppt "EDUCAUSE Security Professionals Conference 2007 Monkey-in-the-Middle Attacks on Campus Networks Andrew J. KortySean KrulewitchIndiana University April."

Similar presentations

Network Security.

Network Security.
CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.
Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed.

Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed.
Sonny J Zambrana University of Pennsylvania ISC-SEO November 2008.

Sonny J Zambrana University of Pennsylvania ISC-SEO November 2008.
What Does the Net Generation Expect From Us? SAC August 8, 2005 SAC August 8, 2005 Copyright © 2005, Joel L. Hartman. This work is the intellectual property.

What Does the Net Generation Expect From Us? SAC August 8, 2005 SAC August 8, 2005 Copyright © 2005, Joel L. Hartman. This work is the intellectual property.
MyProxy: A Multi-Purpose Grid Authentication Service

MyProxy: A Multi-Purpose Grid Authentication Service
A Web-based Bibliography Management Initiative: Collaborating for Classroom and Library Technology Integration Brian Nielsen, Academic Technologies Denise.

A Web-based Bibliography Management Initiative: Collaborating for Classroom and Library Technology Integration Brian Nielsen, Academic Technologies Denise.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Ferry Astika Saputra Workshop Administrasi Jaringan TELNET & SSH.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Ferry Astika Saputra Workshop Administrasi Jaringan TELNET & SSH.
Copyright Statement Copyright Robert J. Brentrup 2005. This work is the intellectual property of the author. Permission is granted for this material to.

Copyright Statement Copyright Robert J. Brentrup This work is the intellectual property of the author. Permission is granted for this material to.
Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007.

Using Levels of Assurance Renee Shuey nmi-edit CAMP: Charting Your Authentication Roadmap February 8, 2007.
Copyright Sue R. Bauer, Ed.D. 2006. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Copyright Sue R. Bauer, Ed.D This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
Delivering Windows OS Updates at Yale with SUS EDUCAUSE Security Professionals Workshop May 17, 2004 Washington DC Ken Hoover, Systems Programmer

Delivering Windows OS Updates at Yale with SUS EDUCAUSE Security Professionals Workshop May 17, 2004 Washington DC Ken Hoover, Systems Programmer
Webdisk Storage Anywhere, Anytime for Everyone Presented at Educause, 2003 Copyright 2003, Jeremy Mortis and Harold Esche. This work is the intellectual.

Webdisk Storage Anywhere, Anytime for Everyone Presented at Educause, 2003 Copyright 2003, Jeremy Mortis and Harold Esche. This work is the intellectual.
Kerberos Authenticating Over an Insecure Network.

Kerberos Authenticating Over an Insecure Network.
The Homegrown Single Sign On (SSO) Project at UM – St. Louis.

The Homegrown Single Sign On (SSO) Project at UM – St. Louis.
JA-SIG CAS Enterprise Single Sign-On Scott Battaglia Application Developer Enterprise Systems & Services Rutgers, the State University of New Jersey Copyright.

JA-SIG CAS Enterprise Single Sign-On Scott Battaglia Application Developer Enterprise Systems & Services Rutgers, the State University of New Jersey Copyright.
Mobile Computing and Security Authenticated Network Access (ANA) Jon Peters Associate Director Dave Packham Manager of Network Engineering NetCom University.

Mobile Computing and Security Authenticated Network Access (ANA) Jon Peters Associate Director Dave Packham Manager of Network Engineering NetCom University.
Moving Your Paperwork Online Western Washington University E-Sign Web Forms Copyright Western Washington University, 2004. This work is the intellectual.

Moving Your Paperwork Online Western Washington University E-Sign Web Forms Copyright Western Washington University, This work is the intellectual.
CAMP - June 4-6, 2003 1 Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin 2003. This work is the intellectual property of the authors.

CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.
EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.

EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.

Similar presentations

Ads by Google