TCPIP Basic Articles (Security)

zhaozj2021-02-08  476

TCP / IP Basics (Security) Source: wuhanman Reposted

The security of the levels of TCP / IP is also different, for example, providing virtual private networks at the network layer, providing security jacket services in the transport layer. The following will be described below to introduce the safety of different levels of TCP / IP and improve the safety of each layer.

First, the security of the Internet layer

The idea of ​​standardizing the security protocol of the Internet layer has long been there. Some solutions have been proposed in the past decade. For example, the Safety Agreement No. 3 (SP3) "is also based on the US National Security Authority and the Standard Technology Association as part of the Security Data Network System (SDNS). "Network Safety Protocol (NLSP) is a security protocol standard developed by the International Standardization Organization for" Unconnected Network Protocol (CLNP) ". "Integrated NLSP (I-NLSP) is a unified security mechanism including IP and CLNP proposed by the National Science and Technology Research Institute. Swipe is another INTENET layer security protocol, which is proposed and prototypes by Ioannidis and Blaze. All of these proposals are more than different points. In fact, they are all IP packaging technology. Its essence is that the package of plain text is encrypted, encapsulated in the outer IP header, used to make the route option on the Internet on the INTERNET. When the other end is reached, the outer IP header is disassembled, the packet is decrypted, and then sent to the receipt location.

The Internet Engineering Tourism Group (ITF) has been standardized by the IP Security Protocol Security Protocol (IPSec) Working Group for IP Security Protocol (IPSP) and the corresponding Internet Key Management Protocol (IKMP). The main purpose of IPSP is to enable users who need security measures to use the corresponding encryption security system. This system can not only work under the current IP (IPv4), but also work in the new version of IP (IPNG or IPv6). The system should be independent of the algorithm, even if the encryption algorithm is replaced, it does not affect the implementation of other parts. In addition, the system must implement a variety of security policies, but avoid adverse effects on people who do not use the system. According to these requirements, the IPSec Working Group developed a specification: Authentication Header, AH and encapsulating security payload, ESP. Briefly, AH provides the authenticity and integrity of the IP package, and the ESP provider is required.

IP AH refers to a message authentication code (MAC), which has been calculated in advance before sending IP packages. The transmitter uses a encryption key to the AH, the receiver is verified by the same or another key pair. If the transmit and reception is used by a single key system, then they use the same key; if the transmit and receive, the public key system is used, then they use different keys. In the latter case, the AH system can additionally provide undeniable services. In fact, some in the transmission variable domain, such as the Time-to-Live Domain or IPv6 in IPv4, must be ignored in the calculation of AH. The RFC 1828 first specifies the calculation and verification of a key in the plug-in state, and the MD5 algorithm to be used. At the same time, both the MD5 and the plug-in state are criticized to be too weak, and there is a replacement program.

The basic idea of ​​IP ESP is to encapsulate the entire IP package, or only the data (transport state) of the ESP inner upper protocol, and encrypt the most data of the ESP. In the pipe state, a new IP header (plain text) is attached to the currently encrypted ESP, which can be used to router selection on the IP package on the Internet. The receiver removes this IP header, decrypts the ESP, processes and removes the ESP header, and then processes the original IP package or higher level protocol. The format of the ESP is specified in the RFC 1827, and the ESP encryption and decryption of ESP encryption and decryption in the Password block link (CBC) state are specified. Although other algorithms and status can be used, some countries' import and export control of such products cannot be considered. Some countries even even private encryption should be restricted. The AH and ESP system can be used, or it can be divided. No matter how it is used, you will escape the attack of transmission analysis. People are not very clear in the Internet layer, there is really a means of economic and effective anti-transmission analysis, but in the internet user, there are very few transmissions.

In August 1995, the Internet Engineering Leading Group (IESG) approved the recommended standards for the IPSP's RFC as the Internet Standard Series. In addition to RFC 1828 and RFC 1829, there are two experimental RFC files that specify that in AH and ESP systems, with a secure hash algorithm (SHA) instead of MD5 (RFC 1852) and replaced DES with Ternary DES. RFC 1851).

In the simplest case, IPSP configures the key with manual. However, when IPSP is developing large-scale development, it is necessary to establish a standardized key management protocol on the Internet. This key management protocol specifies the method of administering a management key in accordance with the requirements of the IPSP security regulations.

Therefore, the IPSec Working Group is also responsible for the Internet Key Management Agreement (IKMP), and the standardization of several other protocols has also been put on the schedule. The most important of these:

"Standard Key Management Protocol (MKMP)" proposed by IBM

"Simple Key Management of the Internet Protocol" (SKIP) "

"Phil Karn" PHOTURIS Key Management Agreement "

"Security Key Exchange Mechanism (SKEME)" proposed by Hugo Krawczik

Internet Security Regulations and Key Management Agreements proposed by NSA

"Oakley Key Decision Agreement" proposed by Hilarie Orman

It needs to be emphasized here again to point out that the similar point of these protocols is more than different points. In addition to MKMP, they require an existing, fully operable public key infrastructure (PKI). MKMP does not require this request, because it assumes that both parties have known a master key, prior manual release. SKIP requires a Diffie-Hellman certificate, and other protocols require RSA certificates.

In September 1996, IPSec decided to use Oakley as a key management means for enforcement under the ISAKMP framework, using SKIP as a priority option for IPv4 and IPv6 implementations. There are already some vendors to achieve synthetic Isakmp / Oakley solutions. The basic idea of ​​PHOTURIS and the Protocol of the class PHOTURIS is to use the Diffie-Hellman key exchange mechanism for each session key, and then use the signature exchange to confirm the Diffie - Hellman parameters to ensure that there is no "intermediary" attack. This combination was originally proposed by Diffie, OSCHOT, and Wiener in a "standby station (STS)" protocol. There is another so-called "cookie" exchange in Photuris, which provides a "anti-logging" function that prevents the service attack deny. PHOTURIS and class PHOTURIS protocols use the Diffie-Hellman key exchange mechanism for each session key, so it can provide back-track protection, BTP and complete forwarding security (Perfect-Forward Secrecy, PFS) . Essentially, this means that once an attacker cracks the long-acting private key, such as the Diffie-Hellman key in the RSA key or Skip in Photuris, all other attackers can pretend the owner of the crack password. However, attackers do not have to have the ability to crack information about the owner's past or future.

It is worth noting that SKIP does not provide BTP and PFS. Although it uses the Diffie-Hellman key exchange mechanism, the exchange is implied, that is, two entities know the other party long-acting Diffie - Hellman public key in the form of a certificate, which implies a main secret key. The master key can export a key to the packet key, and the packet key is really used to encrypt the IP packet. Once the long-acting Diffie-Hellman key leaks, any corresponding communication protected by the key under this key protection will be cracked. And SKIP is stateless, it is not based on security regulations. Each IP packet may be individually encrypted and decrypted, and the root is used to use different keys.

SKIP does not provide BTP and PFS that have caused criticism inside the IPsec Working Group, which has been expanded, tried to provide BTP and PFS. However, the expansionable SKIP protocol is actually a certain compromise between the BTP and PFS functions of providing the protocol. In fact, Skip, which increases BTP and PFS features, very similar to PhoTuris and class PhoTuris, the only main difference is SKIP (still) requires the original Diffie-Hellman certificate. This must be noted: Currently on the Internet, the RSA certificate is more easily implemented and business than other certificates.

Most IPSPs and their respective key management protocols are based on UNIX systems. Any IPSP implementation must be entangled with the source code of the corresponding protocol stack, and this source can be used on UNIX systems, which is probably here. However, if you want to use and adopt security protocols more widely on the Internet, you must have the corresponding DOS or Windows version. One question directly faced by the Internet layer security protocol on these systems is that there is no public source resource for the implementation of TCP / IP on the PC. To overcome this difficulty, Wagner and Bellovin realize an IPSec module, which works just as a device driver, which is completely below the IP layer.

The main advantage of Internet layer security is its transparency, that is, the providing of secure services does not require application, other communication hierarchies and network components. Its most important disadvantage is that the Internet layer generally does not distinguish between the package belonging to different processes and corresponding regulations. For all packages to the same address, it will be handled in accordance with the same encryption key and access control policies. This may result in providing the required functions, which will also result in a decrease in performance. These issues assigned to the key to the host, the RFC 1825 allows (or even recommended) to use the user-oriented key allocation, where different connections are different encryption keys. However, a user-oriented key allocation requires a relatively large change in the corresponding operating system. Although the IPSP's norm has been basically formulated, the situation in key management is thousands of hours, and there are many work to do. An important issue that has not been attached to paying enough is a key allocation issue in a multicast environment, for example, in the Internet Multicast Backbone (MBONE) or key allocation issues in the IPv6 network.

In short, the Internet layer is very suitable for providing a host-based security service. The appropriate security protocol can be used to build secure IP channels and virtual private networks on the Internet. For example, using its encryption and decryption function of the IP package, it can simply strengthen the defense capabilities of the firewall system. In fact, many manufacturers have done this. RSA Data Security has initiated an initiative to promote a number of firewalls and TCP / IP software vendors jointly develop virtual private networks. The initiative is called the S-WAN (Safety WAN) initiative. Its goal is to develop and recommend the security protocol standard for the Internet layer.

Second, the safety of the transport layer

In Internet Application Programming, you usually use a generalized process communication (IPC) mechanism to deal with different levels of security protocols. The more popular two IPC programming interfaces are BSD Sockets and Transportation Terminal (TLI), which can be found in the UNIX system V command.

The first idea of ​​providing secure services in the Internet is to strengthen its IPC interface, such as BSD sockets, etc., the specific practices include the authentication of the dual-end entity, the exchange of data encryption keys, etc. Netscape Communications Follow this idea to develop a security jacketed protocol (SSL) based on a reliable transmission service (such as TCP / IP). SSL Version 3 (SSL V3) was developed in December 1995. It mainly includes the following two protocols:

SSL Record Protocol It involves segmentation, compression, data authentication, and encryption of information provided by the application. The SSL V3 provides support for the MD5 and SHA and SHA and data encrypted by data authentication, which can be negotiated with the data to authenticate and encrypt data can be negotiated through the SSL's handshake protocol.

SSL handshake protocol is used to exchange version numbers, encryption algorithms, (mutual) authentication and switch key. SSL V3 provides support for the Defie-Hellman key exchange algorithm, RSA-based key exchange mechanism and another key exchange mechanism that implements on Fortezza CHIP.

Netscape Communications has launched an SSL reference implementation (called SSLREF) to the public. Another free SSL implementation is called SSLEAY. SSLREF and SSLEAY provide any TCP / IP application to provide SSL features. The Internet Number Assignment Authority (IANA) has allocated a fixed port number for an application with SSL function, for example, the port number of HTTP (HTTPS) assigned by SSL is 443, and the port number assigned by SSL SMTP (SSMTP) is 465. The port number assigned by the NNTP (SNNTP) with SSL is 563.

Microsoft launched an improved version of SSL2 called PCT (private communication technology). At least from the record format it uses, SSL and PCT are very similar. Their main differences are different on the most significant position of the version number field: SSL This bit takes 0, and the PCT is taken 1. After this, you can support these two protocols.

In April 1996, IETF authorized a transport layer safety (TLS) working group to set up a transport layer security protocol (TLSP) so as to be officially submitted to IESG as a standard proposal. TLSP will look like SSL in many places. The main advantage of the Internet layer security mechanism, which has been described above is that its transparency, that is, the security service provides no change in the application layer. This is not available for the transport layer. In principle, any TCP / IP application, as long as the transport layer security protocol, such as SSL or PCT, you must perform several modifications to increase the corresponding function and use (slightly) different IPC interfaces. Thus, the main disadvantage of the transport layer safety mechanism is to modify the transmission layer IPC interface and the application. However, the modification here is quite small compared to the security mechanism of the Internet layer and the application layer. Another disadvantage is that UDP-based communications is difficult to establish a security mechanism in the transport layer. Compared with the network layer security mechanism, the main advantage of the transport layer security mechanism is that it provides process-based processes (rather than hosts) security services. This achievement can be quickly spanned forward if the application level security service is counted.

Third, the safety of the application layer

Must keep in mind (and carefully taste): The security protocol of the network layer (transport layer) allows for security properties to increase the data channel between the host (process). Essentially, this means that true (perhaps plus confidential) data channel is also built between the host (or process), but it is impossible to distinguish a security requirement of a specific file transmitted on the same channel. For example, if a host is established between another host, a secure IP channel is established, then all IP packets transmitted on this channel are automatically encrypted. Similarly, if a process and another process establishes a secure data channel through the transport layer security protocol, all messages transmitted between the two processes are automatically encrypted.

If you really want to distinguish a different security requirement of a specific file, you must use the security of the application layer. Providing application layer security services is actually the most flexible means of processing a single file security. For example, an email system may need to implement data signatures of individual paragraphs to be issued. The safety function provided by the lower layer protocol generally does not know any of the paragraph structure of the letter to be issued, so that it is impossible to know which part of the segment is signed. Only the application layer is the only level that can provide this security service.

In general, there are several possible practices that provide security services in the application layer, the first thing that is ideal is probably modified separately for each application (and application protocol). Some important TCP / IP applications have been doing this. In RFCs 1421 to 1424, IETF specifies private reinforcing mail (PEM) to provide security services for SMTP-based email systems. Due to various reasons, the Internet industry adopts PEM's step or slow, a primary reason is that PEM relies on a existing, fully operable PKI (public key infrastructure). PEM PKI is a hierarchical, consisting of three levels:

Top level is Internet Security Policy Registration Organization (IPRA)

The secondary is a security policy certificate authority (PCA)

The bottom layer is a certification authority (CA)

Building a PKI that conforms to PEM specifications is also a political process because it requires multi-party to reach trust in common. Unfortunately, history shows that political process always takes time, as an intermediate step, Phil Zimmermann has developed a package called PGP (PRETTY Good Privacy). PGP is in line with the vast majority of PEM, but does not have to ask PKI's presence. Instead, it uses a distributed trust model that determines which other users of trust by each user. Therefore, PGP is not to promote a global PKI, but let users build their own trust. This immediately produces a problem, which is to abolish it under the distributed trust model.

S-HTTP is a security enhancement version of Hypertext Transfer Protocol (HTTP) used on the Web, designed by corporate integration technology. S-HTTP provides a file-level security mechanism, so each file can be set to a private / signature. Algorithms used as encryption and signatures can be negotiated by both parties involved in communications. S-HTTP provides support for a variety of one-way hashing (HASH) functions, such as: MD2, MD5 and SHA; support for multiple single key systems, such as: des, ternary DES, RC2, RC4, and CDMF For support for digital signature institutions, such as RSA and DSS. There is currently no recognition standard for web security. Such standards can only be developed by WWW consortium, IETF, or other relevant standardized organizations. The official standardization process is long, it may be dragged in several years until all standardized organizations fully recognize the importance of Web security. S-HTTP and SSL provide Web security from different angles. S-HTTP is distinguished by a single file, while SSL is supervised by "private" and "certified" in the data channels involved in communication. Terisa's SecureWeb Tools package can be used to provide security features for any web application. The tool package provides an encrypted algorithm with RSA Data Security and provides comprehensive support for SSL and S-HTTP.

Another important application is e-commerce, especially credit card transactions. In order to make the credit card transaction security on the Internet, Mastercard has developed a secure electronic payment agreement (SEPP), VISA International and Microsoft (and other companies in the same way). (STT) protocol. At the same time, MasterCard, Visa International and Microsoft have agreed to join hands to launch a secure credit card trading service on the Internet. They released the appropriate security electronic transaction (SET) protocol, which specifies the method of paying the credit cardholder with its credit card through the Internet. The background of this mechanism has an infrastructure issued by a certificate to provide support for the X.509 certificate.

All of these plus security functions mentioned above face a major problem, that is, each such applications are individually modified. Therefore, if there is a unified modification, it is much better. One step to this direction is the safety shell (SSH) developed by the University of Helsinki University. SSH allows its users to securely log in to the remote host, execute commands, and transfer files. It implements a key exchange protocol, as well as the host and client authentication protocol. SSH has free versions on the popular multi-Unix system platform today, as well as commercialized versions of Data Fellows.

Push the SSH's idea to first, and go to the authentication and key distribution system. Essentially, the authentication and key distribution system provides an Application Programming Interface (API) that can be used to provide security services for any network application, such as authentication, data confidentiality, and integrity, access control, and non-denial services. . There is already a practical authentication and key allocation system, such as: MIT's Kerberos (V4 and V5), IBM Cryptoknight and NetWrok Security Program, DEC's SPX, Karlsruhe University's Index Safety System (TESS), etc. Examples widely used. You can even see the modifications and expansion of some authentication and key allocation systems. For example, SESAME and OSF DCE have added an increase in access control services to Kerberos V5, and Yaksha has added an increase in non-denial of service for Kerberos V5.

One of the frequent encountered issues about the authentication and key allocation system is about the cold encountered on the Internet. One reason is that it still requires a change to the application itself. Considering this, a standardized security API provides a standardized security API for an authentication and key distribution system. At this point, developers don't have to increase the overall application of the entire application for the addition of few safety features. Therefore, one of the most important progress in the field of certification system design is to develop standardized security APIs, which is a general security service API (GSS-API). GSS-API (V1 and V2) may still be too technored by programmers of a non-security expert, but the safety network programming (SNP) developed by researchers in Texas Austin University, which makes the interface than GSS -API higher levels make the programming related to network security more convenient. What is the unsecure place in the network layer?

NAI

Unsafe place

Due to the broadcast mode in the LAN, if all the packets can be listened to a broadcast domain, hackers can analyze the packets, and the information transfer of this broadcorn domain will be exposed to hackers.

Network segmentation

Network segmentation is an important measure to ensure security, and it is also a basic measure that the illegal users are separated from network resources to limit the illegal access to users.

Network segmentation can be divided into two ways of physical segments and logic:

Physical segmentation generally refers to the network from a physical layer and a data link layer (the first layer and the second layer in the ISO / OSI model) into several network segments, and each network segment cannot communicate with each other. Currently, many switches have certain access control capabilities that enable physical segments for the network. Logic segmentation refers to segmenting the entire system on a network layer (the third layer in the ISO / OSI model). For example, for TCP / IP networks, networks can be divided into several IP subnets, each subnet must be connected via router, routing switches, gateways or firewalls, using these intermediate equipment (including software, hardware) security mechanisms. Control accesses between each subnet. During practical applications, physical segments are typically taken in combination with logic segments to achieve security control of network systems.

VLAN implementation

Virtual network technology is based primarily based on LAN exchange technology (ATM and Ethernet exchange) in recent years. Switching technology develops traditional broadcasting local area network technologies into connection-oriented technologies. Therefore, the network management system has the ability to limit the scope of the local area network without the need for a large router.

Ethernet is essentially broadcast mechanism, but after application of exchanger and VLAN technology, it is actually converted to point-to-point communication unless the monitoring port is set, and information exchange does not have listening and insertion (changing) issues.

The benefits of network security brought by the above operating mechanisms are obvious:

The information is only to the location that should arrive. Therefore, most of the intrusion means based on network monitors is prevented.

Access control through the virtual network settings that cannot directly access the virtual network node directly outside the network node outside the virtual network.

However, virtual network technology also brings new security issues:

Devices that perform virtual network exchange are more complicated to become an object being attacked. Invasion monitoring technology based on network broadcast principles requires special settings within the high speed switching network. Mac-based VLANs cannot prevent Mac spoofing attacks.

The use of Mac-based VLAN will face attacks of counterfeit MAC addresses. Therefore, the division of the VLAN is best based on the switch port. But this requires the entire network desktop using the switching port or the network segment machine in which each switch port is the same VLAN.

Dividing principles between VLANs

转载请注明原文地址:https://www.9cbs.com/read-211.html

New Post(0)