Remote Exploits

The Morris worm used several remote exploits to gain access to Unix systems. Primarily it used a bug in Sendmail delivered over the Internet on TCP port 25 (Mail) to provide a command shell on the victim machine. Network exploit tools can range from simple Python scripts run at the command line to fully interactive graphical interfaces with point-and-click launchers.

There is a huge range of sophistication and effects from network delivered exploits. Network exploits include things like the ping of death, Heartbleed, and even SQL injection attacks. Most remote exploits embed codes that trigger a software bug and then follow them with some kind of command. Here is the network connection string to a vulnerability on a web server used by the Code Red virus:

GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0

You can see the first part of the network payload is a series of Ns, used to overflow the buffer of a built-in app on the web server. They are followed by some codes representing new commands being given to the system. All the attacker needs to do is connect to the web service (TCP 80), send this string, and boom. Simple remote exploits like these are ideal for network worms since they are fire-and-forget generic attacks. These kinds of attacks aren’t limited to servers, anything with a service can be hit, even routers.⁶

Many attackers just wait for new widespread remote exploits to become available so they can quickly weaponize them by adding the exploit onto existing rootkit. Root kits are software packages designed by attackers to secretly control victimized machines.

Some attacks, like SQL Injection, are more sophisticated, because the remote exploit must be customized for the specific service. SQL injection involves delivering a command to a web application that interrupts the normal flow of database operations and injects new commands, such as delete all databases.⁷ Because of this customization , these kinds of attacks aren’t usually put into worm form, although it has happened once or twice in the past.⁸

Remote Password Guessing

If your organization has any easily reachable login services on the Internet, then you should be on guard for remote password guessing attacks. Network logins can include Terminal servers, Secure Shell (SSH) sites , File Transfer Protocol sites (FTP ), Telnet consoles, Virtual Private Network (VPN ) logins, and any network service requiring authentication. The tricky thing is that there may be login services available on your Internet perimeter that you do not know about. This can easily happen if network devices are deployed without hardening or disabling administrative services. Most network devices, like routers and switches, have network console services like SSH and Telnet running on their network interfaces by default.

Attackers scan for network logins. When they find them, they try username and passwords from anywhere in the world, day and night. Once they hit the right combination of username and password, it’s easy money. To make things easier for them, there are numerous lists of commonly chosen passwords available for them to try. Currently, the top chosen passwords are Password, 123456, 12345678, qwerty, letmein, 111111, and football.

You can find many popular passwords based on previous hacks and public password dumps.⁹ There are also easily available default password lists for network devices. If they think you’re using a Krypto Router, they can look up the default password for that router (probably admin or password) and see if it works. There are numerous tools that attackers can use to automatically scan for listening login services and try a list of usernames and passwords. A typical organization with a SSH service on the Internet sees a few of these kinds of scans every minute from all over the Internet .

Drive-by-Download Attacks

Instead of launching attacks at your web services, some attackers booby-trap web sites to infect victims who browse them. First, the attacker finds or creates an exploit that works against a web browser or anything that a web browser may call. These are remote exploits that the victim connects and inadvertently downloads. Since there are many vulnerabilities found in web browsers, web scripting languages, and web animation tools, there is no shortage of exploits to create. The more popular the browser, usually the more browser exploits uncovered and weaponized.¹⁰

For this to work, the attacker needs victims to browse to a site with these exploits. To do this, they have a few options. They can host a site themselves and try to drive traffic to it via search engine optimization or by e-mailing enticing links to victims. Attackers can also hack a site and then use these techniques to get people to visit. Attackers could also just hack popular sites that they know their victims would frequent. This is called a watering hole attack. For example, if an attacker is looking to compromise a particular defense industry company, they could set up drive-by-download exploits on a web magazine serving that industry. Some attackers sign up for Internet advertising and deliver exploits via banner-ads on legitimate sites. If users are surfing with unpatched browser vulnerabilities, there is no telling where or when they could be hit.

Network Denial of Service

Instead of hacking a site, attackers simply try to knock it down. They can do this with an exploit that crashes the system or a firehose blast of network traffic. Sometimes these kinds of attacks are politically motivated and sometimes they are financially motivated (pay us to stop). In any case, the attacker attempts to send more traffic to the victim than their servers and network connections can handle. The downside for the attacker is that they must maintain the attack the entire time to deny service. Sadly, this is not very hard. Attackers use other previously hacked victims remotely controlled in a huge global network, called a botnet, to generate a traffic swarm. Some hackers rent out their botnets for others to use for denial of service.¹¹ Sometimes people even volunteer their machines to join a DoS attack if they believe in the political cause.¹²

Attackers can also do reflection attacks by sending spoofed UDP packets at unsuspecting servers. The sent packets appear to come from the victim, so the return traffic sent by the legitimate unsuspecting server returns en masse to the victim. Also, the attacker’s true IP address is never seen by the victim. Instead, the victim sees a burst of reflections from all over the Internet. Here is an example where the attacker spoofs DNS queries from the victim to DNS servers spread around the Internet. Figure 17-1 shows a simplified version of how this works.

Figure 17-1. Reflection denial-of-service attack

Sniffing

Sniffing attacks are eavesdropping or wire-tapping attacks where an attacker listens to all network traffic. Nearly every kind of network interface card supports a promiscuous modewhere all packets on the transport media are captured instead just the packets addressed to the interface. Sniffing tools can then collect and decode all the traffic. Basic sniffing software tools are built into most operating systems at the administrator level. Here is an example of tcpdump on Unix operating systems:

$ sudo tcpdump            
tcpdump: data link type PKTAP
listening on pktap, link-type PKTAP (Packet Tap), capture size 262144 bytes
19:09:20.732434 IP 192.168.0.14.51750 > www.apress.com.https: Flags [.], ack 50692, win 3925, options [nop,nop,TS val 821382870 ecr 227562921], length 0
19:09:20.732467 IP 192.168.0.14.51747 > www.apress.com.https: Flags [.], ack 44719, win 4010, options [nop,nop,TS val 821382870 ecr 227562921], length 0
19:09:20.732491 IP 192.168.0.14.51750 > www.apress.com.https: Flags [.], ack 53428, win 3839, options [nop,nop,TS val 821382870 ecr 227562921], length 0

On networks using hubs, all network conversations are broadcast over every wire, so everything on the local subnet can be sniffed. On switched networks, more work is required. Network switches, which actually segregate network conversations via internal bridges¹³ and transmit the conversations to or from the client to their network port. The difference is like having a verbal conversation in a crowded room (network hubs) versus passing private notes amongst each other (network switches). However, many network switches have span portsthat can be used to copy ongoing connections on that switch to another device. Another way eavesdroppers can gain access to switched conversations to physical tap the local wire by placing a tap in-line somewhere in the connection. This is less relevant within an organization’s facility but can happen if an attacker sneaks onsite and plants a tap on a key connection.

A bigger issue is eavesdroppers upstream on the Internet or telecom provider side of the connection listening on Internet conversations going in and out of the organization. This is how some government intelligence agencies spy on organizational traffic.

Wireless network traffic, like hotspots at coffee shops, act like hub networks. Anyone on that wireless network could potentially be eavesdropping on the users of that network. Since wireless networks are nothing but network packets delivered by radio, attackers sometimes set up some distance away with long-range antennas to dip into the conversations.

Another way network traffic is sniffed is at the device level. Local network connections go through a switch and a router or firewall in order to get onto the Internet. Those network devices have the capability to listen and record network conversations. Sniffing is often a common redundant diagnostic feature for these kinds of devices.

Anything that is not encrypted in a network transmission can be decoded by a sniffer. Here is a tcpdump session of logging into an unencrypted web server with the username globaladmin and the password spacepickle. Note how easy it is to spot in a sniff trace.

$ sudo tcpdump -A            
tcpdump: data link type PKTAP
listening on pktap, link-type PKTAP (Packet Tap), capture size 262144 bytes
10:02:15.172746 IP 192.168.0.14.51867 > 192.168.0.1.http: Flags [P.], seq 1:417, ack 1, win 4117, options [nop,nop,TS val 479748387 ecr 9113597], length 416: HTTP: POST /goform/login HTTP/1.1
.......#2.....E...∼.@[email protected]....$.....&.....
..a#....POST /goform/login HTTP/1.1
Host: 192.168.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 39
loginUsername=globaladmin&loginPassword=spacepickle
10:02:15.182719 IP 192.168.0.1.http > 192.168.0.14.51867: Flags [P.], seq 1:138, ack 417, win 17376, options [nop,nop,TS val 9113598 ecr 479748387], length 137: HTTP: HTTP/1.0 302 Redirect

Malware sometimes installs sniffers on internal servers. These sniffers capture passwords or credit card numbers as they are transmitted around the secure internal network. Attackers can also record volumes of encrypted network traffic and analyze it at their leisure. Some encryption schemes can be broken, given enough captured traffic or time spent deciphering them.¹⁴ Even if an attacker can’t break through your network encryption, they can perform traffic analysis and learn what addresses you’ve visited. Remember that encryption covers the contents of the packet, or envelope, the to and from addressing information has to remain visible for the messages to be delivered. Traffic analysis is a specialized intelligence field that analyzes things like conversation participants (and their popularity in conversations), frequency of communication, and size of communication.

Impersonation

Each host on an Ethernet has a unique fingerprint called a MAC (Media Access Control) address, which manufacturers set. Network software binds these MAC addresses to IP addresses. Hosts on a local network then use Address Resolution Protocol (ARP) to look for the MAC address for a given IP address. If an attacker can spoof a MAC address, they could subvert the ARP process¹⁵ and impersonate that host. These attacks are easy since many network adapters and nearly every operating system supports changing the MAC address. In just one command, I can change the MAC address on my Mac:

$ ifconfig en0            
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
 options=27<RXCSUM,TXCSUM,VLAN_MTU,TSO4>
 ether 00:23:32:b3:ce:e6
 inet 192.168.0.14 netmask 0xffffff00 broadcast 192.168.0.255
$ sudo ifconfig en0 ether 00:23:32:b3:ce:e7            
$ ifconfig en0            
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
 options=27<RXCSUM,TXCSUM,VLAN_MTU,TSO4>
 ether 00:23:32:b3:ce:e7
 inet 192.168.0.14 netmask 0xffffff00 broadcast 192.168.0.255

Sometimes an attacker puts up their own Wi-Fi hotspot with the same name as a local business, and then eavesdrops or hijacks the conversations. Since wireless is just radio, an attacker could also use a much stronger radio signal to overpower a Wi-Fi access point or client. If an attacker has access to the local network, they launch a DoS attack to take a server down and then impersonate it to steal login credentials.

There have even been cases of criminals using stolen or fake SSL or TLS certificates, which are supposed to be verifiers of identity.¹⁶ Criminals have also been known to steal entire domain names from registrars for impersonation.

Man-in-the-Middle

If you can sniff a network connection, then you can take it a step further and try to insert yourself into the conversation. Remember that TCP connection streams have handshakes and sequence numbers to track and isolate the connection. If an attacker can sniff those sequence numbers, they can inject themselves into the conversation on both sides. This is called a man-in-the-middle attack. Man-in-the-middle attacks can intercept or substitute encryption keys, so attackers can decrypt confidential data. Attackers can also gain access to two-factor authentication in this manner as well.

A successful man-in-the-middle attack allows an attacker not only have full access to the conversation but also secretly alter the conversation. One attack is to hijack a victim’s web session with their Internet banking system, steal their two-factor authentication while sending the victim an error message. The victim thinks the banking site is down, while the crook cleans out the account. Figure 17-2 illustrates how it looks on a web session.

Figure 17-2. Man-in-the-middle attack

An attacker can also just sniff and copy the session-ID token out of a web session and then use that token to directly impersonate the user. This isn’t a full-blown man-in-the-middle attack; it is called session hijacking.¹⁷ It still involves using sniffing or statistical analysis of poorly chosen keys to completely compromise the authentication credentials of the victim.

Some man-in-the-middle attacks originate from an attacker seizing control of the infrastructure involved in the transmission of the information. Sometimes this means taking over routers, a DNS server (to plant false entries pointing to fake sites), or even malware-implanted tools within the network stack on a host.

Exfiltration of Data

Once an attacker has broken into your network, sometimes it’s a challenge to maintain a persistent remote control connection and copy all of your data back out. This is called exfiltration and can be accomplished in a variety of ways. Some attackers are brazen and just copy files out via FTP or SSH sessions, if there are no firewalls or network monitors in place to block or alarm for such things. It can be challenging on networks with stringent firewall egress rules (hint: you should have these) so attackers have to get creative.

Attacker can hide data inside of seemly innocent DNS queries or HTTPS conversations. Who is going to suspect a machine going to a MyHappyShoppingSite.com, when in fact, the web request itself contains stolen data and the web site is run by cyber-criminals. Data can be easily encoded or encrypted and then tucked into any kind of communication medium that exits your network. It’s very hard to control exfiltration, though that doesn’t mean you shouldn’t try.

Sample Network Security Policy

ORGANIZATIONwill protect its IT networks and the supporting infrastructure from unauthorized access, corruption, or interruption. To accomplish this, ORGANIZATION will do the following:

• The Security department will have primary authority for the security of the untrusted network perimeter. The untrusted network perimeter refers to the border between untrusted networks, such as the Internet, and ORGANIZATION managed or owned networks.

  • The Security department and the IT Department will jointly manage the security of the untrusted network perimeter.

• ORGANIZATION will only use these approved network security devices to control access across untrusted network perimeters. Security standards for approved network security devices will be written by the security department.

• ORGANIZATION will only make perimeter changes based on business-need and only after a risk analysis and approval process. The IT department will be responsible for making the perimeter changes while the Security Department will be responsible for the risk analysis and approval.

  • ORGANIZATION will use a formal process of submission, review, analysis, acceptance, verification, and maintenance to manage proposed changes to the untrusted network perimeter. The Security department must review and perform a risk assessment for all changes to the untrusted network perimeters, either by configuration changes or by the addition of new equipment.

• The Security department will be responsible for maintaining a configuration standard describing the protocols, directions, content and business reasons for every network communication crossing the untrusted network perimeter.

• The IT department and the Security department will share responsibility of the management of systems placed on the untrusted security perimeter. These systems should be network devices such as Internet routers, network switches and other monitoring devices.

  • The IT department will be responsible for maintaining and managing a secure configuration of these devices based on the approved hardening standards. The Security department will be responsible for providing technical risk assessments of these device configurations.

• ADemilitarized Zone(DMZ) is a network segregated by security devices such as firewalls. ORGANIZATION will use DMZs to provide defense in depth for critical servers. ORGANIZATION considers DMZs to be semi-trusted domains.

  • Network connections from customers and other third parties will terminate in a DMZ.

• The Security department will be responsible for periodically assessing the vulnerability and configuration of the untrusted network perimeter. This will take the form of device configuration audits or network vulnerability scans.

• Remote access refers to connections to ORGANIZATION owned or managed networks and computers from untrusted networks. ORGANIZATION requires that an approved security device, such as a firewall or a VPN termination device, manage all remote access.

  • Remote access connections must use approved cryptographic protocols and approved authentication methods.

  • Automated remote access connections will terminate into DMZ networks with additional security inspections in place.

  • ORGANIZATION will only permit remote access from approved portable computing devices. Critical systems, such as servers holding sensitive information, will require additional security controls for remote access.

  • The IT department and the Security department will maintain an approved standard configuration for remote access, designed to provide adequate security protections for teleworkers.

• The IT department is responsible for managing network security to workstations, and may use technical controls such as personal network firewalls and host-based intrusion detection to reduce risk.

• ORGANIZATION will not maintain either inbound modem pools or dialup services. No unauthorized connections either to or from ORGANIZATION networks is allowed.

• Wireless networking refers to wireless local area networks (WLANs) connected ORGANIZATION owned or managed networks. The Security department will maintain an approved standard for wireless data networking access, designed to provide adequate security protection.

  • WLANs will be treated as untrusted network perimeters and therefore be segregated by firewalls.

  • WLANs must support approved authentication and cryptographic methods.

  • WLANs should support Network intrusion detection and prevention systems.

• All communication protocols and messaging systems traversing the ORGANIZATION perimeter will be subject to automated inspection for malware, policy violations, and unauthorized content.

  • The IT department and the Security department will share responsibility for managing messaging security. ORGANIZATION will analyze and filter messages to detect and prevent the spread of malware. ORGANIZATION will perform this filtering before the message is delivered to the recipient.

  • ORGANIZATION will not allow unencrypted file transfers of confidential data via messaging systems. Users must only use approved encryption methods and hardware/software systems for message security.

Network Security Standards

In addition to the standards mentioned in the policy, here are few more standards you may want to consider for network security:

• Network security and hardening standards for virtualized networks and default guest images. If you use public cloud systems, you should have an additional set of standards on how those cloud systems should be accessed and configured.

• Detailed network hardening standards for network devices that include things like disabling unused jacks (to prevent unauthorized people from just plugging into your network) and turning off unnecessary UDP network services on the perimeter (to prevent them being used for reflection attacks).

• Standards describing network access control lists used internally or externally.

  • Externally, do you block certain countries by registered country IP address? If so, who determines the list and how is it updated?

  • Can you use internal access control list to ensure that access to scoped networks only occurs from jump hosts? The implementation of jump hosts is discussed in more detail later in this chapter.

  • Can you use access control lists to do least privilege, such as segregating voice and data networks?

• Standards describing administrative access. What services are allowed (SSH but not Telnet)? Which encryption modes are required? Which networks are allowed access and which are not? What are the requirements to segregate out-of-band management networks from the main network? Should administrators have separate authorized accounts for administrative work?

Network Security Procedures

There should be procedures to go with all of these policies and standards. The following are a few to consider:

• Quarterly vulnerability scanning procedures

• Quarterly firewall rule reviews to ensure that temporary rules are removed, bad rules are cleaned up, and only approved rules are in place

• Periodic MAC address inventory sweeps of the network to ensure that no unknown devices have been added to the network

• Periodic wireless network scans to look for rogue wireless access points and cross-connections that aren’t firewalled

Firewalls

There was a time long ago when the entire job of the IT security role was managing the firewall. Most of that job entailed explaining to users why their applications failures were not caused by the firewall but by faulty or poorly documented software. Firewalls have gotten more sophisticated and commoditized and so have IT security roles, but users still do blame the firewall occasionally for application failures. C’est la vie.

Firewalls are such a critical control that PCI DSS devotes the entire first control objective to firewall management. Firewalls control access between zones of differing levels of trust or as a partition to block the lateral spread of compromise (back to the original definition of physical firewalls). Usually this means keeping the bad people from the Internet out of the internal network, but they can also be used block off access to the scoped environment from the rest of the organization. Over the years, firewall technology has gotten so advanced and cheap that firewall functionality can be found in most internal switching devices.

Firewall technology covers a range of different types of systems. The simplest firewall is a packet filter, which can be easily configured with open source software.¹⁸ Most firewalls also do network address translation (NAT ), so that you can use a small number of live Internet addresses to translate to a larger range of internal RFC 1918 addresses. Packet filter firewalls work on a packet-by-packet basis, so they aren’t so useful for sophisticated attacks that spoof TCP connections. The next step up is stateful inspection firewallsthat check that packets and protocols aren’t being spoofed. Stateful firewalls also do some limited packet reassembly to try to ascertain what kind of traffic is flowing through them. Some stateful firewalls can do rule matching on the data streams to try to filter out known attacks or alert on suspicious behavior.

The most secure firewalls are the proxy firewalls , which use software listeners to accept connections on one side of the firewall and fully deconstruct connections before rebuilding them on the other side. Proxy firewalls strictly enforce protocol standards, as they aren’t just inspecting traffic but rebuilding connections from scratch on the other side. It gives the firewall tremendous control over what is passing through it. This is why you often see proxy firewalls in place in medical, financial, and military networks.

Proxy firewalls come at a cost, as they can be slower and more unforgiving than other firewalls. If a particular software application doesn’t fully conform to documented protocol standards and needs to pass through a proxy firewall, it will not work. Cases like these do come up and require firewall engineers to downgrade proxy connections to stateful inspection. Another limitation of proxy firewalls is that the proxy needs to be written to the specification. For example, the protocols for e-mail, domain name services, file transfer, and web traffic are very well known so you can expect intelligent secure proxies to be developed for them. If a new protocol is needed and no proxy is available, then a stateful connection needs to be used.

When looking at firewalls, there are independent organizations that test and certify firewalls. Two organizations to look at are ICSA Lab Certified firewalls¹⁹ and Common Criteria Certified Boundary Protection²⁰ devices.

IDS/IPS

Intrusion detection systems (IDS) work just like sniffers, but for defense. They are software that either sniffs network traffic or acts as a gateway that traffic passes through. Many intrusion detection systems are integrated into firewall appliances, since the firewall already has direct access to all the Internet traffic. The IDS examines the traffic and pattern matches on known attacks and attack behaviors, sounding an alarm when something is detected. In this way, they work much like antivirus software, with an updating signature list of known attacks.

IDS has also evolved into intrusion prevention systems (IPS), where the system blocks a network stream as soon it detects an attack. IPS must be in a position to block network traffic for them.

Some IDS/IPS support subscriptions to IP address reputation lists, so you can monitor or block connections to known sketchy sites and stop problems that don’t have signatures yet.

The key thing to remember about IDS/IPS is they work primarily off lists of known attacks, so they’re useful for scraping off the top layer of sewage flowing into your network, but they won’t capture everything. They are only as good as their signature lists and those lists usually at least 24 hours behind the latest threat. Some IDS/IPS software packages allow you to write your own signatures, which is handy in emergencies or customizing signatures for your environment.

One big value of an IDS/IPS is since they clear away the Internet background radiation of scans and attacks, you can focus on the really dangerous threats. The second value of an IDS is to give you a network-eye view of what’s going on on your network and what threats you might be facing. As you study IDS logs and alerts, you will see probes, port scans, exploit attempts, and all kinds of suspicious behavior. Over time, you’ll get an idea about what should be normal for your organization and industry, so that when the threat level changes, you’ll have some warning. All of this entails spending time and resources on examining IDS data. There are many tools and visualization systems that can help with this. They all cost something in terms of time or money (or both). The real cost is the expertise and time invested in training or hiring people with strong skills in both network technology as well as network attacks.

When I was a consultant, I used to talk to organizations about IDS deployments. I would ask them if they were currently reviewing their firewall and web logs. When they said no (because they always did), I asked them how they felt about adding another system that would generate more logs for them to ignore. I’ll say it bluntly: The value of an IDS/IPS is in the expertise and resources you put into using it. It is not a fire-and-forget control. For some organizations, this is such a burden that they pay an outsourced organization to watch their IDS logs for them and call if they see a real problem.

Transmission Encryption

Encryption is a good control to counter the threats of sniffing, spoofing, and man-in-the-middle. The encryption most normal people think of is called symmetric encryption, where a code key is used to both scramble up a message and descramble it. This is called encrypting plaintext data into ciphertext data. Since you use the same code key to encode as you to decode, you need to keep this code key a secret.

The problem arises if you have to exchange code keys over an untrusted network without meeting in person. Here’s an old riddle: a prince is fighting a civil war. He needs to send a message to his one trusted Duke in a nearby castle, but there are traitors everywhere in his kingdom. He commissions a special iron box from his master blacksmith, DiffieHellman. This box has a big iron rings on the lid and case to affix locks onto. He puts his message in it, and then locks it with a padlock that only he has the key to (see Figure 17-3).

Figure 17-3. DiffieHellman’s Iron Box with the Prince’s lock

He summons his fastest rider, Squire Internet. He doesn’t really trust Squire Internet, but he has no choice. He gives the locked chest to the Squire and tells him to take it to the Duke. Upon receiving the box, the Duke smiles, as he knows what to do. He snaps a second lock onto the chest ring, one that only the Duke has the key to open (see Figure 17-4).

Figure 17-4. The box with both the Prince’s and the Duke’s lock

He hands the box back to Squire Internet and tells him to return it to the Prince. The Squire shrugs and rides back to the castle. Upon receiving the Squire, the Prince unlocks his padlock and tells the Squire to ride the box back to the Duke (see Figure 17-5).

Figure 17-5. The box with just the Duke’s lock

Upon receiving the box a second time, the Duke can open his lock, safely knowing that no one but the Prince ever had access to the message.

This method works well for solving riddles and as an analogy for public key cryptography. Instead of a single shared secret key between two individuals, public key cryptography uses two pairs of keys for each participant. The key pair consists of a private key and a public key. The public and private keys are mathematically derived to be related to each other, but it is unfeasible to figure the private key from the public.²¹

In the Prince/Duke example, the public key functions as the lock and the private key unlocks the lock. Each participant has a public key that other participant can use to encrypt, but not decrypt, messages. So when setting up a communications channel over an untrusted network, like the Internet, participants sends their private key to the other. They can then use each other’s public keys to send messages that only the other can read. Usually, these messages are the code keys, called symmetric keys, which are used to both encrypt and decrypt messages. These symmetric keys only keep data confidential as long as they remain secret to outsiders, but public key cryptography gives us a way to safely exchange them. Therefore, anyone wanting to receive encrypted information just publishes their public key to anyone who wants it. This is how secure HTTPS web servers work, with their public key being wrapped up inside of a certificate. We’ll get to what that means in a minute.

Our analogy breaks down a bit because in public key cryptography, the keys can work in both directions. Not only can the private key decrypt things enciphered with the public key, but the public key can decipher things encrypted with the private key. However, public keys can’t decrypt things encrypted with other public keys. It only works within the pair. This gives us a useful new application: these key pairs can also be used to verify their counterpart. This is where digital signatures come from. If I take a hash of a message, which you may recall is a mathematical fingerprint of the file, and then I encrypt that hash with my private key and the other person’s public key. Now I send out that encrypted hash as a digital signature with the original message. Someone who gets my message can take their own hash of the received message. If they have my public key, they decrypt the signature with my public key and compare the hashes. If the hashes match, then they know (a) the file hasn’t been altered and (b) it had to come from me since only I have the private key. Viola, the file is authentic.

Virtual Private Networks

Another major use of network encryption (and public key cryptography) is with Virtual Private Networks or VPNs. A VPN encapsulates or tunnels network traffic inside an encrypted connection to the other end of the VPN tunnel. Users on the VPN appear to have a direct link to the things on the other side of the tunnel. To everyone else, all they see is an encrypted network stream passing back and forth. This means VPNs ideal for connecting remote sites and untrusted networks to your organization without the cost or hassle of wiring up direct lines.

Figure 17-6. A VPN tunnel over the Internet

Both sides of the VPN connection must be running compatible software and have the same encryption settings. The VPN software can run locally on a computer as a VPN client or within a server as a VPN gateway. VPN software is available in almost every commercial firewall and most of them are compatible with each other. Many VPNs also have firewall capability within the tunnel itself, which is very useful. Remember least privilege. Give connections just the access they need and no more. You can use firewall access control rules to manage access by destination host and allowed service through the tunnel. Some VPN solutions can even allow IDS scanning of tunnel traffic, which is a nice extra control to have on those remote connections.

One downside of VPNs is that they are completely dependent on a network to flow over. If you are using VPNs over the Internet to link up your remote offices, a denial-of-service attack or Internet outage means a loss of the VPN. Organizations that really put Internet providers or telco companies in their significant threat list run VPNs over their leased lines to remote sites. This significantly reduces the risk of eavesdropping from the telecommunication providers or national government intelligence agencies.

VPNs come in a variety of flavors, but the most common contemporary types are IPsec and SSL, although almost any persistent communication channel can be used for a VPN (e.g., SSH). IPsec VPNs are based on IPv6 and are pretty much the standard for network-to-network connections. They can require some work to set up, as there are half a dozen settings to make sure match on both sides of the tunnel. IPsec VPNs also require several different network services (protocols and ports), which can make them hard to run from behind firewalls. SSL VPNs are web-based and actually now use TLS encryption since SSL has been deprecated. SSL VPNs are lightweight and work over the web HTTPS service. They are often used as remote access connections for road warriors who need the flexibility and ease of use. With remote access VPNs, you can usually tie whatever authentication systems you have in your organization to the remote connection. Since they are accessing your network from parts unknown, stronger authentication standards should apply. Using two-factor authentication for VPN connections into scoped networks is prudent and required for PCI DSS.