Category Index:
/pub/doc/network Category Index:
/pub/doc/network
No Pointing!Arto T.Karila,
Open System Security - an Architectural Framework
Abstract: This Ph.D Dissertation bring a semi-formal model
for the security of communications between peer entities within
an OSI layer and between entire application instances.
Robert T. Morris,
A Weakness in the 4.2BSD Unix TCP/IP Software
Abstract: The 4.2 Berkeley Software Distribution of the
Unix operating system (4.2BSD for short) features an extensive
body of software based on the "TCP/IP" family of protocols. In
particular, each 4.2BSD system "trusts" some set of other
systems, allowing users logged into trusted systems to execute
commands via a TCP/IP network without supply* ing a password.
These notes describe how the design of TCP/IP and the 4.2BSD
imple* mentation allow users on untrusted and possibly very
distant hosts to masquerade as users on trusted hosts. Bell Labs
has a growing TCP/IP network connecting machines with varying
security needs; perhaps steps should be taken to reduce their
vulnerability to each other.
Matt Blaze, John Ioannidis,
The Architecture and Implementation of Network-Layer Security
UnderUnix
Abstract: swIPe is a network-layer security protocol for
the IP protocol suite. This paper presents the architecture,
design philosophy, and performance of an implementation of swIPe
under several variants of Unix. swIPe provides authentication,
integrity, and confidentiality of IP datagrams, and is completely
compatible with the existing IP infrastructure. To maintain this
compatibility, swIPe is implemented using an encapsulation
protocol. Mechanism (the details of the protocol) is decoupled
from policy (what and when to protect and key management). swIPe
under Unix is implemented using a virtual network interface. The
parts of the implementation that process incoming and outgoing
packets are entirely in the kernel; parameter setting and
exception handling, however, are managed by user-level processes.
The performance of swIPe on modern workstations is primarily
limited only by the speed of the underlying authentication and
encryption algorithms; the mechanism overhead is negligible in
our prototype.
Steven M. Bellovin,
A Best-Case Network Performance Model
Abstract: Network performance measures usually focus on
average throughput. We, however, were concerned with best-case
behavior: how fast could a packet traverse the network if there
were no contention for resources. By subtracting the path time to
a node from the path time through the node, we were able to
develop a simple best-case delay model. This model was sensitive
enough to determine the board-level configuration of a router 750
miles away.
Kannan Varadhan,
OARnet Security Procedures
Abstract: This document discusses a variety of possible
measures to enhance network security for an organization
intending to connect to a regional network. These are just
general principles for building firewalls and security. Absolute
solutions are possible only when exact configurations are
available, and are outside the scope of this document.
Hiarie Orman, Sean O'Malley, Richard Schroeppel, David Schwartz,
Paving the Road To Network Security or the Value of Small
Cobblestones
Abstract: The methods demonstrated in this paper
illustrate how configuration flexibility can be achieved and how
complex services can be constructed, all using the same building
block modules.
Steven M. Bellovin,
Packets
Found on an Internet
Abstract: As part of our security measures, we spend a
fair amount of time and effort looking for things that might
otherwise be ignored. Apart from assorted attempted penetrations,
we have also discovered many examples of anomalous behavior.
These range from excessive ICMP messages to nominally local
broadcast packets that have reached us from around the
world.
S.M. Bellovin,
Security Problems in the TCP/IP Protocol Suite
Abstract: The TCP/IP protocol suite, which is very widely
used today, was developed under the sponsorship of the Department
of Defense. Despite that, there are a number of serious security
flaws inherent in the protocols, regardless of the correctness of
any implementations. This paper describes a variety of attacks
based on these flaws, including sequence number spoofing, routing
attacks, source address spoofing, and authentication attacks. It
also presents defense against these attacks, and conclude with a
discussion of broad-spectrum defenses such as encryption.
David K. Hess, David R. Safford, Udo W. Pooch,
A Unix Network Protocol Security Study: Network Information
Service
Abstract: This paper is a study of the security weaknesses
present in a widely used Unix network protocol, Network
Information Service(NIS).
The Office of
Technology Assessment (OTA),
INFORMATION SECURITY AND PRIVACY IN NETWORK
ENVIRONMENTS
Abstract: Information technologies are transforming the
ways we create, gather, process, and share information. Computer
networking is driving many of these changes. But the
transformation brought about by networking also raises new
concerns for the security and privacy of networked information.
If these concerns are not properly resolved, they threaten to
limit networking's full potential, in terms of both participation
and usefulness. Thus appropriate institutional and technological
safeguards are required for a broad range of personal,
copyrighted, sensitive, or proprietary information. The OTA
report on Information Security and Privacy in Network
Environments examines policy issues in three areas: 1)
cryptography policy, including federal information processing
standards and export controls; 2) guidance on safeguarding
unclassified information in federal agencies; and 3) legal issues
and information security, including electronic commerce, privacy,
and intellectual property.
Matt Bishop,
A Security Analysis of the NTP Protocol
Abstract: The Network Time Protocol is being used
throughout the Internet to provide an accurate time service. This
paper examines the security requirements of such a service,
analyzes the NTP protocol to determine how well it meets these
requirements, and suggests improvements where appropriate.
Alec
Muffett,
Alec Muffett '95 USENIX Security Symposium Presentation
Slides
Keywords: AutoHack, WanHack, USENIX, Presentation
Abstract: These are the (slightly bugfixed) slides from my
presentation at the USENIX Security Symposium in June 1995; they
were done in "xfig" and seem to have problems under *some*
PostScript Browsers.
Alec
Muffett,
WAN-hacking with AutoHack, Auditing security behind the
firewall
Keywords: audit, wan, firewall, wanhack
Abstract: This paper is a review of an ongoing project to
simplify security auditing of the world-wide TCP/IP network of
some thirty thousand hosts, internal to Sun Microsystems. The
paper also examines the issues which this project raises; it
details the conception, design, development of, and one year's
results gathered from, AutoHack, a tool specially created to
probe, audit, and produce security reports for, a TCP/IP network
of this size..
Greg Miller,
A Few Attacks on the Zero Knowledge State In Novell's
NetWare
Keywords: Novell Netware, cryptographic attack,
zero-knowledge proof, Man in the middle attack, Chessmaster
attack
Abstract: Novell's NetWare has employed a number of
security measures to ensure the protection of data on both the
workstation and the server. However, a few design flaws allows
even the most secure version of NetWare (NetWare 4.0) to fall to
attacks. The attacks employed have been well known throughout the
cryptographic community for several years. The features Novell
has added include packet signatures and two different elaborate
login protocols (one for NetWare 3.x and one for 4.x). I will
show that these added features fail to provide the security they
intend to as well as feasible means of implementing the attacks
on a NetWare internetwork.
David
A. Curry, Samuel D.
Kimery, Kent C. De La
Croix, Jeffrey R. Schwab,
ACMAINT:
An Account Creation and Maintenance System for Distributed UNIX
Systems
Abstract: ACMAINT is a network-based, centralized database
system used to manage computer account creation and maintenance
on the Purdue University Engineering Computer Network. ACMAINT
allows the system administrator to perform account-related
admintrative chores for any machine on the network from any
attached system. Using ACMAINT, the system adminstrator can
create new user accounts, add or delete accounts for existing
users, change the global or per-account information associated
with a user, place a message on a user's accounts, and enable or
disable a user's accounts. Group information and mail aliases are
managed in a similar fashion. ACMAINT utilizes a central
database, stored on a single network machine, which contains a
copy of all data under ACMAINT's control. The system
administrator makes changes to the database via a network server
running on the database machine, which in turn makes changes
around the network via the use of another network server which
runs on each machine. Programs which read, but do not write, the
standard UNIX system databases such as the password file do not
need to be modified to work with ACMAINT. Programs which write
the standard databases must be modified or rewritten to converse
with the ACMAINT database server. ACMAINT operates transparently
to the user, uses minimal network and system resources, and can
be used with binary-only UNIX systems.
Matt Blaze,
NFS Tracing By Passive Network Monitoring
Abstract: Traces of filesystem activity have proven to be
useful for a wide variety of purposes, rang- ing from
quantitative analysis of system behavior to trace-driven
simulation of filesystem algo- rithms. Such traces can be
difficult to obtain, however, usually entailing modification of
the filesystems to be monitored and runtime overhead for the
period of the trace. Largely because of these difficulties, a
surprisingly small number of filesystem traces have been
conducted, and few sample workloads are available to filesystem
researchers. This paper describes a portable toolkit for deriving
approximate traces of NFS [1] activity by non-intrusively
monitoring the Ethernet traffic to and from the file server. The
toolkit uses a promiscuous Ethernet listener interface (such as
the Packetfilter[2]) to read and reconstruct NFS-related RPC
packets intended for the server. It produces traces of the NFS
activity as well as a plausible set of corresponding client
system calls. The tool is currently in use at Princeton and other
sites, and is available via anonymous ftp.
S. M. Bellovin, Pseudo-Network
Drivers and Virtual Networks
Abstract: Many operating systems have long had
persudo-teletypes, inter-process communication channels that
provide terminal semantics on one end, and a smart server program
on the other. This paper describes an analogous concept,
pseudo-network drivers. One end of the driver appears to be a
real network device, with the appropriate inerface and semantics:
data writen to it goes to a program, however, rather than to a
physical medium. Using this and some auxiliary mechanisms, the
author present a variety of applications, including system test,
network monitoring, dail-up TCP/IP, and ways to both improve and
subvert network security.
S.M. Bellovin,
Pseudo-Network Drivers and Virtual Networks
Abstract: Many operating systems have long had
pseudo-teletypes, inter-process communication channels that
provide terminal semantics on one end, and a smart server program
on the other. We describe an analogous concept, pseudo-network
drivers. One end of the driver appears to be a real network
device, with the appropriate interface and semantics; data
written to it goes to a program, however, rather than to a
physical medium. Using this and some auxiliary mechanisms, we
present a variety of applications, including system test, network
monitoring, dial-up TCP/IP, and ways to both improve and subvert
network security. Most notably, we show how pseudo-network
devices can be used to create virtual networks and to provide
encrypted communications capability. We describe two
implementations, one using a conventional driver for socket-based
systems, and one using stream pipes for System V.
Christoph
L. Schuba, Eugene
H. Spafford,
Addressing Weaknesses in the Domain Name System
Protocol
Abstract: This paper describes problems with the DNS and
one of its implementations that allow the abuse of name based
authentication, also outlines the current design and
implementation of the DNS, demonstrates these weaknesses by
describing the necessary modifications in authoritative DNS data
and Domain Name System code.
Christoph
L. Schuba, Eugene
H. Spafford,
Countering Abuse of Name-Based Authentication
Abstract: This paper describes problems of name-based
authentication requiring late binding such as that provided by
the DNS for host-name-to-address associations. It states the
problem in an abstract way and in concrete case of the DNS, also
analyzes the conditions that facilitate the exploitation of the
problem and explains the weakness that are present in the DNS,
then explores some possible solutions to the problem.
S. M. Bellovin, The
"Session Tty" Manager
Abstract: In many Unix systems, it is possible for a
program to retain access to the login terminal after the user has
logged out. THis poses obvious security rishs and can also
confuse the modem control signals. People solve this for System V
by adding a layer of indirection known as the session tty driver.
At login time, a session device is linked to the physical
terminal. User program have access to the session device only,
and may not open the physical line. Upon logout or carrier drop,
the link is servered. New login sessions are given new session
devices is controlled by a new system process known as the
session manager, by means of suitable plumbing primitives, a
'reconnect after line drop' facility can easily be
implemented.
David R. Safford, David K. Hess, Douglas Lee Schales, Secure
RPC Authentication (SRA) for TELNET and FTP
Abstract: TELNET and FTP currently exchange user
authentication (passwords) in plain text, which is easily
eavesdropped. Several techniques, such as Kerberos and SPX, have
been proposed in draft RFCs to implement secure authentication.
These techniques, however, have several drawbacks, including
technical complexity, poor vendor support, and organizational
problems. This paper presents SRA, a very simple and tested
technique based on Secure RPC which, while certainly not as
strong as RSA, is reasonably strong, fast, and trivial to
implement immediately for both inter and intra domain
communication.
Dennis Draheim, Barton Miller, Steven Snyder, A
Reliable and Secure UNIX Connection Service
Keywords: reliable, connection, distributed programs,
authentication, network
Abstract: Distributed programs require a method for
processes residing on different machines to identify each other
and establish communication. One method is to provide a special
connection service to perform this task. A good connection
service should be easy to use. It should allow arbitrary
processes to connect to each other as well as helping client
processes to connect to server processes. It should provide
location transparency; that is, the programmer should not have to
know the network address of a process to connect to it. The
connection service should be reliable. It should provide a way
for a process to establish the iden tity of the user associated
with the process to which it has connected, and to communicate
securely with that process. We have implemented a connection
service for Berkeley UNIX that is reliable, available, secure,
and easy to use. The connection service achieves ease of use
through a simple interface based on the library routine meet.
Meet allows one process to connect to another by specifying
arbitrary names for itself and the other process. The connection
service imposes no naming conventions of its own so it can be
used with most name spaces and naming services. . The service is
location-transparent. It also provides a routine for posting
services.
Wietse
Venema,
TCP WRAPPER Network monitoring, access control, and booby
traps.
Abstract: This paper presents a simple tool to monitor and
control incoming network traffic. The tool has been successfully
used for shielding off systems and for detection of cracker
activity. It has no impact on legal computer users, and does not
require any change to existing systems software or configuration
files. The tool has been installed world-wide on numerous UNIX
systems without any source code change.
Ramon Caceres, Peter B. Danzig, Sugih Jamin, Danny J. Mitzel , Characteristics
of Wide-Area TCP/IP Conversations
Abstract: In this paper, we characterize wide-area network
applications that use the TCP transport protocol. We also
describe a new way to model the wide-area traffic generated by a
stub network. We believe the traffic model presented here will be
useful in studying congestion control, routing algorithms, and
other resource management schemes for exis future networks. Our
model is based on trace analysis of TCP/IP wide area internetwork
traffic. We collected the data from USC, UCB and Bellcore
networks at the point they connect with their respective regional
access networks. We then wrote a handful of programs to analyze
the traces. Our model characterizes individual TCP conversations
by the distributions of: number of bytes transferred, duration,
number of packets transferred, packet size, and packet
interarrival time.
National Computer
Security Center,
Trusted Distribution
Abstract: This publication is issued by the National
Computer Security Center(NCSC) as part of its program to
promulgate technical computer security guidelines. The
interpretations extend the evaluation classes of the Trusted
Systems Evaluation Criteria (DOD 5200.28-STD) to trusted network
systems and components.
National Computer
Security Center,
A Guide to Understanding Trusted Distribution in Trusted
Systems
Abstract: This document is the latest in the series of
technical guidelines that are being published by the National
Computer Security Center. These publications are designed to
provide insight to the Trusted Computer Systems Evaluation
Criteria requirements and guidance for meeting each
requirement.
Built by Mark Crosbie
and Ivan
Krsul.
Security Archive Homepage.
Purdue CS Dept page.
