Security Issues in IPV6

Following are some security issues in IPv6.

• Security practitioners need education/training on IPv6.

IPv6 will come to the networks under administrator's control – it's only a matter of time. As with any new networking technology, it's essential that admins learn the basics of IPv6, especially the addressing scheme and protocols, in order to facilitate incident handling and related activities.

• Security tools need to be upgraded.

IPv6 is not backwards compatible. The hardware and software used to route traffic across networks and perform security analyses won't work with IPv6 traffic unless they are upgraded to versions that support the protocol. This is especially important to remember when it comes to perimeter-protection devices. Routers, firewalls and intrusion-detection systems may require software and/or hardware upgrades in order to "speak" IPv6. Many manufacturers already have these upgrades available. For example, Cisco networking devices support IPv6 as of IOS release 12.0S.

• Existing equipment may require additional configuration.

The devices that do support IPv6 typically treat it as an entirely separate protocol (as they should). Therefore, the access control lists, rule bases and other configuration parameters may need to be reevaluated and translated to support an IPv6 environment. Contact the appropriate manufacturers for specific instructions.

• Tunneling protocols create new risks.

The networking and security communities have invested time and energy in ensuring that IPv6 is a security-enabled protocol. However, one of the greatest risks inherent in the migration is the use of tunneling protocols to support the transition to IPv6. These protocols allow the encapsulation of IPv6 traffic in an IPv4 data stream for routing through non-compliant devices. Therefore, it's possible that users on the network can begin running IPv6 using these tunneling protocols before admins are ready to officially support it in production. If this is a concern, block IPv6 tunneling protocols (including SIT, ISATAP, 6to4 and others) at the perimeter.

• IPv6 autoconfiguration creates addressing complexity.

Autoconfiguration, another interesting IPv6 feature, allows systems to automatically gain a network address without administrator intervention. IPv6 supports two different autoconfiguration techniques. Stateful autoconfiguration uses DHCPv6, a simple upgrade to the current DHCP protocol, and doesn't reflect much of a difference from a security perspective. On the other hand, keep an eye on stateless autoconfiguration. This technique allows systems to generate their own IP addresses and checks for address duplication. This decentralized approach may be easier from a system administration perspective, but it raises challenges for those of us charged with tracking the use (and abuse!) of network resources.

• Effective rate limiting is hard to achieve

Rate limiting is a straightforward tactic which is probably use to protect the network from automated attack tools. This works on IPv4 networks, making automated attacks less likely to succeed or harder to launch by forcing hackers to deliberately slow their automated attack tools, or to use multiple hosts from which to launch attacks on the network.

The tactic doesn't really work on IPv6 networks. That's because IPv6 networks are so vast that it's impractical to rate limit at the 128-bit address level, Vyncke pointed out. In any case, hackers may be allotted millions or even billions of IPv6 addresses, meaning that to rate limit effectively admins would need to limit addresses at the 48-bit or 64-bit level. Right now it's simply not clear what practical approach should be used to provide the same level of protection. "The industry has yet to learn how to do it," Vyncke warned.

• Reputation-based protection does not (yet) exist

Many security software vendors use the reputation of IP addresses to filter out malicious websites that are known sources of malware. While reputation systems for IPv4 addresses already exist, it's a bit of a chicken-and-egg situation when it comes to IPv6. No one has established an IPv6 reputation database, so no one is using reputation-based security with IPv6 addresses -- and therefore no one is building a reputation database. It's something the security industry will surely eventually adopt, but for now it’s a missing piece in the security puzzle.

• Logging systems may not work properly

The key feature of IPv6 is that it uses 128-bit addresses, which are stored as a 39-digit string. IPv4 addresses, on the other hand, are written in the form 192.168.211.255 and may therefore be stored in a 15-character field. If the logging systems expect 15-character IP addresses, they may crash when they encounter "monster" 39 -digit IPv6 addresses (creating possible buffer overflow error-related security problems) or they may only store only the first 15 characters, rendering the logged information useless. The only solution is to upgrade all the logging systems to support IPv6 addresses.

• IPv6 may run by default

Although admins may think that they are running an IPv4-only data center, with IPv4-only IDS, monitoring and so on, but IPv6 could be activated and running without knowledge. That's because in some circumstances (such as an attacker on the network sending router advertisements), devices on he network can start communicating with each other by default over IPv6 using link-local addresses. (For more information, see the IETF Rogue IPv6 Router Advertisement Problem Statement.) "Your IDS will see none of this traffic, so you should definitely upgrade it to IPv6 now, and make sure that its operators are trained to use IPv6," warned Vyncke.

• SIEM systems may not work properly

Another problem with IPv6 is that every host -- inside or outside the network perimeter -- can have multiple IPv6 addresses simultaneously. This is not usual in the IPv4 world, and it can cause serious problems. "For example, how do admins know by looking at the logs that different entries refer to the same host?" asked Vyncke. In order to make sense of logs it is needed to be able to correlate addresses to hosts, but Vyncke warned that thus far no SIEM system fully supports IPv6 fully. It may support it at the network level, for example, but the correlation engine may not.

• Simple log analysis using grep won't work

Yet another problem is that the same IPv6 address can be written in multiple ways, for example: 2001:0DB8:0BAD::0DAD

or

2001:DB8:BAD:0:0:0:0:DAD

or

2001:db8:bad::dad (this is the canonical RFC 5952 format)

As a result, a grep search through the log files is not going to work as before. If devices log in using different IPv6 formats, it may have to reconfigure the way they log or change the way it is search to catch all the information in the logs about a device.

References:

[1]Security on IPv6 by Dequan Yang et al - IEEE Advanced Computer Control (ICACC), 2010 2nd International Conference on (Volume:3 )
[1]Global Information Assurance Certification Paper- SANS Institute.
[2]Understanding Data Security - Trends and Predictions -By Paul Rubens October 18, 2012
http://www.esecurityplanet.com/network-security/7-ipv6-security-risks.html

Improving network reliability of Wireless Sensor Networks

When talking about network reliability, we should consider the different types of networks as well. For example, Wireless Sensor Networks (WSNs) have the potential of revolutionizing the way wireless technology has been used over the decades.Monitoring critical structures such as high speed railway bridges 

requires the monitoring network to be highly reliable. However, there is still a lack of reliability studies of WSNs since,

• No attempt to define an accurate fault model from experimental evidence.
• Fault forecasting methodologies have never been applied to WSNs. 
• The majority of research results are proved by means of simulation. 
• No attempt to make the sensor nodes intelligent enough to recall the information of interest despite of corrupted signal sensed at the destination and hence to enhance the reliability of communication

Reliability in WSN reflects a functional unit’s ability to meet performance specifications over a specified period of time and this is often expressed as a probability or mean time to failure (MTTF). Factors affectio the reliablity in WSNs are as follows.

• Hardware failure
• Inappropriate communication scheme 
• Constrained resources in sensor nodes 
• Error prone wireless communication medium

Various models and techniques are used to improve reliability in WSNs.

1) Clustering is a key technique used to extend the lifetime of a sensor network by reducing energy consumption. Sensor nodes are considered to be homogeneous since the researches in the field of WSNs have been evolved, but some nodes may be of different energy to prolong the lifetime of a WSN and its reliability.

2) Also routing algorithms have been proposed for real-time wireless sensor networks using a hybrid algorithm that can increase reliability and network lifetime criterions[1]

3) A Reliability framework also build for data transport based on the different operational phases of the WSN protocols. For this, a fault model was established to capture the possible failures along with generalized data transport and reliability semantics and also developed a reliability block model based approach that exploits the decomposition of the complex data transport problem into operations and simplifies the investigation of the overall reliability of data transport. [2]

References
[1] Sanaz Naziri, Majid Haghparast and Somayeh Hasanpoor, “Improving Lifetime and Reliability in Routing Real-Time Wireless Sensor Networks based on Hybrid Algorithm” at Australian Journal of Basic and Applied Sciences, 5(9): 1105-1109, 2011

[2] Faisal Karim Shaikh, Abdelmajid Khelil and Neeraj Suri, “On Modeling the Reliability of Data Transport in Wireless Sensor Networks”, in IEEE international conference in parallel, distribute and network based processing, pp. 395-402, 2007

Information Security Management System

An information security management system (ISMS) is a set of policies and procedures for systematically managing an organization's sensitive data. The goal of an ISMS is to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach.

ISO 27001 is a specification for creating an ISMS. It does not mandate specific actions, but includes suggestions for documentation, internal audits, continual improvement, and corrective and preventive action.

Chief objective of Information Security Management is to implement the appropriate measurements in order to eliminate or minimize the impact that various security related threats and vulnerabilities might have on an organization. In doing so, Information Security Management will enable implementing the desirable qualitative characteristics of the services offered by the organization (i.e. availability of services, preservation of data confidentiality and integrity etc.).

The expertise, which are necessary to implement these steps :

1.       Define ISMS Scope

Management defines the scope and the boundaries. Implementing an ISMS is an investment. Deciding and defining the scope must be done at the strategic level of the organization to ensure returns on investment.

2.       Define ISMS Policy

Normally this is done by an ISMS Cleints in consultation with ISMS Project team (composed of representatives from the scope). Draft ISMS Policy is then shoved up management's desks for review and approval.

3.       Define a Risk Assessment approach

If you have a consultant, the consultant may do this for you unless you do some research and litmus test on the various risk assessment methods to decide which fits your organization.

4.       Identify Risk

Asset owners or penetration tester if you have one.

5.       Analysis and evaluate risk

Asset owners.

6.       Perform risk treatment

Asset owners.

7.       select control objectives and control

Asset owners.

8.       Prepare a Statement of Applicability

ISMS Clients

9.       Approve residual risks

Management.

10.   Implement controls

Asset owners. Managers. To some extent this includes everybody in the defined scope. E.g. anyone using an anti-virus software, anyone closing the door at night, etc.

11.   Carry out training and awareness

Human resources for generic IS training and awareness. Members of the ISMS Project Team for more focused training per business unit.

12.   Manage Operations of the ISMS

ISMS Project Team and ISMS Clients

13.   Manage Resources

ISMS Clients

14.   Implement detective and reactive controls for security incidents

Depends on the security incident. In my recent project, physical incidents are managed by the Facilities Department. IT-related incidents by the IT.

15.   Monitor procedures and controls

Process owners and asset owners

16.   Review ISMS regularly

Internal ISMS auditors. External ISMS auditors. ISMS Clients. Risk owners. Asset owners. Management.

17.   Carry out improvement measures

ISMS Clients.

18.   Communicate the action that has been taken

Action owner.

 Firewall Policies for a Software Development Company

Major goal of Software Development Company is to design, develop and distribute software applications, framework or platform which belongs to interested domains such as finance, security, travel and tourism, healthcare, public services etc.  Different roles associated with software development company are as follows.

• Software Development Team (Software Architects, Engineers, Developers, QA Engineers, Business Analysts, Project Managers)
• Software Deployment and Support Team (Deployment Engineers, App Support Team)
• Enterprise Management (CEO, HR personnel)
• Marketing and Sales Team
• Customers and Clients

Depending on the nature of the business and the above stakeholders, the different segments of network design of Software Development Company can be listed as follows.

• Wired LAN for enterprise users
• Wireless LAN for mobile users
• Branch offices connect via WAN
• Server Rooms (File servers, Mail servers, App servers)
• Remote Data Centers and Server farms
• DMZ which interfaces with general public
• Home users connected via VPN
• Extranet for customers and clients

Before a firewall policy is created, some form of risk analysis should be performed to develop a list of the types of traffic needed by the organization and categorize how they must be secured—including which types of traffic can traverse a firewall under what circumstances.

Generally, firewalls should block all inbound and outbound traffic that has not been expressly permitted by the firewall policy. Which kind of traffic should be blocked can be defined by firewall policy and these policies which can be applied by software development organization can be categorized as follows.

• Policies based on IP address and Protocols

Network traffic can be blocked based on source and destinations address or protocols such as FTP, HTTP

• Policies based on applications

These policies provide application layer filtering and proxy server functionality.

• Policies based on user identity

Based on user authentication by using VPN,SSL etc.

• Policies based on network activity

Based on user activities on the network.

 References :
Karen Scarfone and Paul Hoffman,"Guidelines on Firewalls and Firewall Policy" ,In NIST Special Publication 800-41, Sept 2009
(http://csrc.nist.gov/publications/nistpubs/800-41-Rev1/sp800-41-rev1.pdf)

 Automated Threat Modelling

The threat modelling process describes here is a manual process where different personnel from software development life cycle should work together. Recently there are several research works have started on automating the threat modelling process. Security testing is also labor intensive because a real-world program usually has too many invalid inputs. Also it requires engineers to have deep software security skills to carry out some of the most important steps of this process, and training them on security is expensive. So researchers are interested in finding ways to partially or fully automate the threat modelling and security testing process.

In 2012, Guifre Ruiz et al. has proposed a new automated approach to analyze software designs to identify, risk rank and mitigate potential threats to the system. They have designed a new data structure to detect threats in software designs called Identification Tree and another new data structure to classify threat countermeasures called Mitigation Trees. The information of both of these data structures has been taken from several relevant security sources and standards. They have modeled and automated approach that relies on the these data structures to identify the potential threats to a system design, to purge the less relevant threats according to the user's policies, and computes the software specifications to mitigate those threats [1].

Microsoft also introduces a threat modelling tool called Security Development Life Cycle (SDL) Threat modeling tool. It makes threat modeling easier for all developers by providing guidance on creating and analyzing threat models [2].

While threat modeling can uncover the broad threats and vulnerabilities of an embedded system, it cannot mitigate those threats. To do so, development teams must practice defensive coding, engage in frequent code reviews, and perform penetration testing.

[1]. Guifre Ruiz et al.," Automating Threat Modeling through the Software Development Life-Cycle", Sep 2012(http://research.cs.wisc.edu/mist/papers/Guifre-sep2012.pdf)
[2]. SDL Threat Modeling Tool
http://www.microsoft.com/security/sdl/adopt/threatmodeling.aspx

Importance of Availability in computer security

Computer security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction. The most important goal of the computer security is protecting the confidentiality, integrity and availability of information. The availability of the information when it is needed, is a main objective of any computer system which is functioning properly. The computing systems are used to store and process the information and the security controls are used to protect that information from various kinds of misuse. To ensure the availability of the information, which in turn allow information systems to serve its purpose is lead to the concept of the fair use.

Fair use is a legal principle that provides certain limitations on the exclusive rights of secured data and information. To give all users optimum service, irrespective of network demand and the limitations of the system, the Fair Usage policy has come in to action. Fair Usage solution gives service providers and network operators the ability to dynamically manage system resources by enforcing fair usage policies and up-selling additional usage to subscribers or users who reach their thresholds. The solution allows network operators to control network congestion with opportunities to increase ARPU by up-selling services to heavy users. The Fair Usage solution, ensure profitability of the data services by enforcing limits on subscriber usage volume, while allowing subscribers to purchase or use additional volume when limits are reached and to have a fast, reliable and a superior quality service.

While allowing the users to access the networks or the computer systems, it is necessary to maintain the information and resources in secured way. So the users of the computer systems must respect the rights of other users, respect the integrity of the systems and related physical resources and observe all relevant laws, regulations and contractual obligations. Since electronic information is volatile and easily reproduced, users must exercise care in acknowledging and respecting the work of others through strict adherence to software licensing agreements and copyright laws. Users may not make unauthorized copies post, distribute or modify material protected under copyright law without the express written permission of the copyright owner. To achieve all of the above security and availability aspects, there should be well defined guidelines or policies which ensure the fair usage of the system.

Fair usage policy is a set of rules applied by the owner or manager of a network, website or large computer system that restrict the ways in which the network, site or system may be used. It is also known as Acceptable Usage Policy. The fair usage policy must be written in very clear and precise way in order to understand by all the users of the system. It should cover all the important points about the users such as who are the authorized users of the system, what are the legal ways to access the system, what are allowed and not allowed to users to do with the system. Also it should refer users to the more comprehensive security policy where relevant. Another important area of the fair usage policy is the clear definition of what sanctions will be applied if some user breaks the rules in the policy. Compliance of the users and their actions against the system with this policy can be measured by the regular audits of the system.

References:
[1] Computer Security : Art and Science By Matt Bishop

http://books.google.lk/books?id=pfdBiJNfWdMC&dq=Computer+security:+art+and+science++By+Matt+Bishop&printsec=frontcover&source=bl&ots=zYept8x6nF&sig=o8ASx_ADYsRls59ScBbWdX2O7Gw&hl=en&ei=i3jCSp2nEpaUnwOB94WuBg&sa=X&oi=book_result&ct=result&resnum=3

[2] SAMPLE FAIR USE STATEMENT

http://www.cogsim.com/idea/fair_use/fair_use_short.htm

Rotor Machines

Rotor machines electro-mechanical implementation of polyalphabetic substitution ciphers in which the substituted letter is chosen electrically from huge number of possible combinations. Since one or more of the disks rotated mechanically with each plaintext letter enciphered, with 5 disk rotor machine for the English language, the number of combinations is large as 26⁵. Rotor machines are easily implement in hardware, requires a little amount of memory and fast. Although rotor machines have these advantages, there are some security issues in them. In the following section I discuss some of the major advantages of this kind of rotor machine for the language English and some weaknesses of the machine when considering the design of it.

Advantages:

• Most of the ciphers which are built using pen and paper alone can be easily broken using the cipher text only cryptanalysis. But this kind of rotor machine gives large number of possible mappings which make it difficult for cipher text only attacks.
• Frequency analysis of the characters and the brute force type (which tries all possible keys) of analysis is much more difficult since there are large number of mappings with 5 disk rotor machine for English.
• Because of the constant alternation of the electrical paths, there it produces a very long period before the key sequence or substitution alphabet repeats and it makes it difficult to do cryptanalysis since it is difficult to detect the repetition.

Weaknesses:

• It is possible to do cipher text only cryptanalysis by exploiting insecure protocols which explains the message settings. One such incident happened with earlier rotor machine type called enigma and cryptanalysis was done by Polish cryptographers. This kind of attack can use virtual bank of rotor machines, each testing one possible rotor order. This is the step which has most dominating cost in the attack. Then attacker can find the best ring settings for this message key and the assumed rotor order. Finally has to recover the plugboard settings assuming the correctness of the recovered rotor order, ring settings, and the message key settings.
• In other encryption mechanisms the key is the most important and should be protected from the enemy. But in rotor machines there is an internal wiring structure which is also important aspect when breaking them by cryptographers by deducing the logical structure.
• In rotor machines such as Enigma, reflector is a fundamental feature which helps to the cryptanalysts. Reflector ensures that no letter could be encrypted as itself. Cribs are any known plaintext or suspected plaintext at some point of the encrypted message. Cryptanalysts can use the reflector factor along with the knowledge of cribs to perform known plain text kind of attacks. With cribs and the fact that no letter could be encrypted as itself, a corresponding cipher text fragment can be tested by trying every possible alignment of the crib against the cipher text. This procedure is known as the crib-dragging.
• The plugboard connections of the rotor machines are reciprocal. That means if A is plugged in to H, then H is plugged in to A. That means the encryption is performed identically to the decryption. It makes the task of cryptanalysts easy by considerably reducing the number of scrambler settings that need to consider.
• Operating short comings or the way that the machine is used can be a major factor other than the design characteristics of the machine. Mistakes of the operators are common and this can lead to related key attacks. Operators sometimes set rotors incorrectly. If the operator then corrected the rotor positions and retransmitted the same plaintext, the cryptanalysts would have a single plain text encrypted in two related keys.

Computer Security Attacks

There are four general types of security attacks.

Interruption Attack :
In an interruption attack, a network service is made degraded or unavailable for legitimate use. They are the attacks against the availability of the network.

Examples of Interruption attacks :

• Overloading a server host so that it cannot respond.
• Cutting a communication line.
• Blocking access to a service by overloading an intermediate network or network device.
• Redirecting requests to invalid destinations.
• Theft or destruction of software or hardware involved.

Mitigate the attack:

• Use Firewalls - Firewalls have simple rules such as to allow or deny protocols, ports or IP addresses. Modern stateful firewalls like Check Point FW1 NGX and Cisco PIX have a built-in capability to differentiate good traffic from DoS attack traffic.
• Keeping backups of system configuration data properly.
• Replication.

Interception Attacks :
In an interception attack, an unauthorized individual gains access to confidential or private information. Interception attacks are attacks against network confidentiality.

Examples of Interception attacks :

• Eavesdropping on communication.
• Wiretapping telecommunications networks.
• Illicit copying of files or programs.
• Obtaining copies of messages for later replay.
• Packet shiffing and key logging to capture data from a computer system or network

Mitigate the attack :

• Using Encryption - SSL, VPN, 3DES, BPI+ are deployed to encrypts the flow of information from source to destination so that if someone is able to snoop in on the flow of traffic, all the person will see is ciphered text.
• Traffic Padding - It is a function that produces cipher text output continuously, even in the absence of plain text. A continuous random data stream is generated. When plaintext is available, it is encrypted and transmitted. When input plaintext is not present, the random data are encrypted and transmitted. This makes it impossible for an attacker to distinguish between tree data flow and noise and therefore impossible to deduce the amount of traffic.

Modification Attack
It is an attempt to modify information that an attacker is not authorized to modify. This type of attack is an attack against the integrity of the information. Basically there is three types of modifications.

• Change: Change existing information. The information is already existed but incorrect. Change attacks can be targeted at sensitive information or public information.
• Insertion: When an insertion attack is made, information that did not previously exist is added. This attack may be mounted against historical information or information that is yet to be acted upon.
• Deletion : Removal of existing information.

Examples of Modification attack:

• Modifying the contents of messages in the network.
• Changing information stored in data files.
• Altering programs so they perform differently.
• Reconfiguring system hardware or network topologies.

Mitigate the attack :

• Introduction of intrusion detection systems (IDS) which could look for different signatures which represent an attack.
• Using Encryption mechanisms
• Traffic padding
• Keeping backups
• Use messaging techniques such as checksums, sequence numbers, digests, authentication codes

Fabrication Attack :
In a fabrication attack, an individual inserts counterfeit information, resources, or services into the network. These attacks are attacks against the authentication, access control, and authorization capabilities of the network.

Examples of Fabrication Attack:

• Inserting messages into the network using the identity of another individual.
• Replaying previously intercepted messages.
• Spoofing a web site or other network service.
• Taking the address of another host or service, essentially becoming that host or service.

Mitigate the attack :

• Use of Authentication and authorization mechanisms
• Using Firewalls
• Use Digital Signatures - Digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document.