Wednesday, November 30, 2005

IPSec Vulnerability


Multiple Vulnerabilities Found by PROTOS IPSec Test Suite


Introduction


Numerous vulnerabilities have been reported in various Internet Key Exchange version 1 (IKEv1) implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause an IKEv1 implementation to behave in an unstable/unpredictable manner.


What is Affected?


Potentially any configuration of IPsec that uses Encapsulating Security Payload (ESP) in tunnel mode with confidentiality only, or with integrity protection being provided by a higher layer protocol. Some configurations using AH to provide integrity protection are also vulnerable.


Impact


Successful exploitation of the vulnerability on the Cisco MDS Series may result in the restart of the IKE process. All other Cisco MDS device operations will continue normally. Successful exploitation of the vulnerabilities on all other Cisco devices may result in the restart of the device. The device will return to normal operation without any intervention required.


Vulnerable Products
Cisco IOS versions based on 12.2SXD, 12.3T, 12.4 and 12.4T
Cisco PIX Firewall versions up to but not including 6.3(5)
Cisco PIX Firewall/ASA versions up to but not including 7.0.1.4
Cisco Firewall Services Module (FWSM) versions up to but not including 2.3(3)
Cisco VPN 3000 Series Concentrators versions up to but not including 4.1(7)H and 4.7(2)B
Cisco MDS Series SanOS versions up to but not including 2.1(2)


Details

IPsec consists of several separate protocols; these include:
* Authentication Header (AH): provides authenticity guarantees for packets, by attaching strong cryptographic checksum to packets.

* Encapsulating Security Payload (ESP): provides confidentiality guarantees for packets, by encrypting packets with encryption algorithms. ESP also provides optional authentication services for packets.

* Internet Key Exchange (IKE): provides ways to securely negotiate shared keys. AH and ESP have two modes of use: transport mode and tunnel mode. With ESP in tunnel mode, an IP packet (called the inner packet) is encrypted in its entirety and is used to form the payload of a new packet (called the outer packet); ESP typically uses CBC-mode encryption to provide confidentiality. However, without some form of integrity protection, CBC-mode encrypted data is vulnerable to modification by an active attacker.

By making careful modifications to selected portions of the payload of the outer packet, an attacker can effect controlled changes to the header of the inner (encrypted) packet. The modified inner packet is subsequently processed by the IP software on the receiving security gateway or the endpoint host; the inner packet, in cleartext form, may be redirected or certain error messages may be produced and communicated by ICMP. Because of the design of ICMP, these messages directly reveal cleartext segments of the header and payload of the inner packet. If these messages can be intercepted by an attacker, then plaintext data is revealed. Attacks exploiting these vulnerabilities rely on the following:

*Exploitation of the well-known bit flipping weakness of CBC mode encryption.

*Lack of integrity protection for inner packets.

*Interaction between IPsec processing and IP processing on security gateways and end hosts.

These attacks can be fully automated so as to recover the entire contents of multiple IPsec-protected inner packets. In more detail, the three identified attacks on ESP in tunnel mode work as follows:


Destination Address Rewriting


*An attacker modifies the destination IP address of the encrypted (inner) packet by bit-flipping in the payload of the outer packet.


*The security gateway decrypts the outer payload to recover the (modified) inner packet.


*The gateway then routes the inner packet according to its (modified) destination IP address.
If successful, the "plaintext" inner datagram arrives at a host of the attacker's choice.



IP Options

*An attacker modifies the header length of the encrypted (inner) packet by bit-flipping in the payload of the outer packet.

*The security gateway decrypts the outer payload to recover the (modified) inner packet.

*The gateway then performs IP options processing on the inner packet because of the modified header length, with the first part of the inner payload being interpreted as options bytes.

*With some probability, options processing will result in the generation of an ICMP "parameter problem" message.

*The ICMP message is routed to the now modified source address of the inner packet.

*An attacker intercepts the ICMP message and retrieves the "plaintext" payload of the inner packet.


Protocol Field

*An attacker modifies the protocol field and source address field of the encrypted (inner) packet by bit-flipping in the payload of the outer packet.

*The security gateway decrypts the outer payload to recover the (modified) inner packet.

*The gateway forwards the inner packet to the intended recipient.

*The intended recipient inspects the protocol field of the inner packet and generates an ICMP "protocol unreachable" message.

The ICMP message is routed to the now modified source address of the inner packet.
An attacker intercepts the ICMP message and retrieves the "plaintext" payload of the inner packet.


Summary

Multiple Cisco products contain vulnerabilities in the processing of IPSec IKE (Internet Key Exchange) messages. These vulnerabilities were identified by the University of Oulu Secure Programming Group (OUSPG) "PROTOS" Test Suite for IPSec and can be repeatedly exploited to produce a denial of service.

IP Security (IPsec) is a set of protocols developed by the Internet Engineering Task Force (IETF) to support secure exchange of packets at the IP layer; IPsec has been deployed widely to implement Virtual Private Networks (VPNs).

Three attacks that apply to certain configurations of IPsec have been identified. These configurations use Encapsulating Security Payload (ESP) in tunnel mode with confidentiality only, or with integrity protection being provided by a higher layer protocol. Some configurations using AH to provide integrity protection are also vulnerable. In these configurations, an attacker can modify sections of the IPsec packet, causing either the clear text inner packet to be redirected or a network host to generate an error message. In the latter case, these errors are relayed via the Internet Control Message Protocol (ICMP); because of the design of ICMP, these messages directly reveal segments of the header and payload of the inner datagram in clear text. An attacker who can intercept the ICMP messages can then retrieve plaintext data. The attacks have been implemented and demonstrated to work under realistic conditions.


Solution

The attacks are probabilistic in nature and may need to be iterated many times in a first phase in order to be successful. Once this first phase is complete, the results can be reused to efficiently recover the contents of further inner packets. Naturally, the attacker must be able to intercept traffic passing between the security gateways in order to mount the attacks. For the second and third attacks to be successful, the attacker must be able to intercept the relevant ICMP messages. Variants of these attacks in which the destination of the ICMP messages can be controlled by the attacker are also possible. Any of the following methods can be used to rectify this issue:

1. Configure ESP to use both confidentiality and integrity protection. This is the recommended solution.

2. Use the AH protocol alongside ESP to provide integrity protection. However, this must be done carefully: for example, the configuration where AH in transport mode is applied end-to-end and tunneled inside ESP is still vulnerable.

3. Remove the error reporting by restricting the generation of ICMP messages or by filtering these messages at a firewall or security gateway.

Cisco has made free software available to address this vulnerability for affected customers. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution.

For more information on this Security Advisory please use the following links:Cisco Users: http://www.cisco.com/en/US/customer/products/products_security_advisory09186a0080572f55.shtml
OR

Non Cisco Users: http://www.cisco.com/en/US/products/products_security_advisory09186a0080572f55.shtml In partnering with Cisco, Covetrix has performed many of these upgrades and has determined that some new configuration is necessary to move from the older versions of software to the patched. Please don't hesitate to give us a call for assistance at 1-877-780-1132 option 3.

For more information go to http://www.covetrix.com/index.jsp.

Posted by Gale Yocom at 2:34 PM 0 comments

Friday, October 07, 2005

Pharming Capitalizes on Phishing's Success

Pharming - so named because scammers plant seeds and then harvest their crops- is a scam that redirects internet traffic to a computer designed to steal passwords and other personal information. This scam is so sneaky that victims don't even know they've been hit until the bills start arriving about a month later.

Experts quoted by the Sacramento Bee (3/24/05) consider pharming just one more in a fast-growing trend of internet crime, one that is closely related to another scam called phishing.

Phishing usually starts with an email that looks like it came from a trusted business, often a bank or other online financial institution. The email usually warns users that their account has been compromised and urges them to follow a link in the email to a site to provide personal information, such as username, bank account, and other identification numbers. These websites are fake; the computer hosting them is recording all the information.

Like phishing, pharming also steals personal information, but instead of using fake emails to lure users to visit malicious websites, pharming changes information in the Domain Name System, also known as DNS server. A DNS server works like a big phonebook for the internet. Here's how it works. Let's say someone enters an address such as www.msn.com.

The computer contacts the nearest DNS server and gets directions on how to find MSN on the internet. There are hundreds of official DNS servers around the world. Pharmers change the entry in a DNS server either by hacking into the system or by infecting it with a virus. Traffic is then redirected to a fake website or to a computer that records every keystroke made by the user. Several large pharming attacks have been discovered, including ones aimed at traffic going to google.com and amazon.com earlier this year.

According to the article in the Sacramento Bee, the largest pharming attack to date was directed toward Britain in December 2004. In that attack, traffic to a bank website was rerouted through a server that recorded every keystroke entered by the bank's customers. The pharmers were able to capture passwords, bank account information, user names, and other information that would allow them to steal people's identities and money.

For more information go to www.covetrix.com

Posted by Gale Yocom at 1:59 PM 0 comments

Voice Over Internet Protocol (VoIP) Security Risk Guidance

The ability to utilize data networks for more than internet is making its way into many financial institutions, enterprise businesses, and government agencies nationwide. Covetrix security consultants are eagerly waiting to assist your organization with the process!

The benefits of Voice Over Internet Protocol (VoIP), lower cost and increased functionality, may complicate the Risk Assessment Process. Establishing a secure VoIP and data network is a complex process that requires great effort and expertise from knowledgeable security consultants.

The Federal Deposit Insurance Corporation (FDIC) is providing guidance to financial institutions on the security risks associated with implementing VoIP. The same risks that can harm or infect Internet data networks can interfere with VoIP and cause significant operational risks to financial institutions. Exposure to viruses, worms, Trojans, and hijacking are risks that must be addressed to eliminate the possibility of privacy loss.

When an organization decides to invest in VoIP technology, the associated risks should be evaluated as part of their periodic risk assessment and discussed in status reports submitted to the board of directors. Implementation of VoIP is much more complex than utilizing data-only networks.

The National Institute of Standards and Technology (NIST) published information security standards for financial institutions to implement in conjunction with their Voice over internet protocol. For a complete list of VoIP recommendations and FDIC standards, access the complete Financial Institution Letter at FIL-69-2005.

For the complete FIL go to http://www.covetrix.com/security/portal/updates/VoIP.jsp

Posted by Gale Yocom at 1:42 PM 0 comments

Monday, September 19, 2005

Banking Spyware Mitigation

In the past, attackers have relied mainly on e-mail messages that lure victims to malicious Web sites, where they are tricked into disclosing usernames and passwords for banking sites and other sensitive online accounts. With the increase in Information Technology, it is now possible for attackers to obtain this information and more without luring you anywhere. With Keylogger software programs, obtaining your confidential information is as simple as visiting a well known website such as Google, Yahoo, Ask Jeeves, or CNN. The keylogger programs are built specifically to capture login names and passwords for online bank accounts and to send them to the attackers. Users of Windows XP who have not installed Service Pack 2 are particularly vulnerable, as the code could be automatically downloaded without the user's knowledge. If you have an unpatched Windows machine, when you go to the URL it will automatically download everything from the Web site, including the Trojan. All you have to do is type in the URL of the infected website and your confidential information is susceptible. The Trojan is a new variant, so antivirus and anti-spyware vendors do not yet block it. The activity could be the latest attempt by a criminal gang to use spyware for financial gain. In March of this year, Britain's National Hi-Tech Crime Unit foiled an attempt to steal about $390 million from the Japanese bank Sumitomo Mitsui. In that case, keyloggers were used to relay passwords and access information to the criminals who intended to transfer the funds electronically. A man in Israel was arrested after allegedly trying to transfer $25 million of the funds. According to Websense Enterprise, the attackers typically exploit vulnerabilities in Microsoft's Internet Explorer browser program. Each week in February and March 2005, Websense uncovered as many as 10 new keylogger variants and more than 100 new Web sites set up to infect computers with them. That is up from November and December 2004 when the average per week was 1 to 2 new variants and at most 15 new sites per week.


Check out http://www.covetrix.com/networksecurity/websense.jsp

Posted by Gale Yocom at 1:20 PM 0 comments

Subscribe to: Posts (Atom)