Security in distributed and remote network management protocols.pdf

Jeremy Rauch <jrauch@cadre.org>
Security in Network Management
Security in distributed and remote
network management protocols

Network Management
uWhat is it?
uWhy do we need it?
uWhat are our options with regard to
selecting a network management scheme?
uWhat are the security flaws it can introduce
uWhat can be done to minimize the risk of
these security flaws?

Network Management: What is it?
uHardware
uSwitches, routers, firewalls, WAP’s, hosts,
printers
uJust about anything on the network
uSoftware
uProtocols
uAllows for remote management of the
network from convenient, centralized sites

Network Management: Why is it needed?
uLowers costs by eliminating the need for
many administrators at multiple locations
performing the same function
uMakes network administration and
monitoring easier and more convenient
uCoherent presentation of data

Major NM Options
u SNMPv1
u SNMPv2c
u SNMPv3
u Vendor proprietary solutions
u Quite a few options that never panned out…
u DCE
u REAL SNMPv2
u CMIP

SNMP Flaws…
u The Protocols
u SNMPv1
u SNMPv2
u SNMPv2c
u SNMPv3
u RMON/RMON2
u The Implementations
u Default communities
u Buffer overflows
u Design + Logic errors
u Miscellaneous

SNMPv1 History
uWhy was it created?
uRFC 1157, 1990: “A Simple Network
Management Protocol (SNMP)”
uRFC 1067, 1988
uRFC 1155, 1158, 1990: Original
specification of the MIBII

SNMPv1 Overview
u Information to be stored laid out in the
Management Information Base (MIB)
u Specification of fields to be collected, data types,
formatting, access controls
u Written in ASN.1
u Easy to read
u Not so fun to write
u Basically akin to a Db schema
u Data encoded using BER

SNMP sample output
[1:38pm manager] snmpwalk agent public system
system.sysDescr.0 = Sun SNMP Agent, SPARCstation-20
system.sysObjectID.0 = OID: enterprises.42.2.1.1
system.sysUpTime.0 = Timeticks: (619954285) 71 days, 18:05:42.85
system.sysContact.0 = manager@cadre.org
system.sysName.0 = agent
system.sysLocation.0 = Under my desk
system.sysServices.0 = 72
[1:39 manager ] snmpwalk agent public .1.3.6.1.2.1.4.22.1.4
ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaType.1.10.1.98.1 = other(1)
ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaType.1.10.1.98.2 = dynamic(3)
ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaType.3.10.1.97.254 =
dynamic(3)
ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaType.7.10.1.96.1 = other(1

SNMPv1 Protocol
uFive Simple Messages:
uget-request
uget-next-request
uget-response
uset-request
utrap

Manager Agent
get_request
get_next_request
get_response port 161
port 161
port 161
port 161
port 162
get_response
get_response
set_request
trap
SNMPv1 Protocol continued...

uUDP Transport Mechanism
uCommunity: Shared “password” between
agent and manager
uPDU: Specifies request type
uRequest ID
uError Status
uError Index

SNMPv1 Packet Format
SNMPv1 Packet Format
UDP
Header
Version Community
PDU
Type
Request
ID
Error
Status
Error
Index
name value name ...

SNMPv1 Security Flaws
uTransport Mechanism
uData manipulation
uDenial of Service
uReplay
uAuthentication
uHost Based
uCommunity Based
uInformation Disclosure

SNMPv1 Transport Mechanism Flaws
uUDP Based
uUnreliable - packets may or may not be
received
uEasily forged - trivial to forge source of
packets

SNMPv1Authentication Flaws
uHost Based
uFails due to UDP transport
uDNS cache poisoning
uCommunity Based
uCleartext community
uCommunity name prediction/brute forcing
uDefault communities

SNMPv1 Information Disclosure
uRouting tables
uNetwork topology
uNetwork traffic patterns
uFilter rules
uVendor proprietary information +
invocation
uExecute arbitrary programs, etc

SNMPv1Security Flaw Implications
uAltering/Manipulation of network by
unauthorized individuals
uDenial of Service on whole networks
uModification of ACL’s & configurations
uClear topology of network behind router
uMakes creation of more sophisticated host
based attacks easier

SNMPv2 History
uRFC 1441, 1993: “Introduction to version 2
of the Internet-standard Network
Management Framework”
uRFC 1446, 1993: “Security Protocols for
version 2 of the Simple Network
Management Protocol”
uWritten to address security and feature
deficiencies in SNMPv1

SNMPv2 Protocol
uExtension to SNMPv1
uProvided security model
u2 new commands
uget-bulk-request
uinform-request
u Acknowledged trap
uA big, big failure

privDst dstParty srcParty context PDU
privDst
privDst
authInfo
0-length OCTET STRING
General Format
Nonsecure Message
digest dstTime srcTime
dstParty srcParty context PDU
digest dstTime srcTime
dstParty srcParty context PDU
0-length OCTET STRING
Authenticated, not encrypted
Private, not authenticated
Private and authenticated

SNMPv2 Security Flaws
u Replay
u 4 types of time error conditions
u manager’s version of agent’s clock greater than agent’s actual
clock
u Collect packets for future replay to agent
u manager’s clock greater then agent’s version of manager’s
clock
u agent’s clock greater than manager’s version of agent’s clock
u agent’s version of manager’s clock greater than the manager’s
version of the manager’s clock
u No unique nonce to prevent replay within window

SNMPv2 Security flaws...
uReplay attacks possible via complex clock
attacks
uClock sync is NOT part of SNMPv2
u Dependence on external protocols opens
vulnerabilities (NTP)
uBehavior for clock skew forward + back is ill
defined

SNMPv2 Security Flaws Attacks against DES
uDuplication of privDst in dstPty allows for
known plaintext attacks
u16 character, user defined DES pass phrase
uAllows easy dictionary attacks

SNMPv2 Security Flaws MD5 attacks
uAgain, user defined
u16 character secret
uDictionary attackable

SNMPv2 Security
uStill uses UDP transport
uSNMPv1 Compatibility can compromise
security
uDefault DES and MD5 phrases
uDoes not prevent D.O.S or traffic analysis

SNMPv2 Downfall
uMarginal security
uComplex implementation
uDevices were a whole lot slower and
lacking in ram

SNMPv2C
uWhat is it?
uWhy does it exist

SNMPv2C Protocol
uSNMPv2 additional PDU types
uSNMPv1 Community based authentication
uUDP transport
uAll the features of SNMPv2 with the
security of SNMPv1

SNMPv3 History
u RFC 3410, 2002: “Introduction and Applicability Statements for Internet Standard
Management Framework “
u RFC 3411, 2002: “An Architecture for Describing SNMP Management
Frameworks“
u RFC 3412, 2002: “Message Processing and Dispatching”
u RFC 3413, 2002: “SNMP Applications”
u RFC 3414, 2002: “User-based Security Model”
u RFC 3415, 2002: “View-based Access Control Model”
u RFC 3416, 2002: “Version 2 of SNMP Protocol Operations “
u RFC 3417, 2002: “Transport Mappings”
u RFC 3418, 2002: “Management Information Base (MIB) for the Simple Network
Management Protocol (SNMP)”
u RFC 2576, 2578, 2579, 2580…
u Written to address the failures of the original SNMPv2 security model

Protocol
u Designed to be implementable and secure
u Based on the original SNMPv2 work (SNMPv2u and
SNMPv2*)
u Uses SNMPv2 PDU format + types
u No new PDU types specified
u UDP transport
u Strong (enough) encryption and authentication
u New User-based Security Model
u New View-based Access Control (enhanced MIB
view concept)
u Starting to catch on (kinda sorta)

Packet Format
msgVersion
msgID
msgMaxSize
msgFlags
msgSecurityModel
msgSecurityParameters
contextEngineID
contextName
PDU
Reference: “SNMP,SNMPv2, SNMPv3 and RMON 1 and 2, 3rd Edition”, William Stallings, 1998
Encrypted
Authenticated

Packet Format: User-Based Security Model
msgVersion
msgID
msgMaxSize
msgFlags
msgSecurityModel
msgSecurityParameters
contextEngineID
contextName
PDU
Reference: “SNMP,SNMPv2, SNMPv3 and RMON 1 and 2, 3rd Edition”, William Stallings, 1998
msgAuthoritativeEngineID
msgAuthoratativeEngineBoots
msgAuthoritativeEngineTime
msgUserName
msgAuthParams
msgPrivacyParams
Encrypted
Authenticated

SNMPv3 User-based Control Model
uEncryption
uDES
u CBC mode
uAuthentication
uHMAC
u SHA-1
u MD5
uTimeliness mechanism

SNMPv3 Flaws
u Encryption
u CBC mode depends on 64 bit IV
u IV is created by taking last 8 octets of 16 octet privKey
(pre-IV)
u 8 octet salt value is xored with the pre-IV to create the
IV
u Only the salt value is transmitted, in
msgPrivacyParameters field
u Problem: Salt generation is left as an exercise to the
implementor
u Brute force of bad passwords
u Slowed by password to key mechanism

SNMPv3 Flaws
u Authentication
u Handled via HMAC-{SHA-1, MD5}
u Output truncated to 12 octets
u MD5
u 16 octet auth key
u SHA-1
u 20 octet auth key
u Stored in msgAuthParameters
u Actually, HMAC is an excellent authentication
mechanism
u Short auth password can be brute forced
u Password to key mechanism slows down attack
u Harder due to collisions due to truncated output

SNMPv3 Flaws
u Timeliness mechanism
u Uses boot count + time since last reboot of agent
u Transmitted via a 2-step synch mechanism + stored
u snmpEngineBoots
u snmpEngineTime
u latestReceivedEngineTime
u Can prevent replay attacks within window
u 150 second skew allowed
u Skew depends on authoritative v. non-authoritative recipient

SNMPv3 Realized…
u Pretty cool protocol
u Still susceptible to denial of service
u But what isn’t?
u Forgery possible, but difficult to use
u Brute forcing possible, but tough + slow
u Time based attacks may be possible
u Immediate replay of packets MAY allow action
invocation attacks
u Traffic analysis

RMON and RMON2 Security
uSNMP’s flaws
uadditional hazards by introducing “action
invocation” objects
ucollects extensive info on subnet
upacket captures

Implementation Vulns
uDefaults
uMIB designs
uBuffer Overflows + parsing
uDesign + logic errors
uMiscellaneous

Default Communities
u public
u private
u write
u "all private" (sun)
u monitor (3com)
u manager (3com)
u security (3com)
u OrigEquipMfr (brocade)
u "Secret C0de" (brocade)
u secret
u cable-docsis
u xyzzy, agent_steal,
freekevin, and fubar (?!)
u admin
u default
u password
u tivoli
u openview
u community
u snmp
u snmpd
u system (aix, others)
u And so on…

Hidden Communities
uAn obscene percentage of managed devices
contain hidden communities
uOften fully read/write privileged
for I in `dz < xxx.bin | strings`
do
echo $I;snmpget -c $I host system.sysDescr.0
Done

MIB Designs
uToo much info!
uD-Link password disclosure
u enterprises.937.2.1.2.2.0
u Similar problems affect all “toy” routers
uCisco VACM community disclosure
u snmpVacmMIB.vacmMIBObjects.vacmAccessTable
uA quick perusal of interesting keywords at
www.mibdepot.com reveals hundreds of
potential vulns

Buffer Overflows + Parsing
u OULU PROTOS evaluation
u Identified hundreds of test cases for evaluating SNMP
protocol implementations
u Invalid BER length fields
u Long strings
u Format strings
u Found dozens of implementation flaws
u Most implementations derived from CMU/UCD/Net-SNMP
u Real world examples abound
u IRIX snmpd overflow

Misc
u All sorts of “conveniences”
u Cisco CONFIG-COPY.mib & CISCO-FLASH.mib
uhttp://www.cisco.com/warp/public/477/SNMP/copy_configs_s
nmp.shtml
u Management stations not without own problems
u Tivoli Netview - execute arbitrary commands with a
well formed trap under custom configs
u net-snmp has had client tool + agent flaws
u Most recent one patched about 3 weeks ago…

Securing existing implementations
uRisk assessment
uMinimization of use
uAllow get-*’s only, no remote setting
uEliminate defaults
uFiltering EVERYWHERE
uMarginally useful at best
uManagement network

Sources you need to check out…
u Multiple SNMP RFC’s (mentioned throughout talk)
u SNMP, SNMPv2, SNMPv3 and RMON 1 and 2, William Stallings (ISBN 0-201-4834-6)
u TCP/IP Illustrated Volume 1, Richard Stevens (ISBN
u www.mibdepot.com
u Simple Times (www.simple-times.org)
u OULU PROTOS (http://www.ee.oulu.fi/research/ouspg/protos/index.html)
u www.securityfocus.com
u Vulnerability DB
u Bugtraq
u Net-snmp (www.net-snmp.org)

Security in distributed and remote network management protocols.pdf

More Related Content

Similar to Security in distributed and remote network management protocols.pdf (20)

Recently uploaded (20)

Security in distributed and remote network management protocols.pdf