Upload
haduong
View
223
Download
2
Embed Size (px)
Citation preview
IntroductionNFS
IPsecPutting the two together
Securing NFSv3 with IPsec
Nikos Gkorogiannis
21/2/2007
Nikos Gkorogiannis Securing NFSv3 with IPsec
IntroductionNFS
IPsecPutting the two together
NFS
IPsec
Putting the two together
Please, be considerate to others in relation to what you learn inthis talk, ahem.
Nikos Gkorogiannis Securing NFSv3 with IPsec
IntroductionNFS
IPsecPutting the two together
Case study
I CS department with embedded computing Linux labs
I Networked embedded-computing boards running Linux
I Linux server with user files
I No budget :)
Nikos Gkorogiannis Securing NFSv3 with IPsec
IntroductionNFS
IPsecPutting the two together
NFS
NFS
Nikos Gkorogiannis Securing NFSv3 with IPsec
IntroductionNFS
IPsecPutting the two together
What is NFS
I Network File System (built on top Sun’s RPC)
I for Unix-like Operating Systems (virtually all *nices)
I StatelessI History:
Never released NFSv1Early 1980s NFSv2 – basic, popular and compatibleEarly 1990s NFSv3 – more functionality, by now ubiquitous
? NFSv4 – all the above plus security! but when?
Nikos Gkorogiannis Securing NFSv3 with IPsec
IntroductionNFS
IPsecPutting the two together
NFS services
Services comprising NFSv3 (separate RPC daemons):
I MOUNT
I NFS
I STAT
I LOCK
I QUOTA
I Only MOUNT and NFS are required.
Nikos Gkorogiannis Securing NFSv3 with IPsec
IntroductionNFS
IPsecPutting the two together
How does it work?
A typical message sequence:
CLIENT SERVEREXPORT →
← /home, /usr
MNT /home →← FSID=0xFA. . .
READ /home/email →← DATA=‘From. . .’
Nikos Gkorogiannis Securing NFSv3 with IPsec
IntroductionNFS
IPsecPutting the two together
NFSv3 authentication
Two main modes:
I AUTH UNIX, credentials=UID, GID
I AUTH DES, AUTH KERB, credentials=crypto hash
I For v3, only AUTH UNIX is popular, others are non-standard.(proprietary extensions)
Constrast CIFS,
I Credentials are a Kerberos ticket.
I Cf mounting filesystems as a user.
Nikos Gkorogiannis Securing NFSv3 with IPsec
IntroductionNFS
IPsecPutting the two together
A typical attack on NFSv3
I Attacker connects a Linux laptop to the server’s network.
I Discovers what mountpoints are exported by the NFS server.
I Mounts one on the laptop.
I Issues su and assumes the identity of a valid user.
I Freely reads and writes files belonging to that user.
Can we fix this?
Nikos Gkorogiannis Securing NFSv3 with IPsec
IntroductionNFS
IPsecPutting the two together
Why use it at all?
“You mean people are still using this?”
I Ubiquitous (standard).
I Fast.
I Simple!
I Good for private networks.
Nikos Gkorogiannis Securing NFSv3 with IPsec
IntroductionNFS
IPsecPutting the two together
IPsec
IPsec
Nikos Gkorogiannis Securing NFSv3 with IPsec
IntroductionNFS
IPsecPutting the two together
What is IPsec
I An IP-based protocol (in fact, two).ICMP, TCP, UDP, IPsec:ESP, IPsec:AH, etc
I Therefore, not user level (SSL) but IP stack/OS-level.
I With two main modes, Tunnel and Transport
I And loads of crypto methods:MD5, SHA-1, DES, 3DES, AES etc
I Internet Key Exchange (IKE)
Nikos Gkorogiannis Securing NFSv3 with IPsec
IntroductionNFS
IPsecPutting the two together
IPsec modes
I Transport mode (end-to-end, no encapsulation)
I Tunnel mode (think VPN, most popular)
BA INET
Nikos Gkorogiannis Securing NFSv3 with IPsec
IntroductionNFS
IPsecPutting the two together
AH vs ESP
AH (transport) ESP (transport)
IP headers IP headers
Authentication Data SPI(MD5/SHA-1 HMAC) (Security Parameters Index)
Sequence Number
IP payload IP payload
Hashed or encryptedNot hashed or encrypted
Nikos Gkorogiannis Securing NFSv3 with IPsec
IntroductionNFS
IPsecPutting the two together
Mechanics
Security Policy DB
I Src & dst IP address
I Ipsec proto (AH and/orESP)
I AH type and info
I ESP type and info
I tunnel/transport mode flags
I and others!
Security Association DB
I Everything in SPD
I Key info
I Sequence counter
I Lifetime info
I and others!
Nikos Gkorogiannis Securing NFSv3 with IPsec
IntroductionNFS
IPsecPutting the two together
Putting the two together
Putting the two together
Nikos Gkorogiannis Securing NFSv3 with IPsec
IntroductionNFS
IPsecPutting the two together
Defining the problem
I NFSv3 offers no better security than host-based,ie the server trusts that the client authenticates the user.
I We could write software integrating IPsec at the user level,but that would become a security nightmare.
I ⇒ Ensure that the client is a trusted one,as far as client-generated NFSv3 traffic is concerned.
Nikos Gkorogiannis Securing NFSv3 with IPsec
IntroductionNFS
IPsecPutting the two together
How? (1)
I How can we know that NFSv3 packets received by the serverare coming from authorised clients?
I Use a shared secret (key) between server and clientand AH on NFSv3 packets from client to server.
I ⇒ Create rules that cover packets to the server’sMOUNTD or NFSD ports, forcing the use of AH and discardnon-AH packets.
Nikos Gkorogiannis Securing NFSv3 with IPsec
IntroductionNFS
IPsecPutting the two together
How? (2)
Nikos Gkorogiannis Securing NFSv3 with IPsec
IntroductionNFS
IPsecPutting the two together
The nitty-gritty
I Individual keys for each client?
I Key management/revocation?
I Throughput?
I Phasing-in
Nikos Gkorogiannis Securing NFSv3 with IPsec
IntroductionNFS
IPsecPutting the two together
References
NFS
I http://nfs.sourceforge.net/ including “NFS HOWTO”
I http://www.unix.org.ua/orelly/networking/puis/
Chapter 20 on NFS from “Practical UNIX & Internet security”
IPsec
I http://www.commsdesign.com/showArticle.jhtml?articleID=192200444
I http://www.netbsd.org/Documentation/network/ipsec/
I http://www.unixwiz.net/techtips/iguide-ipsec.html
Nikos Gkorogiannis Securing NFSv3 with IPsec