Outline Outline � Overview of Windows Security Issues Overview of Windows Security Issues Windows Protocol Protocol Analysis: Analysis: Windows � � Various Protocols and Problems Various Protocols and Problems � MSCHAP & Friends MSCHAP & Friends � Introducing MSCHAP Introducing MSCHAP � � MSCHAP to MSCHAP2 MSCHAP to MSCHAP2 Gros, Charles- -Henri Henri Gros, Charles � � MSCHAP2 to PEAP MSCHAP2 to PEAP Haley, David Haley, David � � Mur Mur ϕ ϕ Models Models Lisanke, Bob Lisanke, Bob � Schaff, Clovis Schaff, Clovis � Lessons Learned Lessons Learned � An Encouraging Message A Horde of Protocols An Encouraging Message A Horde of Protocols Wed Mar 10, 6:55 PM ET Wed Mar 10, 6:55 PM ET � Transport Layers Transport Layers � � � SEATTLE (Reuters) - - Microsoft Corp. ( Microsoft Corp. (Nasdaq:MSFT Nasdaq:MSFT - - news) news) SEATTLE (Reuters) – – NetBIOS, NetBEUI, TCP/IP… NetBIOS, NetBEUI, TCP/IP… upgraded a recent security warning to "critical" after upgraded a recent security warning to "critical" after discovering new ways in which an attacker could run discovering new ways in which an attacker could run � Protocols on top Protocols on top malicious software on a vulnerable computer, the world's malicious software on a vulnerable computer, the world's largest software maker said on Wednesday. largest software maker said on Wednesday. � – SMB, RPC, NetMeeting… SMB, RPC, NetMeeting… – The software flaw, which affects the two latest versions of The software flaw, which affects the two latest versions of Microsoft's Outlook e- Microsoft's Outlook e -mail, calendar and contacts program, mail, calendar and contacts program, � Many dialects of protocols Many dialects of protocols were initially rated as "important" in Microsoft's monthly were initially rated as "important" in Microsoft's monthly � security bulletin issued on Tuesday. security bulletin issued on Tuesday. – SMB: PCNP1.0, – SMB: PCNP1.0, LanMan LanMan 1.0/2.0, 1.0/2.0, NT LM 0.12, CIFS… NT LM 0.12, CIFS… Lots of Protocols = Lots Lots of Protocols = Lots Implementation Flaws Implementation Flaws of Problems of Problems � Backwards compatibility between all Backwards compatibility between all � Old friends like Buffer Overflows Old friends like Buffer Overflows � � various dialects various dialects � Holes in client Holes in client- -side code (ActiveX…) side code (ActiveX…) � More implementations: more potential More implementations: more potential � � for human error (incorrect code…) for human error (incorrect code…) � Poor crypto implementation might be easier Poor crypto implementation might be easier � to crack to crack � Most protocol weaknesses seem Most protocol weaknesses seem � unrelated to the protocol itself unrelated to the protocol itself � Programmer Laziness/Carelessness Programmer Laziness/Carelessness � 1
Troubleshooting Troubleshooting The Password Paradigm The Password Paradigm “ “Humanware Humanware” ” � Windows empowers the user, less Windows empowers the user, less � Completely and utterly depends on Completely and utterly depends on � � restrictive environment restrictive environment secrecy and strength of password secrecy and strength of password � Easy for the unwary user to execute Easy for the unwary user to execute � Many ways to fool uneducated user Many ways to fool uneducated user � � unwanted code (email virus) unwanted code (email virus) into giving away password into giving away password (impersonating administrators, etc.) (impersonating administrators, etc.) � Convenience vs. Security (automatic Convenience vs. Security (automatic � parsing of HTML email, etc.) parsing of HTML email, etc.) � Reused password = less secure Reused password = less secure � � Uneducated user = highly vulnerable Uneducated user = highly vulnerable � Where did all the specs Where did all the specs Windows Protocols Windows Protocols go? Long time passing… go? Long time passing… � There seem to be no formal specs for CIFS There seem to be no formal specs for CIFS � Hard to find current specifications Hard to find current specifications � � (protocol for Windows file- -sharing) sharing) (protocol for Windows file � Hard to tell off Hard to tell off- -hand why some hand why some – “Without a current and authoritative protocol “Without a current and authoritative protocol – � services are running, others aren’t services are running, others aren’t specification, there is no external reference specification, there is no external reference against which to measure the ‘correctness’ of an against which to measure the ‘correctness’ of an � Many are activated for unclear reasons Many are activated for unclear reasons implementation, and no way to hold anyone implementation, and no way to hold anyone � accountable. Since Microsoft is the market leader (e.g. SQL server) (e.g. SQL server) accountable. Since Microsoft is the market leader […] the behavior of their clients and servers is […] the behavior of their clients and servers is � To understand requires a competence To understand requires a competence the standard against which all other the standard against which all other � implementations are measured.” implementations are measured.” which most end which most end- -users lack users lack Christopher Hertel Hertel, , http:// http://www.ubiqx.org/cifs/SMB.html www.ubiqx.org/cifs/SMB.html Christopher Chosen Area: Point to Chosen Area: Point to Point Authentication Point Authentication � Windows supports: Windows supports: � – – Password Authentication Protocol Password Authentication Protocol But… – – CHAP: Challenge CHAP: Challenge- -Handshake Authentication Protocol Handshake Authentication Protocol But… – – MSCHAP: MS extensions to CHAP MSCHAP: MS extensions to CHAP – MSCHAP2: Fixes to MSCHAP – MSCHAP2: Fixes to MSCHAP – – Others (EAP, PEAP…) Others (EAP, PEAP…) CHAP does not specify which CHAP does not specify which � PAP: passwords transmitted in plaintext PAP: passwords transmitted in plaintext � encryption algorithm to use. encryption algorithm to use. � Acceptable before when networks were very small Acceptable before when networks were very small � � ( (MS)CHAP’s MS)CHAP’s major improvement: passwords no major improvement: passwords no MSCHAP on the other hand, does. MSCHAP on the other hand, does. � longer transmitted in plain text! longer transmitted in plain text! � Sounds good… Sounds good… � 2
Recommend
More recommend