Access control

Self-test problems

Graded problems

1. This practical work is about taking precautions in authentication. Use the code you collected and compiled last week. Replace the file appl.c with this file: This program reads in a password. It takes several security precautions. Your task this week is to compile this program and to use the manual pages to document how it works.
   • What happens if you type in a password which is too long?
   • What happens if you type in an empty password?
   • Can other users steal this password?
     • From the screen?
     • From the memory of the computer?
   • Could someone interrupt the program and obtain a core dump of the program with the password in memory?
   • Suppose that only the encrypted form of the password is stored anywhere.
     • If someone obtained the md5 form of the password, is it possible to decrypt the password?
     • Could someone see whether two users had the same password?
     • Could anyone see whether a user had an empty password?
   • Could someone replace the system password program with their own Trojan horse program in order to obtain user passwords?
   On windows NT similar code should be used. There one has windows functions GetConsoleMode and SetConsoleMode with flag ENABLE_ECHO_INPUT.

2. This problem is about the importance of placing access control close to the resources being protected. The preponderance of firewall solutions is now coming under attack from this issue. Review firewalls in Principles of Network and System Administration

   Restriction of access to and from certain IP addresses, to and from certain ports, is often controlled at the perimeter by passing traffic through a firewall, which includes a filtering router. Here is an example Cisco router configuration:

   ! Cisco IOS router config
   
   interface Ethernet 0
    description site 1 LAN interface
    ip address 128.39.74.1 255.255.254.0
    ip access-group 100 in
    ip access-group 101 out
   
   ! ACL's
   
   access-list 100 permit tcp any host 128.39.74.16 eq http
   access-list 100 permit tcp any host 128.39.74.16 eq 443
   access-list 100 permit tcp any host 128.39.74.16 eq 22
   access-list 100 permit udp host 192.0.0.10 host 128.39.74.16 eq ntp
   
   access-list 100 deny ip any any
   
   access-list 101 permit tcp host host 128.39.74.16 eq http any
   
   

   What ports are open/closed here?

   Many firewalls are programmed to pass traffic on port 80 (WWW), so it is becoming common to disguise traffic to other services as traffic to port 80. This is called port-80 tunneling. This "wolf in sheep's clothing" approach is clearly a security breach, which would be unnecessary if hosts protected themselves instead of relying on a firewall. Recently, host-based protection has obtained more acceptance:

   • Windows 2000 has kernel filters called IPSec filters.
     Rewrite the Cisco filter rules above as Windows 2000 filters.
   • GNU/Linux and BSD systems have kernel filters called IP-chains.
     Rewrite the Cisco filter rules above as Linux filters.
   • Can one stop attacks by simply blocking pathways? Does it make a difference if one blocks only incoming, only outgoing traffic or both? What are the consequences for a users' ablity to work?
   • By thinking about parallelism and serialism, compare the strengths and weaknesses of a network firewall with those of a host-based firewall.
   • Is there anything to stop inside users from setting up servers on unknown ports? (Hint: could one realistically make a rule to block all unknown ports, without disrupting normal work?)

   Do you see how a system is most vulernable to attack on this "inside" of the system?

3. Port 80 is not the only way to tunnel through defenses. Viruses which leak info from internal mail boxes to outsiders effectively use "SMTP tunneling" (port 25)! Which other services could be used to smuggle an agent onto the inside of a defense perimeter?