all right, The third attack on privacy
Now, when we talk about eavesdropping in this class, it will always be technical. It's not me listening into your phone conversation or overhearing you talking out in the lobby.
Eavesdropping means that I have gotten access to your network, and I have attached a device called a protocol analyzer, also known as a sniffer. And that's how we'll refer to it in class, because that really is the more common lingo that we use. So what a packet analyzer dozes captures traffic on the network,
and it has a management console where
I as an administrator or is an attacker, can view the contents now, anything you put on your network in plain text I have full access to.
So if you're sitting passwords across the network in plain text Ah, I see your passwords, but also any sort of data. So we want to be very cognizant that eavesdropping is a very real threat today. You know, wire shark is a great utility. It's very user friendly. It's very, very popular, and that's great.
But the downside to that is, is that many, many people have it. Many people are skilled in using it.
You don't have to be that high end an attacker to do a scan or to do not scan but a packet capture on the network. Um, your defense against that against eavesdropping a couple of things. First of all, don't let somebody on your network that doesn't belong on your network.
Now I know that sounds very much like common sense, and it is.
However, I can't tell you how many networks I walk into with live ports in the lobby open to make things easier for guests of the organization. And that's fine. There's always that balance between ease of use and security.
allowing a stranger allowing somebody that hasn't been really authenticated or vetted access to my network presents a very, very riel threat. A little later on in the modules. Later, we'll talk about setting up a road infrastructure and how all I need's a live court on the wall
and I'll bring in my own D N a server, my own D H e P server,
and I'll guarantee you a certain portion of your hosts will come to my robe devices. So we want to be very cautious about that so the best way to avoid eavesdropping is to prevent somebody's access from connecting to my network.
Heat ports that aren't in use blocked enable Mac filtering, and I understand that Mac filtering is easy to bypass. You can smooth Mac addresses. I understand that. But the bottom line is it's still part of a layer defense, a physical security.
Also, technical security.
Keep plain text off the network if it's sensitive.
Now again, though, we have to do the cost benefit analysis. There's always a trade off for security because then the thought becomes, well, it's just encrypt everything.
Well, you can just encrypt everything, but you're going to see performance. Take a huge hit.
So senior management really has to be involved in determining encryption policy. Because if everything on the network is encrypted, things move very slowly. So again it's that cost benefit analysis. What's the value of what we're transmitting on the network and letting that value determine whether or not it's worth the trade off
Now, even better than encryption, because one of the things that I was trying to stress to people
Attackers don't care what your passwords are.
An attacker does not want to know your password when I'm doing a pen test. I don't care what your password is.
What I want to do is I want to be able to use your password, and I know that sounds like I'm splitting hairs there. But I'm not
so many people feel like, Oh, my password is encrypted, so it's safe because of the cat and attacker can't see it And that's true. But if I could capture your password on the network and if I could replay it later,
I don't hear that I couldn't read your password. I was able to use your password,
So the point I'm trying to make with that is encryption is not the only solution. When it comes to eavesdropping, it might be part of the solution,
but with replay attacks, somebody that captures a packet replace it later. I don't care. I couldn't see your password as long as I gain access to the system. Technical solutions are not enough. We've got to think about the next step.
One of the things that we would consider, especially for passwords, because they are such high value. Let's just keep passwords off the network altogether.
You know, fine encryption is a step in the right direction, but we'd be so much better if we didn't transmit passwords across the network.
And if you really think about that networking,
you know why did networking come about? What is networking all about? It's about sharing.
So if you look at network security, it's almost an oxymoron. You almost have to ideas that are in direct contrast, Network says. Let's share, Let's make things available.
Security says, Let's not make things available. Let's lock things down.
So what we want to find is we want to find a way to protect the network and protect those sensitive pieces of information. But sometimes when push comes to shove, the best way to protect things is to keep him off the network like passwords. And when we talk about her bro's, that's one of the things that Curb Rose does. Force, Kerberos allows, means a user
to prove I know my password
without sending my password across the network.
And the way that works is almost like a challenge response system where I go to log on to the domain, perhaps, and the domain controller is gonna respond with a challenge.
The only way my system can answer that challenge properly,
is it? My password was typed incorrectly.
So if you think about that, I've just proven I know my password without putting my password on the network, which is much better. It's a much better idea. Hey, not to mention anything we put on the network is vulnerable to brute force attacks and so on. But the other issue is when I first come on to the domain is a client computer.
The only way I know who to send my credentials is that I ask D. N s.
At least this is in the directory. Service is environment. I know not all of urine directory service is environment. But basically, the way this looks is when I log on to a system, I query D and S and I say, Where's the closest domain controller?
De NS comes back and says singer credentials to server one.
But the thing with that is, I don't know who Server one is. And I just mentioned a second ago that it's fairly easy to set up a rogue infrastructure. If you're going to a rogue d n a server,
they're gonna send you to a robe domain controller,
which, if I sent my password to a domain controller we haven't even authenticated yet. All of a sudden I've got a password going to somebody that could be Impersonating a legitimate host.
So that's another problem that Kerberos solves. And it's something Kerber issues is something called Zero Knowledge Proof.
And again, it's that idea. Let me prove that I know the password without sending you information that you shouldn't have, because I don't trust you yet as a domain controller, whatever. I hope that makes sense. Kerberos is pretty cool in the idea, not saying her Burrows is perfect. But that premise of Let's keep passwords off the network.
Let's not send passwords to unauthenticated servers.
Let's prove we know our passwords without sending him, and that's a big deal. That's a step in the right direction. So for the third problem, eavesdropping the way we want to solve or mitigate, that certainly encrypt sensitive information. But even better keep it off the network altogether.
So that's the section on confidentiality. We have the other elements of integrity, authenticity and non repudiation, which we'll get to in just a moment