Ifost Security Workshop

c The Institute for Open Systems Technologies

Contents

1 External Threats 1.1 Using a Remote Vulnerability . . . . . . . . . . . . . .

v vi

1.2 So whats the problem? . . . . . . . . . . . . . . . . . . viii 1.3 How big is the problem? . . . . . . . . . . . . . . . . . ix xii xiii xiv xv

1.4 Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Internal Threats 2.1 Background . . . . . . . . . . . . . . . . . . . . . . . . . 2.2 sudo . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

2.3 Other Root-sharing Techniques . . . . . . . . . . . . . xviii 2.4 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . xix 3 Casing the Joint 3.1 nmap xx

. . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi

3.2 Scanning Exercise . . . . . . . . . . . . . . . . . . . . . xxiii 4 Mapping out a network xxiv

4.1 Some Common Protocols . . . . . . . . . . . . . . . . . xxv 4.2 Identifying vulnerabilities . . . . . . . . . . . . . . . . . xxvii 4.3 Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . xxx ii

Internet Security 4.4 nessus . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxi 4.5 sara . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxii 4.6 nessus and sara exercise . . . . . . . . . . . . . . . . xxxiv 4.7 How to protect yourself . . . . . . . . . . . . . . . . . . xxxvi 5 Minimum levels of sanity xxxvii

5.1 Network snifng . . . . . . . . . . . . . . . . . . . . . . xxxviii 5.2 ngrep . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.3 ssh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xl xli

5.4 TCP/IP Security Exercises . . . . . . . . . . . . . . . . xlii 6 More fun with ssh xliii

6.1 Replacing r* commands . . . . . . . . . . . . . . . . . . xliv 6.2 Going password-less . . . . . . . . . . . . . . . . . . . . xlv

6.3 Front-end passwords . . . . . . . . . . . . . . . . . . . xlvii 6.4 X-windows forwarding . . . . . . . . . . . . . . . . . . . xlix 6.5 Port forwarding . . . . . . . . . . . . . . . . . . . . . . . 6.6 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Secure Sockets Layer Web Servers 7.1 Background . . . . . . . . . . . . . . . . . . . . . . . . . 7.2 How does HTTPS work? . . . . . . . . . . . . . . . . . . 7.3 OpenSSL . . . . . . . . . . . . . . . . . . . . . . . . . . 7.4 Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . l li lii liii liv lv lvi

7.5 Getting / Compiling Apache-SSL . . . . . . . . . . . . lvii 7.6 Conguring Apache+SSL . . . . . . . . . . . . . . . . . lviii 7.7 Why does the browser still complain? . . . . . . . . . . iii lx

Internet Security 7.8 Other things to know . . . . . . . . . . . . . . . . . . . 8 Firewalls lxi lxii

8.1 HP-UX Instructions . . . . . . . . . . . . . . . . . . . . lxiii 8.2 How to use it . . . . . . . . . . . . . . . . . . . . . . . . lxv

8.3 Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . lxvi 9 Pretty Good Privacy lxvii

9.1 What is PGP? . . . . . . . . . . . . . . . . . . . . . . . . lxviii 9.2 Where do I get it? 9.3 Very rst . . . . . . . . . . . . . . . . . . . . . lxix

. . . . . . . . . . . . . . . . . . . . . . . . . . lxx

9.4 The second thing to do . . . . . . . . . . . . . . . . . . lxxii 9.5 Sharing with others . . . . . . . . . . . . . . . . . . . . lxxiii 9.6 Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . lxxiv 9.7 Verifying things . . . . . . . . . . . . . . . . . . . . . . . lxxv 9.8 Assert your condence . . . . . . . . . . . . . . . . . . lxxvi 9.9 Actually using it . . . . . . . . . . . . . . . . . . . . . . lxxvii 9.10 Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . lxxviii 9.11 Other things . . . . . . . . . . . . . . . . . . . . . . . . lxxix 9.12 Too painful! . . . . . . . . . . . . . . . . . . . . . . . . . lxxx 9.13 What else? . . . . . . . . . . . . . . . . . . . . . . . . . lxxxi

iv

Chapter 1 External Threats

Internet Security

1.1

Using a Remote Vulnerability

http://server/../../subdir/some/file is bad http://server/scripts../../some/program very, very bad Many versions of Windows supports Unicode There are Unicode alternatives for / IIS 4 and 5 do not check for them unless patched (17 Oct 2000) is

Notes. . . While this example is quite out of date, it illustrates how quite common pieces of software can be trivially insecure. A web server should only give out les in a restricted subdirectory. Obviously, if someone requests somedirectory/../../something, the correct thing to do is either ignore it, give an error or refuse to go above the top level. The quickest way to do this is just to check the the sequence of characters in a row. WinNT supports Unicode lenames, and so there are many variations in its character set to represent the / that separates directory heirarchies, such as %c1%1c, %c0%9v and many others. Microsoft released a patch on 17 Oct 2000 to correct this. But many system administrators have not applied these patches. So any hacker wanting to break in merely has to know where the IIS installation is relative to the the system32 directory, and can run arbitrary commands with the privileges of the web server. For example: http://target /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir http://target /scripts/..%c0%9v../winnt/system32/cmd.exe?/c+dir vi

Internet Security http://target /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir http://target /scripts/..%c0%qf../winnt/system32/cmd.exe?/c+dir http://target /scripts/..%c1%8s../winnt/system32/cmd.exe?/c+dir http://target /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir http://target /scripts/..%c1%pc../winnt/system32/cmd.exe?/c+dir Here we are just running cmd.exe /c dir. Nastier would be something like cmd.exe /c del c:*.* or similar.

vii

Internet Security

1.2

So whats the problem?

Vendors release patches but system administrators dont apply the patches. . . Never heard/misheard the announcement? Cant implement it because of change control? Couldnt be bothered? Its not their job? No administrator is responsible for the system? Notes. . . There are many reasons why systems get left unpatched. It is very hard to know in general, but these are some of the reasons that have been uncovered in post-hack analysis.

viii

Internet Security

1.3

How big is the problem?

Hundreds of defaced web-sites each day Many more compromised systems used for launching attacks

Notes. . . The administrators of the attrition mirror (www.attrition.org/mirror/attrition) get informed by hackers whenever most hacks occur. They then mirror the site in its hacked form. It is a very humbling experience seeing the number of web sites defaced every day. A good guide to see which vendors are taking security seriously is their statistics pages where they show the changing proportions of hacking over time. After a vulnerability is announced in a given operating system they next few months almost always show a rise in defacements. Combine this with the internet operating system counter (now a little out of date, as it was last taken in April 1999) to get an idea of the relative safety of running each different operating system as a web server. Or you could use the Netcraft web server survey (http://www.netcraft.com/). Many systems are used as launching places for further attacks. Numerically, this probably constitutes are large portion of nondefacement break-ins. Heres a message from May 2001 that was sent on the attrition mailing list: HTML Version w/ Full List of IPs: http://attrition.org/security/commentary/worm01.html On Tuesday, May 8, Attrition staff received email containing a list of 8836 IP addresses that were said to be victims of the sadmind/IIS Worm. For details on this worm, you can read a little more about it on the CERT web site which actually managed to release a timely advisory: http://www.cert.org/advisories/CA-2001-11.html ix

Internet Security To expand on the advisory, this Worm will write to four different les if it succesfully compromises a remote system: les (each 289 bytes): default.asp default.htm index.asp idnex.htm Of the 8836 IPs we received, 2247 of them resolved. From here, we broke the list down into a few major types of machines/names; ADSL boxes, Cable Modems, DHCP servers, DNS machines, DSL boxes, Mail hosts, personal machines, regular servers (that we would normally consider mirror material) and in-addr addresses. The following list shows a quick breakdown by numbers, as well as how many of each we conrmed as defaced: Count 276 129 12 59 150 358 160 213 890 2247 Type adsl cable dhcp dns dsl hostnames in-addr mail personal total Defaced not tested not tested 12 (100%) 26 (44%) 100 (66%) 188 (52%) not tested 79 (37%) not tested

We have taken two copies of the defacements and listed several of the hosts. http://attrition.org/mirror/attrition/2001/05/09/www.bruceint.com/ Mass with hostnames and dns http://attrition.org/mirror/attrition/2001/05/09/mail.ogd.com/ Mass with mail Given that we do not know the date of the list, the rather large percentage that were compromised, and the source of the list, it is believed that all of the IPs were compromised and defaced at one point or another. For that x

Internet Security reason we are including the full list of (sorted) IPs with the HTML version of this commentary. It can be found at http://attrition.org/security/commentary/ shortly after you receive this mail.

xi

Internet Security

1.4

Exercise
Pick a favourite company (e.g. Hewlett-Packard) Microsoft, IBM,

Use http://defaced.alldas.de/ to nd out whether any of their web sites have been defaced Use http://www.netcraft.com/ to nd out what they were running (then and now) Go to www.securityfocus.com, pick a product and nd some recent vulnerabilities. Notes. . . Try not to be too alarmed by what you nd. . .

xii

Chapter 2 Internal Threats

xiii

Internet Security

2.1

Background

The folklore says: 90% of misuse is from inside the organisation 90% of those are from a system admin Notes. . . There does not appear to be any study to back up the above numbers, but they sound reasonable. A large proportion of security incidents are performed by staff employed by the company affected. Many of these do not get reported. A large proportion of this large proportion are incidents in which the damage was done by a system administrator. Sometimes the temptations offered by being able to read and write any le get too difcult to resist! Protecting a system against its own administrators is usually completely inpractical. Companies often just have to trust administrators to do the right thing. Where this is necessary is often in heavily controlled computing environments for example, online gambling companies in Australia have to provide good evidence that they are not making changes to an audited system. To do this they often share half of the root password with a government ofcial (the admins know half, the government knows the other half). Usually changes are done in the presence of other ofcials. Implementing schemes such as the above are probably too difcult and too costly for any normal organisation. As a result, it will be impossible to adequately protect against a system admin gone rogue. Proportion 81% 9% 10 % By whom system admin other internal external Can protect? no maybe, local usually, remote

xiv

Internet Security

2.2

sudo
Enables selective root access Logs all commands to syslog Allows you to disable root login altogether! Free, open source, supportable, widely-used

Notes. . . There are other ways of giving superuser privileges. One of the most popular is sudo. The source can be downloaded from www.courtesan.com/sudo. Pre-compiled HP-UX versions in software distributor package format are available from hpux.cs.utah.edu. sudo consists of (essentially) two components: a conguration le (/etc/sudoers) dening what commands are allowed to be run, and by which users; and the set-user-id binary (sudo) which users invoke. To show some of the power of it, here is an example from its man page. # sudoers file. # # # Host alias specification Host Alias HUB=houdini: REMOTE=merlin,kodiakthorn,spirit Host Alias SERVERS=houdini,merlin, kodiakthorn,spirit Host Alias CUNETS=128.138.0.0/255.255.0.0 Host Alias CSNETS=128.138.243.0, 128.138.204.0,128.138.205.192 The are four host aliases. The rst actually contains two aliases. It sets HUB to be houdini and REMOTE to the three machines merlin, kodiakthorn and spirit. Similarly, SERVERS is set to the machines houdini, merlin, kodiakthorn and spirit. The CSNETS alias will match any host on the 128.138.243.0, 128.138.204.0, or 128.138.205.192 nets. The CUNETS alias will match any host on the 128.138.0.0 (class B) network. Note that these are network addresses, not ip addresses. Unless an explicate netmask is given, xv

Internet Security the local netmask is used to determine whether or not the current host belongs to a network. This is useful you can share the one /etc/sudoers le between multiple machines and still keep the capabilities separated. # User alias specification User Alias FULLTIME=millert,dowdy,mikef User Alias PARTTIME=juola,mccreary,tor The two user aliases simply groups the FULLTIME and PARTTIME folks into two separate aliases. # Runas alias specification Runas Alias OP=root,operator # Command alias specification Cmnd Alias LPCS=/usr/etc/lpc,/usr/ucb/lprm Cmnd Alias SHELLS=/usr/bin/sh,/usr/bin/csh Cmnd Alias SU=/bin/su Cmnd Alias MISC=/bin/rm,/bin/cat:\ SHUTDOWN=/etc/halt,/etc/shutdown # User specification FULLTIME ALL=(ALL) NOPASSWD: ALL %wheel ALL=ALL PARTTIME ALL=ALL,!SHELLS,!SU +interns +openlabs=ALL,!SHELLS,!SU britt REMOTE=SHUTDOWN:ALL=LPCS jimbo CUNETS=/bin/su ?*, !/bin/su *root* nieusma SERVERS=SHUTDOWN,/etc/reboot:\ HUB=ALL,!SHELLS jill houdini=/usr/sbin/shutdown \ -[hr] now,MISC markm HUB=ALL,!MISC,\ !/usr/sbin/shutdown,\ !/usr/sbin/halt davehieb merlin=(OP) ALL:SERVERS=\ /etc/halt:\ kodiakthorn=NOPASSWD: ALL xvi

Internet Security steve CSNETS=(operator) /usr/op commands/

FULLTIME Full-time sysadmins in the FULLTIME alias may run any command on any host as any user without a password. %wheel Any user in the UN*X group wheel may run any command on any host. PARTTIME Part-time sysadmins in the PARTTIME alias may run any command except those in the SHELLS and SU aliases on any host. +interns Any user in the netgroup interns may run any command except those in the SHELLS and SU aliases on any host that is in the openlabs netgroup. britt The user britt may run commands in the SHUTDOWN alias on the REMOTE machines and commands in the LPCS alias on any machine. jimbo The user jimbo may su to any user save root on the machines on CUNETS (which is explicately listed as a class B network). nieusma The user nieusma may run commands in the SHUTDOWN alias as well as /etc/reboot on the SERVER machines and any command except those in the SHELLS alias on the HUB machines. jill The user jill may run /usr/sbin/shutdown -h now or /usr/sbin/shutdown -r now as well as the commands in the MISC alias on houdini. markm The user markm may run any command on the HUB machines except /usr/sbin/shutdown, /sbin/halt, and commands listed in the MISC alias. davehieb The user davehieb may run any command on merlin as any user in the Runas Alias OP (ie: root or operator). He may also run /sbin/halt on the SERVERS and any command on kodiakthorn (no password required on kodiakthorn). steve The user steve may run any command in the /usr/op commands/ directory as user operator on the machines on CSNETS. xvii

Internet Security

2.3

Other Root-sharing Techniques

qsu Set-uid root shell executable only by wheel group OS-specic tricks (such as sam -r)

Notes. . . These are just a few thoughts.

xviii

Internet Security

2.4

Exercises
1. Set up sudo 2. Look at the syslog messages from legitimate operations 3. What happens for illegitimate use?

Notes. . .

xix

Chapter 3 Casing the Joint

xx

Internet Security

3.1

nmap
www.insecure.org/nmap Shows what ports are open Can do some remote host identication Is very heavily used Ported to WinNT in July 2000

Notes. . . For totally mindless use, try nmap -A hostname if it is new enough (past version 3.5) to do version identication. If it is older than this, try nmap -O hostname Most sites would be scanned with nmap at least 4 to 5 times per day. Cable modem users are choice targets (they are usually run at home and not administered with security in mind) and can easily be scanned up to 30 or 40 times a day. This means that while intrusion detection systems can pick up on this kind of scan, there are so many false positives that it is hard to pick out a determined hacker from a casual one. From the nmap man page Nmap is designed to allow system administrators and curious individuals to scan large networks to determine which hosts are up and what services they are offering. nmap supports a large number of scanning techniques such as: UDP, TCP connect(), TCP SYN (half open), ftp proxy (bounce attack), Reverse-ident, ICMP (ping sweep), FIN, ACK sweep, Xmas Tree, SYN sweep, and Null scan. See the Scan Types section for more details. nmap also offers a number of advanced features such as remote OS detection via TCP/IP ngerprinting, stealth scanning, dynamic delay and retransmission calculations, parallel scanning, detection of down hosts via parallel pings, decoy scanning, port ltering detection, direct (nonxxi

Internet Security portmapper) RPC scanning, fragmentation scanning, and exible target and port specication. Signicant effort has been put into decent nmap performance for non-root users. Unfortunately, many critical kernel interfaces (such as raw sockets) require root privileges. nmap should be run as root whenever possible. The result of running nmap is usually a list of interesting ports on the machine(s) being scanned (if any). Nmap always gives the ports well known service name (if any), number, state, and protocol. The state is either open, ltered, or unltered. Open means that the target machine will accept() connections on that port. Filtered means that a rewall, lter, or other network obstacle is covering the port and preventing nmap from determining whether the port is open. Unltered means that the port is known by nmap to be closed and no rewall/lter seems to be interfering with nmaps attempts to determine this. Unltered ports are the common case and are only shown when most of the scanned ports are in the ltered state. Depending on options used, nmap may also report the following characteristics of the remote host: OS in use, TCP sequencability, usernames running the programs which have bound to each port, the DNS name, whether the host is a smurf address, and a few others.

xxii

Internet Security

3.2

Scanning Exercise
To use nmap and netcat

Notes. . . Scan some machine(s) in the network, and identify what operating system it is running, and what network services they offer. The man page may be helpful.

xxiii

Chapter 4 Mapping out a network

xxiv

Internet Security

4.1

Some Common Protocols

SMTP POP3 IMAP telnet HTTP

Notes. . . Most of these standard protocols are text-based, and can be accessed using an ordinary telnet program. They often give away version numbers when you work on them with low-level tools.
telnet jayanya.ifost.org.au smtp 220 jayanya.ifost.org.au ESMTP Sendmail 8.9.3/8.9.3; Wed, 26 Jul 2000 18:52:51 +1000 HELO mail.golf.com 250 jayanya.ifost.org.au Hello mail.golf.com [172.1.2.3] (may be forged), pleased to meet you MAIL FROM: tiger.woods@golf.com 250 tiger.woods@golf.com... Sender ok RCPT TO: gregb@jayanya.ifost.org.au 250 gregb@jayanya.ifost.org.au... Recipient ok DATA 354 Enter mail, end with . on a line by itself Subject: Hello Greg... Care for a game this afternoon? . 250 SAA04289 Message accepted for delivery QUIT 221 jayanya.ifost.org.au closing connection

xxv

Internet Security Proto SMTP POP3 HTTP Used for Commands E-mail HELO MAIL RCPT DATA QUIT VRFY EXPN E-mail USER PASS LIST RETR QUIT WWW GET /index.html

xxvi

Internet Security

4.2

Identifying vulnerabilities
Find out what computers there are Find out what services there are Get any version numbers, see if there are known problems Try fuzzing

Notes. . . Finding what computers there are: 1. From DNS, get NS, MX and A records 2. Try host -a domain in case they allow zone transfers 3. Try www.netcraft.com and search for other websites in that domain 4. Send an email to someone in the domain (or just aim for a bounce message) and look at the Received from headers. This can help nd mail servers even if their primary MX is ltered through a third party virus and spam lter. 5. Do a broadcast ping on each network 6. Try whois ipaddress and look for the inetnum eld, which should be the whole netblock that IP address came from. 7. Do a traceroute on some addresses you know about and see what ISP they use. Then try one address below and one address above and see if it goes through the same port on the same router (suggesting that they are on the same site for the same organisation). Keep going until you run into something that is denitely someone elses network. 8. nmap -O -sV 9. If you have IPv6, try ping6 -a with any of the a, A, c, l, s, g, which might turn up some IPv4 addresses as well. xxvii

Internet Security 10. Use snmpwalk, and look for atTable.afEntry.atNetAddress ipAddrEntry, ipAdEntAddr (assuming you can guess a community name). 11. Try asking someone in the organisation. To remotely nd out what software is installed, and what their version numbers are: 1. Most mail servers identify their version when you rst connect 2. If its sendmail, VRFY root, try other users 3. Identify web server version from the HTTP header also look for headers for application servers, PHP and mod perl, and any other third party component. 4. News servers (if there are any) often give their vendor and version number when you connect to them 5. Send spurious web requests to any web-based applications, and compare the error messages with posts on mailing lists for that application. 6. Identify any other server software version. Often its as simple as looking for an about eld. 7. You might get the installed software from snmpwalk communityname system 8. Try asking someone in the organisation. There may well be a canonical list if they have been following ITIL practices. 9. If you are looking at desktops, the organisation might be running a network management tool which might be able to report this information immediately. There are many lists of security vulnerabilities: http://www.securityfocus.com/bid has a quite comprehensive list xxviii

Internet Security CERT (www.cert.org) used to be useful, but is now usually far too out-of-date The SANS newsletters http://www.sans.org/newsletters/ The vendors web page. Fuzzing can sometimes nd problems in bespoke software which hasnt been subjected to a rigorous security review. Simply put, whenever there is the possibility of input somewhere, send long streams of random data. Nulls, apostrophes, invalid unicode characters are all good candidates. Odd error messages, services crashing, half-nished web pages or other out-of-the-norm activity suggests that the software may be vulnerable to buffer over-runs or term-injection (e.g. SQL injection).

xxix

Internet Security

4.3

Exercise

To see what you can nd out Notes. . . Pretend you have never seen this network before. Map out as much of it as you can, and identify what software is running.

xxx

Internet Security

4.4

nessus
www.nessus.org Tests a large number of security aws Can quite easily crash the target system Has plugins (*.nasl les) updated regularly

Notes. . .

From the man page The Nessus Security Scanner is a security auditing tool made up of two parts: a server, and a client. The server, nessusd(8) is in charge of the attacks, whereas the client nessus provides an interface to the user. It comes in two avours, with and without GUI (grephical user interface) support. As an X11 client, nessus is based on the Gimp ToolKit (GTK) and needs no arguments upon start up.

xxxi

Internet Security

4.5

sara
www-arc.com/sara Based on SATAN Performs a large number of tests.

Notes. . .

From the introductory documents

What is SARA?
SARA is the Security Auditors Research Assistant. It is a derved work of SATAN (Security Administrator Tool for Analyzing Networks) developed by Dan Farmer and Wietse Venema. SATAN can be found at www.porcupine.org/satan. It enhances SATAN by providing 1. an improved user interface, 2. up to date vulnerability tests, and 3. a commercially supported product, SARA Pro. The SARA developers cannot emphasize enough that without the SATAN foundation, SARA would not exist. SATAN is the basis of the security engine, program architecture, and documentation. In its simplest (and default) mode, it gathers as much information about remote hosts and networks as possible by examining such network services as nger, NFS, NIS, ftp and tftp, rexd, and other services. The information gathered includes the presence of various network information services as well as potential security aws usually in the form of incorrectly setup or congured network services, well-known bugs in system or network utilities, or poor or ignorant policy decisions. It can then either report on this data or use a simple rule-based system to investigate any potential security problems. Users can then examine, query, and analyze the output with an HTML browser, such as Mosaic or Netscape. xxxii

Internet Security While the program is primarily geared towards analyzing the security implications of the results, a great deal of general network information can be gained when using the tool - network topology, network services running, types of hardware and software being used on the network, etc. However, the real power of SARA comes into play when used in exploratory mode. Based on the initial data collection and a user congurable ruleset, it will examine the avenues of trust and dependency and iterate further data collection runs over secondary hosts. This not only allows the user to analyze her or his own network or hosts, but also to examine the real implications inherent in network trust and services and help them make reasonably educated decisions about the security level of the systems involved.

xxxiii

Internet Security

4.6

nessus and sara exercise

To see nessus in action To see sara in action

Notes. . .

If nessus is not already compiled, compile it. You may need the gtk and glib libraries for HP-UX these can be found at hpux.cs.utah.edu and installed with swinstall. Run nessus-adduser. When asked for rules, just put default accept on a line on its own. Run nessusd -D If you have a graphical terminal: Start up the nessus interface Click on login Select a target, and start the attack If you dont have a graphical terminal: Run nessus server port username targets output server should be the name of the machine you ran nessus -D on; the port defaults to 1241; username is the username you specied before; targets is a plain text le listing computers one to a line; output is the le you want the output to go into. This will take some time, often 20-30 minutes or even longer. There appears to be no way of getting it to report its progress on the command line. The output will be in .nsr format, which is vaguely readable. If run with the -T option, other formats can be generated. xxxiv

Internet Security If you have the ANSI C compiler or gcc on your HP-UX system, you should be able to compile sara. Simply type make hpux. When it is nished, run ./sara. . . this should start up netscape viewing a funny port number.

xxxv

Internet Security

4.7

How to protect yourself

Keep up-to-date Shut down anything unnecessary

Notes. . . There are no magic tricks, crackers are probably working with the same information that you have available to you. When a security vulnerability is announced, x it immediately, and no cracker will have a chance to exploit it. You can make your job easier by shutting down unnecessary services. See section ??.

xxxvi

Chapter 5 Minimum levels of sanity

xxxvii

Internet Security

5.1

Network snifng

Snifng Picking up other computers trafc as it is broadcast on ethernet Switch spoong Forcing a switch to send you other computers data Notes. . . Hubbed, bridged or single-wire segments are easy to sniff. Most ethernet cards can be put into promiscuous mode which lets them receive all packets, regardless of whether they are destined for this computer or not. This is fun, because most common protocols send secret passwords as plain text (!) which can be sniffed. Here are a few programs that do this: telnet ftp Any web browser using HTTP Any mail client using POP or IMAP (which is nearly everything) Any network management system using SNMP (nearly everything) CVS Most instant messaging systems Meeting Maker Citrix ICA, Symantec pcAnywhere Oracle SQL*Net, Sybase and Microsoft SQL Server xxxviii

Internet Security Theres a common misconception that switched networks arent vulnerable to this. They are, but it is harder. There are two techniques: rst try faking packets from an absurd number of source MAC addresses, which cause a switch to run out of memory and fall back to being a hub; or by switch spoong. The sequence is complicated. 1. Find out the MAC address of the machine you want to intercept trafc to. Lets call it 11.12.13.14 with MAC address 0x123456789a 2. Pick another MAC address that is not being used. Say 0x5555544444. 3. Send an ARP ush broadcast (alert other systems that a failover has taken place, and that a new system is providing the for 11.12.13.14. 4. Other systems who need to send data will then have to rerequest. You then immediately respond by announcing that the new MAC address is 0x5555544444. Of course your victim will also respond, but if youre quick, youll get in rst. Repeat this whenever any computer does an ARP request broadcast. If youre too slow, just got back to step 3, and try again. Eventually 11.12.13.14 will have a busy period, and youll be able to get in rst. 5. You will now receive trafc for that address. Record it, and then strip off the header saying 0x5555544444 and replace it with a header saying 0x123456789a, and the victim will be none the wiser. Note that there is no reason why you cant do this against the entire network simultaneously. You will be noticed by a network management tool doing a periodic conguration check suddenly several machines will have changed MAC addresses, which would be cause for alarm. But used sparingly and with a regular reset back to the real values, theres a reasonable chance that such a ploy can remain undetected for a long time.

xxxix

Internet Security

5.2

ngrep
Among many network sniffers, ngrep is one of the simplest. Download it from http://www.packetfactory.net/Projects/ngrep/

Notes. . . Heres a simple way to get passwords from telnet users anywhere on your network ngrep port 23. dsniff by Dug Song (www.monkey.org/ dugsong/dsniff is a very much more sophisticated sniffer, and can decode passwords from IMAP, POP, telnet and a variety of other protocols. From the ngrep man page ngrep strives to provide most of GNU greps common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular expressions to match against data payloads of packets. It currently recognizes TCP and UDP across ethernet, ppp and slip interfaces, and understands bpf lter logic in the same fashion as more common packet snifng tools, such as tcpdump(8) and snoop(1). (Or nettl on HP-UX).

xl

Internet Security

5.3

ssh
Encrypts all login trafc Encrypts and simplies remote X-windows trafc Can do port forwarding Can do copying and remote execution www.openssh.com

Notes. . . OpenSSH is under a very free license. There is also a commercial equivalent, (confusingly called just SSH) from DataFellows (www.ssh.fi). There are links on the OpenSSH web site for secure shell clients for MS-Windows, MacOS and Java.

Teraterm Pro with the TTSSH extension is the most common for MS-Windows desktops to use SSH. Its free. Visit hp.vector.co.jp/authors/VA002416/ and www.zip.com.au/roca/ttssh.html . Download it, use it, and turn off telnet as soon as you can.

xli

Internet Security

5.4

TCP/IP Security Exercises

To see some TCP/IP protocol problems and xes

Notes. . .

1. telnet from one system to another 2. ssh from one system to another 3. On a third computer, run ngrep port 23 to watch all trafc on the network on port 23 (the telnet port number). Can you see anyone logging in, and giving their password? 4. Again, run ngrep port 22 to watch all ssh trafc. Can you make out anything at all?

xlii

Chapter 6 More fun with ssh

xliii

Internet Security

6.1

Replacing r* commands
r* command s* command remsh / rsh ssh rlogin slogin rcp scp

Notes. . . And all the other arguments are the same. . . . Note that remsh and rcp will only work if .rhosts is set up; secure shell will just ask for a password.

xliv

Internet Security

6.2

Going password-less
sshd checks the target users home directory for .ssh/authorized keys ssh checks the .ssh/identity source home directory for

If an public key in authorized keys matches the private key in identity, no login is required Notes. . . Setting this up is quite straightforward. The program that does all the magic is ssh-keygen. There are many options to it (read the man page), but if you run it with no arguments, it will create: 1. .ssh/identity 2. .ssh/identity.pub You will be asked for a le name to store it in (the default is the les above). You will then be asked for a pass-phrase. You dont need to give one (just press return). If you want to add a pass-phrase later you can do so with ssh-keygen -l (which can also change a pass-phrased identity into a non-pass-phrased). The .ssh/identity.pub le is a single-line, plain text le. (The following is spread out over multiple lines for readability.

1024 35 1460382080852295179426933454708 250768573286057954897008764048562 268860578538159683162040288584340939787 2341682715452896840404274801742254 183943516979414013456015981186483651934 2927402562129860396276091337941355 065194248915227916485012840512348309633 0269258076489080430619362053279940 55941 gregb@my.computer.ifost.org.au

Append that line onto the .ssh/authorized keys le of any account you wish to log in to. xlv

Internet Security e.g.

ssh other.ifost.org.au cat >> .ssh/authorized keys < .ssh/identity.pub

xlvi

Internet Security

6.3

Front-end passwords
If you have a pass-phrase, you will be asked for it every time . . . unless SSH AUTH SOCK and SSH AGENT PID are set The ssh-agent holds the passphrase

Notes. . .

From the ssh-agent man page The idea is that the agent is run in the users local PC, laptop, or ter- minal. Authentication data need not be stored on any other machine, and authentication passphrases never go over the network. However, the con- nection to the agent is forwarded over SSH remote logins, and the user can thus use the privileges given by the identities anywhere in the net- work in a secure way. If you do have a pass-phrase on your identity, you will be asked for it every time you perform any kind of s* command. This is most annoying. So you start a single ssh-agent and all your ssh processes can communicate with it. If run with no arguments, ssh-agent will do two things: 1. Fork into the background 2. Print out shell commands Here is the output from running ssh-agent: SSH AUTH SOCK=/tmp/ssh-PQV30761/agent.30761; export SSH AUTH SOCK; SSH AGENT PID=27189; export SSH AGENT PID; echo Agent pid 27189; xlvii

Internet Security We need make sure all those variables are set for the remainder of our login session, so we do it during login. In your .xsession, .dtprofile, .profile or .bash profile (whatever is appropriate), but the following two lines: eval $(ssh-agent) ssh-add

From the ssh-add man page ssh-add adds RSA or DSA identities to the authentication agent, ssh- agent(1). When run without arguments, it adds the le $HOME/.ssh/identity. Alternative le names can be given on the command line. If any le requires a passphrase, ssh-add asks for the passphrase from the user. ... If ssh-add needs a passphrase, it will read the passphrase from the current terminal if it was run from a terminal. If ssh-add does not have a terminal associated with it but DISPLAY and SSH ASKPASS are set, it will execute the program specied by SSH ASKPASS and open an X11 window to read the passphrase. This is particularly useful when calling ssh-add from a .Xsession or related script. (Note that on some machines it may be necessary to redirect the input from /dev/null to make this work.) (Which neglects to mention that if $SSH ASKPASS is not set, but $DISPLAY is, that is will use the path to ssh-askpass that was compiled in. This is a graphical pass-phrase reader.)

xlviii

Internet Security

6.4

X-windows forwarding

X-windows connections are forwarded if sshd config has X11Forwarding yes and. . . ssh config has ForwardX11 yes or the user uses ssh -X Notes. . . How it works the DISPLAY environment variable gets set on the target host to being something unusual (e.g. target:10). The sshd then makes a fake tiny X-server listening on service :10, which it encrypts and sends back to the source system. The source system then pretends to be an ordinary X-windows program, and displays them graphically. No more need for xhost + insecure! No more need for xauth complicated! No problems running X-windows programs through a masquerading rewall!

xlix

Internet Security

6.5

Port forwarding
Any TCP service can be forwarded Securely connect to a POP server Securely gateway connections to another

Notes. . . This is best explained by examples: ssh -L5110:localhost:110 mailserver sleep 45 Set up a tunnel so that when I point my mail reader to my own computer on port 5110, that it will be tunnelled to mailserver, where it will become a connection to localhost (on the mailserver) to port 110. Since there is no way of snifng trafc at either end, I can send passwords as plain text without fear. ssh -g -R5023:myserver:23 firewall sleep 86400 Make something listen on the computer called rewall on port 5023. The -g option allows anyone to connect to it. When someone does, there will be a connection established from where I ran ssh to the computer called myserver (in my network) on port 23. i.e. This could be put into a cronjob to connect to a branch ofce so that they could use telnet across the greater internet to get into the ofce computers.

Internet Security

6.6

Exercises
1. Set up your SSH identity. Experiment. 2. Modify your passphrase, and set up ssh-agent 3. Test out running X-windows programs remotely. 4. (Bonus) Remove your servers identity (usually /etc/ssh host*key). Restart the server. What happens when you next login?

Notes. . . The last exercise shows how secure shell protects against man-inthe-middle attacks and other such similar tricks.

li

Chapter 7 Secure Sockets Layer Web Servers

lii

Internet Security

7.1

Background
Developed by Netscape, now an RFC Secures the connection against eavesdropping Does not secure the server

Notes. . .

liii

Internet Security

7.2

How does HTTPS work?

Client connects, Systems exchange fresh public keys Systems agree on a symmetric (fast) protocol (e.g. 3DES) Server presents certicate Client accepts or rejects (Client presents certicate)

Notes. . .

liv

Internet Security

7.3

OpenSSL
A library for developing applications with A program for managing keys and certicates openssl action ... Often openssl action -in . . . -out . . .

Notes. . . OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) network protocols and related cryptography standards required by them. The openssl program is a command line tool for using the various cryptography functions of OpenSSLs crypto library from the shell. It can be used for Creation of RSA, DH and DSA key parameters Creation of X.509 certicates, CSRs and CRLs Calculation of Message Digests Encryption and Decryption with Ciphers SSL/TLS Client and Server Tests Handling of S/MIME signed or encrypted mail

lv

Internet Security

7.4

Terms

Certicate Request A document giving who I am information Key Some big semi-prime numbers in a le Certicate A certicate request signed by someone (maybe yourself) Notes. . .

lvi

Internet Security

7.5

Getting / Compiling Apache-SSL

Distributed as patches to Apache Requires OpenSSL to be already installed

Notes. . .

1. Download OpenSSL-0.9.6 from http://www.openssl.org/ 2. Download apache-1.3.19 from http://www.apache.org/ 3. Download apache-1.3.19+ssl1.42 from http://www.apache-ssl.org/

4. Download GNU patch from http://hpux.cs.utah.edu/hppd/hpux/Sysadmin/pat Install it. Set your PATH so that it gets found before /usr/bin/patch 5. gunzip -c apache-1.3.19.tar.gz tar -xvf 6. cd apache-1.3.19.tar.gz 7. gunzip -c ../apache-1.3.19+ssl-1.42.tar.gz tar -xvf 8. ./FixPatch /opt/openssl 9. ./congure prex=/opt/apache 10. make 11. make install 12. cd src 13. vi Makefile For some reason, the conguration is a little bit wonky. SSL APP isnt set correctly. Set it to be /opt/openssl/lib/openssl 14. ln -s /opt/apache/conf/httpsd.conf /opt/apache/conf/httpd.conf

lvii

Internet Security

7.6

Conguring Apache+SSL
Get some randomness. Shake well. openssl req -new > mycompany.csr openssl rsa -in privkey.pem -out mycompany.key openssl x509 -in mycompany.csr -out mycompany.cert -req -signkey mycompany.key -days 365

Notes. . .

1. PATH=/opt/openssl/lib 2. Set up the random seed le. Replace Garbage characters with some random junk. echo "Garbagecharacters" > $HOME/.rnd 3. Create the SSL key and request: openssl req -new > mycompany.csr You will destroy the passphrase in the next step; answer the questions appropriately. For common name, put in the name of your server, e.g. www.myco.com 4. Step two - remove the passphrase from the key (optional): openssl rsa -in privkey.pem -out mycompany.key 5. Convert the request into signed certicate: openssl x509 -in mycompany.csr -out mycompany.cert -req -signkey mycompany.key -days 365 6. mkdir /opt/apache/certicates 7. mv *.cert *.key /opt/apache/certicates 8. Edit httpsd.conf, and add uncomment the lines for SSLCerticateFile (the .cert le) and SSLCerticateKeyFile (the .key le): lviii

Internet Security 9. Try it out! Run /opt/apache/bin/httpsd 10. Visit https://your-server/

lix

Internet Security

7.7

Why does the browser still complain?

Your .csr le is just what you put in? Why should anyone believe you? So get your .csr signed by someone else

Notes. . . You send the .csr le to a certicate authority. (This could be your neighbour if you wish, but Thwaite or Verisign might be more trustworthy). They will then vouch for the accuracy of the entries in the .csr le. And if the browser is congured to trust certicates signed by that certicate authority, then the browser can be condent of your .csr le. Assuming the certicate authority is using OpenSSL (which they probably are), and assuming they have got their key in my.CA.key and their certicate in my.CA.cert, they would take your .csr and run: openssl x509 -req -in mycompany.csr -out mycompany.cert signkey my.CA.key -CA my.CA.cert -CAkey my.CA.key -CAcreateserial -days 365 (Bold font is just for readability.) This produces a le called mycompany.cert, which they will send back to you. You can now replace the old self-signed mycompany.cert that you had before with this one signed by a reputable authority. The authoritys .cert le is public knowledge (as are all .cert les, so grab a copy of that as well, and put the following lines in httpsd.conf: SSLCACerticateFile /path/to/certs/my.CA.cert SSLVerifyClient 2

lx

Internet Security

7.8

Other things to know

Session cache openssl man pages

Notes. . . The session cache option was set in the httpsd.conf. SSL uses a session key to secure each connection. When the connection starts, certicates are checked and a new session key is agreed between the client and server (note that because of the joys of public key encryption, this new key is only known to the client and server). This is a time-consuming process, so Apache-SSL and the client can conspire to improve the situation by reusing session keys. Unfortunately, since Apache uses a multiprocess execution model, theres no guarantee that the next connection from the client will use the same instance of the server. In fact, it is rather unlikely. Thus, it is necessary to store session information in a cache that is accessible to all the instances of Apache-SSL. This is the function of the gcache program. It is controlled by the SSLCacheServerPath, SSLCacheServerPort, and SSLSessionCacheTimeout directives. The OpenSSL man pages are structured strangely. If you want to know about what you can put after beginning the command openssl x509, look in the x509 man page. You will probably need to congure your MANPATH or /etc/man.conf to nd this.

lxi

Chapter 8 Firewalls

lxii

Internet Security

8.1

HP-UX Instructions

Its a little complicated. . .

Notes. . . You will need HP-UX 11 with patch bundle December 1998, 99OP, or 11.ACE. Before proceeding, if you already have a version of IP Filter installed on your system, remove it with kminstall -d ipf and then use swremove to remove the installed base. The rst step is to install PHNE 22397. (Additional note: which has been obsoleted. Most recently patched systems will have this patch or its successor.) After this, you MUST reboot so that the new kernel is in place when you proceed to install later components. Next, you need to download and install pl. This is a STREAMS interface for packet ltering that removes the need for packet ltering code to be written as a STREAMS module. This can be downloaded from ftp://coombs.anu.edu.au/pub/net/ip-filter/pfil-1.11.tar.gz. Unpack this and type make in the pl directory. Once compelte, type make install to kick off the installation. Having got this far, you now need to download the latest IP Filter package and compile/install that. The source code for IP Filter can be obtained from: http://coombs.anu.edu.au/avalon/ip fil4.0alpha18.tar.gz. This should be unpacked into the same directory as pl is. The directory layout will look like this: /directory/ip fil4.0alpha18 /directory/pfil (Additional note: that it, you will need to make a symbolic link to pl-1.11). lxiii

Internet Security This complete, do a make hpux in the ip l4.0alpha18 directory, followed by a make install-hpux. You will need to reboot for it to become active. (Additional note: if you get an error unable to include ip trafcon.h in parse.c, simply delete the offending line.) (Additional note: you will be asked at the end to run swinstall -s /var/spool/sw/IPF.v4.0a.depot -x reinstall=true IPF-RUN. I have no idea whether this is necessary or not. I did it.)

lxiv

Internet Security

8.2

How to use it
Examples are in /opt/ipf/examples Man pages are in /opt/ipf/man Conguration les in /etc/opt/ipf

Notes. . . Note that it does not start up by default, since there are no symlinks into the run-script directories. Quick start guide: 1. Put some lines into /etc/opt/ipf/ipf.conf such as block in on lan0 from any to any port = 23 block in on lan0 proto icmp from any to any 2. Run /sbin/init.d/ipfboot start 3. Explore the examples in sequential order 4. Make changes to your cong les. Check that all works correctly with /sbin/init.d/ipfboot stop ; /sbin/init.d/ipfboot start (There are better ways, but this will always work!)

lxv

Internet Security

8.3

Exercise
1. Make your system un-ping-able 2. Stop your neighbour from reaching you with telnet or ssh 3. If your system has two interfaces, enable masquerading

Notes. . . To do these, you will need ipf installed and working.

lxvi

Chapter 9 Pretty Good Privacy

lxvii

Internet Security

9.1

What is PGP?
The most widely used email encryption software Digital signature technology A way of keeping a document secret A web of user identications

Notes. . .

lxviii

Internet Security

9.2

Where do I get it?

Network Associates (commercial version) www.PGPi.org (international freeware) www.gnupg.org (GNU Public License)

Notes. . . We will be talking about the GNU Privacy Guard version as it is actively maintained, and freely available. It is available for MSWindows and most versions of Unix.

lxix

Internet Security

9.3

Very rst
Create a key gpg --gen-key

Notes. . . The rst time you run it, it will fail, but it will create a .gnupg directory in your home directory. When you run it again, you wil be asked several questions: What sort of key? (sign only, sign and encrypt). If you are likely to have your encryption key subpoenaed (e.g. to unencrypt documents for a court case or police investigation), you might want to separate out your signature and encryption keys. Normally you can use the defaults. What encryption key size to use? (768, 1024, 2048 You can choose others.) The default, 1024, should be sufcient for almost any purpose. If you are wanting to archive something for a few decades (until the advent of quantum computing), you might want to go higher. How long will it be valid for? Up to you. You can revoke a key later, so theres no particular reason not to have a good couple of years of life in a key. Your identity name, email address, comment. If you are known regularly by a nickname, the comment is a good place to store it. Leaving the comment blank is common. A passphrase. It will then generate a random private and public key pair. Some versions of Unix support a /dev/random device which it will use otherwise it will just use a pseudo-random number generator. lxx

Internet Security To create good random numbers for the key parameters, GnuPG needs to gather enough noise (entropy) from your system. If you see no progress during key generation you should start some other activities such as mouse moves or hitting on the CTRL and SHIFT keys. Generate a key ONLY on a machine where you have direct physical access dont do it over the network or on a machine used also by others - especially if you have no access to the root account. When you are asked for a passphrase use a good one which you can easy remember. Dont make the passphrase too long because you have to type it for every decryption or signing; but, AND THIS IS VERY IMPORTANT use a good one that is not easily to guess because the security of the whole system relies on your secret key and the passphrase that protects it when someone gains access to your secret keyring. A good way to select a passphrase is to gure out a short nonsense sentence which makes some sense for you and modify it by inserting extra spaces, non-letters and changing the case of some characters - this is really easy to remember especially if you associate some pictures with it.

lxxi

Internet Security

9.4

The second thing to do

gpg gen-revoke your user id

Notes. . . By the way, whenever gpg asks for a user id, it can be expressed as an email, ordinary name, 8-hex-digit key or a minimal match for any of these. You can see them with gpg --list-keys. You should create a revocation certicate in case someone gets knowledge of your secret key or you forgot your passphrase gpg --gen-revoke your user id | lp Run this command and store the revocation certicate away. The output is always ASCII armored, so that you can print it and (hopefully never) re-create it if your electronic media fails. Keep in mind that anyone getting hold of this can make a nuisance of themselves by revoking your certicate for you.

lxxii

Internet Security

9.5

Sharing with others

Theres not much point unless you can share with others. . . gpg --export --armor > file.yourname gpg --import file.someone-else Notes. . . Now to exchange your public key put it into a le somewhere: gpg --export --armor > file.yourname And the other person can then import that to their keyring with gpg --import file.someone-else

lxxiii

Internet Security

9.6

Exercise

To start Notes. . .

1. Install GnuPG 2. Create your public-private keypair 3. Export your public key and put it somewhere for everyone else 4. Collect all the les that everyone else in the class has generated, and import them one by one.

lxxiv

Internet Security

9.7

Verifying things

gpg --fingerprint Notes. . . Because anyone can claim that a public key belongs to her we must have some way to check that a public key really belongs to the owner. This can be achieved by comparing the key during a phone call. Sure, it is not very easy to compare a binary le by reading the complete hex dump of the le - GnuPG (and nearly every other program used for management of cryptographic keys) provides other solutions. gpg --fingerprint username prints the so called ngerprint of the given username which is a sequence of hex bytes (which you may have noticed in mail sigs or on business cards) that uniquely identies the public key - different keys will always have different ngerprints. It is easy to compare ngerprints by phone and I suggest that you print your ngerprint on the back of your business card. To see the ngerprints of the secondary keys, you can give the command twice; but this is normally not needed. Heres mine by the way, you can see it on the bottom of my business card. greg.baker@ifost.org.au 46D9 518A 5B68 5665 42B3 FAE2 E54E CE5A 5A39 51C7

lxxv

Internet Security

9.8

Assert your condence

Just importing a key doesnt make it right. gpg --edit-key their user id Notes. . . If you are condent that a public key does belong to a particular person, you will need to tell gpg that it is safe and reliable to use that key for that person. Run gpg --edit-key their@email.address (or any other user handle you have for them. You will end up interacting with a funny menu. Locally sign their key by typing lsign. When this is done, save the result.

lxxvi

Internet Security

9.9

Actually using it
gpg armor encrypt sign recipient their user id leto-encrypt gpg decrypt le

Notes. . . The --armor option keeps things as ASCII text. There will be a le created called le-to-encrypt.asc. It should look something like this:
-----BEGIN PGP MESSAGE----Version: Comment: GnuPG v1.0.5 (OpenBSD) For info see http://www.gnupg.org

hQIOAwWI0D/ykGGjEAf9ELITEBsNGdWLF+XHfmwcAS1KYbrgTb4CQ6Ou19WrfPc1 nn+OyeKKEC1vi5Ta3COZOAz/PYz3kzgW9rbA3+B0kSGoFdjWeHhCyOpM/qk5o/xj uABFkFc1BZ8IjZu5E0gmK0AzIFHcb5MQ5wcCoWUeBKLfMpU9ZWgwSo7sR46oI914 oqp/8QtrET0mLaFIwV1XMR+LKakZ9FGiWm+1TYJsXFugI5m6pirTn3hbaT2VLoWs tsOXUR/fcV5rSpt7ah6Rpxvg65jsauEYFHquWnyd1mkY8xdXNGonAchxTzjqYKvw 4Xk0mpzzbaKC71cLoXgg/cc0L7C+soDofKVuYbUX4wf+O9kmzHF8RMK9lqucMBSK FseT/E/8LjHZxt9LUB6cSS9a38N+AEk6AX6WStKIIWMjXlnBT7zyHwW5Lxk1/E0w e9Gqh+v1stUrf9xskkkgKwS5+Dc0k95OvuYCZbHrOLkZtzsSpajumHVqBn3HavcZ OVeFQHqQEfAGiPQO3I2zgO4cuVsalVwoNm+eIeoHl+1a8Lv3eqdCqQwiDClJ6YZl bz+gpmqZY4fmQdc0+SIK5rmxqZRU83nqdf6LYhFJRiS/Xs1Y9B2TQwwQ/Y04dhXB C0uWp+1A1WEC6xTzADOaehwlczuQLjY6AYrS0EkrvRqQ5ScER5JkFxKwY3lGSllr PdKZAX1iPRqreT0JgxPddeSfQFB2YEW/2jwU0Mr5RXp4VT9FSL6jrtTngMhouOSS OCKp1d9ueu2L4uqocD4Lc9PVzJe27Xq77pdLfEyNvgVmY5v9LWBB48iNHnPxxzYv UFEbeWC+G6q7m0UmZJVttUWamzDea6/sWXLFgrEaaGisTyDvvTN12guJhbsQgDrj 81zcdQxbT3O5q9Ff =j7u3 -----END PGP MESSAGE-----

lxxvii

Internet Security

9.10

Exercise

To see the effects of locally signed addresses. Notes. . .

1. Pick a user on your keychain. Write a short little note to them, and encrypt it using their public key. You will be asked for your passphrase, and also be warned that there is no path of trust to them. 2. Give the resultant .asc le to them. (Perhaps via email). 3. Your partner will have given you a .asc le. Decrypt it. 4. Now go and talk to them and conrm that when you do gpg --fingerprint of their key that it gives the same ngerprint that they have for their key. 5. If there is some doubt, get them to give you a new export of their public key. If youre happy, locally sign their key (gpg --edit-key, then lsign). 6. Now send them another message. You wont be asked about the path of trust this time.

lxxviii

Internet Security

9.11

Other things
gpg --export-secret-keys > my-private-key gpg --import private-key

Notes. . . If you are moving between identical versions of PGP software, or ones that are otherwise compatible, you could just copy your .gnupg directory. But if you want to keep the same key on another platform, or using different software, you may need to export them. Obviously, keep the le very carefully!

lxxix

Internet Security

9.12

Too painful!

There are front-ends to email systems that use GPG. XFMail Kmail mutt ... Notes. . . And an interesting little project is www.winpt.org, which is a GPG entry into the MS-Windows taskbar.

lxxx

Internet Security

9.13

What else?
Introducers

Notes. . .

From the GPG documentation If you dont know the owner of the public key you are in trouble. Suppose however that friend of yours knows someone who knows someone who has met the owner of the public key at some computer conference. Suppose that all the people between you and the public key holder may now act as introducers to you. Introducers signing keys thereby certify that they know the owner of the keys they sign. If you then trust all the introducers to have correctly signed other keys, you can be be sure that the other key really belongs to the one who claims to own it.. There are 2 steps to validate a key: 1. First check that there is a complete chain of signed keys from the public key you want to use and your key and verify each signature. 2. Make sure that you have full trust in the certicates of all the introduces between the public key holder and you. Step 2 is the more complicated part because there is no easy way for a computer to decide who is trustworthy and who is not. GnuPG leaves this decision to you and will ask you for a trust value (here also referenced as the owner-trust of a key) for every key needed to check the chain of certicates. You may choose from: I dont know - then it is not possible to use any of the chains of certicates, in which this key is used as an introducer, to validate the target key. Use this if you dont know the introducer. lxxxi

Internet Security I do not trust - Use this if you know that the introducer does not do a good job in certifying other keys. The effect is the same as with a) but for a) you may later want to change the value because you got new information about this introducer. I trust marginally - Use this if you assume that the introducer knows what he is doing. Together with some other marginally trusted keys, GnuPG validates the target key then as good. I fully trust - Use this if you really know that this introducer does a good job when certifying other keys. If all the introducer are of this trust value, GnuPG normally needs only one chain of signatures to validate a target key okay. (But this may be adjusted with the help of some options). This information is condential because it gives your personal opinion on the trustworthiness of someone else. Therefore this data is not stored in the keyring but in the trustdb (/.gnupg/trustdb.gpg). Do not assign a high trust value just because the introducer is a friend of yours - decide how well she understands the implications of key signatures and you may want to tell her more about public key cryptography so you can later change the trust value you assigned. Okay, here is how GnuPG helps you with key management. Most stuff is done with the edit-key command gpg --edit-key keyid-or-username GnuPG displays some information about the key and then prompts for a command (enter help to see a list of commands and see the man page for a more detailed explanation). To sign a key you select the user ID you want to sign by entering the number that is displayed in the leftmost column (or do nothing if the key has only one user ID) and then enter the command sign and follow all the prompts. When you are ready, give the command save (or use quit to cancel your actions). If you want to sign the key with another of your user IDs, you must give an -u option on the command line together with the editkey. lxxxii

Internet Security Normally you want to sign only one user ID because GnuPG uses only one and this keeps the public key certicate small. Because such key signatures are very important you should make sure that the signatories of your key sign a user ID which is very likely to stay for a long time - choose one with an email address you have full control of or do not enter an email address at all. In future GnuPG will have a way to tell which user ID is the one with an email address you prefer - because you have no signatures on this email address it is easy to change this address. Remember, your signatories sign your public key (the primary one) together with one of your user IDs - so it is not possible to change the user ID later without voiding all the signatures. Tip: If you hear about a key signing party on a computer conference join it because this is a very convenient way to get your key certied (But remember that signatures have nothing to to with the trust you assign to a key).

lxxxiii