Cyber Defense Overview

Active Defense and Prevention: Proxy Servers, Configurations, VPN

John Franco Dept. Electrical Engineering and Computing Systems

Proxy Servers

An application-layer gateway Manages specific protocols such as ftp, http, BitTorrent Intercepts and analyses traffic Recognizes application-specific commands and applies controls, if necessary – in other words, adds visibility to application traffic Security policies are checked to determine disposition Enables some protocols to work through NAT - entry is on, say, one port, packet is mapped to normal port providing service ssh -D 8000 gauss.eccs.uc.edu provides a SOCKS (Socket Secure) proxy Implementation details can be hidden from outsiders

Proxy Servers Examples (in addition to SOCKS): Privoxy http://www.privoxy.org Open Source (GPL License) Non-caching web proxy with advanced filtering capabilities - Provides enhanced privacy - Modify web page data and HTTP headers - Control access - Remove ads and other obnoxious Internet junk. sudo apt-get install privoxy sudo /etc/init.d/privoxy start Firefox: http proxy ©localhost©, port 8118 http://config.privoxy.org http://www.privoxy.org/user-manual/ actions-file.html#ACTIONS /etc/privoxy/config, user.action Access Control/Security: http://.../user-manual/config.html Proxy Servers Examples (in addition to SOCKS): Squid http://www.squid-cache.org Open Source (GPL License) Caching and forwarding web proxy - Speeds up a web server by caching repeated requests - Has traffic filters, controls access - Security pitfalls: http://wiki.squid-cache.org/SquidFaq/ SecurityPitfalls - SANS security considerations https://www.sans.org/reading-room/ whitepapers/policyissues/Security- Considerations-squid-proxy-server-1048 - Configuration – look for ACL https://help.ubuntu.com/lts/serverguide/ squid.html

Proxy Servers Examples (in addition to SOCKS): Apache mod_proxy http://httpd.apache.org/docs/2.4/mod/mod_proxy.html Forward and reverse web proxy - Can decide to gather content from various sources to satisfy a query Security Tips http://httpd.apache.org/docs/2.4/misc/security_tips.html

Proxy Servers

Applications: Place an HTTPS proxy server in front of an HTTP server, gaining visibility on the encrypted network traffic without sacrificing confidentiality or authentication

Route user traffic through a central device to enable filtering and policies

Conceal the underlying organization of a system using URL "rewrite" rules

Add authentication in front of an application without exposing the auth system to application vulnerabilities

Configuration

Unix Configuration Guidelines http://www.cert.org/historical/tech_tips/ unix_configuration_guidelines.cfm Web Security Tips http://www.w3.org/Security/Faq/wwwsf3.html

OpenVPN

End-to-End Communication Security - Encrypted transmissions via OpenSSL - Authentication via certificates - Packet integrity via HMAC - Forward secrecy a compromised server private key can't be used to decrypt past communications - Can traverse NATed routers and firewalls