The iLab Experience a blended learning hands-on course concept Final Lecture Marc-Oliver Pahl, Jul 25, 2017 you set the focus your exercise iLab 1+2 info event online • Tell your friends! • https://www.net.in.tum.de/teaching/ws1718/ilab_information.html 25.4. 2.5. 9.5. 16.5. 23.5. 30.5. 8.6. 13.6. 20.6. 27.6. 4.7. (11.7.) 18.7. 25.7. , your exercise , Mini Lab Lectures IPv6 - part II Kick Off, Mini Labs, IPv6 - part Kick Off, I MiniLabs, BGP Mad Brainstorming Exercise Your Playground Advanced Wireless and Voting Presentation YE Topic Modern Cryptography Security Holes World-Wide-Web DIY1 - Smart Space HW DIY2 - Smart Space SW YE Didactics and Techniques YE 1st Lecture Giving good Feedback YE Review Presentation Wrap-Up YE Final Presentation, 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 IPv6 BGP Advanced WL SEC S2O 1 S2O 2 Your Exercise 2-3 mini labs summer term 2017 Introductory Lecture didactic concept | authoring tutorial | topic selection | assignment review teams ~2h Team Prepares Exercise ~30-35h slides for talk | prelab | lab | slides | tutor support * Internal Tests ~2h Student Run First Lecture Presentation presentation | feedback | quality alignment Revision Review ~20-25h Feedback review another team ~2h Received Feedback Pres. presentation | feedback | quality alignment Revising new lab ~20-25h updating learning material Somehow “Stable” ~2h Final Presentation how is it now | what did you change/ learn | your take home? wikimedia: Biser Todorov I give you some tools and experience and tools some you give I Learn from each other… Topic Brainstorming Result May 16, 2017 Topic Voting Event May 23, 2017 2017-07-04 First Lecture - What was good? What could be improved? 2017-07-04 Giving Feedback - What do you know about Feedback? 2017-07-04 Giving Feedback - What are your open Challenges? 2017-07-18 Review Reporting - What are your main Points for PreLab, Lab, and other aspects? Expected Artefacts Deadline X• 2 slide decks for your two • Week -5: • [Concept & Topic Madness] topic presentations (each • Prepare your 2x3 min talks talks one topic!) 22.5. Week -4: • [Topic Voting] Plan the structure and content of your lab, prelab, and lecture. • • 19.6. • Week 1: [Didactics & Techniques & Preparation] • Lecture Preparation (most relevant concepts?) • Prelab Preparation (detailing the lecture content + tools + more) • Slide deck lecture (2 talk!) • X Practical Part Lab Preparation (no cooking recipe) • 26.6. • Week 2+3: X• Ready PreLab, Lab • Work on your content. your exercise 11.7. X• Review report Week 4: Creation of Lecture, PreLab, Lab PreLab, of Lecture, Creation • • Review other team X• Slide on review feedback & • Get reviewed by other team planned improvements • Start improving based on the feedback 18.7. X• Final lecture slides • Week 5: peer grading peer • Improve your exercise based on the feedback XFinal PreLab, Lab, Peer Grade • 25.7. Revision • Week 6: • Finish your lab and the review reports. 30.7. Marc-Oliver Pahl 2017 http://www.utahcompose.com/sites/utahwrite/files/peer%20review%20kids.jpg The Peer Review You will grade your reviewed team. Your Final Lecture 15(+1) Minutes you set the focus The iLab Experience a blended learning hands-on course concept You make it interesting… Flickr:nist6dh Order of Presentations Team Topic 201 Email spoofing 202 War Rooms! 203 Hiding in plain sight Armin Baur & Moritz Kellermann EMAIL SPOOFING MY BANK NEEDS MY PASSWORD create your exercise create own 1 Motivation • Email Spoofing – My Bank needs my Password • Sender email address can be spoofed easily – People trust the sender address – Spam can be send on behalf of others • Messages can be manipulated 2 SMTP • Simple Mail Transfer Protocol (SMTP) • First RFC published August 1982 • Original design of SMTP has no facility to authenticate sender 3 SMTP MUA Mail User Agent MSA Mail Submission Agent MTA Mail Transmission Agent MDA Mail Delivery Agent 4 Email Header 5 Security Mechanisms • Sender Policy Framework (SPF) • DomainKeys Identifed Mail (DKIM) • Domain-based Message Authentication, Reporting and Conformance (DMARC) 6 SPF CC BY-SA 2.5: openspf.org • Checks that incoming mail from a domain comes from a host authorized by that domain • Authorizes hosts by IP addresses via DNS – TXT Resource Record – SPF Resource Record (obsolete) source.tld TXT= "v=spf1 ip4:192.0.2.0/24 mx a –all" 7 Spoofing MTA (Return-Path) 8 SPF 9 DKIM • Cryptographic signing of outgoing email • Prevents email manipulation • Public key is published via DNS – TXT Resource Record unknown._domainkey.source.tld TXT= "DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDeo/3jmZJii2wKBBpCiE 10 DMARC CC BY 3.0: dmarc.org • Prevents spoofing of email addresses • Requests reports about spoofed email • Publishes the DKIM signing policy of a domain – TXT Resource Record _dmarc.source.tld TXT= "v=DMARC1; p=reject;" 11 Spoofing Sender Email (From) 12 DMARC/DKIM 13 Lab • Analysing email headers • Spoofing MTA host address • Spoofing email address • Configure SPF, DKIM and DMARC 14 Teaser Practical Part (DNS) Switch Eve (MTA) Alice Bob (MTA + (MTA + MDA) MDA) 15 Order of Presentations Team Topic 201 Email spoofing 202 War Rooms! 203 Hiding in plain sight Andreas Janiak and Donika Mirdita WAR ROOMS! create your own your create exercise 1 What is War Rooms? Is inspired from the game over the wire, and was meant to learn and practice security concepts within a secure environment. The name was derived from the rooms = current pc and the battle against the system to win the victory file. http://overthewire.org 2 Motivation • Be comfortable working with the command line • Know how to debug and explore – Incomplete knowledge of networks – Handle unknown environments • Learn to use new tools • Improve skills with the old tools 3 Lecture Overview 1.IPv4/IPv6 Recap 2.Systemd-Networkd deamon 3.Linux tools 4.OverTheWire Demo 4 IPv4/IPv6 Recap Networks need to be able to interact with a variety of host configurations: • IPv4 and IPv6 compatibility • Dual Stack IPv4/IPv6 support • Gateway and Broadcast addresses • Routing for the Internet 5 Introduction to Systemd Linux service and system manager. • Runs as PID 1; starts the rest of the system • Enables control over daemons • Built-in daemons for logging and system configuration https://wiki.archlinux.org/index.php/systemd 6 Systemd Tools 1.Systemctl - manager for systemd 2.Journalctl - logging system 3.Systemd-networkd - network manager 4.Hostnamectl - system hostname manager 5.Services - Service Unit Configuration https://www.freedesktop.org/software/systemd/man/ 7 Linux tools • ssh, sshpass → secure shell • find → search data • grep → searches content • | → pipelines • nmap → network discovery and security tool 8 Over the wire demo Demo... 9 Teaser Practical Part 6 1 2 4 5 3 10 Order of Presentations Team Topic 201 Email spoofing 202 War Rooms! 203 Hiding in plain sight https://www.youtube.com/watch?v=4vlu8ld68fc https://www.youtube.com/watch?v=4vIu8ld68fc Hiding in plain sight plain in Hiding Schneider Yoav 2 create your own exercise Covert Channels De%nition How to encode and decode data Examples Detection and Prevention 3 Covert Channels „In computer security, a covert channel is a type of computer security attack that creates a capability to transfer information objects between processes that are not supposed to be allowed to communicate by the computer security policy” https://en.wikipedia.org/wiki/Covert_channel 4 Scenario Leak Data Control computers in a botnet Distribute Malware 5 „The Medium is the Message” Protokol Data Timing Physical Fan speed Blinking leds Marshall McLuhan, 1964 6 Source: https://en.wikipedia.org/wiki/File:Marshall_McLuhan.jpg „The Medium is the Message” Protokol Data Timing Physical Fan speed Blinking leds Source: https://en.wikipedia.org/wiki/File:Marshall_McLuhan.jpg 7 „The Medium is the Message” Protokol Data Timing Physical Fan speed Blinking leds 8 „The Medium is the Message” Protokol Data Timing Physical Fan speed Source (left): https://en.wikipedia.org/wiki/File:Benjamin_Franklin2_1895_Issue-1c.jpg Blinking leds Source (right): own work using: http://manytools.org/hacker-tools/steganography-encode-text-into-image/go 9 „The Medium is the Message” Printer Watermarks Source: https://pixabay.com/p-161063/?no_redirect 10 „The Medium is the Message” Protokol Source: https://en.wikipedia.org/wiki/Transmission_Control_Protocol 11 „The Medium is the Message” Example: Send “0x12345678” using the sourCe port 0x1234 Source: https://en.wikipedia.org/wiki/Transmission_Control_Protocol 12 „The Medium is the Message” Example: Send “0x12345678” using the sourCe port 0x5678 Source: https://en.wikipedia.org/wiki/Transmission_Control_Protocol 13 Detection Hard Pattern Based Anomally Based Source: https://upload.wikimedia.org/wikipedia/commons/c/cf/Binary_Code.jpg 14 Detection Hard Pattern Based Anomally Based Source: https://upload.wikimedia.org/wikipedia/commons/c/cf/Binary_Code.jpg 15 Prevention Software Isolation (VM) Air Gap, the ultimate defence? 16 The Following Learning Goals are Covered Lectu PreLa Lab in the re b Understand what covert channels are used for X X Learn about diEerent types of covert channels X X X Learn about some counter measures X X Introduce the packet manipulation tool scapy X X Create a covert channel with TCP Handshake X Bonus – Create a covert channel using DNS X 17 Source: https://en.wikipedia.org/wiki/File:FSB_Emblem.png Teaser Practical Part NSA FSB DNS Secret DB 18 Source: https://en.wikipedia.org/wiki/File:Seal_of_the_U.S._National_Security_Agency.svg