%title: Securing Network Traffic %author: [tj] tj@enoti.me %date: 2018-02-21 -> Who <- - Militant Internet Engineer, hacker, adventurist - Member of Aberdeen's hackerspace, [57northhacklab](57north.org.uk) - Research on Internet Protocols and APIs - Transport Features of UDP (RFC8304) - Transport Options for UDP (ietf-draft) - Path Layer Path MTU Discovery (ietf-draft) - FreeBSD Hacker - Loads of kernel networking code - Drivers for WiFi and other fun hardware - Run the network for [campgnd](campgnd.com) This talk has been written in markdown with vim and uses `mdp` for presentation. ASCII art has been 'borrowed' whenever possible. --- -> What? <- - The make up of the network - How we move stuff around - Securing traffic - Inspecting Traffic - Causing trouble --- -> Totally unbiased view of the Internet <- ___ ,'""""'. ,""" """"' `. ,' ,' `"""'. ,' .-""`. ,-' `. ,' ( ,' : ,' ,' __, `. ,""""' .' ;-. , ,' \ `"""". ,' `-( `._(_,' )_ `. ,' ,---. \ @ ; \ @ _,' `. ,-""' ,' ,--'- `;' `. ,' ,' ( `. ,' `. ; ,' \ _,',' `. ,' ; `--' ,' `. ; `____... `78b `. The Internet ,' ,' ; ...----'''' ) _.- .d8P `. ,' ,' ,' _....----''' '. _..--"_.-:.-' .' `. ,''. ,' `--' `" mGk "" _.-'' .-'`-.:..___...--' `-._ ,-"' `-' _.--' _.-' .' .' .' `""""" __.-'' _.-' .-' .' / --- ------ _____ / \ ___\ ___/ ___ --/- ___ / \/ / / / \ / / \__ //_ \ / THE INTERNET \ / ___ | | ___ \/+--/ / \__ \ \ / \__ | / \ /____ / / | / _____/ ___ \/ /\ \__ / / | | / \____/ \ / // // / / // / /\ /-_-/\//-__- / / // / \__// / / / // // / / // / // / // / /// // / / / // / // // // // / // / / / / / / / / / / /// / / / // // / // // /// / / / / / / /// / // / / // / / / / // /// / /// / / --- ------ _____ / \ ___\ ___/ ___ --/- ___ / \/ / / / \ +--------+ / / \__ //_ \ | Laptop |_______ / THE INTERNET \ / ___ | +--------+ \_____________ | ___ \/+--/ / _______\----->>\__ \ \ / +--------+ ________/ \__ | / | Phone |____/ \ /____ / / | / +--------+ _____/ ___ \/ /\ \__ / / | | / \____/ \ / // // / / // / /\ /-_-/\//-__- / / // / \__// / / / // // / / // / // / // / /// // / / / // / // // // // / // / / / / / / / / / / /// / / / // // / // // /// / / / / / / /// / // / / // / / / / // /// / /// / / --- ------ _____ / \ ___\ ___/ ___ --/- ___ / \/ / / / \ +--------+ / / \__ //_ \ | Laptop |_______ / THE INTERNET \ / ___ | +--------+ \_____________ | ___ \/+--/ / _______\----->>\__ \ \ / +--------+ ________/ \__ | / | Phone |____/ \ /____ / / | / +--------+ _____/ ___ \/ /\ \__ / / | | \____/ \ / // \ /-_-/\//-__- \|_/ | | | | v +------------+ | Web Server | +------------+ --- ------ _____ / \ ___\ ___/ ___ --/- ___ / \/ / / / \ +--------+ WiFi / / \__ //_ \ | Laptop |_______ / THE INTERNET \ / ___ | +--------+ \_____________ | ___ \/+--/ / _______\----->>\__ \ \ / +--------+ ________/ \__ | / | Phone |____/ 4G \ /____ / / | / +--------+ _____/ ___ \/ /\ \__ / / | | \____/ \ / // \ /-_-/\//-__- \|_/ | | | Ethernet | v +------------+ | Web Server | +------------+ --- ------ _____ / \ ___\ ___/ ___ --/- ___ / \/ / / / \ +--------+ WiFi / / \__ //_ \ | Laptop |_______ / THE INTERNET \ / ___ | +--------+ \_____________ |+------+ ___ \/+--/ / _______\----->>|ROUTER| \ \ / +--------+ ________/ +------+ | / | Phone |____/ 4G \ /____ / / | / +--------+ _____/ ___ \/ /\ \__ / / | | \_+------+ / // |ROUTER|-_-/\//-__- +------+ | | | Ethernet | v +------------+ | Web Server | +------------+ --- ------ +------+ _____ / \ _|ROUTER|___/ ___ --/- +------+ +------+ \ +--------+ WiFi / ^ _>|ROUTER| \ | Laptop |_______ / THE INTERNET | _/ +------+ | +--------+ \_____________ |+------+ +--_/--+ ^ / _______\----->>|ROUTER|----->|ROUTER| +--|---+ / +--------+ ________/ +------+ +------+ |ROUTER| / | Phone |____/ 4G \ |______ | +------+ / +--------+ _____ \----\| _^ /\ \__ v _/ | \_+------+ _/ // |ROUTER|_/-/\//-__- +------+ | | | Ethernet | v +------------+ | Web Server | +------------+ --- -> traceroute <- $ traceroute enoti.me traceroute to enoti.me (165.227.174.226), 64 hops max, 52 byte packets 1 192.168.43.1 (192.168.43.1) 4.314 ms 2.592 ms 1.421 ms 2 * * * 3 172.23.64.209 (172.23.64.209) 46.068 ms 51.106 ms 54.242 ms 4 172.23.98.4 (172.23.98.4) 56.458 ms 39.532 ms 41.227 ms 5 172.23.111.1 (172.23.111.1) 38.973 ms 46.093 ms 42.720 ms 6 * * * 7 188.31.255.130.threembb.co.uk (188.31.255.130) 55.720 ms 40.025 ms 47.143 ms 8 188.31.255.189.threembb.co.uk (188.31.255.189) 53.324 ms 51.023 ms 50.318 ms 9 ae2.cr0-lon9.ip4.gtt.net (141.136.102.65) 48.488 ms 52.561 ms 38.907 ms 10 et-0-0-1-3.cr11-lon1.ip4.gtt.net (89.149.137.206) 55.498 ms et-0-0-10-1.cr11-lon1.ip4.gtt.net (89.149.137.190) 42.703 ms et-0-0-1-3.cr11-lon1.ip4.gtt.net (89.149.137.206) 52.967 ms 11 * * * 12 * * * 13 * * * 14 * * * --- -> Networks are like ogres <- +----+ |DATA| +----+ --- -> Networks are like ogres <- +-APP--+ |+----+| ||DATA|| |+----+| +------+ --- -> Networks are like ogres <- +-TRANSPORT-+ | +-APP--+ | | |+----+| | | ||DATA|| | | |+----+| | | +------+ | +-----------+ --- -> Networks are like ogres <- +----NETWORK---+ | +-TRANSPORT-+| | | +-APP--+ || | | |+----+| || | | ||DATA|| || | | |+----+| || | | +------+ || | +-----------+| +--------------+ --- -> Networks are like ogres <- +------LINK------+ |+----NETWORK---+| || +-TRANSPORT-+|| || | +-APP--+ ||| || | |+----+| ||| || | ||DATA|| ||| || | |+----+| ||| || | +------+ ||| || +-----------+|| |+--------------+| +----------------+ --- -> Security <- - GSM (4G/3G) - WiFi - WEP - WPA - WPA Enterprise - Tunnels - VPN - IPSec - TLS - GPG --- -> GSM and WiFi <- +------LINK---πŸ”’--+ |+----NETWORK---+| || +-TRANSPORT-+|| || | +-APP--+ ||| || | |+----+| ||| || | ||DATA|| ||| || | |+----+| ||| || | +------+ ||| || +-----------+|| |+--------------+| +----------------+ +------+ πŸ”’ +------+ +------+ +------+ πŸ”’ +------+ | APP |------>|ROUTER|------->|ROUTER|------->|ROUTER|------->| APP | +------+ +------+ +------+ +------+ +------+ --- -> IPSec <- +------LINK------+ |+----NETWORK-πŸ”’-+| || +-TRANSPORT-+|| || | +-APP--+ ||| || | |+----+| ||| || | ||DATA|| ||| || | |+----+| ||| || | +------+ ||| || +-----------+|| |+--------------+| +----------------+ +------+ +------+ +------+ +------+ +------+ | APP |------>|ROUTER|------->|ROUTER|------->|ROUTER|------->| APP | +------+ +------+ +------+ +------+ +------+ -----πŸ”’--------πŸ”’---------> --- -> VPN <- +------LINK------+ |+----NETWORK---+| || +-TRANSPORTπŸ”’+|| || | +-APP--+ ||| || | |+----+| ||| || | ||DATA|| ||| || | |+----+| ||| || | +------+ ||| || +-----------+|| |+--------------+| +----------------+ +------+ +------+ +------+ +------+ +------+ | APP |------>|ROUTER|------->|ROUTER|------->|ROUTER|------->| APP | +------+ +------+ +------+ +------+ +------+ -----πŸ”’--------πŸ”’---------> --- -> TLS <- +------LINK------+ |+----NETWORK---+| || +-TRANSPORT-+|| || | +-APPπŸ”’-+ ||| || | |+----+| ||| || | ||DATA|| ||| || | |+----+| ||| || | +------+ ||| || +-----------+|| |+--------------+| +----------------+ +------+ +------+ +------+ +------+ +------+ | APP |------>|ROUTER|------->|ROUTER|------->|ROUTER|------->| APP | +------+ +------+ +------+ +------+ +------+ --------πŸ”’---------πŸ”’---------πŸ”’-------πŸ”’-------πŸ”’-------πŸ”’--------> --- -> GPG (Talking in codes) <- +------LINK------+ |+----NETWORK---+| || +-TRANSPORT-+|| || | +-APP-++ ||| || | |+----+| ||| || | ||πŸ”’πŸ”’πŸ”’πŸ”’|| ||| || | |+----+| ||| || | +------+ ||| || +-----------+|| |+--------------+| +----------------+ $ gpg --decrypt file.txt --- -> TLS/SSL - Transport Layer Security <- Originally 'secure socket layer', gives you a shim to stick between your application and your network socket and provides all the encryption goodnessβ„’ for you. +-------------+ +--------+ +----------+ | Application | | SOCKET |------------>| INTERNET | +-------------+ +--------+ +----------+ +-------------+ +-----+ +--------+ +----------+ | Application |->| TLS |->| SOCKET |------------>| INTERNET | +-------------+ +-----+ +--------+ +----------+ --- -> End to End security <- ## Advice - Demand End to End security - Use a plugin for SSL Everywhere to fix your browser - Only use TLS IRC - Configure your email to use TLS - Use a VPN to protect yourself from bad applications - The VPN Endpoint can see everything you do - Pay money to expect better treatment - Host the endpoint yourself - Don't trust anyone when you want confidentiality - Manually encrypt with GPG - *USE SIGNAL* - Nothing in this talk deals with privacy - *USE TOR* --- -> Inspecting Traffic <- - [tcpdump](https://www.tcpdump.org/tcpdump_man.html) - On a sensible system it is already installed - install the package in debian - ideal tool to create pcaps on small boxes - whats going on? - `tcpdump -i wlan0 -XX` - [wireshark](https://www.wireshark.org/) - Wireshark is the world’s foremost and widely-used network protocol analyzer. - everything tool for dealing with network traffic (and bluetooth, usb...) - `tshark` on the command line - easy to script with `pyshark` --- -> Causing Trouble <- - [firesheep](https://codebutler.github.io/firesheep/) firesheep was a Firefox extension that demonstrates HTTP session hijacking attacks. It led to tls on facebook and gmail. - [aircrack](http://www.aircrack-ng.org/doku.php) Aircrack-ng is a complete suite of tools to assess WiFi network security. - [bettercap](https://github.com/evilsocket/bettercap) bettercap is a complete, modular, portable and easily extensible MITM tool and framework with every kind of diagnostic and offensive feature you could need in order to perform a man in the middle attack. --- ## Questions Thanks for Listening --- ## Questions Thanks for Listening - buffer slide --- -> ## Command <- $ MDP_LIST_OPEN1=' ' MDP_LIST_OPEN2=' ' \ MDP_LIST_OPEN3=' ' MDP_LIST_HEAD1=' - ' \ MDP_LIST_HEAD2=' - ' MDP_LIST_HEAD3=' - ' \ mdp -tif securenetworking.md