STEP Security (RFC4012012)
Interweb Re-Engineering Task Force J. Oquendo Request for Comments 4012012 E-Fensive Security Strategies Category: Informational Expires: 2020 STEP by STEP Security Status of this Memo This Internet-Draft is submitted in full nonconformance with provisions of BCP 78 and BCP 79. This document may not be modified, and derivative works of it may not be created, except to publish it as an RFC and to translate it into languages other than English. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html This Internet-Draft will expire on April 01, 2020. Copyright Notice Copyright (c) 2012 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Oquendo Expires Apr 01, 2020 [Page 1] Internet-Draft Security Step by STEP RFC 4012012 Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Abstract This framework describes a practical methodology for ensuring security in otherwise insecure environments. The goal is to provide a rapid response mechanism to defend against the advanced persistent threats in the wild. Table of Contents 1. Introduction..................................................2 2. Conventions used in this document.............................4 3. Threats Explained.............................................4 3.1. Possible Actors..........................................4 4. STEP Explained................................................5 5. STEP in Action................................................6 6. Security Considerations.......................................7 7. IANA Considerations...........................................7 8. Conclusions...................................................8 8.1. Informative References...................................8 9. Acknowledgments...............................................8 Appendix A. Copyright............................................9 1. Introduction In the network and computing industry, malicious actions, applications and actors have become more pervasive. Response times to anomalous events are burdening today's infrastructures and often strain resources. As networks under attack are often saturated with malicious traffic and advanced persistent threat actors engage in downloading terabytes of data, resources to combat these threats have diminished. Additionally, the threats are no longer just anonymized actors engaging in juvenile behavior, there are many instances of State Actors, disgruntled employees, contractors, third party vendors and criminal organizations. Each with separate agendas, each consistently targeting devices on the Internet. Oquendo Informational [Page 2] Internet-Draft Security Step by STEP RFC 4012012 The intent behind this document is to define a methodology for rapid response to these threats. In this document, security will be achieved using a new methodology and protocol henceforth named Scissor To Ethernet Protocol (STEP). Initially designed as a last approach for security, STEP ensures that no attacker can disaffect any of the Confidentiality, Integrity, Availability of data as a whole. Many variables are involved in security, but the STEP methodology focuses on the following: o FUD (Fear Uncertainty and Doubt) o SCAM (Security Compliance and Management) o APT (Another Possible Threat) This methodology proposes STEP that SHOULD be performed at the onset of a cyber attack before more terabytes of data are exfiltrated from a network. 1. Industry Standard IP connection +-----------+ +-----------+ +-----------+ | | IP | | INGRESS | | | Rogue |-------> | Internet | ------> | Target | | A | | | | B | | | | | EGRESS | | +-----------+ +-----------+ <------ +-----------+ Figure 1 Example session between a rogue attacker and target Figure 1 illustrates the connection via the Internet from a rogue attacker, towards a target. Irrespective of the attack used, IP will ALWAYS be used as the attack vector. Oquendo Informational [Page 3] Internet-Draft Security Step by STEP RFC 4012012 2. Conventions used in this document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC-2119 [RFC2119]. In this document, these words will appear with that interpretation only when in ALL CAPS. Lower case uses of these words are not to be interpreted as carrying RFC-2119 significance. 3. Threats Explained A security threat is a theoretical happening that may not occur but should be considered as part of a proper security architecture and design. For example, the threat always exists that your systems will become the target of a denial of service attack. A threat may or may not have a method to mitigate the possibility of attack. Vendors across the security spectrum offer FUD based solutions often promoting SCAM based systems to mitigate against APT. While some of the available solutions may minimize the potential for catastrophic transfers of terabytes of data, these solutions SHOULD NOT be used as an all-inclusive solution for security. Engineers MUST NOT rely on FUD, or SCAMs against the APT. 3.1. Possible Actors Both malicious attacks and unintended (non-malicious) attacks can occur from anywhere in the world including local attacks inside of the infrastructure. In the barest threat explanation above, the threat that someone can commit a typographical error, causing a disruption in service, is as severe as a Distributed Denial of Service attack from the public Internet. Actors can never be easily identified unless one is watching the Academy Awards on television. Oquendo Informational [Page 4] Internet-Draft Security Step by STEP RFC 4012012 4. STEP Explained o S - Scissors Scissors as defined by wikipedia are" hand-operated cutting instruments. They consist of a pair of metal blades pivoted so that the sharpened edges slide against each other when the handles (bows) opposite to the pivot are closed. Scissors are used for cutting various thin materials, such as paper, cardboard, metal foil, thin plastic, cloth, rope, and wire. Scissors can also be used to cut hair and food. Scissors and shears are functionally equivalent, but larger implements tend to be called shears. Scissors is a critical component for STEP security and MUST be readily available 99.99999% with redundant scissors within arm�..s reach. | | X X / \ O O (Opened) (Closed) o T - To To: [preposition] (Used for expressing direction or motion or direction toward something) in the direction of; toward: from north to south. o E - Ethernet Ethernet via Wikiepedia is described as a family of computer networking technologies for local area networks (LANs) commercially introduced in 1980. Standardized in IEEE 802.3, Ethernet has largely replaced competing wired LAN technologies. For clarity in our protocol, Ethernet is defined as the cabling between a device and a network component such as a router or a switch. o P - Protocol A communications protocol is a system of digital message formats and rules for exchanging those messages in or between computing systems and in telecommunications. A protocol may have a formal description. Oquendo Informational [Page 5] Internet-Draft Security Step by STEP RFC 4012012 Protocols may include signaling, authentication and error detection and correction capabilities. A protocol definition defines the syntax, semantics, and synchronization of communication; the specified behavior is typically independent of how it is to be implemented. A protocol can therefore be implemented as hardware or software or both. In STEP, Protocol is a rule an engineer MUST follow in order to complete STEP. S MUST be in a closed state. Actor -----> | Target (secured from the threat) X O O (Closed) 5. STEP in Action The following illustrates a remote APT attack against a webserver located in the demilitarized zone of an infrastucture. In the example, an APT attacker is launching a SQLI, XSS and CSRF against a target over the Internet. The attacks are common and according to statistics, are the same attacks used to leverage access against major Fortune 500 companies in the past decade. +-------+ +-----+ +-----+ +--------+ | | SQLi | | + + INGRESS | | | APT | -------> | ISP | ---> + ISP + ------> | Target | | | XSS/CSRF | A | + B + | www | | | | | + + | | +-------+ +-----+ +-----+ +--------+ o Figure 5.1 Attacker launching attacks +-------+ +-----+ +-----+ +--------+ | | TCP | | + + Reverse | | | APT | <------ | ISP | <--- + ISP + <------ | Target | | | | A | + B + Shell | www | | | | | + + | | +-------+ +-----+ +-----+ +--------+ o Figure 5.2 Attacker executing a reverse shell Oquendo Informational [Page 6] Internet-Draft Security Step by STEP RFC 4012012 In the illustration, an attacker is almost certainly attempting to obtain a reverse shell. This enables an attacker to access a device as if one were physically present at the device itself. Using STEP we can mitigate and deny this attack from various points: +-------+ +-----+ +-----+ +--------+ | | SQLi | | + + | | | | APT | -------> | ISP | ---> + ISP + -->| | Target | | | XSS/CSRF | A | + B + x | www | | | | | + + o o | | +-------+ +-----+ +-----+ +--------+ o Figure 5.2 Ingress STEP +-------+ +-----+ +-----+ +--------+ | | Attack | | | + + | | | APT | ------> | ISP | ->| + ISP + | Target | | | | A | x + B + | www | | | | | o o + + | | +-------+ +-----+ +-----+ +--------+ o Figure 5.4 Provider based STEP Both instances of STEP successfully demonstrate the power of the STEP protocol. In no case, can an attacker successfully launch any attack against a target as the security posture has now been hardened. 6. Security Considerations Cutting any Ethernet cable could potentially lead to shock and degradation of IP services on your network. Please ensure there are additional Ethernet cables for redundancy. Otherwise there is nothing to consider. 7. IANA Considerations There are no alternative considerations. STEP is the ultimate in security. Oquendo Informational [Page 7] Internet-Draft Security Step by STEP RFC 4012012 8. Conclusions Step defends against APT while minimizing your exposure to SCAMs and FUD. 8.1. Informative References [1] http://www.amazon.com/b?ie=UTF8&node=689392011 [2] http://ha.ckers.org/xss.html [3] http://en.wikipedia.org/wiki/Advanced_persistent_threat [4] http://en.wikipedia.org/wiki/Fear,_uncertainty_and_doubt 9. Acknowledgments Sofia Vergara Kenji, Saki and Coco Oquendo Informational [Page 8] Internet-Draft Security Step by STEP RFC 4012012 Appendix A. Copyright Copyright (c) 2012 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: o Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. o Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. o Neither the name of Internet Society, IETF or IETF Trust, nor the names of specific contributors, may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Author's Addresses Jesus Oquendo E-Fensive Security Strategies Oquendo Informational [Page 9]
April 1 2012 RFC's Service Undiscovery Using Hide-and-Go-Seek for the Domain Pseudonym System (DPS) http://www.rfc-editor.org/rfc/rfc6593.txt The Null Packet http://www.rfc-editor.org/rfc/rfc6592.txt -Grant On Sun, Apr 1, 2012 at 10:04 AM, J. Oquendo <sil@infiltrated.net> wrote:
Interweb Re-Engineering Task Force J. Oquendo Request for Comments 4012012 E-Fensive Security Strategies Category: Informational Expires: 2020
STEP by STEP Security
Status of this Memo
This Internet-Draft is submitted in full nonconformance with provisions of BCP 78 and BCP 79. This document may not be modified, and derivative works of it may not be created, except to publish it as an RFC and to translate it into languages other than English. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html
This Internet-Draft will expire on April 01, 2020.
Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in
Oquendo Expires Apr 01, 2020 [Page 1]
Internet-Draft Security Step by STEP RFC 4012012
Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
Abstract
This framework describes a practical methodology for ensuring security in otherwise insecure environments. The goal is to provide a rapid response mechanism to defend against the advanced persistent threats in the wild.
Table of Contents
1. Introduction..................................................2 2. Conventions used in this document.............................4 3. Threats Explained.............................................4 3.1. Possible Actors..........................................4 4. STEP Explained................................................5 5. STEP in Action................................................6 6. Security Considerations.......................................7 7. IANA Considerations...........................................7 8. Conclusions...................................................8 8.1. Informative References...................................8 9. Acknowledgments...............................................8 Appendix A. Copyright............................................9
1. Introduction In the network and computing industry, malicious actions, applications and actors have become more pervasive. Response times to anomalous events are burdening today's infrastructures and often strain resources. As networks under attack are often saturated with malicious traffic and advanced persistent threat actors engage in downloading terabytes of data, resources to combat these threats have diminished.
Additionally, the threats are no longer just anonymized actors engaging in juvenile behavior, there are many instances of State Actors, disgruntled employees, contractors, third party vendors and criminal organizations. Each with separate agendas, each consistently targeting devices on the Internet.
Oquendo Informational [Page 2] Internet-Draft Security Step by STEP RFC 4012012
The intent behind this document is to define a methodology for rapid response to these threats. In this document, security will be achieved using a new methodology and protocol henceforth named Scissor To Ethernet Protocol (STEP).
Initially designed as a last approach for security, STEP ensures that no attacker can disaffect any of the Confidentiality, Integrity, Availability of data as a whole.
Many variables are involved in security, but the STEP methodology focuses on the following:
o FUD (Fear Uncertainty and Doubt) o SCAM (Security Compliance and Management) o APT (Another Possible Threat)
This methodology proposes STEP that SHOULD be performed at the onset of a cyber attack before more terabytes of data are exfiltrated from a network.
1. Industry Standard IP connection
+-----------+ +-----------+ +-----------+ | | IP | | INGRESS | | | Rogue |-------> | Internet | ------> | Target | | A | | | | B | | | | | EGRESS | | +-----------+ +-----------+ <------ +-----------+
Figure 1 Example session between a rogue attacker and target Figure 1 illustrates the connection via the Internet from a rogue attacker, towards a target. Irrespective of the attack used, IP will ALWAYS be used as the attack vector.
Oquendo Informational [Page 3]
Internet-Draft Security Step by STEP RFC 4012012
2. Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC-2119 [RFC2119].
In this document, these words will appear with that interpretation only when in ALL CAPS. Lower case uses of these words are not to be interpreted as carrying RFC-2119 significance.
3. Threats Explained
A security threat is a theoretical happening that may not occur but should be considered as part of a proper security architecture and design. For example, the threat always exists that your systems will become the target of a denial of service attack. A threat may or may not have a method to mitigate the possibility of attack.
Vendors across the security spectrum offer FUD based solutions often promoting SCAM based systems to mitigate against APT. While some of the available solutions may minimize the potential for catastrophic transfers of terabytes of data, these solutions SHOULD NOT be used as an all-inclusive solution for security. Engineers MUST NOT rely on FUD, or SCAMs against the APT.
3.1. Possible Actors
Both malicious attacks and unintended (non-malicious) attacks can occur from anywhere in the world including local attacks inside of the infrastructure. In the barest threat explanation above, the threat that someone can commit a typographical error, causing a disruption in service, is as severe as a Distributed Denial of Service attack from the public Internet. Actors can never be easily identified unless one is watching the Academy Awards on television.
Oquendo Informational [Page 4]
Internet-Draft Security Step by STEP RFC 4012012
4. STEP Explained
o S - Scissors
Scissors as defined by wikipedia are" hand-operated cutting instruments. They consist of a pair of metal blades pivoted so that the sharpened edges slide against each other when the handles (bows) opposite to the pivot are closed. Scissors are used for cutting various thin materials, such as paper, cardboard, metal foil, thin plastic, cloth, rope, and wire. Scissors can also be used to cut hair and food. Scissors and shears are functionally equivalent, but larger implements tend to be called shears. Scissors is a critical component for STEP security and MUST be readily available 99.99999% with redundant scissors within armā..s reach.
| | X X / \ O O
(Opened) (Closed)
o T - To
To: [preposition] (Used for expressing direction or motion or direction toward something) in the direction of; toward: from north to south.
o E - Ethernet
Ethernet via Wikiepedia is described as a family of computer networking technologies for local area networks (LANs) commercially introduced in 1980. Standardized in IEEE 802.3, Ethernet has largely replaced competing wired LAN technologies. For clarity in our protocol, Ethernet is defined as the cabling between a device and a network component such as a router or a switch.
o P - Protocol
A communications protocol is a system of digital message formats and rules for exchanging those messages in or between computing systems and in telecommunications. A protocol may have a formal description.
Oquendo Informational [Page 5]
Internet-Draft Security Step by STEP RFC 4012012
Protocols may include signaling, authentication and error detection and correction capabilities.
A protocol definition defines the syntax, semantics, and synchronization of communication; the specified behavior is typically independent of how it is to be implemented. A protocol can therefore be implemented as hardware or software or both.
In STEP, Protocol is a rule an engineer MUST follow in order to complete STEP. S MUST be in a closed state.
Actor -----> | Target (secured from the threat) X O O
(Closed)
5. STEP in Action The following illustrates a remote APT attack against a webserver located in the demilitarized zone of an infrastucture. In the example, an APT attacker is launching a SQLI, XSS and CSRF against a target over the Internet.
The attacks are common and according to statistics, are the same attacks used to leverage access against major Fortune 500 companies in the past decade.
+-------+ +-----+ +-----+ +--------+ | | SQLi | | + + INGRESS | | | APT | -------> | ISP | ---> + ISP + ------> | Target | | | XSS/CSRF | A | + B + | www | | | | | + + | | +-------+ +-----+ +-----+ +--------+
o Figure 5.1 Attacker launching attacks +-------+ +-----+ +-----+ +--------+ | | TCP | | + + Reverse | | | APT | <------ | ISP | <--- + ISP + <------ | Target | | | | A | + B + Shell | www | | | | | + + | | +-------+ +-----+ +-----+ +--------+
o Figure 5.2 Attacker executing a reverse shell
Oquendo Informational [Page 6]
Internet-Draft Security Step by STEP RFC 4012012
In the illustration, an attacker is almost certainly attempting to obtain a reverse shell. This enables an attacker to access a device as if one were physically present at the device itself. Using STEP we can mitigate and deny this attack from various points:
+-------+ +-----+ +-----+ +--------+ | | SQLi | | + + | | | | APT | -------> | ISP | ---> + ISP + -->| | Target | | | XSS/CSRF | A | + B + x | www | | | | | + + o o | | +-------+ +-----+ +-----+ +--------+
o Figure 5.2 Ingress STEP
+-------+ +-----+ +-----+ +--------+ | | Attack | | | + + | | | APT | ------> | ISP | ->| + ISP + | Target | | | | A | x + B + | www | | | | | o o + + | | +-------+ +-----+ +-----+ +--------+
o Figure 5.4 Provider based STEP
Both instances of STEP successfully demonstrate the power of the STEP protocol. In no case, can an attacker successfully launch any attack against a target as the security posture has now been hardened.
6. Security Considerations
Cutting any Ethernet cable could potentially lead to shock and degradation of IP services on your network. Please ensure there are additional Ethernet cables for redundancy. Otherwise there is nothing to consider.
7. IANA Considerations
There are no alternative considerations. STEP is the ultimate in security.
Oquendo Informational [Page 7]
Internet-Draft Security Step by STEP RFC 4012012
8. Conclusions
Step defends against APT while minimizing your exposure to SCAMs and FUD.
8.1. Informative References
[1] http://www.amazon.com/b?ie=UTF8&node=689392011 [2] http://ha.ckers.org/xss.html [3] http://en.wikipedia.org/wiki/Advanced_persistent_threat [4] http://en.wikipedia.org/wiki/Fear,_uncertainty_and_doubt
9. Acknowledgments Sofia Vergara Kenji, Saki and Coco
Oquendo Informational [Page 8]
Internet-Draft Security Step by STEP RFC 4012012
Appendix A. Copyright
Copyright (c) 2012 IETF Trust and the persons identified as authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
o Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
o Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. o Neither the name of Internet Society, IETF or IETF Trust, nor the names of specific contributors, may be used to endorse or promote products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Author's Addresses
Jesus Oquendo E-Fensive Security Strategies
Oquendo Informational [Page 9]
participants (2)
-
Grant Ridder
-
J. Oquendo