Securing Network Traffic
Who
+- Militant Internet Engineer, hacker, adventurist
+- Member of Aberdeen's hackerspace, 57northhacklab [0]
+- Research on Internet Protocols and APIs
+- Transport Features of UDP (RFC8304)
+- Transport Options for UDP (ietf-draft)
+- Path Layer Path MTU Discovery (ietf-draft)
+- FreeBSD Hacker
+- Loads of kernel networking code
+- Drivers for WiFi and other fun hardware
+- Run the network for campgnd [1]
This talk has been written in markdown with vim and uses mdp for
presentation. ASCII art has been 'borrowed' whenever possible.
[0] 57north.org.uk
[1] campgnd.com
[tj] tj@enoti.me 1 / 28
Securing Network Traffic
What?
+- The make up of the network
+- How we move stuff around
+- Securing traffic
+- Inspecting Traffic
+- Causing trouble
[tj] tj@enoti.me 2 / 28
Securing Network Traffic
Totally unbiased view of the Internet
___ ,'""""'.
,""" """"' `.
,' ,' `"""'.
,' .-""`. ,-' `.
,' ( ,' :
,' ,' __, `.
,""""' .' ;-. , ,' \ `"""".
,' `-( `._(_,' )_ `.
,' ,---. \ @ ; \ @ _,' `.
,-""' ,' ,--'- `;' `.
,' ,' ( `. ,' `.
; ,' \ _,',' `.
,' ; `--' ,' `.
; `____... `78b `. The Internet ,' ,'
; ...----'''' ) _.- .d8P `. ,' ,' ,'
_....----''' '. _..--"_.-:.-' .' `. ,''. ,' `--'
`" mGk "" _.-'' .-'`-.:..___...--' `-._ ,-"' `-'
_.--' _.-' .' .' .' `"""""
__.-'' _.-' .-' .' /
[tj] tj@enoti.me 3 / 28
Securing Network Traffic
------ _____
/ \ ___\ ___/ ___
--/- ___ / \/ / / / \
/ / \__ //_ \
/ THE INTERNET \ / ___ |
| ___ \/+--/ /
\__ \ \ /
\__ | /
\ /____ / / | /
_____/ ___ \/ /\
\__ / / | |
/ \____/ \ / //
// / / // / /\ /-_-/\//-__-
/ / // / \__// / / / //
// / / // / // / // /
/// // / / / // / //
// // // / // / /
/ / / / / / / /
/// / / / // // / // //
/// / / / / / /
/// / // / / // / / / /
// /// / /// / /
[tj] tj@enoti.me 4 / 28
Securing Network Traffic
------ _____
/ \ ___\ ___/ ___
--/- ___ / \/ / / / \
+--------+ / / \__ //_ \
| Laptop |_______ / THE INTERNET \ / ___ |
+--------+ \_____________ | ___ \/+--/ /
_______\----->>\__ \ \ /
+--------+ ________/ \__ | /
| Phone |____/ \ /____ / / | /
+--------+ _____/ ___ \/ /\
\__ / / | |
/ \____/ \ / //
// / / // / /\ /-_-/\//-__-
/ / // / \__// / / / //
// / / // / // / // /
/// // / / / // / //
// // // / // / /
/ / / / / / / /
/// / / / // // / // //
/// / / / / / /
/// / // / / // / / / /
// /// / /// / /
[tj] tj@enoti.me 5 / 28
Securing Network Traffic
------ _____
/ \ ___\ ___/ ___
--/- ___ / \/ / / / \
+--------+ / / \__ //_ \
| Laptop |_______ / THE INTERNET \ / ___ |
+--------+ \_____________ | ___ \/+--/ /
_______\----->>\__ \ \ /
+--------+ ________/ \__ | /
| Phone |____/ \ /____ / / | /
+--------+ _____/ ___ \/ /\
\__ / / | |
\____/ \ / //
\ /-_-/\//-__-
\|_/
|
|
|
|
v
+------------+
| Web Server |
+------------+
[tj] tj@enoti.me 6 / 28
Securing Network Traffic
------ _____
/ \ ___\ ___/ ___
--/- ___ / \/ / / / \
+--------+ WiFi / / \__ //_ \
| Laptop |_______ / THE INTERNET \ / ___ |
+--------+ \_____________ | ___ \/+--/ /
_______\----->>\__ \ \ /
+--------+ ________/ \__ | /
| Phone |____/ 4G \ /____ / / | /
+--------+ _____/ ___ \/ /\
\__ / / | |
\____/ \ / //
\ /-_-/\//-__-
\|_/
|
|
| Ethernet
|
v
+------------+
| Web Server |
+------------+
[tj] tj@enoti.me 7 / 28
Securing Network Traffic
------ _____
/ \ ___\ ___/ ___
--/- ___ / \/ / / / \
+--------+ WiFi / / \__ //_ \
| Laptop |_______ / THE INTERNET \ / ___ |
+--------+ \_____________ |+------+ ___ \/+--/ /
_______\----->>|ROUTER| \ \ /
+--------+ ________/ +------+ | /
| Phone |____/ 4G \ /____ / / | /
+--------+ _____/ ___ \/ /\
\__ / / | |
\_+------+ / //
|ROUTER|-_-/\//-__-
+------+
|
|
| Ethernet
|
v
+------------+
| Web Server |
+------------+
[tj] tj@enoti.me 8 / 28
Securing Network Traffic
------ +------+ _____
/ \ _|ROUTER|___/ ___
--/- +------+ +------+ \
+--------+ WiFi / ^ _>|ROUTER| \
| Laptop |_______ / THE INTERNET | _/ +------+ |
+--------+ \_____________ |+------+ +--_/--+ ^ /
_______\----->>|ROUTER|----->|ROUTER| +--|---+ /
+--------+ ________/ +------+ +------+ |ROUTER| /
| Phone |____/ 4G \ |______ | +------+ /
+--------+ _____ \----\| _^ /\
\__ v _/ |
\_+------+ _/ //
|ROUTER|_/-/\//-__-
+------+
|
|
| Ethernet
|
v
+------------+
| Web Server |
+------------+
[tj] tj@enoti.me 9 / 28
Securing Network Traffic
traceroute
$ traceroute enoti.me
traceroute to enoti.me (165.227.174.226), 64 hops max, 52 byte packets
1 192.168.43.1 (192.168.43.1) 4.314 ms 2.592 ms 1.421 ms
2 * * *
3 172.23.64.209 (172.23.64.209) 46.068 ms 51.106 ms 54.242 ms
4 172.23.98.4 (172.23.98.4) 56.458 ms 39.532 ms 41.227 ms
5 172.23.111.1 (172.23.111.1) 38.973 ms 46.093 ms 42.720 ms
6 * * *
7 188.31.255.130.threembb.co.uk (188.31.255.130) 55.720 ms 40.025 ms 47.143 ms
8 188.31.255.189.threembb.co.uk (188.31.255.189) 53.324 ms 51.023 ms 50.318 ms
9 ae2.cr0-lon9.ip4.gtt.net (141.136.102.65) 48.488 ms 52.561 ms 38.907 ms
10 et-0-0-1-3.cr11-lon1.ip4.gtt.net (89.149.137.206) 55.498 ms
et-0-0-10-1.cr11-lon1.ip4.gtt.net (89.149.137.190) 42.703 ms
et-0-0-1-3.cr11-lon1.ip4.gtt.net (89.149.137.206) 52.967 ms
11 * * *
12 * * *
13 * * *
14 * * *
[tj] tj@enoti.me 10 / 28
Securing Network Traffic
Networks are like ogres
+----+
|DATA|
+----+
[tj] tj@enoti.me 11 / 28
Securing Network Traffic
Networks are like ogres
+-APP--+
|+----+|
||DATA||
|+----+|
+------+
[tj] tj@enoti.me 12 / 28
Securing Network Traffic
Networks are like ogres
+-TRANSPORT-+
| +-APP--+ |
| |+----+| |
| ||DATA|| |
| |+----+| |
| +------+ |
+-----------+
[tj] tj@enoti.me 13 / 28
Securing Network Traffic
Networks are like ogres
+----NETWORK---+
| +-TRANSPORT-+|
| | +-APP--+ ||
| | |+----+| ||
| | ||DATA|| ||
| | |+----+| ||
| | +------+ ||
| +-----------+|
+--------------+
[tj] tj@enoti.me 14 / 28
Securing Network Traffic
Networks are like ogres
+------LINK------+
|+----NETWORK---+|
|| +-TRANSPORT-+||
|| | +-APP--+ |||
|| | |+----+| |||
|| | ||DATA|| |||
|| | |+----+| |||
|| | +------+ |||
|| +-----------+||
|+--------------+|
+----------------+
[tj] tj@enoti.me 15 / 28
Securing Network Traffic
Security
+- GSM (4G/3G)
+- WiFi
+- WEP
+- WPA
+- WPA Enterprise
+- Tunnels
+- VPN
+- IPSec
+- TLS
+- GPG
[tj] tj@enoti.me 16 / 28
Securing Network Traffic
GSM and WiFi
+------LINK---🔒 --+
|+----NETWORK---+|
|| +-TRANSPORT-+||
|| | +-APP--+ |||
|| | |+----+| |||
|| | ||DATA|| |||
|| | |+----+| |||
|| | +------+ |||
|| +-----------+||
|+--------------+|
+----------------+
+------+ 🔒 +------+ +------+ +------+ 🔒 +------+
| APP |------>|ROUTER|------->|ROUTER|------->|ROUTER|------->| APP |
+------+ +------+ +------+ +------+ +------+
[tj] tj@enoti.me 17 / 28
Securing Network Traffic
IPSec
+------LINK------+
|+----NETWORK-🔒 -+|
|| +-TRANSPORT-+||
|| | +-APP--+ |||
|| | |+----+| |||
|| | ||DATA|| |||
|| | |+----+| |||
|| | +------+ |||
|| +-----------+||
|+--------------+|
+----------------+
+------+ +------+ +------+ +------+ +------+
| APP |------>|ROUTER|------->|ROUTER|------->|ROUTER|------->| APP |
+------+ +------+ +------+ +------+ +------+
-----🔒 --------🔒 --------->
[tj] tj@enoti.me 18 / 28
Securing Network Traffic
VPN
+------LINK------+
|+----NETWORK---+|
|| +-TRANSPORT🔒 +||
|| | +-APP--+ |||
|| | |+----+| |||
|| | ||DATA|| |||
|| | |+----+| |||
|| | +------+ |||
|| +-----------+||
|+--------------+|
+----------------+
+------+ +------+ +------+ +------+ +------+
| APP |------>|ROUTER|------->|ROUTER|------->|ROUTER|------->| APP |
+------+ +------+ +------+ +------+ +------+
-----🔒 --------🔒 --------->
[tj] tj@enoti.me 19 / 28
Securing Network Traffic
TLS
+------LINK------+
|+----NETWORK---+|
|| +-TRANSPORT-+||
|| | +-APP🔒 -+ |||
|| | |+----+| |||
|| | ||DATA|| |||
|| | |+----+| |||
|| | +------+ |||
|| +-----------+||
|+--------------+|
+----------------+
+------+ +------+ +------+ +------+ +------+
| APP |------>|ROUTER|------->|ROUTER|------->|ROUTER|------->| APP |
+------+ +------+ +------+ +------+ +------+
--------🔒 ---------🔒 ---------🔒 -------🔒 -------🔒 -------🔒 -------->
[tj] tj@enoti.me 20 / 28
Securing Network Traffic
GPG (Talking in codes)
+------LINK------+
|+----NETWORK---+|
|| +-TRANSPORT-+||
|| | +-APP-++ |||
|| | |+----+| |||
|| | ||🔒 🔒 🔒 🔒 || |||
|| | |+----+| |||
|| | +------+ |||
|| +-----------+||
|+--------------+|
+----------------+
$ gpg --decrypt file.txt
[tj] tj@enoti.me 21 / 28
Securing Network Traffic
TLS/SSL - Transport Layer Security
Originally 'secure socket layer', gives you a shim to stick between your
application and your network socket and provides all the encryption goodness
for you.
+-------------+ +--------+ +----------+
| Application | | SOCKET |------------>| INTERNET |
+-------------+ +--------+ +----------+
+-------------+ +-----+ +--------+ +----------+
| Application |->| TLS |->| SOCKET |------------>| INTERNET |
+-------------+ +-----+ +--------+ +----------+
[tj] tj@enoti.me 22 / 28
Securing Network Traffic
End to End security
Advice
+- Demand End to End security
+- Use a plugin for SSL Everywhere to fix your browser
+- Only use TLS IRC
+- Configure your email to use TLS
+- Use a VPN to protect yourself from bad applications
+- The VPN Endpoint can see everything you do
+- Pay money to expect better treatment
+- Host the endpoint yourself
+- Don't trust anyone when you want confidentiality
+- Manually encrypt with GPG
+- USE SIGNAL
+- Nothing in this talk deals with privacy
+- USE TOR
[tj] tj@enoti.me 23 / 28
Securing Network Traffic
Inspecting Traffic
+- tcpdump [0]
| +- On a sensible system it is already installed
| +- install the package in debian
| +- ideal tool to create pcaps on small boxes
| +- whats going on?
| +- tcpdump -i wlan0 -XX
+- wireshark [1]
+- Wireshark is the world s foremost and widely-used network protocol analyzer.
+- everything tool for dealing with network traffic (and bluetooth, usb...)
+- tshark on the command line
+- easy to script with pyshark
[0] https://www.tcpdump.org/tcpdump_man.html
[1] https://www.wireshark.org/
[tj] tj@enoti.me 24 / 28
Securing Network Traffic
Causing Trouble
+- firesheep [0]
| firesheep was a Firefox extension that demonstrates HTTP session
| hijacking attacks. It led to tls on facebook and gmail.
+- aircrack [1]
| Aircrack-ng is a complete suite of tools to assess WiFi network
| security.
+- bettercap [2]
| bettercap is a complete, modular, portable and easily extensible MITM
| tool and framework with every kind of diagnostic and offensive feature
you could need in order to perform a man in the middle attack.
[0] https://codebutler.github.io/firesheep/
[1] http://www.aircrack-ng.org/doku.php
[2] https://github.com/evilsocket/bettercap
[tj] tj@enoti.me 25 / 28
Securing Network Traffic
Questions
Thanks for Listening
[tj] tj@enoti.me 26 / 28
Securing Network Traffic
Questions
Thanks for Listening - buffer slide
[tj] tj@enoti.me 27 / 28
Securing Network Traffic
Command
$ MDP_LIST_OPEN1=' ' MDP_LIST_OPEN2=' ' \
MDP_LIST_OPEN3=' ' MDP_LIST_HEAD1=' - ' \
MDP_LIST_HEAD2=' - ' MDP_LIST_HEAD3=' - ' \
mdp -tif securenetworking.md
[tj] tj@enoti.me 28 / 28