STEP Security (RFC4012012)
J. Oquendo
sil at infiltrated.net
Sun Apr 1 15:04:42 UTC 2012
Interweb Re-Engineering Task Force J. Oquendo
Request for Comments 4012012 E-Fensive Security Strategies
Category: Informational
Expires: 2020
STEP by STEP Security
Status of this Memo
This Internet-Draft is submitted in full nonconformance with
provisions of BCP 78 and BCP 79. This document may not be modified,
and derivative works of it may not be created, except to publish it
as an RFC and to translate it into languages other than English.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as
reference material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html
This Internet-Draft will expire on April 01, 2020.
Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with
respect to this document. Code Components extracted from this
document must include Simplified BSD License text as described in
Oquendo Expires Apr 01, 2020 [Page 1]
Internet-Draft Security Step by STEP RFC 4012012
Section 4.e of the Trust Legal Provisions and are provided without
warranty as described in the Simplified BSD License.
Abstract
This framework describes a practical methodology for ensuring
security in otherwise insecure environments. The goal is to provide
a rapid response mechanism to defend against the advanced persistent
threats in the wild.
Table of Contents
1. Introduction..................................................2
2. Conventions used in this document.............................4
3. Threats Explained.............................................4
3.1. Possible Actors..........................................4
4. STEP Explained................................................5
5. STEP in Action................................................6
6. Security Considerations.......................................7
7. IANA Considerations...........................................7
8. Conclusions...................................................8
8.1. Informative References...................................8
9. Acknowledgments...............................................8
Appendix A. Copyright............................................9
1. Introduction
In the network and computing industry, malicious actions,
applications and actors have become more pervasive. Response times
to anomalous events are burdening today's infrastructures and often
strain resources. As networks under attack are often saturated with
malicious traffic and advanced persistent threat actors engage in
downloading terabytes of data, resources to combat these threats
have diminished.
Additionally, the threats are no longer just anonymized actors
engaging in juvenile behavior, there are many instances of State
Actors, disgruntled employees, contractors, third party vendors and
criminal organizations. Each with separate agendas, each
consistently targeting devices on the Internet.
Oquendo Informational [Page 2]
Internet-Draft Security Step by STEP RFC 4012012
The intent behind this document is to define a methodology for rapid
response to these threats. In this document, security will be
achieved using a new methodology and protocol henceforth named
Scissor To Ethernet Protocol (STEP).
Initially designed as a last approach for security, STEP ensures
that no attacker can disaffect any of the Confidentiality,
Integrity, Availability of data as a whole.
Many variables are involved in security, but the STEP methodology
focuses on the following:
o FUD (Fear Uncertainty and Doubt)
o SCAM (Security Compliance and Management)
o APT (Another Possible Threat)
This methodology proposes STEP that SHOULD be performed at the onset
of a cyber attack before more terabytes of data are exfiltrated from
a network.
1. Industry Standard IP connection
+-----------+ +-----------+ +-----------+
| | IP | | INGRESS | |
| Rogue |-------> | Internet | ------> | Target |
| A | | | | B |
| | | | EGRESS | |
+-----------+ +-----------+ <------ +-----------+
Figure 1 Example session between a rogue attacker and target
Figure 1 illustrates the connection via the Internet from a rogue
attacker, towards a target. Irrespective of the attack used, IP
will ALWAYS be used as the attack vector.
Oquendo Informational [Page 3]
Internet-Draft Security Step by STEP RFC 4012012
2. Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC-2119 [RFC2119].
In this document, these words will appear with that interpretation
only when in ALL CAPS. Lower case uses of these words are not to be
interpreted as carrying RFC-2119 significance.
3. Threats Explained
A security threat is a theoretical happening that may not occur but
should be considered as part of a proper security architecture and
design. For example, the threat always exists that your systems
will become the target of a denial of service attack. A threat may
or may not have a method to mitigate the possibility of attack.
Vendors across the security spectrum offer FUD based solutions often
promoting SCAM based systems to mitigate against APT. While some of
the available solutions may minimize the potential for catastrophic
transfers of terabytes of data, these solutions SHOULD NOT be used
as an all-inclusive solution for security. Engineers MUST NOT rely
on FUD, or SCAMs against the APT.
3.1. Possible Actors
Both malicious attacks and unintended (non-malicious) attacks can
occur from anywhere in the world including local attacks inside of
the infrastructure. In the barest threat explanation above, the
threat that someone can commit a typographical error, causing a
disruption in service, is as severe as a Distributed Denial of
Service attack from the public Internet. Actors can never be easily
identified unless one is watching the Academy Awards on television.
Oquendo Informational [Page 4]
Internet-Draft Security Step by STEP RFC 4012012
4. STEP Explained
o S - Scissors
Scissors as defined by wikipedia are" hand-operated cutting
instruments. They consist of a pair of metal blades pivoted so that
the sharpened edges slide against each other when the handles (bows)
opposite to the pivot are closed. Scissors are used for cutting
various thin materials, such as paper, cardboard, metal foil, thin
plastic, cloth, rope, and wire. Scissors can also be used to cut
hair and food. Scissors and shears are functionally equivalent, but
larger implements tend to be called shears. Scissors is a critical
component for STEP security and MUST be readily available 99.99999%
with redundant scissors within armâ..s reach.
| |
X X
/ \ O O
(Opened) (Closed)
o T - To
To: [preposition] (Used for expressing direction or motion or
direction toward something) in the direction of; toward: from north
to south.
o E - Ethernet
Ethernet via Wikiepedia is described as a family of computer
networking technologies for local area networks (LANs) commercially
introduced in 1980. Standardized in IEEE 802.3, Ethernet has
largely replaced competing wired LAN technologies. For clarity in
our protocol, Ethernet is defined as the cabling between a device
and a network component such as a router or a switch.
o P - Protocol
A communications protocol is a system of digital message formats and
rules for exchanging those messages in or between computing systems
and in telecommunications. A protocol may have a formal
description.
Oquendo Informational [Page 5]
Internet-Draft Security Step by STEP RFC 4012012
Protocols may include signaling, authentication and error detection
and correction capabilities.
A protocol definition defines the syntax, semantics, and
synchronization of communication; the specified behavior is
typically independent of how it is to be implemented. A protocol
can therefore be implemented as hardware or software or both.
In STEP, Protocol is a rule an engineer MUST follow in order to
complete STEP. S MUST be in a closed state.
Actor -----> | Target (secured from the threat)
X
O O
(Closed)
5. STEP in Action
The following illustrates a remote APT attack against a webserver
located in the demilitarized zone of an infrastucture. In the
example, an APT attacker is launching a SQLI, XSS and CSRF against a
target over the Internet.
The attacks are common and according to statistics, are the same
attacks used to leverage access against major Fortune 500 companies
in the past decade.
+-------+ +-----+ +-----+ +--------+
| | SQLi | | + + INGRESS | |
| APT | -------> | ISP | ---> + ISP + ------> | Target |
| | XSS/CSRF | A | + B + | www |
| | | | + + | |
+-------+ +-----+ +-----+ +--------+
o Figure 5.1 Attacker launching attacks
+-------+ +-----+ +-----+ +--------+
| | TCP | | + + Reverse | |
| APT | <------ | ISP | <--- + ISP + <------ | Target |
| | | A | + B + Shell | www |
| | | | + + | |
+-------+ +-----+ +-----+ +--------+
o Figure 5.2 Attacker executing a reverse shell
Oquendo Informational [Page 6]
Internet-Draft Security Step by STEP RFC 4012012
In the illustration, an attacker is almost certainly attempting to
obtain a reverse shell. This enables an attacker to access a device
as if one were physically present at the device itself.
Using STEP we can mitigate and deny this attack from various points:
+-------+ +-----+ +-----+ +--------+
| | SQLi | | + + | | |
| APT | -------> | ISP | ---> + ISP + -->| | Target |
| | XSS/CSRF | A | + B + x | www |
| | | | + + o o | |
+-------+ +-----+ +-----+ +--------+
o Figure 5.2 Ingress STEP
+-------+ +-----+ +-----+ +--------+
| | Attack | | | + + | |
| APT | ------> | ISP | ->| + ISP + | Target |
| | | A | x + B + | www |
| | | | o o + + | |
+-------+ +-----+ +-----+ +--------+
o Figure 5.4 Provider based STEP
Both instances of STEP successfully demonstrate the power of the
STEP protocol. In no case, can an attacker successfully launch any
attack against a target as the security posture has now been
hardened.
6. Security Considerations
Cutting any Ethernet cable could potentially lead to shock and
degradation of IP services on your network. Please ensure there are
additional Ethernet cables for redundancy. Otherwise there is
nothing to consider.
7. IANA Considerations
There are no alternative considerations. STEP is the ultimate in
security.
Oquendo Informational [Page 7]
Internet-Draft Security Step by STEP RFC 4012012
8. Conclusions
Step defends against APT while minimizing your exposure to SCAMs and
FUD.
8.1. Informative References
[1] http://www.amazon.com/b?ie=UTF8&node=689392011
[2] http://ha.ckers.org/xss.html
[3] http://en.wikipedia.org/wiki/Advanced_persistent_threat
[4] http://en.wikipedia.org/wiki/Fear,_uncertainty_and_doubt
9. Acknowledgments
Sofia Vergara
Kenji, Saki and Coco
Oquendo Informational [Page 8]
Internet-Draft Security Step by STEP RFC 4012012
Appendix A. Copyright
Copyright (c) 2012 IETF Trust and the persons identified as authors
of the code. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
o Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
o Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in
the documentation and/or other materials provided with the
distribution.
o Neither the name of Internet Society, IETF or IETF Trust, nor the
names of specific contributors, may be used to endorse or promote
products derived from this software without specific prior
written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
Author's Addresses
Jesus Oquendo
E-Fensive Security Strategies
Oquendo Informational [Page 9]
More information about the NANOG
mailing list