RFC: STEP Security

sexion8sexion8 Member Posts: 242
Interweb Re-Engineering Task Force                           J. Oquendo
Request for Comments 4012012              E-Fensive Security Strategies
Category: Informational
Expires: 2020


                           STEP by STEP Security


Status of this Memo

   This Internet-Draft is submitted in full nonconformance with
   provisions of BCP 78 and BCP 79. This document may not be modified,
   and derivative works of it may not be created, except to publish it
   as an RFC and to translate it into languages other than English.
   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.   Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six
   months and may be updated, replaced, or obsoleted by other documents
   at any time.   It is inappropriate to use Internet-Drafts as
   reference material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html

   This Internet-Draft will expire on April 01, 2020.

Copyright Notice

   Copyright (c) 2012 IETF Trust and the persons identified as the
   document authors. All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document. Please review these documents
   carefully, as they describe your rights and restrictions with
   respect to this document. Code Components extracted from this
   document must include Simplified BSD License text as described in




Oquendo                  Expires Apr 01, 2020                  [Page 1]


Internet-Draft          Security Step by STEP               RFC 4012012


   Section 4.e of the Trust Legal Provisions and are provided without
   warranty as described in the Simplified BSD License.

Abstract

   This framework describes a practical methodology for ensuring
   security in otherwise insecure environments. The goal is to provide
   a rapid response mechanism to defend against the advanced persistent
   threats in the wild.

Table of Contents


   1.  Introduction..................................................2
   2.  Conventions used in this document.............................4
   3.  Threats Explained.............................................4
       3.1. Possible Actors..........................................4
   4.  STEP Explained................................................5
   5.  STEP in Action................................................6
   6.  Security Considerations.......................................7
   7.  IANA Considerations...........................................7
   8.  Conclusions...................................................8
       8.1. Informative References...................................8
   9.  Acknowledgments...............................................8
   Appendix A.  Copyright............................................9


1. Introduction
   In the network and computing industry, malicious actions,
   applications and actors have become more pervasive. Response times
   to anomalous events are burdening today's infrastructures and often
   strain resources. As networks under attack are often saturated with
   malicious traffic and advanced persistent threat actors engage in
   downloading terabytes of data, resources to combat these threats
   have diminished.

   Additionally, the threats are no longer just anonymized actors
   engaging in juvenile behavior, there are many instances of State
   Actors, disgruntled employees, contractors, third party vendors and
   criminal organizations. Each with separate agendas, each
   consistently targeting devices on the Internet.




Oquendo                     Informational                      [Page 2]
Internet-Draft             Security Step by STEP                   RFC 4012012


   The intent behind this document is to define a methodology for rapid
   response to these threats. In this document, security will be
   achieved using a new methodology and protocol henceforth named
   Scissor To Ethernet Protocol (STEP).



   Initially designed as a last approach for security, STEP ensures
   that no attacker can disaffect any of the Confidentiality,
   Integrity, Availability of data as a whole.



   Many variables are involved in security, but the STEP methodology
   focuses on the following:


   o FUD (Fear Uncertainty and Doubt)
   o SCAM (Security Compliance and Management)
   o APT (Another Possible Threat)



   This methodology proposes STEP that SHOULD be performed at the onset
   of a cyber attack before more terabytes of data are exfiltrated from
   a network.

   1. Industry Standard IP connection


          +-----------+           +-----------+           +-----------+
          |           |   IP      |           |   INGRESS |           |
          |   Rogue   |------->   | Internet |    ------> | Target    |
          |     A     |           |           |           |     B     |
          |           |           |           |   EGRESS |            |
          +-----------+           +-----------+   <------ +-----------+

          Figure 1 Example session between a rogue attacker and target
   Figure 1 illustrates the connection via the Internet from a rogue
   attacker, towards a target. Irrespective of the attack used, IP
   will ALWAYS be used as the attack vector.


Oquendo                           Informational                       [Page 3]


Internet-Draft          Security Step by STEP                RFC 4012012




2. Conventions used in this document


   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC-2119 [RFC2119].

   In this document, these words will appear with that interpretation
   only when in ALL CAPS. Lower case uses of these words are not to be
   interpreted as carrying RFC-2119 significance.


3. Threats Explained

   A security threat is a theoretical happening that may not occur but
   should be considered as part of a proper security architecture and
   design. For example, the threat always exists that your systems
   will become the target of a denial of service attack. A threat may
   or may not have a method to mitigate the possibility of attack.

   Vendors across the security spectrum offer FUD based solutions often
   promoting SCAM based systems to mitigate against APT. While some of
   the available solutions may minimize the potential for catastrophic
   transfers of terabytes of data, these solutions SHOULD NOT be used
   as an all-inclusive solution for security. Engineers MUST NOT rely
   on FUD, or SCAMs against the APT.

3.1. Possible Actors

   Both malicious attacks and unintended (non-malicious) attacks can
   occur from anywhere in the world including local attacks inside of
   the infrastructure. In the barest threat explanation above, the
   threat that someone can commit a typographical error, causing a
   disruption in service, is as severe as a Distributed Denial of
   Service attack from the public Internet. Actors can never be easily
   identified unless one is watching the Academy Awards on television.




Oquendo                     Informational                      [Page 4]


Internet-Draft          Security Step by STEP                RFC 4012012


4. STEP Explained

     o S - Scissors

   Scissors as defined by wikipedia are" hand-operated cutting
   instruments. They consist of a pair of metal blades pivoted so that
   the sharpened edges slide against each other when the handles (bows)
   opposite to the pivot are closed. Scissors are used for cutting
   various thin materials, such as paper, cardboard, metal foil, thin
   plastic, cloth, rope, and wire. Scissors can also be used to cut
   hair and food. Scissors and shears are functionally equivalent, but
   larger implements tend to be called shears. Scissors is a critical
   component for STEP security and MUST be readily available 99.99999%
   with redundant scissors within armâ..s reach.


                           |          |
                           X          X
                          / \        O O

                        (Opened)   (Closed)


     o T - To

   To: [preposition] (Used for expressing direction or motion or
   direction toward something) in the direction of; toward: from north
   to south.

     o E - Ethernet

   Ethernet via Wikiepedia is described as a family of computer
   networking technologies for local area networks (LANs) commercially
   introduced in 1980. Standardized in IEEE 802.3, Ethernet has
   largely replaced competing wired LAN technologies. For clarity in
   our protocol, Ethernet is defined as the cabling between a device
   and a network component such as a router or a switch.



     o P - Protocol

   A communications protocol is a system of digital message formats and
   rules for exchanging those messages in or between computing systems
   and in telecommunications. A protocol may have a formal
   description.


Oquendo                     Informational                      [Page 5]


Internet-Draft                Security Step by STEP                RFC 4012012


   Protocols may include signaling, authentication and error detection
   and correction capabilities.

   A protocol definition defines the syntax, semantics, and
   synchronization of communication; the specified behavior is
   typically independent of how it is to be implemented. A protocol
   can therefore be implemented as hardware or software or both.

   In STEP, Protocol is a rule an engineer MUST follow in order to
   complete STEP. S MUST be in a closed state.



           Actor ----->       |       Target (secured from the threat)
                              X
                             O O

                          (Closed)


5. STEP in Action
   The following illustrates a remote APT attack against a webserver
   located in the demilitarized zone of an infrastucture. In the
   example, an APT attacker is launching a SQLI, XSS and CSRF against a
   target over the Internet.

   The attacks are common and according to statistics, are the same
   attacks used to leverage access against major Fortune 500 companies
   in the past decade.
 
         +-------+            +-----+      +-----+         +--------+
         |       |  SQLi      |     |      +     + INGRESS |        |
         |  APT  | ------->   | ISP | ---> + ISP + ------> | Target |
         |       | XSS/CSRF   |  A  |      +  B  +         |  www   |
         |       |            |     |      +     +         |        |
         +-------+            +-----+      +-----+         +--------+

     o Figure 5.1 Attacker launching attacks
         +-------+            +-----+      +-----+         +--------+
         |       |  TCP       |     |      +     + Reverse |        |
         |  APT  | <------    | ISP | <--- + ISP + <------ | Target |
         |       |            |  A  |      +  B  +  Shell  |  www   |
         |       |            |     |      +     +         |        |
         +-------+            +-----+      +-----+         +--------+

     o Figure 5.2 Attacker executing a reverse shell


Oquendo                            Informational                       [Page 6]


Internet-Draft                Security Step by STEP                RFC 4012012



   In the illustration, an attacker is almost certainly attempting to
   obtain a reverse shell. This enables an attacker to access a device
   as if one were physically present at the device itself.
   Using STEP we can mitigate and deny this attack from various points:


          +-------+           +-----+      +-----+         +--------+
          |       | SQLi      |     |      +     +    |    |        |
          |  APT  | ------->  | ISP | ---> + ISP + -->|    | Target |
          |       | XSS/CSRF  |  A  |      +  B  +    x    |  www   |
          |       |           |     |      +     +   o o   |        |
          +-------+           +-----+      +-----+         +--------+

     o Figure 5.2 Ingress STEP

          +-------+           +-----+       +-----+        +--------+
          |       | Attack    |     |   |   +     +        |        |
          |  APT  | ------>   | ISP | ->|   + ISP +        | Target |
          |       |           |  A  |   x   +  B  +        |  www   |
          |       |           |     |  o o  +     +        |        |
          +-------+           +-----+       +-----+        +--------+

     o Figure 5.4 Provider based STEP


   Both instances of STEP successfully demonstrate the power of the
   STEP protocol. In no case, can an attacker successfully launch any
   attack against a target as the security posture has now been
   hardened.

6. Security Considerations

   Cutting any Ethernet cable could potentially lead to shock and
   degradation of IP services on your network. Please ensure there are
   additional Ethernet cables for redundancy. Otherwise there is
   nothing to consider.


7. IANA Considerations

   There are no alternative considerations.        STEP is the ultimate in
   security.


Oquendo                           Informational                        [Page 7]


Internet-Draft             Security Step by STEP                RFC 4012012


8. Conclusions

   Step defends against APT while minimizing your exposure to SCAMs and
   FUD.

8.1. Informative References

   [1]    http://www.amazon.com/b?ie=UTF8&node=689392011
   [2]    http://ha.ckers.org/xss.html
   [3]    http://en.wikipedia.org/wiki/Advanced_persistent_threat
   [4]    http://en.wikipedia.org/wiki/Fear,_uncertainty_and_doubt


9. Acknowledgments
   Sofia Vergara
   Kenji, Saki and Coco




Oquendo                        Informational                         [Page 8]


Internet-Draft           Security Step by STEP                RFC 4012012


Appendix A. Copyright



   Copyright (c) 2012 IETF Trust and the persons identified as authors
   of the code. All rights reserved.

   Redistribution and use in source and binary forms, with or without
   modification, are permitted provided that the following conditions
   are met:

   o   Redistributions of source code must retain the above copyright
       notice, this list of conditions and the following disclaimer.

   o   Redistributions in binary form must reproduce the above copyright
       notice, this list of conditions and the following disclaimer in
       the documentation and/or other materials provided with the
       distribution.
   o   Neither the name of Internet Society, IETF or IETF Trust, nor the
       names of specific contributors, may be used to endorse or promote
       products derived from this software without specific prior
       written permission.

   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
   FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
   COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
   INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
   BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
   LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
   CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
   ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
   POSSIBILITY OF SUCH DAMAGE.


Author's Addresses

   Jesus Oquendo
   E-Fensive Security Strategies


Oquendo                      Informational                      [Page 9]
"Everything we hear is an opinion, not a fact. Everything we see is a perspective, not the truth." - Marcus Aurelius

Comments

Sign In or Register to comment.