BSDCan2009 - Final Release

BSDCan 2009
The Technical BSD Conference

Speakers
Fernando Gont
Schedule
Day Talks - 2 - 2009-05-09
Room MNT 202
Start time 11:30
Duration 01:00
Info
ID 129
Event type Lecture
Track Hacking
Language used for presentation English

Results of a Security Assessment of the TCP and IP protocols and Common implementation Strategies

Fernando Gont will present the results of security assessment of the TCP and IP protocols carried out on behalf of the United Kingdom's Centre for the Protection of National Infrastructure (Centre for the Protection of National Infrastructure). His presentation will provide an overview of the aforementioned project, and will describe some of the new insights that were gained as a result of this project. Additionally, it will provide an overview of the state of affairs of the different TCP/IP implementations found in BSD operating systems with respect to the aforementioned issues.

During the last twenty years, many vulnerabilities have been identified in the TCP/IP stacks of a number of systems. The discovery of these vulnerabilities led in most cases to reports being published by a number of CSIRTs and vendors, which helped to raise awareness about the threats and the best possible mitigations known at the time the reports were published. For some reason, much of the effort of the security community on the Internet protocols did not result in official documents (RFCs) being issued by the organization in charge of the standardization of the communication protocols in use by the Internet: the Internet Engineering Task Force (IETF). This basically led to a situation in which “known” security problems have not always been addressed by all vendors. In addition, in many cases vendors have implemented quick “fixes” to the identified vulnerabilities without a careful analysis of their effectiveness and their impact on interoperability. As a result, producing a secure TCP/IP implementation nowadays is a very difficult task, in large part because of the hard task of identifying relevant documentation and differentiating between that which provides correct advisory, and that which provides misleading advisory based on inaccurate or wrong assumptions. During 2006, the United Kingdom’s Centre for the Protection of National Infrastructure embarked itself in an ambitious and arduous project: performing a security assessment of the TCP and IP protocols. The project did not limit itself to an analysis of the relevant IETF specifications, but also included an analysis of common implementation strategies found in the most popular TCP and IP implementations. The result of the project was a set of documents which identifies possible threats for the TCP and IP protocols and, where possible, proposes counter-measures to mitigate the identified threats. This presentation will will describe some of the new insights that were gained as a result of this project. Additionally, it will provide an overview of the state of affairs of the different TCP/IP implementations found in BSD operating systems.