April 1 2012 RFC's Service Undiscovery Using Hide-and-Go-Seek for the Domain Pseudonym System (DPS) http://www.rfc-editor.org/rfc/rfc6593.txt
The Null Packet http://www.rfc-editor.org/rfc/rfc6592.txt -Grant On Sun, Apr 1, 2012 at 10:04 AM, J. Oquendo <s...@infiltrated.net> wrote: > Interweb Re-Engineering Task Force J. Oquendo > Request for Comments 4012012 E-Fensive Security Strategies > Category: Informational > Expires: 2020 > > > STEP by STEP Security > > > Status of this Memo > > This Internet-Draft is submitted in full nonconformance with > provisions of BCP 78 and BCP 79. This document may not be modified, > and derivative works of it may not be created, except to publish it > as an RFC and to translate it into languages other than English. > Internet-Drafts are working documents of the Internet Engineering > Task Force (IETF), its areas, and its working groups. Note that > other groups may also distribute working documents as Internet- > Drafts. > > Internet-Drafts are draft documents valid for a maximum of six > months and may be updated, replaced, or obsoleted by other documents > at any time. It is inappropriate to use Internet-Drafts as > reference material or to cite them other than as "work in progress." > > The list of current Internet-Drafts can be accessed at > http://www.ietf.org/ietf/1id-abstracts.txt > > The list of Internet-Draft Shadow Directories can be accessed at > http://www.ietf.org/shadow.html > > This Internet-Draft will expire on April 01, 2020. > > Copyright Notice > > Copyright (c) 2012 IETF Trust and the persons identified as the > document authors. All rights reserved. > > This document is subject to BCP 78 and the IETF Trust's Legal > Provisions Relating to IETF Documents > (http://trustee.ietf.org/license-info) in effect on the date of > publication of this document. Please review these documents > carefully, as they describe your rights and restrictions with > respect to this document. Code Components extracted from this > document must include Simplified BSD License text as described in > > > > > Oquendo Expires Apr 01, 2020 [Page 1] > > > Internet-Draft Security Step by STEP RFC 4012012 > > > Section 4.e of the Trust Legal Provisions and are provided without > warranty as described in the Simplified BSD License. > > Abstract > > This framework describes a practical methodology for ensuring > security in otherwise insecure environments. The goal is to provide > a rapid response mechanism to defend against the advanced persistent > threats in the wild. > > Table of Contents > > > 1. Introduction..................................................2 > 2. Conventions used in this document.............................4 > 3. Threats Explained.............................................4 > 3.1. Possible Actors..........................................4 > 4. STEP Explained................................................5 > 5. STEP in Action................................................6 > 6. Security Considerations.......................................7 > 7. IANA Considerations...........................................7 > 8. Conclusions...................................................8 > 8.1. Informative References...................................8 > 9. Acknowledgments...............................................8 > Appendix A. Copyright............................................9 > > > 1. Introduction > In the network and computing industry, malicious actions, > applications and actors have become more pervasive. Response times > to anomalous events are burdening today's infrastructures and often > strain resources. As networks under attack are often saturated with > malicious traffic and advanced persistent threat actors engage in > downloading terabytes of data, resources to combat these threats > have diminished. > > Additionally, the threats are no longer just anonymized actors > engaging in juvenile behavior, there are many instances of State > Actors, disgruntled employees, contractors, third party vendors and > criminal organizations. Each with separate agendas, each > consistently targeting devices on the Internet. > > > > > Oquendo Informational [Page 2] > Internet-Draft Security Step by STEP RFC > 4012012 > > > The intent behind this document is to define a methodology for rapid > response to these threats. In this document, security will be > achieved using a new methodology and protocol henceforth named > Scissor To Ethernet Protocol (STEP). > > > > Initially designed as a last approach for security, STEP ensures > that no attacker can disaffect any of the Confidentiality, > Integrity, Availability of data as a whole. > > > > Many variables are involved in security, but the STEP methodology > focuses on the following: > > > o FUD (Fear Uncertainty and Doubt) > o SCAM (Security Compliance and Management) > o APT (Another Possible Threat) > > > > This methodology proposes STEP that SHOULD be performed at the onset > of a cyber attack before more terabytes of data are exfiltrated from > a network. > > 1. Industry Standard IP connection > > > +-----------+ +-----------+ +-----------+ > | | IP | | INGRESS | | > | Rogue |-------> | Internet | ------> | Target | > | A | | | | B | > | | | | EGRESS | | > +-----------+ +-----------+ <------ +-----------+ > > Figure 1 Example session between a rogue attacker and target > Figure 1 illustrates the connection via the Internet from a rogue > attacker, towards a target. Irrespective of the attack used, IP > will ALWAYS be used as the attack vector. > > > Oquendo Informational > [Page 3] > > > Internet-Draft Security Step by STEP RFC 4012012 > > > > > 2. Conventions used in this document > > > The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", > "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this > document are to be interpreted as described in RFC-2119 [RFC2119]. > > In this document, these words will appear with that interpretation > only when in ALL CAPS. Lower case uses of these words are not to be > interpreted as carrying RFC-2119 significance. > > > 3. Threats Explained > > A security threat is a theoretical happening that may not occur but > should be considered as part of a proper security architecture and > design. For example, the threat always exists that your systems > will become the target of a denial of service attack. A threat may > or may not have a method to mitigate the possibility of attack. > > Vendors across the security spectrum offer FUD based solutions often > promoting SCAM based systems to mitigate against APT. While some of > the available solutions may minimize the potential for catastrophic > transfers of terabytes of data, these solutions SHOULD NOT be used > as an all-inclusive solution for security. Engineers MUST NOT rely > on FUD, or SCAMs against the APT. > > 3.1. Possible Actors > > Both malicious attacks and unintended (non-malicious) attacks can > occur from anywhere in the world including local attacks inside of > the infrastructure. In the barest threat explanation above, the > threat that someone can commit a typographical error, causing a > disruption in service, is as severe as a Distributed Denial of > Service attack from the public Internet. Actors can never be easily > identified unless one is watching the Academy Awards on television. > > > > > Oquendo Informational [Page 4] > > > Internet-Draft Security Step by STEP RFC 4012012 > > > 4. STEP Explained > > o S - Scissors > > Scissors as defined by wikipedia are" hand-operated cutting > instruments. They consist of a pair of metal blades pivoted so that > the sharpened edges slide against each other when the handles (bows) > opposite to the pivot are closed. Scissors are used for cutting > various thin materials, such as paper, cardboard, metal foil, thin > plastic, cloth, rope, and wire. Scissors can also be used to cut > hair and food. Scissors and shears are functionally equivalent, but > larger implements tend to be called shears. Scissors is a critical > component for STEP security and MUST be readily available 99.99999% > with redundant scissors within armÄ..s reach. > > > | | > X X > / \ O O > > (Opened) (Closed) > > > o T - To > > To: [preposition] (Used for expressing direction or motion or > direction toward something) in the direction of; toward: from north > to south. > > o E - Ethernet > > Ethernet via Wikiepedia is described as a family of computer > networking technologies for local area networks (LANs) commercially > introduced in 1980. Standardized in IEEE 802.3, Ethernet has > largely replaced competing wired LAN technologies. For clarity in > our protocol, Ethernet is defined as the cabling between a device > and a network component such as a router or a switch. > > > > o P - Protocol > > A communications protocol is a system of digital message formats and > rules for exchanging those messages in or between computing systems > and in telecommunications. A protocol may have a formal > description. > > > Oquendo Informational [Page 5] > > > Internet-Draft Security Step by STEP RFC > 4012012 > > > Protocols may include signaling, authentication and error detection > and correction capabilities. > > A protocol definition defines the syntax, semantics, and > synchronization of communication; the specified behavior is > typically independent of how it is to be implemented. A protocol > can therefore be implemented as hardware or software or both. > > In STEP, Protocol is a rule an engineer MUST follow in order to > complete STEP. S MUST be in a closed state. > > > > Actor -----> | Target (secured from the threat) > X > O O > > (Closed) > > > 5. STEP in Action > The following illustrates a remote APT attack against a webserver > located in the demilitarized zone of an infrastucture. In the > example, an APT attacker is launching a SQLI, XSS and CSRF against a > target over the Internet. > > The attacks are common and according to statistics, are the same > attacks used to leverage access against major Fortune 500 companies > in the past decade. > > +-------+ +-----+ +-----+ +--------+ > | | SQLi | | + + INGRESS | | > | APT | -------> | ISP | ---> + ISP + ------> | Target | > | | XSS/CSRF | A | + B + | www | > | | | | + + | | > +-------+ +-----+ +-----+ +--------+ > > o Figure 5.1 Attacker launching attacks > +-------+ +-----+ +-----+ +--------+ > | | TCP | | + + Reverse | | > | APT | <------ | ISP | <--- + ISP + <------ | Target | > | | | A | + B + Shell | www | > | | | | + + | | > +-------+ +-----+ +-----+ +--------+ > > o Figure 5.2 Attacker executing a reverse shell > > > Oquendo Informational > [Page 6] > > > Internet-Draft Security Step by STEP RFC > 4012012 > > > > In the illustration, an attacker is almost certainly attempting to > obtain a reverse shell. This enables an attacker to access a device > as if one were physically present at the device itself. > Using STEP we can mitigate and deny this attack from various points: > > > +-------+ +-----+ +-----+ +--------+ > | | SQLi | | + + | | | > | APT | -------> | ISP | ---> + ISP + -->| | Target | > | | XSS/CSRF | A | + B + x | www | > | | | | + + o o | | > +-------+ +-----+ +-----+ +--------+ > > o Figure 5.2 Ingress STEP > > +-------+ +-----+ +-----+ +--------+ > | | Attack | | | + + | | > | APT | ------> | ISP | ->| + ISP + | Target | > | | | A | x + B + | www | > | | | | o o + + | | > +-------+ +-----+ +-----+ +--------+ > > o Figure 5.4 Provider based STEP > > > Both instances of STEP successfully demonstrate the power of the > STEP protocol. In no case, can an attacker successfully launch any > attack against a target as the security posture has now been > hardened. > > 6. Security Considerations > > Cutting any Ethernet cable could potentially lead to shock and > degradation of IP services on your network. Please ensure there are > additional Ethernet cables for redundancy. Otherwise there is > nothing to consider. > > > 7. IANA Considerations > > There are no alternative considerations. STEP is the ultimate in > security. > > > Oquendo Informational > [Page 7] > > > Internet-Draft Security Step by STEP RFC 4012012 > > > 8. Conclusions > > Step defends against APT while minimizing your exposure to SCAMs and > FUD. > > 8.1. Informative References > > [1] http://www.amazon.com/b?ie=UTF8&node=689392011 > [2] http://ha.ckers.org/xss.html > [3] http://en.wikipedia.org/wiki/Advanced_persistent_threat > [4] http://en.wikipedia.org/wiki/Fear,_uncertainty_and_doubt > > > 9. Acknowledgments > Sofia Vergara > Kenji, Saki and Coco > > > > > Oquendo Informational [Page > 8] > > > Internet-Draft Security Step by STEP RFC 4012012 > > > Appendix A. Copyright > > > > Copyright (c) 2012 IETF Trust and the persons identified as authors > of the code. All rights reserved. > > Redistribution and use in source and binary forms, with or without > modification, are permitted provided that the following conditions > are met: > > o Redistributions of source code must retain the above copyright > notice, this list of conditions and the following disclaimer. > > o Redistributions in binary form must reproduce the above copyright > notice, this list of conditions and the following disclaimer in > the documentation and/or other materials provided with the > distribution. > o Neither the name of Internet Society, IETF or IETF Trust, nor the > names of specific contributors, may be used to endorse or promote > products derived from this software without specific prior > written permission. > > THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS > "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT > LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS > FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE > COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, > INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, > BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; > LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER > CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT > LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN > ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE > POSSIBILITY OF SUCH DAMAGE. > > > Author's Addresses > > Jesus Oquendo > E-Fensive Security Strategies > > > Oquendo Informational [Page 9] > > > >
