Windows Protocol Analysis MSCHAP Friends.pptVIP

Windows Protocol Analysis:MSCHAP Friends Gros, Charles-Henri Haley, David Lisanke, Bob Schaff, Clovis Outline Overview of Windows Security Issues Various Protocols and Problems Introducing MSCHAP MSCHAP to MSCHAP2 MSCHAP2 to PEAP Mur? Models Lessons Learned An Encouraging Message Wed Mar 10, 6:55 PM ETSEATTLE (Reuters) - Microsoft Corp. (Nasdaq:MSFT - news) upgraded a recent security warning to critical after discovering new ways in which an attacker could run malicious software on a vulnerable computer, the worlds largest software maker said on Wednesday.The software flaw, which affects the two latest versions of Microsofts Outlook e-mail, calendar and contacts program, were initially rated as important in Microsofts monthly security bulletin issued on Tuesday. A Horde of Protocols Transport Layers NetBIOS, NetBEUI, TCP/IP… Protocols on top SMB, RPC, NetMeeting… Many dialects of protocols SMB: PCNP1.0, LanMan 1.0/2.0,NT LM 0.12, CIFS… Lots of Protocols = Lots of Problems Backwards compatibility between all various dialects More implementations: more potential for human error (incorrect code…) Most protocol weaknesses seem unrelated to the protocol itself Implementation Flaws Old friends like Buffer Overflows Holes in client-side code (ActiveX…) Poor crypto implementation might be easier to crack Programmer Laziness/Carelessness Troubleshooting “Humanware” Windows empowers the user, less restrictive environment Easy for the unwary user to execute unwanted code (email virus) Convenience vs. Security (automatic parsing of HTML email, etc.) Uneducated user = highly vulnerable The Password Paradigm Completely and utterly depends on secrecy and strength of password Many ways to fool uneducated user into giving away password (impersonating administrators, etc.) Reused password = less secure Windows Protocols Hard to find current specifications Hard to tell off-hand why some services are running, others aren’t Many are activated for unclear reasons (e.g. SQL