Eliminating Plaintext Passwords on Your Network
A work-in-progress, based on experiences at the San Diego Supercomputer Center.

Introduction

At SDSC, eliminating plaintext passwords is one of a handful of key strategies we have implemented which have been quite effective at preventing intrusions to our hosts. Motivation We manage to support thousands of users, spread out across the planet, without mandating homogeneity of client software or simply not providing service. Our users can remotely access our systems as effectively as they can locally. We could not do so and keep our systems secure without eliminating plaintext passwords. This stategy and effort to eliminate plaintext passwords came out of several security yearly reviews performed at SDSC from 1994 through 1997. In these reviews, we analyzed all the security events from those years and determined the underlying causes of the problems. It was obvious from these analyses that the easiest and most common way for our user accounts (and hosts) to be compromised was network password sniffers running at the home sites of our thousands of users. In one year (1997), sniffers running at other sites accounted for almost all of our significant security events. It was plain that something had to be done. Plaintext Authentication is a Problem Most commonly used protocols/applications transmit resable passwords in the clear(plaintext passwords). These protocols include... TELNET - remote login rlogin/rsh/rcp - remote login FTP - file transfer POP - mail retrieval IMAP - mail retrieval HTTP "Basic Authentication." ... and many others, including most Windows remote access programs, many other file sharing tools, etc. Why is this a problem? Because anyone monitoring (eavedropping) on the network tranmission can intercept and use those passwords to gain access to your systems. And most of the intrusions we've seen include the use of a sniffer (eavesdropping software): a intruder will install a sniffer just to see if they can pick up some good passwords while they are in the neighborhood. Compromise of a user password is on of the most difficult intrusions to detect. When a valid username and password is presented, how does the system know whether or not it is being presented by the actual authorized user? How do you, as a system administrator, know whether or not a particular session belongs to the actual user or an intruder with a stolen password? You might be able to make an inference based on the source of the intrusion, or some pattern of behavior like time of access, but that's prone to error and rather cumbersome to implement. The best strategy is to prevent interception of passwords in the first place. This can be done in several ways: Keep all machines standalone, without any network access. While this certainly rememdies the password interception problem, it also can limit the usefulness of your computers. Only allow services on networks and systems that you control, so that sniffers can't be installed. This too can work, but limits what your users can do remotely, while travelling, etc. Use software and protocols which either do not transmit passwords, or encrypt passwords so that the intercepted information is not useable by an intruder. (We like number 3.) The Technology The key to eliminating plaintext passwords is realizing that there is no one solution that fixes everything. Instead, we rely on a combination of solutions for the different services we support. In some cases, we support multiple services to allow our users to choose their own client software. Here is a matrix of the solutions we use: Type Protocol Server Client Remote Access Kerberos-enabled servers ktelnet krlogind krshd kftpd Apache+SSL+Kerberos Authentication Module etc. ktelnet krlogin krsh kftp SSL-capable web browser etc.. Ssecure Shell (SSH) ssh 1.2.27 w/Kerberos any ssh version 1 compatible client Reading E-mail IMAP/SSL UW imapd with sslwrap Outlook Netscape Mail POP/SSL qpopper with sslwrap Outlook APOP qpopper Eudora KPOP qpopper Eudora SSL Webmail IMHO Roxen UW-imapd sslwrap any ssl-capable web browser Sending E-mail SMTP AUTH Sendmail EGD   POP XTND XMIT qpopper sendmail Eudora SSL Webmail IMHO Roxen sendmail any ssl-capable web browser

Network Services

All the services for which we provide non-plaintext authentication...

Documentation and Tutorials

Installation and Configuration of... IMAP/SSL, POP/SSL, APOP and KPOP IMHO Web Mail (w/Roxen web server) Authenticated SMTP using Sendmail Netatalk OpenAFS Samba SSH Kerberos TCP-Wrappers

Links

Software E-mail IHMO Webmail: IMHO Webmail provides web-based access to e-mail, communicating with the e-mail server using IMAP/SSL. Qpopper: Qualcomm's POP server. Supports APOP, XTND XMIT, and KPOP. imapd: IMAP Server. Use with sslwrap (below) to provide IMAP/SSL. sslwrap: Generic tool for "wrapping" a tcp connection in SSL. Use with your imap and pop servers to provide IMAP/SSL and POP/SSL. Sendmail: Supports SMTP AUTH, using SASL, and the Entropy Gathering Daemon (below). EGD Roxen Web Server SecureFTP File Sharing/Transfer Netatalk OpenAFS Remote Access OpenSSH for Windows and Mac Misc Pretty Good Privacy l0phtCrack Literature and Documentation "Kerberos, the Network Authentication Protocol" RFC 2060, "Internet Message Access Protocol - Version 4rev1," M. Crispin. December 1996. RFC1939, "Post Office Protocol - Version 3," J. Myers, M. Rose. May 1996. A. Freier, P. Karlton, P. Kocher, "The SSL Protocol Version 3.0," http://home.netscape.com/eng/ssl3/draft302.txt, November 18, 1996 November 18, 1996 Protocol Numbers and Assignment Services, http://www.iana.org/numbers.html, he Internet Assigned Numbers Authority, April 30, 2001. "Changing POP (or other) Port in Eudora" RFC 2554, "SMTP Service Extension for Authentication," J. Myers. March 1999. RFC 2222, "Simple Authentication and Security Layer (SASL)," J. Myers, October 1997. B. Bannister, " Implementing Authenticated SMTP with Sendmail" "Port Forwarding," http://www.ssh.com/products/ssh/administrator30/Port_Forwarding.html, May 2001 B. Schneier, Applied Cryptography, 2nd ed., John Wiley and Sons, Inc., 1996 Information S. Sipes, "Why your switched network isn't secure", The SANS Institute, September 10, 2000. "E-mail FAQ"