The other side of the moon

Last week, I had the opportunity to participate at SecNet 2001 - the annual workshop on security and networking - held at IIT Bombay. The workshop lasted four days, from the 12th to the 15th and had speakers primarily from IIT, but a few from industry as well.

The workshop was slated to start on the 12th with Professor Sridhar Iyer from IIT giving an introduction to networks and the underlying protocols involved, however he couldn't make it, and the job fell on Professor Abhay Karandikar from the Electrical Department. Professor Karandikar took the floor, and had his audience captivated. Given the short time that he had for preparation, he was absolutely brilliant.

He introduced the concepts of networks and TCP/IP, concentrating on the security aspects of lower layers and how they evolved over time. This man knows exactly what he's talking about and seems to have had extensive lecturing experience. He glided through the lecture answering all questions that came up.

The introduction was excellent, and the only worry was that things couldn't get better from here on.

The next two lectures were delivered by Mr. Ravindra Jaju, an MTech student at the School of IT - IITB. Jaju touched on the various methods employed by potential attackers to detect vulnerabilities in your network and exploit them. Among the techniques covered were IP spoofing, DNS spoofing, session hi-jacking, network sniffing/scanning, buffer overflows and denial of service attacks. He showed how an attacker would use combinations of these for a successful attack.

In his second session, Jaju demonstrated some of the tools used to carry out these attacks, and others used to protect oneself from an attack. Although the tools covered were Unix-centric, they were insightful, throwing light on actual techniques used by crackers.

The only complaint about this lecture was that no tools for non-Unix users were listed.

The second day was kicked off with Anil Gracias - also an MTech student, and one of the sys-admins at IIT - showing how to detect if your host is being probed, and how to identify an attacker's procedure. He showed how an attacker might create back-doors to get permanent access to a machine, and how to detect the presence of any such Trojan. The main focus of Anil's lecture was scanning of log files for patterns and scripts to search for `setuid' programs on the system.

A setuid program is one that runs with the privileges of the owner, rather than the person who runs it (as is the normal case), so if someone were to get access to a setuid program owned by the administrator, he could in essence become the administrator.

The second lecture of the day was delivered by Flynn Remedios - cyber forensic specialist, advisor to the Cyber crime cell of the Mumbai Police, author, et. al. Flynn was slated to provide a surprise package, the contents of which not even the organisers were made privy to.

Flynn started out talking about how an old girlfriend, who didn't like him any more, got hold of his yahoo account and read email that he had saved "for obvious reasons". He went on to tell people how he would get his colleagues' email passwords by looking at Internet Explorer's history. He also got Yahoo to change his date of birth by threatening them with his "influence with the Mumbai Police".

Towards the end of his first session, he started asking a few questions. When one of the participants from Global was unable to answer, he told him that he'd talk to FC Kohli and get the guy fired.

In his second session, Flynn attempted to demonstrate some Windows tools that most script kiddies use. Unfortunately, he didn't know how to configure his machine to work on the LAN, and refused to use the machine provided by the organisers, so non of his tools worked. He ended up showing email that he exchanged with someone sometime last year.

When a Unix issue came up, Flynn said that in 1991, while he was studying under Vijay Mukhi, Mukhi told him that Unix was for Eunuchs, so he has been unable to use Unix ever since.

Flynn's sessions got rave reviews, ranging from "We don't expect this from IITB" to "Don't call Flynn Baba again".

The third day, and this workshop definitely needed a boost. Dr. Leena Chandran-Wadia, a professor at the School of IT introduced SSL. From the way the lecture went, it seemed that Dr. Leena had researched not just her subject matter, but her audience as well. She called it beautifully, and while unable to complete all that she had planned, was able to bring the audience up to a level from where they could proceed on their own.

Dr. Leena introduced symmetric and asymmetric key encryption and their use in SSL, and the use of asymmetric keys for authentication, integrity and privacy of messages sent over a public network. She touched on the classic man-in-the-middle attack, and how encryption is used to protect against it. For those interested, she also delved into the mathematics of asymmetric key encryption and ended on carrying out secure transactions for e-commerce.

The lecture was very interesting and clearly rated as the best lecture by the audience.

In keeping with the day's theme of securing the underlying network transport and communications, the next lecture by Mr. Ambrish Kumar was on IPSec. Ambrish is a sys admin at IITB, and has experience in setting up IPSec tunnels. Unlike SSL, IPSec is implemented at the Network Layer (SSL is at the Transport Layer) of the TCP/IP stack. The advantage of this is that applications do not need to be modified to work with IPSec. On the other hand, IPSec introduces a higher overhead on the underlying network, causing a drop in effective bandwidth.

IPSec provides for tunnelling (VPN) private conversions/data transfer over a public, insecure network like the Internet.

Ambrish has good knowledge of IPSec supporting hardware and software, including approximate price ranges for the same. He ended the lecture by describing a possible design for a bank to provide secure data transmission between branches.

The last day's theme was mobile connectivity and wireless technologies. Lectures were to be conducted by Mr. R. Murlidharan - General Manage of OSS Systems India. Mr. Murlidharan didn't turn up, so Mr. Ajay Kumar Singh, another MTech student at IITB took up the topic of Mobile IP and Wireless LANs (802.11) and their peculiarities.

In our increasingly mobile world, these protocols will play a big part in future communication. Wireless networks can work with or without an underlying network infrastructure, and can even be used in situations wire earthquakes or other natural calamities have rendered regular distance communication impossible.

The technology of Mobile IP being somewhat different from what most persons working with wired networks are used to, it took some time, and several explanations for the audience to fully understand it. Ajay handled the topic excellently, and was cleared all doubts about the technology. Like most speakers, Ajay has a very good understanding of the topic and its various implementations.

The final lecture of the day was delivered by Professor Karandikar. After his first lecture, everyone was eager to hear from him again. His last lecture was on GSM and GPRS(mobile cellular phone technologies). This is one fundu guy. He knows the topic inside-out, and can answer any doubt at all.

While not directly related to computer networks or security, this was possibly the most enlightening lecture, and every member of the audience appreciated it.

Professor Karandikar's feedback indicated that the audience wanted more lectures from him.

The last session was a demonstration of BlueTooth technology by Premal Shah and Abhishek Jain - students at IITB. Bluetooth is a wireless technology used to communicate over short distances of the order of 10 metres. The bandwidth is low, and it is best suited for unconscious communication between personal devices (PDAs, laptops, digital watches, etc.). Bluetooth can be used for example to transfer all your messages from your laptop to your desktop computer as soon as you come within range.

Premal and Abhishek have also developed an ECG monitor on a micro-controller. The micro-controller is a Bluetooth enabled chip that communicates ECG data from a portable ECG unit to a main server. They also demonstrated how ECG can be used in a PAN (Personal Area Network) for communication over short distances.

In all, this workshop was well managed, although it could have been handled better. Most of the speakers had excellent command over the subject and the audience. It was disappointing to see that the only publicly known speaker was inept, rude and egotistic. One shudders to think of the state of the Mumbai Police after one of his daily two hour sessions.

The lab sessions were exciting, with actual hands on experience with some of the available tools, and the volunteers were very helpful and cheerful. Expect a good show next year.