Next Generation Router-Security

Concept or Reality
Denise Mangold
Department of Electrical and Computer Engineering
Villanova University College of Engineering
Villanova PA 19085
Abstract The computer industry must always evolve in the areas
of infrastructure and security. There is a growing need for
virtualization in the point of presence and datacenters. The desire to
reduce capital, environmental and operational cost by purchasing
fewer chassis and less power consumption has led to a growing push
toward virtualization, while this push makes economical sense
security must also be priority in decision making. The Halon security
router is a network operating system and software distribution based
on Open BSB, which provides a UNIX root shell. Halon claims to be
secure by design because of the OpenSource sandbox user interfaces
with backend API as the sole area of exposure. Traditional routers
have been hardware based Halon can be hardware based but also
offers a virtual security router. I investigated the ease of use, security
from the UNIX backend as well as the Web front end and web
features of the Halon security router from within a Virtual machine,
Oracles Virtual box was used to install Halon.

I. INTRODUCTION
The next generation of routers is increasingly becoming
virtual appliances. A number of vendors already have virtual
appliances on the market, Cisco has the Cisco Cloud Services
Router, Palo Alto has a PAN-OS, both companies offer an
impressive suite of tools such as malware blocking, virus
protection, spyware protection, data filtering, deep packet
inspection capabilities and promises of vulnerability detection.
To fully get an understanding of the functionality, security and
performance of a virtual appliance I built a virtual router from a
vendor that allowed a fully functional trial evaluation.
The Halon security router (SR) is a network and software
distribution based off the OpenBSD Operating system, the SR
uses a single revision managed, clear-text configuration file
that atomic commits meaning there is never a need for a reboot
even for rollbacks of changes, this is important for production
environments due to the cost of downtime. The SR also has
built in clustering meaning if one system fails there is no
downtime; this is if clustering is configured. Clustering was
not tested in the VM due to the fact reliable results could not be
obtained at this time. The SR also has a fully featured load
balancer (up to layer 7, with SSL acceleration)
The main requirement for deploying a virtual router is that
the router operation should not deteriorate as a result of
implementing a virtualized solution, this includes performance
as well as security.
The system being evaluated as a virtual secure router is a
mix of open system scripts, patches, and closed backend source

code. The software can be installed on a number of platforms

such as Mac OS X, Linux/BSD, Microsoft Windows, and
virtual machines such as VMware and Oracles Virtual box.
The version that was used for my evaluation and summary
was halon-vsr-i386.vmdk installed within Oracles virtual box
version 4.3.12 r3733 on a Mac OS X version 10.9.5. The
system deployed itself with ease. The Virtual box settings were
as follows: System base memory 4gb, video memory of 16mb,
storage of 20gb, 1 virtual CPU. The configuration was straight
forward a web address was given by the install to log into for
further configuration. For the evaluation I wanted to focus
more on vulnerability detection and prevention in a virtualized
router situation.
II. OPERATING SYSTEM SECURITY
The operating system allows for root access. A root account
was created, as well as other user accounts those users were
added to the sudoers file via visudo. The system does allow for
direct root login. There are a few UNIX security concerns that
should be investigated and tested further.

OS Security Concerns observations:

The /etc/sudoers file allowed vi editing directly to the
file and I was able to save the file. Adding users to the
sudoers file should always be done via visudo.
The /etc/passwd file also allows for direct editing. This
is very bad in the fact a corrupted passwd file could
render the system unusable.
The web interface is Apache and the httpd.conf file can
be edited, The default address was changed to another
address to listen on via #vi /var/www/conf/httpd.conf
The /sbin directory is available to root and the ability to
change files within that directory, meaning rootkits
could compromise these files and hide their activity.
Library files can be manipulated.
Log files can be manipulated.
The IP address if public facing is subjected ssh brute
force attacks if using default port of 22.
Figure 1 shows ssh brute force attacks on Halons
public Web UI demo software.
Figure1
Oct1501:00:08srlastmessagerepeated2
timesOct1501:00:08srsshd[12971]:

Disconnecting:Toomanyauthentication
failuresforroot[preauth]Oct15
01:00:09srsshd[9101]:Failedpassword
forrootfrom61.174.51.224port38444
ssh2Oct1501:00:11srsshd[9101]:Failed
passwordforrootfrom61.174.51.224port
38444ssh2Oct1501:00:12srsshd[28514]:
Failedpasswordforrootfrom
61.174.51.224port30879ssh2Oct15
01:00:14srsshd[9101]:Failedpassword
forrootfrom61.174.51.224port38444
ssh2Oct1501:00:15srsshd[9101]:Failed
passwordforrootfrom61.174.51.224port
38444ssh2Oct1501:00:15srsshd[9101]:
Disconnecting:Toomanyauthentication
failuresforroot[preauth]Oct15
01:00:19srsshd[17927]:Failed

OS Good Security Practices observations:

The top-level file systems are not writable, example
mkdir dmangold within the /home directory produced
the output Read-only file system.
The passwords are salted, there is no /etc/shadow file
the passwords are kept in a db file that is encrypted.
The logging is verbose and each login is recorded in
the log files.
There is a limited use of shells the only shells available
to the OS are sh, csh and ksh, this is critical due to the
recent shell shock vulnerability.
III. WEB UI SECURITY
The web interface for the Halon SR was reviewed for
security flaws using two web vulnerability scanners for
scanning the public facing demo site. Kali Linux was used for
scanning the Web UI for vulnerabilities. The first scan was
done using OWASP Zap; there were no high alerts, however
Vega listed one finding as a high risk.

Session Cookie without Secure flag, the impact is that

cookies can be exposed to network eavesdroppers.
Session cookies are authentication credentials;
attackers who obtain them can get unauthorized access.

Low alerts that were generated from the system were as

follows. Autocomplete attribute was not disabled in the
V. VIRTUALIZATION SECURITY CONSIDERATIONS:

Although vendors promise smarter routing/network

capabilities such as malware detection, file blocking, date
filtering, virus protection as well as vulnerability protection a
key question that must be asked is how secure is a virtual
environment. From a technical point of view wouldnt the
sharing of resources present a security risk? A user could
exploit resources and reduce service quality, which would place
all overlay technologies in question.

HTML FORM/INPUT element containing passwords,

meaning passwords can be stored and

IV. USER EXPERIENCE

The user experience and ease of use is important to the
operation of any software system. The Web UI is intuitive, it
allows for a straightforward configuration of the system.
Other features that are easily accessible are setting up a
clustered environment, hardware information, system health
and system as well as other various system administration
tasks, such as user management. The UI allows for those who
are not native router/network administrators to configure a
network, and set up firewall rules without having to fully
know or understand the CLI.
REFERENCES
For papers published in translation journals, please give the
English citation first, followed by the original foreign-language
citation [6].
[1] G. Eason, B. Noble, and I. N. Sneddon, On certain integrals of
Lipschitz-Hankel type involving products of Bessel functions,
Phil. Trans. Roy. Soc. London, vol. A247, pp. 529551, April
1955. (references)
[2] J. Clerk Maxwell, A Treatise on Electricity and Magnetism, 3rd
ed., vol. 2. Oxford: Clarendon, 1892, pp.6873.
[3] I. S. Jacobs and C. P. Bean, Fine particles, thin films and
exchange anisotropy, in Magnetism, vol. III, G. T. Rado and H.
Suhl, Eds. New York: Academic, 1963, pp. 271350.
[4] K. Elissa, Title of paper if known, unpublished.
[5] R. Nicole, Title of paper with only first word capitalized, J.
Name Stand. Abbrev., in press.
[6] Y. Yorozu, M. Hirano, K. Oka, and Y. Tagawa, Electron
spectroscopy studies on magneto-optical media and plastic
substrate interface, IEEE Transl. J. Magn. Japan, vol. 2, pp.
740741, August 1987 [Digests 9th Annual Conf. Magnetics
Japan, p. 301, 1982].
[7] M. Young, The Technical Writer's Handbook. Mill Valley, CA:
University