Eradicating Attacks on the Internal Network with Internal Network Policy
This addresses security risks for users and organizations with internal networks, though it is incremental as it builds on existing policies like Same Origin Policy.
The paper tackles the problem of attacks on private internal networks behind a NAT, where malicious scripts can access internal resources, and presents Internal Network Policy (INP) as a new browser security mechanism to mitigate these vulnerabilities.
In this paper we present three attacks on private internal networks behind a NAT and a corresponding new protection mechanism, Internal Network Policy, to mitigate a wide range of attacks that penetrate internal networks behind a NAT. In the attack scenario, a victim is tricked to visit the attacker's website, which contains a malicious script that lets the attacker access the victim's internal network in different ways, including opening a port in the NAT or sending a sophisticated request to local devices. The first attack utilizes DNS Rebinding in a particular way, while the other two demonstrate different methods of attacking the network, based on application security vulnerabilities. Following the attacks, we provide a new browser security policy, Internal Network Policy (INP), which protects against these types of vulnerabilities and attacks. This policy is implemented in the browser just like Same Origin Policy (SOP) and prevents malicious access to internal resources by external entities.