Encryption of Traffic
|
|
- Martha Clarke
- 8 years ago
- Views:
Transcription
1 Encryption of Traffic White Paper Version 1.1 Date:
2 Foreword On the initiative of some German automotive manufacturers work has started on a series of white papers on the subject of security. The first two documents have already been prepared. They are: an introductory document entitled Security that introduces the reader to the topic of protecting confidentiality during exchange ; a white paper entitled Encryption of Traffic describing pragmatic basic security using encryption, which is as transparent as possible for users. Two additional white papers, Encryption Using End-to-End Encryption and Mail Transfer Agents and Certificate and Trust Management - requirements for certificates and trust relationships are currently being prepared. The documents drawn up so far give the automotive industry an orientation based on existing technical approaches. Important elements here are userfriendliness and the application of the industry s standard confidentiality levels and measures derived from them. The VDA recommends its members to use the documents already prepared for orientation, and to implement the measures they describe in their companies. V E R S I O N 1. 1 P A G E 2
3 Contents Encryption of Traffic... 1 White Paper... 1 Foreword... 2 Contents... 3 Introduction... 4 Motivation... 4 Assumption... 4 Risks... 4 Measures... 4 Approaches to securing the transport route... 5 Encryption using tunneling... 5 Encryption of the transfer protocol... 5 Approaches and standards... 6 STARTTLS... 7 IPsec VPN... 7 Combining STARTTLS and IPsec VPN... 7 Requirements for use and approaches to realization... 8 Minimum requirements... 8 General requirements... 8 Mandatory requirements... 8 Other requirements... 9 Weaknesses / remaining risks and dangers... 9 Annex TCP/IP reference protocol Annex List of authors PAGE 3 V E R S I O N 1. 1
4 Introduction Motivation In the main document Security [W1], transport encryption is introduced as a measure for protecting the confidentiality of an message. Below we describe the organizational and technical implementation of this type of measure. Assumption It is assumed that transmission is sufficiently well protected in the firm s internal networks. This paper examines the task of securing transmission between the transport systems of corporate networks. Sender Empfänger Internet Figure 1: Insecure transmission Legenden: Recipient Risks Generally no great technical effort is required to copy and evaluate the contents of data traffic running between two transfer agents (MTAs) at the transport level, since this traffic is transmitted as clear text without any additional security mechanisms. Measures Two options for tackling this problem are encryption of the channel for transporting the s, and encryption of the s themselves. The latter is V E R S I O N 1. 1 P A G E 4
5 described in more detail in the document [W2]. Below we will only go into detail on encryption at the level of transport (MTAs) between the domains. Approaches to securing the transport route Encryption using tunneling In this case protection of an during transmission is based on encryption of the transport route, that is, on the transport layer (see Annex TCP/IP reference model). Examples of this would be: using a tunnel connection via the internet or via private network connections between two partners, such as an IPsec VPN connection; secure transmission within a dedicated network, such as ENX. Assumption: the MTAs internal network connection to the router is made secure. Sender Empfänger Tunnel Internet Figure 2: transmission using VPN tunneling to send data across the network (router, MTA) Legenden: Recipient Encryption of the transfer protocol As an alternative to tunneling, encryption may be applied using an transfer protocol in the application layer. Here again, it is not individual s themselves that are encrypted, but the exchange of data between the transmitting MTAs. Examples of this would be: Encryption of data exchange within the SMTP protocol using Transport Layer Security (SMTP/TLS as SMTPS on port 465). PAGE 5 V E R S I O N 1. 1
6 The authors regard SMTPS as not practicable and it is no longer applied, since RFC 2595 already advises against SMTPS with dedicated ports. Encryption of data exchange within the SMTP protocol using Transport Layer Security (SMTP using STARTTLS, called STARTTLS below). STARTTLS is described in RFC 3207 and has established itself on the market. The connection with the other party is initially established in the clear. Then, if STARTTLS is also supported by the other party, the is transferred with protection in the current session via the same port. Sender (MTA) Empfänger (MTA) TLS, fallweise Internet Figure 3: transmission with SMTP using STARTTLS (MTA to MTA) Legenden: Recipient case-by-case Approaches and standards In the future all s exchanged with partners should be sent using secure transmission. In a first step, the objective is to define a procedure that: all members can implement simply, pragmatically and swiftly, requires no central organizational control, takes existing procedures into consideration, can continue to be used with future extensions, provides sufficient security mechanisms. The implementation of agreements on the types of solutions described, such as the TLS approach or using VPN in traffic between the communication partners, is defined in specific regulations. V E R S I O N 1. 1 P A G E 6
7 STARTTLS Today a large number of common MTAs support SMTP with TLS as an encryption protocol (STARTTLS) for communicating with other MTAs. A manageable amount of technical and financial input is needed to implement STARTTLS, without the need for central verification control. In the future, every MTA that is accessible from the internet should support this protocol. This does not apply to MTAs that are not accessible from the internet, but which operate exclusively within an existing, secured network. Two security levels are distinguished. STARTTLS-setting with the option of sending unencrypted if STARTTLS is not available at the recipient (opportunistic mode, opportunistic TLS). mandatory use of STARTTLS (secure high-grade ciphers mandatory mode, mandatory TLS). Assumption: in this approach the firm s internal network begins at the MTA. IPsec VPN With IPsec VPN the traffic is encrypted by routers between the MTAs on the network layer. This technology is already used successfully by various companies in the automotive industry especially on the basis of ENX. ENX (European Network Exchange) is a special VPN installation. ENX is a paid-for communication network for the European automotive industry; it is a separate network that is accessible only to the members, who pay for the service. The connections within ENX are secured using IPsec. If the MTAs involved use only these secure paths for receiving and sending e- mails, this encryption is regarded as sufficient. Assumption: in this approach the firm s internal network begins at the VPN router. Combining STARTTLS and IPsec VPN It is technically possible to combine STARTTLS and IPsec VPN, but it is not regarded as necessary. PAGE 7 V E R S I O N 1. 1
8 Requirements for use and approaches to realization Minimum requirements The confidentiality levels described in the main document ( Security ) form the basis for the requirements listed below. General requirements Use of STARTTLS in opportunistic mode (opportunistic TLS) for general e- mail traffic on all MTAs that are accessible from the internet. All participating organizations / companies should use certificates in accordance with the X.509 standard. Use of cryptographic procedures currently regarded as sufficiently secure according to the document Kryptographische Verfahren: Empfehlungen und Schlüssellängen ( Cryptographic procedures: recommendations and key lengths, available in German at: and/or the corresponding recommendation from the NIST (in English, see also [W1] under References. Mandatory requirements Mandatory requirements apply to transmission of s classified as confidential, if they are not sufficiently protected by other measures. Mandatory requirements serve to fulfill legal or contractual obligations to protect s between the communicating parties, if these obligations are not satisfied by other means. Use of STARTTLS in secure high-grade ciphers mandatory mode (mandatory TLS) for confidential traffic on all MTAs accessible from the internet. logging and/or monitoring should be used to verify that communication is taking place in compliance with the requirements. All organizations and companies involved should use certificates in accordance with the X.509 standard, which satisfy the requirements defined for this application in the document [W4]. Use of cryptographic procedures currently regarded as sufficiently secure according to the document Kryptographische Verfahren: Empfehlungen und Schlüssellängen ( Cryptographic procedures: recommendations and key lengths, available in German at: and/or the corresponding recommendation from the NIST (in English, see also [W1] under References. V E R S I O N 1. 1 P A G E 8
9 Other requirements The extent to which certificates are supported, which do not originate from the Public Key Infrastructure (PKI), must be examined in each separate case, because verification of these certificates is problematic without a central verification control. A bilateral trust status can be set up manually until a central service is established. Weaknesses / remaining risks and dangers Deliberate manipulation (e.g. by a disgruntled employee) cannot be avoided by encryption. In general there is no check that the content is factually correct. This risk can be tackled only with other measures (e.g. internal security guidelines). It is not possible to prevent the faking of sender addresses without taking additional technical or organizational action. Absence of measures for ensuring data integrity could be tackled, for example, with additional sender verification or the exclusive use of the tunneling procedures as described above. Another known procedure for verifying the sender is authentication of the sender using DKIM. However, up to now the procedure has not been used on a wide scale and it offers only limited protection. Security is assumed as a result of equating the company with one of its domains: if, for example, mandatory STARTTLS applies to one domain belonging to a company, this does not necessarily apply to all other domains belonging to the same company (e.g. firmdomain.com and firmdomain.de). Configuration changes at the sender or recipient, e.g. a change in an IP address, and changes in certificates, must feed into the change and configuration management on both sides, because otherwise encrypted transmission can no longer be guaranteed. PAGE 9 V E R S I O N 1. 1
10 Annex TCP/IP reference protocol TCP / IP layer Application layer Transport layer Network layer Data link layer Examples HTTP, FTP, SMTP, TCP, UDP, IPv4, IPv6 Ethernet, Token Ring The layers of the TCP/IP reference model in detail: Application layer: the application layer comprises all the protocols that cooperate with application programs and use the network infrastructure for exchanging application-specific data. Transport layer: the transport layer creates an end-to-end connection. The most important protocol in this layer is the Transmission Control Protocol (TCP), which creates connections between two network participants for reliable exchange of data flows. Network layer: the network layer is responsible for forwarding packets and for routing. Point-to-point connections are created on this layer and the layers below. The task of this layer is to identify the next MTA for a received packet and to send the packet to that destination. At the heart of this layer is the Internet Protocol (IP) that provides a packet delivery service. Data link layer: the data link layer is specified in the TCP/IP reference model, but it does not contain any protocols belonging to the TCP/IP family. Instead, it should be understood as a placeholder for various technologies for transferring data from point to point. The internet protocols were developed to combine different subnetworks. The host-to-network layer can therefore be filled with protocols such as Ethernet, FDDI, PPP (point-to-point protocol) or (WLAN). V E R S I O N 1. 1 P A G E 10
11 Annex For specifications, references and the glossary, please see the main document [W1] with the same or a later version number. List of authors Name Company address Frölich, Jens AUDI AG jens.froelich@audi.de Ionescu, Michael Porsche-Information- Kommunikation-Services GmbH michael.ionescu@porsche.de Klingel, Jan-Arendt BMW Group jan-arendt.klingel@bmw.de Kohn, Stefan Volkswagen AG stefan.kohn@volkswagen.de Scherr, Carsten Daimler AG carsten.scherr@daimler.com Document and version history: Version Date Status, remarks Final version Revised by working group PAGE 11 V E R S I O N 1. 1
Chapter 9. IP Secure
Chapter 9 IP Secure 1 Network architecture is usually explained as a stack of different layers. Figure 1 explains the OSI (Open System Interconnect) model stack and IP (Internet Protocol) model stack.
More informationChapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding
Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding This chapter describes the configuration for the SSL VPN Tunnel Client and for Port Forwarding. When a remote user accesses the SSL VPN
More informationOptions for encrypted e-mail communication with AUDI AG Version of: 31 May 2011
Options for encrypted e-mail communication with AUDI AG Version of: 31 May 2011 1 Options for encrypted e-mail communication with AUDI AG Confidential information may only be transmitted in encrypted form
More informationAPNIC elearning: IPSec Basics. Contact: training@apnic.net. esec03_v1.0
APNIC elearning: IPSec Basics Contact: training@apnic.net esec03_v1.0 Overview Virtual Private Networks What is IPsec? Benefits of IPsec Tunnel and Transport Mode IPsec Architecture Security Associations
More informationHow To Understand And Understand The Security Of A Key Infrastructure
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used
More informationCornerstones of Security
Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to
More informationMarch 2005. PGP White Paper. Transport Layer Security (TLS) & Encryption: Complementary Security Tools
March 2005 PGP White Paper Transport Layer Security (TLS) & Encryption: Complementary Security Tools PGP White Paper TLS & Encryption 1 Table of Contents INTRODUCTION... 2 HISTORY OF TRANSPORT LAYER SECURITY...
More information21.4 Network Address Translation (NAT) 21.4.1 NAT concept
21.4 Network Address Translation (NAT) This section explains Network Address Translation (NAT). NAT is also known as IP masquerading. It provides a mapping between internal IP addresses and officially
More informationThe basic groups of components are described below. Fig X- 1 shows the relationship between components on a network.
Elements of Email Email Components There are a number of software components used to produce, send and transfer email. These components can be broken down as clients or servers, although some components
More informationCS 356 Lecture 27 Internet Security Protocols. Spring 2013
CS 356 Lecture 27 Internet Security Protocols Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationNetworking Basics and Network Security
Why do we need networks? Networking Basics and Network Security Shared Data and Functions Availability Performance, Load Balancing What is needed for a network? ISO 7-Layer Model Physical Connection Wired:
More informationSecurity in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity
Basic Security Requirements and Techniques Confidentiality The property that stored or transmitted information cannot be read or altered by an unauthorized party Integrity The property that any alteration
More informationIntroduction to Computer Security
Introduction to Computer Security Network Security Pavel Laskov Wilhelm Schickard Institute for Computer Science Circuit switching vs. packet switching OSI and TCP/IP layered models TCP/IP encapsulation
More informationSecurity Engineering Part III Network Security. Security Protocols (II): IPsec
Security Engineering Part III Network Security Security Protocols (II): IPsec Juan E. Tapiador jestevez@inf.uc3m.es Department of Computer Science, UC3M Security Engineering 4th year BSc in Computer Science,
More informationBasic Networking Concepts. 1. Introduction 2. Protocols 3. Protocol Layers 4. Network Interconnection/Internet
Basic Networking Concepts 1. Introduction 2. Protocols 3. Protocol Layers 4. Network Interconnection/Internet 1 1. Introduction -A network can be defined as a group of computers and other devices connected
More informationPROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES
PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute
More informationIntroduction to Computer Security
Introduction to Computer Security Network Security Pavel Laskov Wilhelm Schickard Institute for Computer Science Circuit switching vs. packet switching OSI and TCP/IP layered models TCP/IP encapsulation
More informationLecture 23: Firewalls
Lecture 23: Firewalls Introduce several types of firewalls Discuss their advantages and disadvantages Compare their performances Demonstrate their applications C. Ding -- COMP581 -- L23 What is a Digital
More informationIP Security. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49
IP Security Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49 1 Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security
More informationSecurity. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1
Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions
More informationSecurity Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)
Security Protocols Security Protocols Necessary to communicate securely across untrusted network Provide integrity, confidentiality, authenticity of communications Based on previously discussed cryptographic
More informationIP Security. IPSec, PPTP, OpenVPN. Pawel Cieplinski, AkademiaWIFI.pl. MUM Wroclaw
IP Security IPSec, PPTP, OpenVPN Pawel Cieplinski, AkademiaWIFI.pl MUM Wroclaw Introduction www.akademiawifi.pl WCNG - Wireless Network Consulting Group We are group of experienced professionals. Our company
More informationEthernet. Ethernet. Network Devices
Ethernet Babak Kia Adjunct Professor Boston University College of Engineering ENG SC757 - Advanced Microprocessor Design Ethernet Ethernet is a term used to refer to a diverse set of frame based networking
More informationSecurity (II) ISO 7498-2: Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012
Course Outline: Fundamental Topics System View of Network Security Network Security Model Security Threat Model & Security Services Model Overview of Network Security Security Basis: Cryptography Secret
More informationIPv6 Security: How is the Client Secured?
IPv6 Security: How is the Client Secured? Jeffrey L Carrell Network Conversions Network Security Consultant 1 IPv6 Security: How is the Client Secured? IPv6/IPsec IPsec Challenges IPsec Monitoring/Management
More informationINF3510 Information Security University of Oslo Spring 2011. Lecture 9 Communication Security. Audun Jøsang
INF3510 Information Security University of Oslo Spring 2011 Lecture 9 Communication Security Audun Jøsang Outline Network security concepts Communication security Perimeter security Protocol architecture
More informationOutline. INF3510 Information Security. Lecture 10: Communications Security. Communication Security Analogy. Network Security Concepts
Outline INF3510 Information Security Lecture 10: Communications Security Network security concepts Communication security Perimeter security Protocol architecture and security services Example security
More informationLecture 10: Communications Security
INF3510 Information Security Lecture 10: Communications Security Audun Jøsang University of Oslo Spring 2015 Outline Network security concepts Communication security Perimeter security Protocol architecture
More informationNETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9
NETASQ & PCI DSS Is NETASQ compatible with PCI DSS? We have often been asked this question. Unfortunately, even the best firewall is but an element in the process of PCI DSS certification. This document
More informationApplication Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )
Application Note Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder ) This document describes how to configure McAfee Firewall Enterprise to provide
More informationAppendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003
http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with
More informationProtocol Security Where?
IPsec: AH and ESP 1 Protocol Security Where? Application layer: (+) easy access to user credentials, extend without waiting for OS vendor, understand data; (-) design again and again; e.g., PGP, ssh, Kerberos
More informationFirewalls. CEN 448 Security and Internet Protocols Chapter 20 Firewalls
CEN 448 Security and Internet Protocols Chapter 20 Firewalls Dr. Mostafa Hassan Dahshan Computer Engineering Department College of Computer and Information Sciences King Saud University mdahshan@ccis.ksu.edu.sa
More informationChapter 10. Network Security
Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce
More informationFor extra services running behind your router. What to do after IP change
For extra services running behind your router. What to do after IP change This guide is for customers who meet the following conditions: - Customers who have moved from a TPG Layer 3 plan to a TPG Layer
More informationPríprava štúdia matematiky a informatiky na FMFI UK v anglickom jazyku
Univerzita Komenského v Bratislave Fakulta matematiky, fyziky a informatiky Príprava štúdia matematiky a informatiky na FMFI UK v anglickom jazyku ITMS: 26140230008 dopytovo orientovaný projekt Moderné
More informationVirtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN
Virtual private network Network security protocols COMP347 2006 Len Hamey Instead of a dedicated data link Packets securely sent over a shared network Internet VPN Public internet Security protocol encrypts
More informationEDI BROCHURE ELECTRONIC DATA INTERCHANGE WITH FORD. created by GSEC, Global Supplier Electronic Communications
ELECTRONIC DATA INTERCHANGE WITH FORD EDI BROCHURE created by GSEC, Global Electronic Communications Page 1 of 23 Brochure map EDI Brochure Overview Connecting to Ford Further Information Support Who is
More informationNetwork Security Fundamentals
APNIC elearning: Network Security Fundamentals 27 November 2013 04:30 pm Brisbane Time (GMT+10) Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security IPv6
More informationOverview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP
Overview Securing TCP/IP Chapter 6 TCP/IP Open Systems Interconnection Model Anatomy of a Packet Internet Protocol Security (IPSec) Web Security (HTTP over TLS, Secure-HTTP) Lecturer: Pei-yih Ting 1 2
More information7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More informationThe OSI and TCP/IP Models. Lesson 2
The OSI and TCP/IP Models Lesson 2 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Introduction to the OSI Model Compare the layers of the OSI and TCP/IP
More informationDevice Log Export ENGLISH
Figure 14: Topic Selection Page Device Log Export This option allows you to export device logs in three ways: by E-Mail, FTP, or HTTP. Each method is described in the following sections. NOTE: If the E-Mail,
More informationAPNIC elearning: Network Security Fundamentals. 20 March 2013 10:30 pm Brisbane Time (GMT+10)
APNIC elearning: Network Security Fundamentals 20 March 2013 10:30 pm Brisbane Time (GMT+10) Introduction Presenter/s Nurul Islam Roman Senior Training Specialist nurul@apnic.net Specialties: Routing &
More informationCisco Configuring Commonly Used IP ACLs
Table of Contents Configuring Commonly Used IP ACLs...1 Introduction...1 Prerequisites...2 Hardware and Software Versions...3 Configuration Examples...3 Allow a Select Host to Access the Network...3 Allow
More informationConfiguring Network Address Translation (NAT)
8 Configuring Network Address Translation (NAT) Contents Overview...................................................... 8-3 Translating Between an Inside and an Outside Network........... 8-3 Local and
More information12. Firewalls Content
Content 1 / 17 12.1 Definition 12.2 Packet Filtering & Proxy Servers 12.3 Architectures - Dual-Homed Host Firewall 12.4 Architectures - Screened Host Firewall 12.5 Architectures - Screened Subnet Firewall
More informationIPV6 vs. SSL comparing Apples with Oranges
IPV6 vs. SSL comparing Apples with Oranges Reto E. Haeni r.haeni@cpi.seas.gwu.edu The George Washington University Cyberspace Policy Institute 2033 K Str. Suite 340 N Washington DC 20006 Washington DC,
More informationConfiguring IPSec VPN Tunnel between NetScreen Remote Client and RN300
Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300 This example explains how to configure pre-shared key based simple IPSec tunnel between NetScreen Remote Client and RN300 VPN Gateway.
More information7.1. Remote Access Connection
7.1. Remote Access Connection When a client uses a dial up connection, it connects to the remote access server across the telephone system. Windows client and server operating systems use the Point to
More informationVPN SECURITY. February 2008. The Government of the Hong Kong Special Administrative Region
VPN SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without the
More informationFirewalls (IPTABLES)
Firewalls (IPTABLES) Objectives Understand the technical essentials of firewalls. Realize the limitations and capabilities of firewalls. To be familiar with iptables firewall. Introduction: In the context
More informationDANE for SMTP. Viktor Dukhovni & Wes Hardaker. IETF 87, Berlin July 2013
DANE for SMTP Viktor Dukhovni & Wes Hardaker IETF 87, Berlin July 2013 1 Addresses in SMTP is security agnostic: SMTP with and without TLS runs over port 25 There is no URI scheme
More informationSIP Trunking Configuration with
SIP Trunking Configuration with Microsoft Office Communication Server 2007 R2 A Dell Technical White Paper End-to-End Solutions Team Dell Product Group - Enterprise THIS WHITE PAPER IS FOR INFORMATIONAL
More informationSecure Use of the New NHS Network (N3): Good Practice Guidelines
Programme NPFIT Document Record ID Key Sub-Prog / Project Information Governance NPFIT-FNT-TO-IG-GPG-0003.01 Prog. Director Mark Ferrar Status Approved Owner Tim Davis Version 1.0 Author Phil Benn Version
More informationOFTP 2 Secure Data Exchange Via the Internet
OFTP 2 Secure Data Exchange Via the Internet A guideline for the practical application Version 1.1 VDA DFÜ AG Dietmar Kaschmieder Page 1 of 16 History: Version Date Description Author 1.0 04-10-2007 VDA
More informationVirtual Private Networks
Virtual Private Networks ECE 4886 Internetwork Security Dr. Henry Owen Definition Virtual Private Network VPN! Virtual separation in protocol provides a virtual network using no new hardware! Private communication
More informationChapter 32 Internet Security
Chapter 32 Internet Security Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 32: Outline 32.1 NETWORK-LAYER SECURITY 32.2 TRANSPORT-LAYER SECURITY 32.3
More informationExam Questions SY0-401
Exam Questions SY0-401 CompTIA Security+ Certification http://www.2passeasy.com/dumps/sy0-401/ 1. A company has implemented PPTP as a VPN solution. Which of the following ports would need to be opened
More informationEXPLORER. TFT Filter CONFIGURATION
EXPLORER TFT Filter Configuration Page 1 of 9 EXPLORER TFT Filter CONFIGURATION Thrane & Thrane Author: HenrikMøller Rev. PA4 Page 1 6/15/2006 EXPLORER TFT Filter Configuration Page 2 of 9 1 Table of Content
More informationNetwork Security Part II: Standards
Network Security Part II: Standards Raj Jain Washington University Saint Louis, MO 63131 Jain@cse.wustl.edu These slides are available on-line at: http://www.cse.wustl.edu/~jain/cse473-05/ 18-1 Overview
More informationWhat is a SSL VPN and How Does it Work?
Acceleration of Data through SSL Virtual Private Networks Rob Jansen University of Minnesota, Morris 600 East Fourth Street Morris, MN 56267 (123) 456-7890 jans0184@morris.umn.edu ABSTRACT A Virtual Private
More informationInternet Security. Contents. ITS335: IT Security. Internet Security. Secure Email. Summary
2 : IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 2 January 2015 its335y14s2l10, Steve/Courses/2014/s2/its335/lectures/internet.tex, r3506
More informationBorderWare Firewall Server 7.1. Release Notes
BorderWare Firewall Server 7.1 Release Notes BorderWare Technologies is pleased to announce the release of version 7.1 of the BorderWare Firewall Server. This release includes following new features and
More informationAdvanced Higher Computing. Computer Networks. Homework Sheets
Advanced Higher Computing Computer Networks Homework Sheets Topic : Network Protocols and Standards. Name the organisation responsible for setting international standards and explain why network standards
More informationEmail Encryption. Administrator Guide
Email Encryption Administrator Guide Email Encryption Administrator Guide Documentation version: 1.0 Legal Notice Copyright 2015 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo,
More informationLecture 28: Internet Protocols
Lecture 28: Internet Protocols 15-110 Principles of Computing, Spring 2016 Dilsun Kaynar, Margaret Reid-Miller, Stephanie Balzer Reminder: Exam 2 Exam 2 will take place next Monday, on April 4. Further
More informationChapter 4: Security of the architecture, and lower layer security (network security) 1
Chapter 4: Security of the architecture, and lower layer security (network security) 1 Outline Security of the architecture Access control Lower layer security Data link layer VPN access Wireless access
More informationE-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)
E-Commerce Security An e-commerce security system has four fronts: LECTURE 7 (SECURITY) Web Client Security Data Transport Security Web Server Security Operating System Security A safe e-commerce system
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationCS 4803 Computer and Network Security
Network layers CS 4803 Computer and Network Security Application Transport Network Lower level Alexandra (Sasha) Boldyreva IPsec 1 2 Roughly Application layer: the communicating processes themselves and
More informationExamining Proxies to Mitigate Pervasive Surveillance
Examining Proxies to Mitigate Pervasive Surveillance Eliot Lear Barbara Fraser Abstract The notion of pervasive surveillance assumes that it is possible for an attacker to have access to all links and
More informationNetwork Security. Lecture 3
Network Security Lecture 3 Design and Analysis of Communication Networks (DACS) University of Twente The Netherlands Security protocols application transport network datalink physical Contents IPSec overview
More informationVPN over Satellite A comparison of approaches by Richard McKinney and Russell Lambert
Sales & Engineering 3500 Virginia Beach Blvd Virginia Beach, VA 23452 800.853.0434 Ground Operations 1520 S. Arlington Road Akron, OH 44306 800.268.8653 VPN over Satellite A comparison of approaches by
More information13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode
13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) PPP-based remote access using dial-in PPP encryption control protocol (ECP) PPP extensible authentication protocol (EAP) 13.2 Layer 2/3/4
More informationINTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli 4-25-2002
INTERNET SECURITY: FIREWALLS AND BEYOND Mehernosh H. Amroli 4-25-2002 Preview History of Internet Firewall Technology Internet Layer Security Transport Layer Security Application Layer Security Before
More information12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust
Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or
More informationASIA/PAC AERONAUTICAL TELECOMMUNICATION NETWORK SECURITY GUIDANCE DOCUMENT
INTERNATIONAL CIVIL AVIATION ORGANIZATION ASIA AND PACIFIC OFFICE ASIA/PAC AERONAUTICAL TELECOMMUNICATION NETWORK SECURITY GUIDANCE DOCUMENT DRAFT Second Edition June 2010 3.4H - 1 TABLE OF CONTENTS 1.
More informationSecurity Technology: Firewalls and VPNs
Security Technology: Firewalls and VPNs 1 Learning Objectives Understand firewall technology and the various approaches to firewall implementation Identify the various approaches to remote and dial-up
More informationTransport and Network Layer
Transport and Network Layer 1 Introduction Responsible for moving messages from end-to-end in a network Closely tied together TCP/IP: most commonly used protocol o Used in Internet o Compatible with a
More informationHow To Protect Your Network From Attack
Department of Computer Science Institute for System Architecture, Chair for Computer Networks Internet Services & Protocols Internet (In)Security Dr.-Ing. Stephan Groß Room: INF 3099 E-Mail: stephan.gross@tu-dresden.de
More information1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet
Review questions 1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet C Media access method D Packages 2 To which TCP/IP architecture layer
More informationSolution of Exercise Sheet 5
Foundations of Cybersecurity (Winter 15/16) Prof. Dr. Michael Backes CISPA / Saarland University saarland university computer science Protocols = {????} Client Server IP Address =???? IP Address =????
More informationFortiMail Email Filtering. Course 221 (for FortiMail v5.0) Course Overview
FortiMail Email Filtering Course 221 (for FortiMail v5.0) Course Overview FortiMail Email Filtering is a 2-day instructor-led course with comprehensive hands-on labs to provide you with the skills needed
More informationFundamentals of the Internet 2009/10. 1. Explain meaning the following networking terminologies:
Fundamentals of Internet Tutorial Questions (2009) 1. Explain meaning the following networking terminologies: Client/server networking, Coax, twisted pair, protocol, Bit, Byte, Kbps, KBps, MB, KB, MBps,
More informationHigh Performance VPN Solutions Over Satellite Networks
High Performance VPN Solutions Over Satellite Networks Enhanced Packet Handling Both Accelerates And Encrypts High-Delay Satellite Circuits Characteristics of Satellite Networks? Satellite Networks have
More informationScan Report Executive Summary. Part 2. Component Compliance Summary IP Address : 69.43.165.11
Scan Report Executive Summary Part 1. Scan Information Scan Customer Company: Date scan was completed: rsync.net ASV Company: Comodo CA Limited 06-02-2015 Scan expiration date: 08-31-2015 Part 2. Component
More informationCSCI 362 Computer and Network Security
The Purpose of ing CSCI 362 Computer and Security Introduction to ing Goals: Remote exchange and remote process control. A few desirable properties: Interoperability, Flexibility, Geographical range, Scalability,
More informationCase Study for Layer 3 Authentication and Encryption
CHAPTER 2 Case Study for Layer 3 Authentication and Encryption This chapter explains the basic tasks for configuring a multi-service, extranet Virtual Private Network (VPN) between a Cisco Secure VPN Client
More informationLESSON 3.6. 98-366 Networking Fundamentals. Understand TCP/IP
Understand TCP/IP Lesson Overview In this lesson, you will learn about: TCP/IP Tracert Telnet Netstat Reserved addresses Local loopback IP Ping Pathping Ipconfig Protocols Anticipatory Set Experiment with
More informationVPN. Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu
VPN Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu What is VPN? A VPN (virtual private network) is a private data network that uses public telecommunicating infrastructure (Internet), maintaining
More informationSecuring IP Networks with Implementation of IPv6
Securing IP Networks with Implementation of IPv6 R.M.Agarwal DDG(SA), TEC Security Threats in IP Networks Packet sniffing IP Spoofing Connection Hijacking Denial of Service (DoS) Attacks Man in the Middle
More informationDATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0
DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS
More informationQuality of Service Analysis of site to site for IPSec VPNs for realtime multimedia traffic.
Quality of Service Analysis of site to site for IPSec VPNs for realtime multimedia traffic. A Network and Data Link Layer infrastructure Design to Improve QoS in Voice and video Traffic Jesús Arturo Pérez,
More informationWhat is a Firewall? Computer Security. Firewalls. What is a Firewall? What is a Firewall?
What is a Firewall? Computer Security Firewalls fire wall 1 : a wall constructed to prevent the spread of fire 2 usually firewall : a computer or computer software that prevents unauthorized access to
More informationConfigure a Microsoft Windows Workstation Internal IP Stateful Firewall
70 Lab #5 Lab #5 Assessment Spreadsheet A Review the default settings for Windows Firewall on your student workstation and indicate your settings below: GENERAL Recommended (Firewall On/Off) Don t Allow
More informationLehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Firewall
Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application Layer Chapter 5: Security Concepts for Networks Firewalls Intrusion Detection
More informationFig. 4.2.1: Packet Filtering
4.2 Types of Firewalls /DKo98/ FIREWALL CHARACTERISTICS 1. All traffic from inside to outside, and vice versa, must pass through the firewall. This is achieved by physically blocking all access to the
More informationUsing a VPN with CentraLine AX Systems
Using a VPN with CentraLine AX Systems User Guide TABLE OF CONTENTS Introduction 2 What Is a VPN? 2 Why Use a VPN? 2 How Can I Set Up a VPN? 2 Important 2 Network Diagrams 2 Network Set-Up with a VPN 2
More informationNetwork Security - ISA 656 Application Firewalls
Network Security - ISA 656 Application Angelos Stavrou August 20, 2008 Moving Up the Stack Application Moving Up the Stack Filtering levels Advantages Disadvantages Example: Protecting Email Email Threats
More information