SSH Technology White Paper

Size: px
Start display at page:

Download "SSH Technology White Paper"

Transcription

1 SSH Technology White Paper Keywords: SSH, SFTP, RSA, DSA, DES, AES, AAA Abstract: Secure Shell (SSH) offers an approach to logging into a remote device securely and performing secure file transfer. By encryption and authentication mechanisms, it protects devices against attacks such as plain text password interception and server spoofing. This document provides the background, security mechanisms, operation procedures, and applications of SSH as well as the technical characteristics of the Comware implementation. Acronyms: Acronym Full spelling AAA AES DES DSA FTP MAC RSA SFTP SSH Stelnet Authentication, Authorization, Accounting Advanced Encryption Standard Data Encryption Standard Digital Signature Algorithm File Transfer Protocol Message Authentication Code Rivest Shamir and Adleman Secure File Transfer Protocol Secure Shell Secure Telnet Hangzhou H3C Technologies Co., Ltd. 1/16

2 Table of Contents Overview 3 Background 3 Benefits 3 Protocol Architecture 4 SSH Transport Layer Protocol 4 SSH Authentication Layer Protocol 4 SSH Connection Layer Protocol 4 Security Mechanisms 5 Ensuring the Confidentiality of Transmitted Data 5 Using Encrypted Channel to Protect Data Against Eavesdropping 5 Using Key Exchange Algorithm to Ensure Security of Keys 5 Perfect User Authentication Mechanism 6 Password Authentication 6 Public Key Authentication 8 Password-Publickey Authentication 8 Defense Against Server Spoofing 9 Operation of SSH 10 Connection Setup 10 SSH Version Negotiation 10 Algorithm Negotiation 10 Key Exchange 11 User Authentication 11 Service Request 13 Data Transmission and Connection Teardown 13 Technical Characteristics 13 Supporting Two Applications 13 SSH 14 SFTP 14 First-Time Authentication 14 Password-Publickey Authentication 14 Application Scenario 14 References 15 Hangzhou H3C Technologies Co., Ltd. 2/16

3 Overview Background Before SSH emerged, the most popular protocol used in network device management was Telnet. The Telnet protocol allows network administrators to log into remote network devices to perform configurations, implementing easy management of remote network devices. However, Telnet has three fatal weaknesses: Telnet transmits data in plain text, providing no protection for data transmitted. Telnet uses the traditional password authentication mechanism and transmits user authentication information over the network in plain text, making it easy to be eavesdropped. A Telnet client has no way to identify the identity of the Telnet server, namely the remote device. Attackers can easily initiate server spoofing attacks. SSH was introduced to solve all the previously mentioned problems. Another popular protocol, File Transfer Protocol (FTP), also faces the similar problems, and the protocol introduced to solve these problems is Secure File Transfer Protocol (SFTP), which is based on SSH. Benefits Secure Shell (SSH) offers an approach to logging into a remote device securely and performing secure file transfer. By using encryption and authentication mechanisms, it protects devices against attacks such as plain text password interception and server spoofing. SSH features the following advantages: SSH transmits data in cipher text, ensuring the confidentiality of the information exchanged. SSH transmits user authentication information in cipher text, efficiently avoiding user identity information eavesdropping. In addition to the traditional password authentication, an SSH server provides multiple user authentication methods (for example, public key authentication, which features higher security) to improve the strength of user authentication. The encryption and decryption keys for communication between SSH servers and SSH clients are dynamically generated in dynamic key exchange processes. Such keys are very hard to get cracked and have much higher security than manually configured keys. SSH clients can authenticate the identities of their servers, avoiding being spoofed by pseudo servers. Hangzhou H3C Technologies Co., Ltd. 3/16

4 Protocol Architecture Figure 1 Protocol architecture SSH client SSH server Application layer Application layer Connection layer protocol SSH protocol layer Transport layer Authentication layer protocol Transport layer protocol TCP connection or connection of another type SSH protocol layer Transport layer As shown in Figure 1, the SSH protocol uses the client/server model and consists of three layers: transport layer, authentication layer, and connection layer. SSH Transport Layer Protocol The SSH transport layer protocol is used to establish a secure, encrypted channel between the server and client, and to provide confidentiality for phases that require higher transmission security, such as the user authentication phase and data exchange phase. The SSH transport layer protocol supports these functions: Checking data reality Checking data integrity Allowing the client to authenticate the server. The SSH transport layer protocol typically runs on top of TCP/IP (the well-known port number of the server side is 22). It can also runs over any other type of reliable connection. SSH Authentication Layer Protocol The SSH authentication layer protocol runs over the SSH transport layer protocol to allow the server to authenticate clients logging in. SSH Connection Layer Protocol The SSH connection layer protocol divides an encrypted channel into multiple logical channels to run different applications. It operates on top of the authentication layer protocol to provide services such as interactive sessions and remote execution of commands. Hangzhou H3C Technologies Co., Ltd. 4/16

5 Security Mechanisms Ensuring the Confidentiality of Transmitted Data To solve the flaw of plain data transmission in Telnet and ensure the confidentiality of data transmission, SSH takes these measures: Establishing an encrypted channel between two peers to ensure that data is not eavesdropped during transmission. Using key exchange algorithms to guarantee the security of keys. Using Encrypted Channel to Protect Data Against Eavesdropping With an encrypted channel, the sender encrypts data through the encryption key before transmitting the data to the receiver, and the receiver decrypts the received data through the decryption key. There are two types of encryption/decryption algorithms: Symmetric algorithm: The encryption process and decryption process use the same key and algorithm. Asymmetric algorithm: The encryption process and decryption process use different keys, the public key and the private key respectively, where the private key is kept secret by the client. As asymmetric algorithms usually take more time, they are usually used for digital signature and identity authentication. Encryption and decryption on an SSH channel are mainly implemented by symmetric algorithms. Currently supported algorithms include Data Encryption Standard (DES), Triple Data Encryption Standard (3DES), and Advanced Encryption Standard (AES). These algorithms can effectively prevent eavesdropping and, using initialization vector (IV) for protection, prevent attacks from password analyzing tools, such as reused key attack. Using Key Exchange Algorithm to Ensure Security of Keys A symmetric algorithm requires that the decryption key be the same as the encryption key to decrypt ciphered data successfully. Therefore, to establish an encrypted channel, two peers must have the same key. Manual configuration and third-party assignment are two of the methods for deploying keys. The former has the disadvantage of low extensibility, and therefore applies to only small local networks. The latter requires an extra third-party server and keys may be eavesdropped during transmission. SSH supports using a key exchange algorithm to deploy keys. By a key exchange algorithm, two peers can dynamically generate their key, which only the two peers can obtain and no one else can eavesdrop. This ensures the security of keys and solves the deployment problem. Here is how a key exchange algorithm works: 1) The client generates a random number Xc (1<Xc<p-1) as the private key, calculates Yc=g^Xc mod p, and sends Yc to the server. Here, p is a large safe prime, and g is a generator for a subgroup of GF(p). P and G are a pair of parameters that the two peers share. The SSH protocol allows the two peers to negotiate the values of p and g. Hangzhou H3C Technologies Co., Ltd. 5/16

6 2) The server also generates a random number Xs (1<Xs<p-1), calculates Ys=g^Xs mod p, and sends Ys to the client. 3) When the server receives Yc from the client, it uses the following formula to calculate the key: K=(Yc)^Xs mod p 4) When the client receives Ys from the server, it uses the following formula to calculate the key: K=(Ys)^Xc mod p Now, the client and server have the same key. As the previous procedure shows, security of a key exchange algorithm depends on the difficulty of the discrete logarithm. In expression Y=g^x mod p, it is easy to calculate Y with x, but it is very difficult to calculate x with Y. In a key exchange algorithm, only p, g, Yc, and Ys are public, Xc and Xs are private. Even if a third-party obtains p, g, Yc, and Ys, it is very difficult to calculate Xc and Xs. In this way, security of keys is ensured. Key exchange algorithms feature the following advantages: Better extensibility and no manual configuration. Keys are saved in memory and hard to be read or tampered. Each connection generates a new key dynamically. Thus, key security is further improved. Safe Prime and generator are terms in discrete mathematics. For detailed inforamtion, refer to relevant materials. Perfect User Authentication Mechanism To prevent illegal users from logging into network devices to perform destructive configurations, SSH provides multiple user authentication methods to improve the strength of user authentication. In addition to commonly used user authentication methods including password authentication and public key authentication, the Comware V5 platform offers a new authentication method, that is, password-publickey authentication. Password Authentication SSH can employ the authentication function provided by the Authentication, Authorization, and Accounting (AAA) architecture to implement password authentication of users. Depending on the authentication policy used by AAA, password authentication can be local or remote. Hangzhou H3C Technologies Co., Ltd. 6/16

7 Local authentication Figure 2 Network diagram for local authentication With local authentication, user information is saved on the SSH server and authentication of clients is performed locally. As shown in Figure 2, an administrator wants to log in to the gateway of the community remotely to perform configuration. The gateway acts as the SSH server and authenticates the client by using the user information saved in the local user information database of AAA. Remote authentication Figure 3 Network diagram for remote authentication Community network Gateway Internet Internet SSH server RADIUS server Network management station SSH client With remote authentication, user information is saved on a remote authentication server such as a RADIUS server, and the network device cooperates with the authentication server to authenticate users. As shown in Figure 3, an administrator wants to log into the gateway of the community remotely to perform configuration. The gateway acts as the SSH server and forwards the authentication information of the client to the RADIUS server for authentication. Then, it determines whether to permit the user by the authentication result from the RADIUS server. Remote authentication features centralized configuration and management of users, which not only facilitates user management, but also improves user information security. However, this Hangzhou H3C Technologies Co., Ltd. 7/16

8 authentication mode requires that the connection between the SSH server and the authentication server is absolutely secure. Public Key Authentication As the strength of password authentication is relatively low, the SSH protocol supports public key authentication. Currently, the device supports using RSA and DSA asymmetric key algorithms to implement public key authentication. The public key authentication process goes through two steps: 1) Public key authentication: The client sends the public key of its key pair as a string to the server. The server compares the received public key of the client against that locally maintained, thereby checking the validity of the public key. 2) Digital signature authentication: If the public key authentication succeeds, the client uses the private key of its key pair to perform digest calculation of a specific packet and then sends the result, namely the digital signature, to the server to prove its identity. The server uses the locally maintained public key of the client to authenticate the signature of the client. If either of the public key authentication and digital signature authentication fails, the authentication of the user fails. Public key authentication features these advantages: High authentication strength, protecting the system against attacks such as password crack. Easier to use. Once configured, the authentication can go on automatically, without requiring users to provide passwords. However, public key authentication also has disadvantages: Compared with password authentication, public key authentication is more complex to be configured. Public authentication can only distinguish users by their private keys. To implement more granular security control, every user must have a private key and the server must be configured with the public key of every user. This is obviously neither proper nor necessary for scenarios where multiple users use the same terminal to log in. Password-Publickey Authentication The Comware V5 platform defines a new authentication method: password-publickey authentication. This method requires that users must pass both public key authentication and password authentication. The password-publickey authentication method combines the advantages of password authentication and public key authentication: It requires that users must pass both password authentication and public key authentication, and therefore can provide higher security. By binding the password with the public key, this method can prevent the security risks of a SSH client from affecting the security of the SSH server. This method allows you to configure a single key pair for a group of users, and specify different passwords and authorize different rights for the users, facilitating user management. Hangzhou H3C Technologies Co., Ltd. 8/16

9 This method not only makes use of the security of public key authentication, but also reduces the cost in saving and configuring keys. With public key authentication, you need to configure one key pair for every user to implement more granular user authentication. With passwordpublickey authentication, however, you can configure multiple users to share the same key pair. This method can corporate with the existing Comware V5 feature of AAA to use the various functions of remote servers. Defense Against Server Spoofing The user authentication mechanisms allow the server to authenticate its clients but provide no way for clients to authenticate the server, leaving attackers the chance to disguise themselves as the server. Figure 4 Server spoofing As shown in Figure 4, when a client tries to establish a connection with the server, an attacker may disguise itself as the server to interact with client to obtain the identity information of the client. Then, the attacker may use the identity information of the client to log into the real server, so as to access the resources on the server or attack the server. To prevent such attacks, SSH enables the clients to authenticate the server. In the key exchange phase, the server uses its private key to add a digital signature to some data in a fixed format and sends the signature to the client. The client uses the locally saved public key of the server to authenticate the signature, so as to authenticate the server. This mechanism for a client to authenticate the server assumes that the server side public key that the client keeps is really the server s public key. Therefore, it is critical to guarantee that the client obtains the right server side public key. Currently, Comware V5 provides two methods for obtaining the public key of a server. Manual configuration: You can manually configure the public key of a server on a client and associate the public key with the server s name. First-time authentication: During SSH protocol interactions, the sever sends its public key through a protocol packet to the client. Based on this, Comware V5 allows you to enable firsttime authentication on SSH clients. With first-time authentication, when an SSH client not configured with the server s public key accesses the server for the first time, it can get the Hangzhou H3C Technologies Co., Ltd. 9/16

10 server s public key from the protocol packet and save the key locally for future use. For details, refer to First-Time Authentication. Operation of SSH SSH packet exchange goes through these phases: Connection Setup SSH Version Negotiation Algorithm Negotiation Key Exchange User Authentication Service Request Data Transmission and Connection Teardown Connection Setup The SSH server listens to connection requests from clients on port 22. After detecting a connection request, it performs three handshake operations to establish a TCP connection. All subsequent packet exchanges will go on over this TCP connection. SSH Version Negotiation After the TCP connection is established, the server and client notify each other of the supported SSH version and compare the peer s version with its own version. The highest version that both the server and client support will be used. SSH1.99 is a specical version in that it can commumucate with both SSH2.0 and SSH1.5. If the version negotiation is successful, the server and the client proceed with algorithm negotiation; otherwise, the server breaks the TCP connection. Algorithm Negotiation Exchange of SSH protocol packets require multiple algorithms: Key exchange algorithm for generating the session key, which can be Diffie-Hellman-groupexchange-SHA1, Diffie-Hellman-group1-SHA1, or Diffie-Hellman-group14-SHA1. Encryption algorithm for data encryption, which can be 3DES-CBC, AES128-CBC, or DES- CBC. Host public key algorithm for digital signature and authentication, which can be RSA or DSA. Message Authentication Code (MAC) algorithm for protecting data integrity, which can be HMAC-MD5, MHAC-MD5-96, HMAC-SHA1 or HMAC-SHA1-96. Hangzhou H3C Technologies Co., Ltd. 10/16

11 As different clients and servers may support different algorithms, a client and its server need to negotiate the algorithms to be used. The algorithm negotiation goes through three steps: 1) The client and server send a list of the supported algorithms to each other. 2) The two peers negotiate each type of algorithm in this procedure: Get the first algorithm of the type from the client s algorithm list and match it against the server s algorithm list. If a match is found, negotiation of the algorithm type succeeds and the matching process ends. Otherwise, get the next algorithm of the type from the client s algorithm list and match it against the server s algorithm list. This process continues until a match is found or the peers find that they have no algorithm of the type in common, in which case negotiation of the algorithm type fails. 3) If the negotiation of an algorithm type succeeds, the peers continue to negotiate other types of algorithms. If the negotiation of any algorithm type fails, the algorithm negotiation between the peers are considered a failure and the server will break the connection with the client. The following table takes the encryption algorithm as an example to show the algorithm negotiation process: Encryption algorithms that the client supports 3DES, 3DES-CBC, AES128- CBC Encryption algorithms that the server supports AES128-CBC, 3DES-CBC, DES-CBC Negotiated encryption algorithm 3DES-CBC Key Exchange After the algorithm negotiation process ends successfully, the SSH server and client generate and exchange the encryption key dynamically and securely to ensure the security of the key. This can prevent the key from being intercepted by any third-party. For details about key exchange algorithm, refer to Using Key Exchange Algorithm to Ensure Security of Keys. User Authentication After the key exchange process is complete, the user authentication process begins. Hangzhou H3C Technologies Co., Ltd. 11/16

12 Figure 5 User authentication process As shown in Figure 5, the user authentication procedure is as follows: 1) The client sends to the server an authentication request packet, which specifies the authentication method of none. 2) When receiving the authentication request, the server responds with an authentication challenge packet, which carries a list of the authentication methods that it supports and the client must pass. 3) The client selects an authentication method from the list and initiates an authentication request, which carries its username, authentication method, and information relevant to the authentication method: For password authentication, the information is the client s password. For public key authentication, the information is the public key of the client s local key pair (during public key authentication) or the digital signature (during digital signature authentication). 4) When the server receives the authentication request, it authenticates the client: For password authentication, the server compares the username and password of the client with those locally maintained or sends them to the remote authentication server to authenticate the client. For public key authentication, the server checks the validity of the public key of the client. If the public key is invalid, the authentication fails; otherwise, the server checks the validity of the digital signature to authenticate the client. 5) Based on the locally maintained configurations of the client and whether the client has passed the previous authentication, the server determines whether to authenticate the client further: If the client passed the last authentication and no other type of authentication is required for the client, the server sends to the client a success notification. If the client passed the last authentication but must pass other types of authentication, the server sends to the client an authentication challenge that carries the authentication types that the client must also pass. If the client failed the last authentication but the number of authentication attempts has not reached the limit, the server resends the authentication challenge to the client. Hangzhou H3C Technologies Co., Ltd. 12/16

13 If the client failed the last authentication and the number of authentication attempts has reached the limit, the server sends to the client an authentication failure notification and tears down the connection with the client. An authentication challenge carries a list of the authentication types that the client has not passed and must pass. Upon receiving an authentication challenge, the client selects one authenticaiton type and initiates the authentication. Service Request SSH supports multiple services. After the SSH client passes all types of authentication that the server requires, it sends a service request to the server to apply for a service. The following details the service request procedure: 1) The client sends an SSH_MSG_CHANNEL_OPEN message to initiate a session with the server. 2) Upon receiving the SSH_MSG_CHANNEL_OPEN message, the server responds with an SSH_MSG_CHANNEL_OPEN_CONFIRMATION message to establish a session with the client if it supports the requested session type. 3) After the session is established, the client applies for the shell (SSH) or subsystem (SFTP) service. Data Transmission and Connection Teardown After the service request is granted and the session is established, the server and client can exchange data securely through the session as follows: 1) The client encrypts and sends the command to be executed to the server. 2) Upon receiving the packet, the server decrypts the packet, executes the command, and sends the result to the client. 3) The client displays the result on the screen. 4) After the communication is over or the client is timed out for it has been idle for too long, the session is closed and connection is torn down. Technical Characteristics Supporting Two Applications Currently, Comware V5 supports two types of SSH applications: SSH and SFTP. Hangzhou H3C Technologies Co., Ltd. 13/16

14 SSH In Comware V5, Stelnet is often referred to as SSH. Using the secure channel provided by the SSH protocol, Stelnet implements secure remote access to network devices. Stelnet is one of the basic applications of SSH. Currently, Comware V5 provides both the SSH client and SSH server features, where the SSH client is based on SSH2.0, while the SSH server supports both SSH1.5 and SSH2.0. As SSH1.5 and SSH2.0 are not compatible, a device running the Comware SSH client can communicate with only a server running SSH2.0, but a device running the Comware SSH server can communicate with clients running SSH1.5 or SSH2.0. SFTP SFTP uses the SSH connection to provide secure data transfer. It is an important, extended SSH application. Currently, Comware V5 provides both the SFTP client and SFTP server features First-Time Authentication To allow an SSH client to authenticate a server, the Comware provides two ways for the client to obtain the server s public key: manually configuring the server s public key on the client or configuring the client to obtain the server s public key when accessing the server for the first time. The latter is called the first-time authentication feature. Without first-time authentication, a client not configured with the server s public key cannot access the server because it cannot authenticate the server. To access the server, the client must be configured with the server s public key manually in advance. With first-time authentication, when an SSH client not configured with the server public key accesses the server for the first time, it can obtain the server s public key from the protocol packet and save the key locally. When accessing the server again, the client will use the locally saved server public key to authenticate the server. Password-Publickey Authentication Comware defines a new authentication method called password-publickey authentication. For details, refer to Password-Publickey Authentication. Application Scenario SSH is used on insecure networks to support applications such as secure remote access and file operations by implementing a series of encryption and authentication mechanisms. As shown in Figure 6 and Figure 7, the SSH client can access the SSH server securely through a local connection or WAN connection established with the SSH server. Hangzhou H3C Technologies Co., Ltd. 14/16

15 Figure 6 SSH channel through a local connection Figure 7 SSH channel through a WAN connection Laptop Host A Local LAN Router Server SSH client WAN Laptop Host B Remote LAN SSH server Host C Server References RFC 4251: The Secure Shell (SSH) Protocol Architecture RFC 4252: The Secure Shell (SSH) Authentication Protocol RFC 4253: The Secure Shell (SSH) Transport Layer Protocol RFC 4254: The Secure Shell (SSH) Connection Protocol Hangzhou H3C Technologies Co., Ltd. 15/16

16 Copyright 2009 Hangzhou H3C Technologies Co., Ltd. All rights reserved. No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies Co., Ltd. The information in this document is subject to change without notice. Hangzhou H3C Technologies Co., Ltd. 16/16

Portal Authentication Technology White Paper

Portal Authentication Technology White Paper Portal Authentication Technology White Paper Keywords: Portal, CAMS, security, authentication Abstract: Portal authentication is also called Web authentication. It authenticates users by username and password

More information

Chapter 17. Transport-Level Security

Chapter 17. Transport-Level Security Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics

More information

SSL VPN Technology White Paper

SSL VPN Technology White Paper SSL VPN Technology White Paper Keywords: SSL VPN, HTTPS, Web access, TCP access, IP access Abstract: SSL VPN is an emerging VPN technology based on HTTPS. This document describes its implementation and

More information

Client Server Registration Protocol

Client Server Registration Protocol Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are

More information

SSL A discussion of the Secure Socket Layer

SSL A discussion of the Secure Socket Layer www.harmonysecurity.com info@harmonysecurity.com SSL A discussion of the Secure Socket Layer By Stephen Fewer Contents 1 Introduction 2 2 Encryption Techniques 3 3 Protocol Overview 3 3.1 The SSL Record

More information

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1 Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions

More information

H3C SSL VPN RADIUS Authentication Configuration Example

H3C SSL VPN RADIUS Authentication Configuration Example H3C SSL VPN RADIUS Authentication Configuration Example Copyright 2012 Hangzhou H3C Technologies Co., Ltd. All rights reserved. No part of this manual may be reproduced or transmitted in any form or by

More information

Secure Shell SSH provides support for secure remote login, secure file transfer, and secure TCP/IP and X11 forwarding. It can automatically encrypt,

Secure Shell SSH provides support for secure remote login, secure file transfer, and secure TCP/IP and X11 forwarding. It can automatically encrypt, Secure Shell SSH provides support for secure remote login, secure file transfer, and secure TCP/IP and X11 forwarding. It can automatically encrypt, authenticate, and compress transmitted data. The main

More information

Accellion Secure File Transfer Cryptographic Module Security Policy Document Version 1.0. Accellion, Inc.

Accellion Secure File Transfer Cryptographic Module Security Policy Document Version 1.0. Accellion, Inc. Accellion Secure File Transfer Cryptographic Module Security Policy Document Version 1.0 Accellion, Inc. December 24, 2009 Copyright Accellion, Inc. 2009. May be reproduced only in its original entirety

More information

Network Security Essentials Chapter 5

Network Security Essentials Chapter 5 Network Security Essentials Chapter 5 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 5 Transport-Level Security Use your mentality Wake up to reality From the song, "I've Got

More information

DDoS Protection Technology White Paper

DDoS Protection Technology White Paper DDoS Protection Technology White Paper Keywords: DDoS attack, DDoS protection, traffic learning, threshold adjustment, detection and protection Abstract: This white paper describes the classification of

More information

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead

More information

CS 348: Computer Networks. - Security; 30 th - 31 st Oct 2012. Instructor: Sridhar Iyer IIT Bombay

CS 348: Computer Networks. - Security; 30 th - 31 st Oct 2012. Instructor: Sridhar Iyer IIT Bombay CS 348: Computer Networks - Security; 30 th - 31 st Oct 2012 Instructor: Sridhar Iyer IIT Bombay Network security Security Plan (RFC 2196) Identify assets Determine threats Perform risk analysis Implement

More information

CRYPTOGRAPHY IN NETWORK SECURITY

CRYPTOGRAPHY IN NETWORK SECURITY ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can

More information

Chapter 7 Transport-Level Security

Chapter 7 Transport-Level Security Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell

More information

SSH Secure Shell. What is SSH?

SSH Secure Shell. What is SSH? Security, like correctness, is not an add-on feature. -- Andrew S. Tanenbaum SSH Secure Shell - - Binary Packet Protocol - key exchange - server authentication - - SSH Connection Protocol What is SSH?

More information

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security? 7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk

More information

Transport Layer Security Protocols

Transport Layer Security Protocols SSL/TLS 1 Transport Layer Security Protocols Secure Socket Layer (SSL) Originally designed to by Netscape to secure HTTP Version 2 is being replaced by version 3 Subsequently became Internet Standard known

More information

IPsec Details 1 / 43. IPsec Details

IPsec Details 1 / 43. IPsec Details Header (AH) AH Layout Other AH Fields Mutable Parts of the IP Header What is an SPI? What s an SA? Encapsulating Security Payload (ESP) ESP Layout Padding Using ESP IPsec and Firewalls IPsec and the DNS

More information

Securing Ship-to-Shore Data Flow

Securing Ship-to-Shore Data Flow Securing Ship-to-Shore Data Flow Background on Common File Transfer Methods Today corporations, government entities, and other organizations rely on Electronic File Transfers as an important part of their

More information

Secure Sockets Layer

Secure Sockets Layer SSL/TLS provides endpoint authentication and communications privacy over the Internet using cryptography. For web browsing, email, faxing, other data transmission. In typical use, only the server is authenticated

More information

Overview SSL/TLS HTTPS SSH. TLS Protocol Architecture TLS Handshake Protocol TLS Record Protocol. SSH Protocol Architecture SSH Transport Protocol

Overview SSL/TLS HTTPS SSH. TLS Protocol Architecture TLS Handshake Protocol TLS Record Protocol. SSH Protocol Architecture SSH Transport Protocol SSL/TLS TLS Protocol Architecture TLS Handshake Protocol TLS Record Protocol HTTPS SSH SSH Protocol Architecture SSH Transport Protocol Overview SSH User Authentication Protocol SSH Connection Protocol

More information

Secure Data Transfer

Secure Data Transfer Secure Data Transfer INSTRUCTIONS 3 Options to SECURELY TRANSMIT DATA 1. FTP 2. WinZip 3. Password Protection Version 2.0 Page 1 Table of Contents Acronyms & Abbreviations...1 Option 1: File Transfer Protocol

More information

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash

More information

Bandwidth Management Technology White Paper

Bandwidth Management Technology White Paper Bandwidth Management Technology White Paper Keyword: Bandwidth management, segment-based bandwidth management, user-based bandwidth management, service-based bandwidth management, connection-based bandwidth

More information

Transport Level Security

Transport Level Security Transport Level Security Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/

More information

DRAFT Standard Statement Encryption

DRAFT Standard Statement Encryption DRAFT Standard Statement Encryption Title: Encryption Standard Document Number: SS-70-006 Effective Date: x/x/2010 Published by: Department of Information Systems 1. Purpose Sensitive information held

More information

Cornerstones of Security

Cornerstones of Security Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to

More information

FL EDI SECURE FTP CONNECTIVITY TROUBLESHOOTING GUIDE. SFTP (Secure File Transfer Protocol)

FL EDI SECURE FTP CONNECTIVITY TROUBLESHOOTING GUIDE. SFTP (Secure File Transfer Protocol) FL EDI SECURE FTP CONNECTIVITY TROUBLESHOOTING GUIDE This troubleshooting guide covers secure file transfers using the SFTP file transfer protocols for Claims, POC, and Medical EDI transmissions. SFTP

More information

Overview. SSL Cryptography Overview CHAPTER 1

Overview. SSL Cryptography Overview CHAPTER 1 CHAPTER 1 Secure Sockets Layer (SSL) is an application-layer protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through

More information

White Paper. Wireless LAN Security. Copyright Madge Limited. All rights reserved.

White Paper. Wireless LAN Security. Copyright Madge Limited. All rights reserved. White Paper Wireless LAN Security Copyright 2002-2003 Madge Limited. All rights reserved. 1 Introduction As wireless LANs become widely deployed, and the business benefits become clear, concern has grown

More information

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23 Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest

More information

Embedded TCP/IP-Security

Embedded TCP/IP-Security Embedded TCP/IP-Security Agenda What is security? A look into a security data sheet Symmetric vs. asymmetric cryptography TCP/IP security SSL/TLS CB ussl SSH CB ussh Demo Summary Page 2 What is security?

More information

Secure Network Communications FIPS 140 2 Non Proprietary Security Policy

Secure Network Communications FIPS 140 2 Non Proprietary Security Policy Secure Network Communications FIPS 140 2 Non Proprietary Security Policy 21 June 2010 Table of Contents Introduction Module Specification Ports and Interfaces Approved Algorithms Test Environment Roles

More information

Secure Shell (SSH) Protocol

Secure Shell (SSH) Protocol Vanguard Applications Ware IP and LAN Feature Protocols Secure Shell (SSH) Protocol Notice 2008 Vanguard Networks 25 Forbes Blvd. Foxboro, MA 02035 (508) 964-6200 All rights reserved Printed in U.S.A.

More information

IPS Attack Protection Configuration Example

IPS Attack Protection Configuration Example IPS Attack Protection Configuration Example Keywords: IPS Abstract: This document presents a configuration example for the attack protection feature of the IPS devices. Acronyms: Acronym Full spelling

More information

Release: 1. ICANWK502A Implement secure encryption technologies

Release: 1. ICANWK502A Implement secure encryption technologies Release: 1 ICANWK502A Implement secure encryption technologies ICANWK502A Implement secure encryption technologies Modification History Release Release 1 Comments This Unit first released with ICA11 Information

More information

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY) E-Commerce Security An e-commerce security system has four fronts: LECTURE 7 (SECURITY) Web Client Security Data Transport Security Web Server Security Operating System Security A safe e-commerce system

More information

VPN. Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu

VPN. Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu VPN Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu What is VPN? A VPN (virtual private network) is a private data network that uses public telecommunicating infrastructure (Internet), maintaining

More information

Overview. SSL Cryptography Overview CHAPTER 1

Overview. SSL Cryptography Overview CHAPTER 1 CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure

More information

Configuring CSS Remote Access Methods

Configuring CSS Remote Access Methods CHAPTER 11 Configuring CSS Remote Access Methods This chapter describes how to configure the Secure Shell Daemon (SSH), Remote Authentication Dial-In User Service (RADIUS), and the Terminal Access Controller

More information

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Using etoken for SSL Web Authentication. SSL V3.0 Overview Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents

More information

Table of Contents. 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2

Table of Contents. 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2 Table of Contents 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2 2 Features and Benefits 2-1 Key Features 2-1 Support for the Browser/Server Resource Access Model 2-1 Support for Client/Server

More information

Secure Socket Layer (SSL) and Transport Layer Security (TLS)

Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Socket Layer (SSL) and Transport Layer Security (TLS) Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available

More information

IP Security. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49

IP Security. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49 IP Security Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49 1 Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security

More information

HTTPS, SFTP, FTPS. Group 5 Mok Chun Yiu Yuen Ka King Lui Siu Kwan

HTTPS, SFTP, FTPS. Group 5 Mok Chun Yiu Yuen Ka King Lui Siu Kwan HTTPS, SFTP, FTPS Group 5 Mok Chun Yiu 1155030166 Yuen Ka King 1155018969 Lui Siu Kwan 1155028809 Agenda HTTPS FTPS SFTP Demo of attack HTTPS What is HTTP? HTTP is called Hypertext Transfer Protocol. The

More information

Lab 2.5.2a Configure SSH

Lab 2.5.2a Configure SSH Lab 2.5.2a Configure SSH Objective Scenario Topology In this lab, the students will complete the following tasks: Configuring a router as a Secure Shell (SSH) server Version 1. Install and configure a

More information

TELE 301 Network Management. Lecture 16: Remote Terminal Services

TELE 301 Network Management. Lecture 16: Remote Terminal Services TELE 301 Network Management Lecture 16: Remote Terminal Services Haibo Zhang Computer Science, University of Otago TELE301 Lecture 16: Remote Terminal Services 1 Today s Focus Remote Terminal Services

More information

Remote Logging. Tanveer Brohi(14cs28)

Remote Logging. Tanveer Brohi(14cs28) Remote Logging Tanveer Brohi(14cs28) 1 Contents Introduction TELNET SSH Advantages and Disadvantages Conclusion References 2 Introduction What is remote logging? Remote logging is the capability to access

More information

Virtual Private Networks

Virtual Private Networks Outline Virtual Private Networks Cmput 410 Presentations November 25-2004 Introduction Types of VPNs Tunneling Security Encryption Future of VPNs VPN - Definition Introduction a way to provide remote access

More information

CSCE 465 Computer & Network Security

CSCE 465 Computer & Network Security CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Public Key Cryptogrophy 1 Roadmap Introduction RSA Diffie-Hellman Key Exchange Public key and

More information

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

Module 8. Network Security. Version 2 CSE IIT, Kharagpur Module 8 Network Security Lesson 2 Secured Communication Specific Instructional Objectives On completion of this lesson, the student will be able to: State various services needed for secured communication

More information

File transfer clients manual File Delivery Services

File transfer clients manual File Delivery Services File transfer clients manual File Delivery Services Publisher Post CH Ltd Information Technology Webergutstrasse 12 CH-3030 Berne (Zollikofen) Contact Post CH Ltd Information Technology Webergutstrasse

More information

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Overview of CSS SSL. SSL Cryptography Overview CHAPTER CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers

More information

Introduction to Network Security. 1. Introduction. And People Eager to Take Advantage of the Vulnerabilities

Introduction to Network Security. 1. Introduction. And People Eager to Take Advantage of the Vulnerabilities TÜBİTAK Ulusal Elektronik ve Kriptoloji Araştırma Enstitüsü Introduction to Network Security (Revisit an Historical 12 year old Presentation) Prof. Dr. Halûk Gümüşkaya Why Security? Three primary reasons

More information

Introduction to Security and PIX Firewall

Introduction to Security and PIX Firewall Introduction to Security and PIX Firewall Agenda Dag 28 Föreläsning LAB PIX Firewall VPN A Virtual Private Network (VPN) is a service offering secure, reliable connectivity over a shared, public network

More information

Lab 8.3.1.2 Configure Basic AP Security through IOS CLI

Lab 8.3.1.2 Configure Basic AP Security through IOS CLI Lab 8.3.1.2 Configure Basic AP Security through IOS CLI Estimated Time: 30 minutes Number of Team Members: Students will work in teams of two. Objective In this lab, the student will learn the following

More information

Written by Edmond Ng on behalf of D-Link for a Thai magazine (before translation) Page 1 of 4

Written by Edmond Ng on behalf of D-Link for a Thai magazine (before translation) Page 1 of 4 Increasing Network Security Introduction Network and data security has been a growing concern in many organizations. With the emergence of wireless networking, security preemptives have been primarily

More information

Lukasz Pater CMMS Administrator and Developer

Lukasz Pater CMMS Administrator and Developer Lukasz Pater CMMS Administrator and Developer EDMS 1373428 Agenda Introduction Why do we need asymmetric ciphers? One-way functions RSA Cipher Message Integrity Examples Secure Socket Layer Single Sign

More information

Chapter 10. Network Security

Chapter 10. Network Security Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce

More information

Topics in Network Security

Topics in Network Security Topics in Network Security Jem Berkes MASc. ECE, University of Waterloo B.Sc. ECE, University of Manitoba www.berkes.ca February, 2009 Ver. 2 In this presentation Wi-Fi security (802.11) Protecting insecure

More information

Three attacks in SSL protocol and their solutions

Three attacks in SSL protocol and their solutions Three attacks in SSL protocol and their solutions Hong lei Zhang Department of Computer Science The University of Auckland zhon003@ec.auckland.ac.nz Abstract Secure Socket Layer (SSL) and Transport Layer

More information

WHITEPAPER SECURITY CONCEPT FOR SICK REMOTE SERVICE. Lifetime Services, SICK AG in Waldkirch / Germany. Introduction... 2. Protocols Used...

WHITEPAPER SECURITY CONCEPT FOR SICK REMOTE SERVICE. Lifetime Services, SICK AG in Waldkirch / Germany. Introduction... 2. Protocols Used... WHITEPAPER SECURITY CONCEPT FOR SICK REMOTE SERVICE L i f e T i m e S er v i c es, 2 0 1 3-0 3 EDITOR: TA B L E O F C O N T E N T S Lifetime Services, SICK AG in Waldkirch / Germany Introduction.......................................

More information

Securing an IP SAN. Application Brief

Securing an IP SAN. Application Brief Securing an IP SAN Application Brief All trademark names are the property of their respective companies. This publication contains opinions of StoneFly, Inc., which are subject to change from time to time.

More information

Wireless Encryption Protection

Wireless Encryption Protection Wireless Encryption Protection We re going to jump around a little here and go to something that I really find interesting, how do you secure yourself when you connect to a router. Now first and foremost

More information

IPS Anti-Virus Configuration Example

IPS Anti-Virus Configuration Example IPS Anti-Virus Configuration Example Keywords: IPS, AV Abstract: This document presents a configuration example for the AV feature of the IPS devices. Acronyms: Acronym Full spelling IPS AV Intrusion Prevention

More information

Security vulnerabilities in the Internet and possible solutions

Security vulnerabilities in the Internet and possible solutions Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in

More information

Lecture 10: Virtual LANs (VLAN) and Virtual Private Networks (VPN)

Lecture 10: Virtual LANs (VLAN) and Virtual Private Networks (VPN) Lecture 10: Virtual LANs (VLAN) and Virtual Private Networks (VPN) Prof. Shervin Shirmohammadi SITE, University of Ottawa Prof. Shervin Shirmohammadi CEG 4185 10-1 Virtual LANs Description: Group of devices

More information

Web Security Considerations

Web Security Considerations CEN 448 Security and Internet Protocols Chapter 17 Web Security Dr. Mostafa Hassan Dahshan Computer Engineering Department College of Computer and Information Sciences King Saud University mdahshan@ccis.ksu.edu.sa

More information

VPN Lesson 2: VPN Implementation. Summary

VPN Lesson 2: VPN Implementation. Summary VPN Lesson 2: VPN Implementation Summary 1 Notations VPN client (ok) Firewall Router VPN firewall VPN router VPN server VPN concentrator 2 Basic Questions 1. VPN implementation options for remote users

More information

Key Hopping A Security Enhancement Scheme for IEEE 802.11 WEP Standards

Key Hopping A Security Enhancement Scheme for IEEE 802.11 WEP Standards White Paper Key Hopping A Security Enhancement Scheme for IEEE 802.11 WEP Standards By Dr. Wen-Ping Ying, Director of Software Development, February 2002 Introduction Wireless LAN networking allows the

More information

FL EDI SECURE FTP CONNECTIVITY TROUBLESHOOTING GUIDE. SSL/FTP (File Transfer Protocol over Secure Sockets Layer)

FL EDI SECURE FTP CONNECTIVITY TROUBLESHOOTING GUIDE. SSL/FTP (File Transfer Protocol over Secure Sockets Layer) FL EDI SECURE FTP CONNECTIVITY TROUBLESHOOTING GUIDE This troubleshooting guide covers secure file transfers using the SFTP and SSL/FTP file transfer protocols for Claims, POC, and Medical EDI transmissions.

More information

Chapter 10. Cloud Security Mechanisms

Chapter 10. Cloud Security Mechanisms Chapter 10. Cloud Security Mechanisms 10.1 Encryption 10.2 Hashing 10.3 Digital Signature 10.4 Public Key Infrastructure (PKI) 10.5 Identity and Access Management (IAM) 10.6 Single Sign-On (SSO) 10.7 Cloud-Based

More information

Security & Privacy on the WWW. Topic Outline. Information Security. Briefing for CS4173

Security & Privacy on the WWW. Topic Outline. Information Security. Briefing for CS4173 Security & Privacy on the WWW Briefing for CS4173 Topic Outline 1. Information Security Relationship to safety Definition of important terms Where breaches can occur Web techniques Components of security

More information

Security Policy. Trapeze Networks

Security Policy. Trapeze Networks MX-200R-GS/MX-216R-GS Mobility Exchange WLAN Controllers Security Policy Trapeze Networks August 14, 2009 Copyright Trapeze Networks 2007. May be reproduced only in its original entirety [without revision].

More information

SBClient SSL. Ehab AbuShmais

SBClient SSL. Ehab AbuShmais SBClient SSL Ehab AbuShmais Agenda SSL Background U2 SSL Support SBClient SSL 2 What Is SSL SSL (Secure Sockets Layer) Provides a secured channel between two communication endpoints Addresses all three

More information

Secure Socket Layer. Introduction Overview of SSL What SSL is Useful For

Secure Socket Layer. Introduction Overview of SSL What SSL is Useful For Secure Socket Layer Secure Socket Layer Introduction Overview of SSL What SSL is Useful For Introduction Secure Socket Layer (SSL) Industry-standard method for protecting web communications. - Data encryption

More information

Directory and File Transfer Services. Chapter 7

Directory and File Transfer Services. Chapter 7 Directory and File Transfer Services Chapter 7 Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP over traditional authentication systems Identify major

More information

If you prefer to use your own SSH client, configure NG Admin with the path to the executable:

If you prefer to use your own SSH client, configure NG Admin with the path to the executable: How to Configure SSH Each Barracuda NG Firewall system is routinely equipped with an SSH daemon listening on TCP port 22 on all administrative IP addresses (the primary box IP address and all other IP

More information

File Transfer Protocol (FTP) & SSH

File Transfer Protocol (FTP) & SSH http://xkcd.com/949/ File Transfer Protocol (FTP) & SSH Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Some materials copyright 1996-2012 Addison-Wesley J.F Kurose and K.W.

More information

Key Management (Distribution and Certification) (1)

Key Management (Distribution and Certification) (1) Key Management (Distribution and Certification) (1) Remaining problem of the public key approach: How to ensure that the public key received is really the one of the sender? Illustration of the problem

More information

TCP/IP and Encryption. CIT304 University of Sunderland Harry R. Erwin, PhD

TCP/IP and Encryption. CIT304 University of Sunderland Harry R. Erwin, PhD TCP/IP and Encryption CIT304 University of Sunderland Harry R. Erwin, PhD Resources Garfinkel and Spafford, 1996, Practical UNIX and Internet Security, O Reilly, ISBN: 1-56592-148-8 B. Schneier, 2000,

More information

Secure File Multi Transfer Protocol Design

Secure File Multi Transfer Protocol Design Journal of Software Engineering and Applications, 2011, 4, 311-315 doi:10.4236/jsea.2011.45034 Published Online May 2011 (http://www.scirp.org/journal/jsea) 311 Murali Krishna, Pradeep Jamwal, K. S. R.

More information

Secure File Transfer Appliance Security Policy Document Version 1.9. Accellion, Inc.

Secure File Transfer Appliance Security Policy Document Version 1.9. Accellion, Inc. Secure File Transfer Appliance Security Policy Document Version 1.9 Accellion, Inc. November 11, 2010 Copyright Accellion, Inc. 2010. May be reproduced only in its original entirety [without revision].

More information

Pulse Secure, LLC. January 9, 2015

Pulse Secure, LLC. January 9, 2015 Pulse Secure Network Connect Cryptographic Module Version 2.0 Non-Proprietary Security Policy Document Version 1.1 Pulse Secure, LLC. January 9, 2015 2015 by Pulse Secure, LLC. All rights reserved. May

More information

Strong Encryption for Public Key Management through SSL

Strong Encryption for Public Key Management through SSL Strong Encryption for Public Key Management through SSL CH.SUSHMA, D.NAVANEETHA 1,2 Assistant Professor, Information Technology, Bhoj Reddy Engineering College For Women, Hyderabad, India Abstract: Public-key

More information

Network Security. Lecture 3

Network Security. Lecture 3 Network Security Lecture 3 Design and Analysis of Communication Networks (DACS) University of Twente The Netherlands Security protocols application transport network datalink physical Contents IPSec overview

More information

Cleaning Encrypted Traffic

Cleaning Encrypted Traffic Optenet Documentation Cleaning Encrypted Traffic Troubleshooting Guide iii Version History Doc Version Product Date Summary of Changes V6 OST-6.4.300 01/02/2015 English editing Optenet Documentation

More information

Wireless Networks. Welcome to Wireless

Wireless Networks. Welcome to Wireless Wireless Networks 11/1/2010 Wireless Networks 1 Welcome to Wireless Radio waves No need to be physically plugged into the network Remote access Coverage Personal Area Network (PAN) Local Area Network (LAN)

More information

Linux Network Security

Linux Network Security Linux Network Security Course ID SEC220 Course Description This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Host Security course. Protocols

More information

Network Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion

Network Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion Network Security Tampere Seminar 23rd October 2008 1 Copyright 2008 Hirschmann 2008 Hirschmann Automation and and Control GmbH. Contents Overview Switch Security Firewalls Conclusion 2 Copyright 2008 Hirschmann

More information

Chapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Chapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Chapter 8 Security IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross, All

More information

Software Tool for Implementing RSA Algorithm

Software Tool for Implementing RSA Algorithm Software Tool for Implementing RSA Algorithm Adriana Borodzhieva, Plamen Manoilov Rousse University Angel Kanchev, Rousse, Bulgaria Abstract: RSA is one of the most-common used algorithms for public-key

More information

VPN. VPN For BIPAC 741/743GE

VPN. VPN For BIPAC 741/743GE VPN For BIPAC 741/743GE August, 2003 1 The router supports VPN to establish secure, end-to-end private network connections over a public networking infrastructure. There are two types of VPN connections,

More information

PrivyLink Internet Application Security Environment *

PrivyLink Internet Application Security Environment * WHITE PAPER PrivyLink Internet Application Security Environment * The End-to-end Security Solution for Internet Applications September 2003 The potential business advantages of the Internet are immense.

More information

Authentication Types. Password-based Authentication. Off-Line Password Guessing

Authentication Types. Password-based Authentication. Off-Line Password Guessing Authentication Types Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4:

More information

Exam Questions SY0-401

Exam Questions SY0-401 Exam Questions SY0-401 CompTIA Security+ Certification http://www.2passeasy.com/dumps/sy0-401/ 1. A company has implemented PPTP as a VPN solution. Which of the following ports would need to be opened

More information

athenahealth Interface Connectivity SSH Implementation Guide

athenahealth Interface Connectivity SSH Implementation Guide athenahealth Interface Connectivity SSH Implementation Guide 1. OVERVIEW... 2 2. INTERFACE LOGICAL SCHEMATIC... 3 3. INTERFACE PHYSICAL SCHEMATIC... 4 4. SECURE SHELL... 5 5. NETWORK CONFIGURATION... 6

More information

Remote Accounting Solutions, Inc.

Remote Accounting Solutions, Inc. Remote Accounting Solutions, Inc. Remote Accounting Solutions uses a technique to perform efficient file transfers and directory synchronization within the context of the Remote Accounting Solutions (RAS)

More information

Security in Distributed Systems. Network Security

Security in Distributed Systems. Network Security Security in Distributed Systems Introduction Cryptography Authentication Key exchange Computer Science Lecture 18, page 1 Network Security Intruder may eavesdrop remove, modify, and/or insert messages

More information