TOR (The Onion Router)
|
|
- Helen Rice
- 8 years ago
- Views:
Transcription
1 TOR (The Onion Router) TOR (The Onion Router) is a free software implementation of second generation onion routing a system enabling its users to communicate anonymously on the Internet. Originally sponsored by the US Naval Research Laboratory, TOR became an Electronic Frontier Foundation (EFF) project in late The EFF supported TOR financially until November 2005, and continues to provide web hosting for the project. Like all current low latency anonymity networks, TOR is vulnerable to correlation attacks from attackers who can watch both ends of a user's connection. TOR implementations exist for Microsoft Windows, Apple Mac OS X, Linux, and other Unix variants. Description TOR is an anonymizing Internet proxy service designed to circumvent traffic analysis by proxying TCP traffic within chained, encrypted tunnels. Using this service, a client can disguise what resources (s)he is accessing on the Internet, thereby obfuscating any Internet activities, malicious or not. Analysis Many people believe there are legitimate usages for TOR, especially in cases where privacy is of concern. However, there are just as many, if not more, illegitimate uses as well. For example, attackers may use this service to hide the true source or destination of their connections, or an employee could bypass a corporate security policy in order to view prohibited web sites or use prohibited services like instant messaging without detection. What is even more concerning is the fact that various malicious codes can, once installed on an exploited host, establish hidden services on the host, such as web/file/ftp servers to allow for the creation of continuous malware distribution sites, should others be cleaned. Trigger Arbor, Peak Flow triggers an alert when the system identifies outbound TCP related traffic transmitted to known TOR servers. Affected Platforms and Versions Any Internet connected host running Windows, Linux, and/or Unix could potentially be affected. Malicious bots usually propagate automatically, scanning for unpatched vulnerabilities in popular network software and exploiting them to install malicious code on a host without the owner's knowledge. Alternatively, bots can propagate like a traditional Trojan horse or virus, tricking users into running malicious code (e.g., an e mail that contains a deceivingly named attachment).
2 Remediation N/A Workaround Blocking TOR simply by TCP port is difficult because a significant number of servers employ HTTPS (TCP port 443) for their TOR port, which is the primary port for connection forwarding. In addition, many servers employ TCP ports 9001, 9030, and Thus, blocking these ports can significantly hinder TOR operation. Blocking IP traffic to all known TOR servers is a more effective defense mechanism; however, the list of operational TOR servers changes periodically. As such, any firewall blacklist enumerating said servers will need to be updated accordingly. General References date organization title Electronic Frontier Foundation Electronic Frontier Foundation Tor: An anonymous Internet communication system Tor Abuse FAQ Anonymous outgoing connections Users of the TOR network run an onion proxy on their machine. This software connects out to TOR, periodically negotiating a virtual circuit through the TOR network. TOR employs cryptography in a layered manner (hence the onion analogy), ensuring perfect forward secrecy between routers. At the same time, the onion proxy software presents a SOCKS interface to its clients. SOCKS aware applications may be pointed at TOR, which then multiplexes the traffic through a TOR virtual circuit. Once inside the TOR network, the traffic is sent from router to router, ultimately reaching an exit node at which point the clear text packet is available and is forwarded on to its original destination. Viewed from the destination, the traffic appears to originate at the TOR exit node. TOR's application independence sets it apart from most other anonymity networks: it works at the TCP stream level. Applications commonly anonymised using TOR include: IRC, instant messaging and browsing the Web. When browsing the Web, TOR is often coupled with Privoxy a filtering proxy server that aims to add privacy at the application layer. Weaknesses DNS leaks As with many anonymous web surfing systems, direct DNS requests are usually still performed by many applications, without using the TOR proxy. Solutions such as the previously mentioned Privoxy or using the command 'torify' included with the TOR distribution are possible solutions to this problem. Additionally, applications using SOCKS5 which
3 supports name based proxy requests can route DNS requests through TOR, having lookups performed at the exit node and thus receiving the same anonymity as other TOR traffic. Traffic analysis Steven J. Murdoch and George Danezis from University of Cambridge presented an article, in the 2005 IEEE Symposium on Security and Privacy, Oakland, California, USA, May 8 11, They presented traffic analysis techniques that allow adversaries with only a partial view of the network to infer which nodes are being used to relay the anonymous streams and therefore greatly reduce the anonymity provided by TOR. They have also shown that otherwise unrelated streams can be linked back to the same initiator. Etiquette and abuse Because TOR is capable of anonymising arbitrary TCP traffic, it attracts its fair share of abuse. Routers maintain an exit policy of what traffic is and is not permitted to leave the TOR network through that node. Using a combination of addresses and ports, it is possible to combat most major abuses of the TOR network. Potential abuses include: Bandwidth hogging It is considered impolite to transfer massive amounts of data across the TOR network the onion routers are run by volunteers using their own bandwidth at their own cost. E mail Anonymous usage of SMTP (i.e., e mail) can result in spam. Consequently the default exit policy of TOR nodes rejects outgoing connections to port 25, the port used for SMTP. Anonymous hidden services Although TOR's most popular feature is its provision of anonymity to clients, it can also provide anonymity to servers. By using the TOR network, it is possible to host servers in such a way that their network location is unknown. In order to access a hidden service, TOR must also be used by the client. Hidden services are accessed through the TOR specific.onion pseudo top level domain. The TOR network understands this TLD and routes data anonymously to the hidden service. The hidden service then hands over to standard server software, which should be configured to listen only on non public interfaces. Services that are reachable through TOR hidden services and the public Internet are susceptible to correlation attacks, and consequently are not really hidden. An added advantage of TOR hidden services is that, because no public IP address is required, services may be hosted behind firewalls and NAT. As of , the 'hidden wiki', the only hidden service index site linked to from the World Wide Web appears to have gone down. As it provided an 'entry point' to the network of hidden services, and both the official TOR site and IRC channel seem reluctant to explain or indeed acknowledge the disappearance so far (or offer an alternative), this capability is rendered somewhat useless to TOR users who do not already have the address of a specific hidden service they want to visit.
4 Onion Routing University of Michigan, Department of LSAIT The following description assumes that the onion routing network runs on top of TCP [11], however it can be implemented on top of other protocols. The basic idea of onion routing can be traced back to a seminal paper on anonymous by D. Chaum [1]. In this paper a system for anonymous communication is presented. It introduces a network consisting of a large number of "MIX" nodes. MIX nodes serve the simple role of accepting s encrypted with their public keys, decrypting them, and then sending them on. Each node would also perform certain timing alteration of the s, to make it harder for a network observer to trace the path that s take. Because a node might wait an arbitrarily long time before forwarding the incoming this system is primarily meant for non real-time communications. Onion Routing [8] provides a way for two parties - a connection initiator and a connection responder - to communicate with each other anonymously. Onion Routing protects its communications against traffic analysis attacks. It makes it very hard for network observers (such as crackers, companies, and governments) to reliably learn who is talking to whom and for what purpose, by examining data packets flowing over the network. It concentrates on hiding the source and destination of a packet, rather than the content of the packet. The content of the packet could of course be encrypted using any form of crytpography prior to sending. The system consists of a number of machines, called onion routers. Routers communicate with each other over TCP. Some routers also can serve as entry funnels, they can accept connections from the clients of the network. Some routers can server as exit funnels, they can create TCP connections leaving the network to the actual Internet services that are being accessed through the Onion Routing network. Such services can be world wide web, , peer-to-peer applications, etc. When a client application wishes to establish an anonymous connection to a server (such that neither the server, nor the network is able to associate the connection with the client), it first of all connects to an application proxy. An application proxy is, for example, a SOCKS proxy [3] that accepts protocol-specific connections from applications, and converts them into a generic protocol (such as a stripped down SOCKS protocol). The packets are then forwarded to an onion proxy. The onion proxy creates a route over the onion network and then constructs a special data structure, an onion. An onion is a multiply encrypted layered structure, with information about the route through the network being spread across the layers. The onion is then passed on to an entry funnel. When an entry funnel ( or any other onion router) receives an onion, it decrypts it, which reveals a layer containing information about the next hop in the route constructed by the onion proxy. This layer is then stripped off and the onion is forwarded on to this next hop. Eventually, the onion reaches an exit funnel. The decrypted packet is identical to the packet that was produced by the application proxy at the beginning of the connection. This packet will then be sent to the destination TCP host. Onion Routing relies on using Public Key Cryptography, which allows it to encrypt layers of onions such that only intended recipients of each layer can decrypt it with their private keys. Each hop along the route then only knows about the previous hop (that it received the onion from) and the next hop (that it was instructed to forward the onion to). Plus, as the entire onion is decrypted at each router, there is no correspondence on the data layer between an onion entering a router and an onion leaving the router. This means that an outside observer who sees the onion for a specific message enter a node does not know which of the onions leaving that node corresponds to that same message. If an eavesdropper compromises a host in the network of onion routers, they will only be able to see where the onion came from on the last hop, and where it should be sent to on the next hop. The absolute source and destination of the onion are hidden.
5 When the recipient sends a response to a particular message, the exit funnel converts it to the generic protocol, encrypts it with its own private key, and sends it backwards along the route: i.e. to the hop from which it received the corresponding incoming onion. Each hop then similarly encrypts the response onion with its private key and sends it backwards. Eventually the onion is going to arrive at the onion proxy, which will decrypt it with the public keys of the routers along the chosen route to get the clear-text data. A More Formal Description We will number all the routers in the network with numbers 1..N. Onion Router s has a public key Su and a private key Sr. The public key is well-known to onion proxies. Private keys are only known to the router. There also exists an encryption function E[key](data) and a decryption function D[key](data) with the property that data encrypted with a public key Su can be decrypted with the corresponding private key Sr, and vice versa. ie, D[Su](E[ Sr](data)) = data and D[Sr](E[Su](data)) = data. This is the basic premise of public-key cryptography. [5][6] When the first packet of a connection to be anonymised arrives at an onion proxy, the proxy constructs a random sequence of routers on the network it knows about, Zn*, e.g. <4, 3, 5>. Where the first router in the sequence is an entry funnel, and the last an exit funnel. Then, to send a packet of data to the exit funnel, it constructs an onion like so: E[4u](3's IP address, E[3u]( 5' s IP address, E[5u](data))). This onion is then given to the entry funnel (4). The entry funnel is able to decrypt the onion with its private key, revealing 3' s IP address and a chunk of encrypted data. It forwards this chunk to 3, and the process repeats. So, to retrieve the next hop in the route, a router first has to decrypt the onion with its own private key. Because no-one else knows this private key it is impossible for someone who intercepts the onion to extract the IP address for the next hop. Encrypting the entire onion for each hop is a big advantage, because now the onion looks completely different at each router and it is very hard to correlate it between nodes. To even further complicate traffic analysis, all onions are usually padded with random data before being sent, so that they are always of the same size.
6 This way, it is very easy to create a virtual onion circuit, much like virtual circuits in ATM. Simply sending an onion to a node K along a chosen path creates a virtual circuit along the path. To support these virtual circuits, an additional bit of functionality on the routers is required. Each router has a number of TCP links to other routers. Several circuits can be multiplexed over one TCP link. So, for each incoming onion, the router should be able to figure out which circuit the onion belongs to and then find out what outgoing TCP link the onion should be forwarded to. Once the network supports virtual circuits, two important benefits are provided. First, once a virtual circuit is created, the onions sent across the circuit need not include routing information. More importantly, data can travel back across the circuit in a secure manner. Here's how it works. In the example above, a circuit <4, 3, 5> would be established. Whenever an onion belonging to this circuit enters 4, it will be able to correctly forward it to 3. Moreover, when a response message enters 5, 5 will be able to associate this piece of data with the circuit and will know that the data should be forwarded to 3. To ensure data security, 5 first encrypts the piece of data with its own private key and then sends it to 3. 3 then encrypts it with its private key and sends it to 4. 4 does the same and sends it to the originating onion proxy. The onion proxy can then recover this data by decrypting as D[4u](D[3u](D[5u]( encrypted onion))) which will yield the original data that entered 5. Thus the circuit is bi-directional.
7 Some Advanced Considerations The system described above is the essential idea behind Onion Routing. Proper implementation (one of which will be discussed presently), however, must include a number of subtler details that are outside the scope of this overview. There are a large number of possible ways to attack Onion Routing systems: Denial of Service (DoS) attacks, disrupting the functioning of the system; traffic analysis attacks, decreasing the anonymity provided by the system; and many possible active attacks, where an attacker modifies the behaviour of the system (either on the TCP layer, or by controlling individual routers) to gain leverage in traffic analysis. Making Onion Routing secure is a research area that is currently active, with many different developments and results happening all the time. We will just outline the most important, frequently recognised techniques for increasing the system anonymity and security. Denial Of Service (DoS) Attacks Due to the open nature of the system, it is very easy to perform DoS attacks by, for example, forcing routers to perform a large number of cryptographic operations, or depleting their bandwidth resources. The best suggested way for protecting against that is by using some form of digital currency that clients must use to "pay" for routers' services. Such currency can be, for example, cryptographic puzzles (i.e. computations that are hard to perform but easy to verify) that are presented to clients. See [7] for an example. Passive Traffic Analysis The best protection against traffic analysis lies with obscuring traffic patterns. Making sure that all onions are of the same size, that timing information on circuits is obfuscated, and possibly adding noise traffic are all valid methods of protection against traffic analysis. Pipenet provides a very good model for counteracting traffic analysis attacks, however it is an idealistic measure, not attainable in real life. Active Traffic analysis This is the hardest to deal with. Active attacks can include corrupting or delaying traffic between onions to reveal circuit information, as well as setting up a large number of attacker-controlled routers. There are few effective measures against these attacks, however they are quite hard to perform in reality. Again, Pipenet provides an idealistic solution, that is not attainable in real life. Tor, An Implementation of Onion Routing Tor [2] is currently the most advanced implementation of Onion Routing in use today. Tor is currently deployed on the Internet.* Tor design is based on the Onion Routing design described above, however it differs in some implementation details. First important difference that Tor provides is perfect forward secrecy, which is defined by [9] as: disclosure of long-term secret keying material does not compromise the secrecy of the exchanged keys from earlier runs. The simple implementation with Public Key Infrastructure (PKI) we described above is vulnerable to traffic capturing. An attacker can record data going between routers, and can then compromise the routers at a later stage (to aquire their private keys) and thus decrypt the data. However, there are certain protocols that allow two
8 parties to establish a common "session" key, that is used to encrypt data and that is only valid for the duration of communications. Recorded communications then can not be decrypted. Tor uses Diffie-Hellman key exchange [10] between the onion proxy and each router along the chosen route to set up a set of encryption keys that are used to encrypt layers of onions for the duration of a circuits lifetime. PKI is still used, though, to ensure that the other side of an exchange is indeed who it claims to be. Tor also implements something called "leaky-pipe circuit topology". In the original Onion Routing protocol, only the last router in a route can act as the exit funnel. Tor changes the concept slightly, allowing any router along the route to be an exit funnel. This means that an attacker observing the end of a circuit will have a harder time figuring out where the traffic goes. A particular problem that we have not addressed above is distributing reliable router lists. Each onion proxy needs to have a fairly reliable list of routers on the network, along with their public keys and IP addresses. Tor provides special "directory servers", which are machines that active routers register with. Onion proxies can then query directory servers and get up-to-date lists of routers on the network. Directory servers also provide communal protection against attacks that involve setting up a large number of attacker-controlled routers. Each router operator needs to be approved by the directory server operator be listed on it, The original Onion Routing design only protected the identity of an initiator of a connection. The responder was presumed to be a TCP service with a well-known IP address. Thus the responder can be easily mapped to a person. Tor provides a service called "hidden services" which allows responders to be protected by the system. Further details on implementation of this feature can be found in [4]. These are the main improvements of Tor over initial Onion Routing design. Currently Tor is a very good implementation of Onion Routing, ready to be used to protect anonymity and privacy of online communications. * At time of writing, there are 60 high speed Tor nodes online. For more information see routers/. Conclusion Here we presented a protocol called Onion Routing. The purpose of Onion Routing is to protect the anonymity of a user who wants to communicate over a network. In particular, it will hide the destinations of all communications initiated by the user. Any outside observers will not be able to tell whom the user is communicating with and for how long. To achieve this goal, Onion Routing uses Public Key Encryption to put multiple layers of encryption around the original data packet, thus creating an object called an onion. This onion will follow a specific route through the network, and at each route a layer of encryption will be peeled off. Once the onion reaches its destination it will have been reduced to the original data packet. When a router decrypts the onion using its private key it will only get the address of the next router along the path. So no router will ever know the full path that is travelled by the onion. Since no outside observer will be able to follow an onion while it is travelling through the network, the communication is completely anonymous.
9 View of the Tor (Onion Routing) World Network QuickTime and a TIFF (Uncompressed) decompressor are needed to see this picture. On the left side you ll notice several different flags with names after them. These are the servers available to router traffic through. The flag represents the country the server is located and the name is the name of the server. Under the connection section you ll notice the server names traffic is being routed through. To the right of that section is the information about each server when clicked from the server listing. Here you can see where you are being routed.
10 View of Tor Client Control Panel QuickTime and a TIFF (Uncompressed) decompressor are needed to see this picture. In the Tor Status box you ll notice that the onion is green, which indicates that it is running. When Tor is off there will be a grayed out onion with a red X over top of it and it will be yellow when starting up. Located in the Vidalia Shortcuts box is the Stop Tor button. Once press the Tor connects will disconnect and Tor is no longer running.
11 References [1] D. Chaum, "Untraceable Electronic Mail, Return Addresses, and Digitial Pseudonyms", Communications of the ACM, Vol 24, No 2 (1981) [2] Tor: "An anonymous Internet communication system" - [3] SOCKS Protocol v5: RFC [4] R. Dingledine, N. Mathewson, P. Syverson, "Tor: The Second Generation Onion Router", Manuscript [5] OpenPGP Message Format [6] Public_key_cryptography [7] Hashcash - A Denial-of-Service Counter Measure Tool [8] M. Reed, P. Syverson, D. Goldschlag, "Anonymous Connections and Onion Routing", IEEE Symposium on Security and Privacy (1997) [9] W. Diffie, P. van Oorschot, M. Wiener, "Authentication and Authenticated Key Exchanges", Designs, Codes and Cryptography 2 (1992), [10] W. Diffie and M.E. Hellman, New directions in cryptography, IEEE Transactions on Information Theory 22 (1976), [11] Transmission Control Protocol - RFC793 - September
Covert Channels. Some instances of use: Hotels that block specific ports Countries that block some access
Covert Channels Covert Channels Tunnels that are used to bypass filters and intrusion detection systems Use traffic that is thought to be something else (i.e. DNS tunnels) Can also provide encryption (i.e.
More informationTor Anonymity Network & Traffic Analysis. Presented by Peter Likarish
Tor Anonymity Network & Traffic Analysis Presented by Peter Likarish This is NOT the presenter s original work. This talk reviews: Tor: The Second Generation Onion Router Dingledine, Mathewson, Syverson
More information7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More informationSY0-201. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.
system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. From a high-level standpoint, attacks on computer systems and networks can be grouped
More informationInternet Privacy Options
2 Privacy Internet Privacy Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 19 June 2014 Common/Reports/internet-privacy-options.tex, r892 1 Privacy Acronyms
More informationSecurity vulnerabilities in the Internet and possible solutions
Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in
More informationCOSC 472 Network Security
COSC 472 Network Security Instructor: Dr. Enyue (Annie) Lu Office hours: http://faculty.salisbury.edu/~ealu/schedule.htm Office room: HS114 Email: ealu@salisbury.edu Course information: http://faculty.salisbury.edu/~ealu/cosc472/cosc472.html
More informationCMPT 471 Networking II
CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access
More informationBit Chat: A Peer-to-Peer Instant Messenger
Bit Chat: A Peer-to-Peer Instant Messenger Shreyas Zare shreyas@technitium.com https://technitium.com December 20, 2015 Abstract. Bit Chat is a peer-to-peer instant messaging concept, allowing one-to-one
More informationPlaying Server Hide and Seek. lasse.overlier@ffi.no http://www.syverson.org
Playing Server Hide and Seek Lasse Øverlier Norwegian Defence Research Establishment Paul Syverson Naval Research Laboratory lasse.overlier@ffi.no http://www.syverson.org Location Hidden Servers Alice
More informationCompter Networks Chapter 9: Network Security
Goals of this chapter Compter Networks Chapter 9: Network Security Give a brief glimpse of security in communication networks Basic goals and mechanisms Holger Karl Slide set: Günter Schäfer, TU Ilmenau
More informationSync Security and Privacy Brief
Introduction Security and privacy are two of the leading issues for users when transferring important files. Keeping data on-premises makes business and IT leaders feel more secure, but comes with technical
More informationN-CAP Users Guide Everything You Need to Know About Using the Internet! How Firewalls Work
N-CAP Users Guide Everything You Need to Know About Using the Internet! How Firewalls Work How Firewalls Work By: Jeff Tyson If you have been using the internet for any length of time, and especially if
More informationInternet Anonymity and the Design Process - A Practical Approach
anon.next: A Framework for Privacy in the Next Generation Internet Matthew Wright Department of Computer Science and Engineering, The University of Texas at Arlington, Arlington, TX, USA, mwright@uta.edu,
More informationMy FreeScan Vulnerabilities Report
Page 1 of 6 My FreeScan Vulnerabilities Report Print Help For 66.40.6.179 on Feb 07, 008 Thank you for trying FreeScan. Below you'll find the complete results of your scan, including whether or not the
More informationA Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.
A Brief Overview of VoIP Security By John McCarron Voice of Internet Protocol is the next generation telecommunications method. It allows to phone calls to be route over a data network thus saving money
More informationRunning the Tor client on Mac OS X
Running the Tor client on Mac OS X Note that these are the installation instructions for running a Tor client on Mac OS X. If you want to relay traffic for others to help the network grow (please do),
More informationNetwork Security: From Firewalls to Internet Critters Some Issues for Discussion
Network Security: From Firewalls to Internet Critters Some Issues for Discussion Slide 1 Presentation Contents!Firewalls!Viruses!Worms and Trojan Horses!Securing Information Servers Slide 2 Section 1:
More informationExamining Proxies to Mitigate Pervasive Surveillance
Examining Proxies to Mitigate Pervasive Surveillance Eliot Lear Barbara Fraser Abstract The notion of pervasive surveillance assumes that it is possible for an attacker to have access to all links and
More information1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained
home Network Vulnerabilities Detail Report Grouped by Vulnerability Report Generated by: Symantec NetRecon 3.5 Licensed to: X Serial Number: 0182037567 Machine Scanned from: ZEUS (192.168.1.100) Scan Date:
More informationPort evolution: a software to find the shady IP profiles in Netflow. Or how to reduce Netflow records efficiently.
TLP:WHITE - Port Evolution Port evolution: a software to find the shady IP profiles in Netflow. Or how to reduce Netflow records efficiently. Gerard Wagener 41, avenue de la Gare L-1611 Luxembourg Grand-Duchy
More informationArchitecture. The DMZ is a portion of a network that separates a purely internal network from an external network.
Architecture The policy discussed suggests that the network be partitioned into several parts with guards between the various parts to prevent information from leaking from one part to another. One part
More informationProxies. Chapter 4. Network & Security Gildas Avoine
Proxies Chapter 4 Network & Security Gildas Avoine SUMMARY OF CHAPTER 4 Generalities Forward Proxies Reverse Proxies Open Proxies Conclusion GENERALITIES Generalities Forward Proxies Reverse Proxies Open
More informationCS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module
CS 665: Computer System Security Network Security Bojan Cukic Lane Department of Computer Science and Electrical Engineering West Virginia University 1 Usage environment Anonymity Automation, minimal human
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationNetwork Security. Chapter 3. Cornelius Diekmann. Version: October 21, 2015. Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik
Network Security Chapter 3 Cornelius Diekmann Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik Version: October 21, 2015 IN2101, WS 15/16, Network Security 1 Security Policies and
More informationThe basic groups of components are described below. Fig X- 1 shows the relationship between components on a network.
Elements of Email Email Components There are a number of software components used to produce, send and transfer email. These components can be broken down as clients or servers, although some components
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More informationSemantic based Web Application Firewall (SWAF V 1.6) Operations and User Manual. Document Version 1.0
Semantic based Web Application Firewall (SWAF V 1.6) Operations and User Manual Document Version 1.0 Table of Contents 1 SWAF... 4 1.1 SWAF Features... 4 2 Operations and User Manual... 7 2.1 SWAF Administrator
More informationIntroduction to Computer Security Benoit Donnet Academic Year 2015-2016
Introduction to Computer Security Benoit Donnet Academic Year 2015-2016 1 Agenda Networking Chapter 1: Firewalls Chapter 2: Proxy Chapter 3: Intrusion Detection System Chapter 4: Network Attacks Chapter
More informationClient Server Registration Protocol
Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are
More informationCS5008: Internet Computing
CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is
More informationContent Teaching Academy at James Madison University
Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Part 1: Firewall as a Technique to create a virtual security wall separating your organization from the wild west of the public internet 2 1 Firewalls
More informationAchieving Truly Secure Cloud Communications. How to navigate evolving security threats
Achieving Truly Secure Cloud Communications How to navigate evolving security threats Security is quickly becoming the primary concern of many businesses, and protecting VoIP vulnerabilities is critical.
More informationDesign Principles for Low Latency Anonymous Network Systems Secure against Timing Attacks
Design Principles for Low Latency Anonymous Network Systems Secure against Timing Attacks Rungrat Wiangsripanawan, Willy Susilo and Rei Safavi-Naini Center for Information Security School of Information
More informationIMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT
IMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT Roopa K. Panduranga Rao MV Dept of CS and Engg., Dept of IS and Engg., J.N.N College of Engineering, J.N.N College of Engineering,
More informationBasic Network Configuration
Basic Network Configuration 2 Table of Contents Basic Network Configuration... 25 LAN (local area network) vs WAN (wide area network)... 25 Local Area Network... 25 Wide Area Network... 26 Accessing the
More informationNetworks. Connecting Computers. Measures for connection speed. Ethernet. Collision detection. Ethernet protocol
Connecting Computers Networks Computers use networks to communicate like people use telephones or the postal service Requires either some sort of cable point-to-point links connect exactly 2 computers
More informationA D M I N I S T R A T O R V 1. 0
A D M I N I S T R A T O R F A Q V 1. 0 2011 Fastnet SA, St-Sulpice, Switzerland. All rights reserved. Reproduction in whole or in part in any form of this manual without written permission of Fastnet SA
More informationAgenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka
Taxonomy of Botnet Threats Trend Micro Inc. Presented by Tushar Ranka Agenda Summary Background Taxonomy Attacking Behavior Command & Control Rallying Mechanisms Communication Protocols Evasion Techniques
More informationFrom Network Security To Content Filtering
Computer Fraud & Security, May 2007 page 1/10 From Network Security To Content Filtering Network security has evolved dramatically in the last few years not only for what concerns the tools at our disposals
More informationProxy Blocking: Preventing Tunnels Around Your Web Filter. Information Paper August 2009
Proxy Blocking: Preventing Tunnels Around Your Web Filter Information Paper August 2009 Table of Contents Introduction... 3 What Are Proxies?... 3 Web Proxies... 3 CGI Proxies... 4 The Lightspeed Proxy
More informationFinal exam review, Fall 2005 FSU (CIS-5357) Network Security
Final exam review, Fall 2005 FSU (CIS-5357) Network Security Instructor: Breno de Medeiros 1. What is an insertion attack against a NIDS? Answer: An insertion attack against a network intrusion detection
More informationPAVING THE PATH TO THE ELIMINATION OF THE TRADITIONAL DMZ
PAVING THE PATH TO THE ELIMINATION A RSACCESS WHITE PAPER 1 The Traditional Role of DMZ 2 The Challenges of today s DMZ deployments 2.1 Ensuring the Security of Application and Data Located in the DMZ
More informationFirewalls, Tunnels, and Network Intrusion Detection. Firewalls
Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.
More informationChapter 8 Router and Network Management
Chapter 8 Router and Network Management This chapter describes how to use the network management features of your ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. These features can be found by
More informationNetwork Defense Tools
Network Defense Tools Prepared by Vanjara Ravikant Thakkarbhai Engineering College, Godhra-Tuwa +91-94291-77234 www.cebirds.in, www.facebook.com/cebirds ravikantvanjara@gmail.com What is Firewall? A firewall
More informationI2P - The Invisible Internet Project
Felipe Astolfi fastolfi@gmail.com I2P - The Invisible Internet Project Jelger Kroese jelgerkroese@gmail.com Jeroen van Oorschot post@jeroenvanoorschot.nl ABSTRACT I2P is an open source Internet technology
More informationco Characterizing and Tracing Packet Floods Using Cisco R
co Characterizing and Tracing Packet Floods Using Cisco R Table of Contents Characterizing and Tracing Packet Floods Using Cisco Routers...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1
More informationallow all such packets? While outgoing communications request information from a
FIREWALL RULES Firewalls operate by examining a data packet and performing a comparison with some predetermined logical rules. The logic is based on a set of guidelines programmed in by a firewall administrator,
More informationChapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
More informationCSCI 4250/6250 Fall 2015 Computer and Networks Security
CSCI 4250/6250 Fall 2015 Computer and Networks Security Network Security Goodrich, Chapter 5-6 Tunnels } The contents of TCP packets are not normally encrypted, so if someone is eavesdropping on a TCP
More informationComputer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1
Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls CS426 Fall 2010/Lecture 36 1 Announcements There will be a quiz on Wed There will be a guest lecture on Friday, by Prof. Chris Clifton
More informationAbstract. Introduction. Section I. What is Denial of Service Attack?
Abstract In this report, I am describing the main types of DoS attacks and their effect on computer and network environment. This report will form the basis of my forthcoming report which will discuss
More informationSIP, Security and Session Border Controllers
SIP, Security and Session Border Controllers SIP, Security and Session Border Controllers Executive Summary Rolling out a public SIP service brings with it several security issues. Both users and Service
More informationInstalling Policy Patrol on a separate machine
Policy Patrol 3.0 technical documentation July 23, 2004 Installing Policy Patrol on a separate machine If you have Microsoft Exchange Server 2000 or 2003 it is recommended to install Policy Patrol on the
More informationTechnical Note. ISP Protection against BlackListing. FORTIMAIL Deployment for Outbound Spam Filtering. Rev 2.2
Technical Note ISP Protection against BlackListing FORTIMAIL Deployment for Outbound Spam Filtering Rev 2.2 April 14, 2009 Table of Contents 1 Objective IP address protection... 3 1.1 Context... 3 1.2
More informationCornerstones of Security
Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to
More informationTECHNICAL NOTE 01/02 PROTECTING YOUR COMPUTER NETWORK
TECHNICAL NOTE 01/02 PROTECTING YOUR COMPUTER NETWORK 2002 This paper was previously published by the National Infrastructure Security Co-ordination Centre (NISCC) a predecessor organisation to the Centre
More informationComparison of Firewall, Intrusion Prevention and Antivirus Technologies
White Paper Comparison of Firewall, Intrusion Prevention and Antivirus Technologies How each protects the network Juan Pablo Pereira Technical Marketing Manager Juniper Networks, Inc. 1194 North Mathilda
More informationWhat is a Firewall? Computer Security. Firewalls. What is a Firewall? What is a Firewall?
What is a Firewall? Computer Security Firewalls fire wall 1 : a wall constructed to prevent the spread of fire 2 usually firewall : a computer or computer software that prevents unauthorized access to
More informationLecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 22 Firewalls.
Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 22 Firewalls. 1 Information systems in corporations,government agencies,and other organizations
More informationDissertation Title: SOCKS5-based Firewall Support For UDP-based Application. Author: Fung, King Pong
Dissertation Title: SOCKS5-based Firewall Support For UDP-based Application Author: Fung, King Pong MSc in Information Technology The Hong Kong Polytechnic University June 1999 i Abstract Abstract of dissertation
More informationFirewall Introduction Several Types of Firewall. Cisco PIX Firewall
Firewall Introduction Several Types of Firewall. Cisco PIX Firewall What is a Firewall? Non-computer industries: a wall that controls the spreading of a fire. Networks: a designed device that controls
More informationCIT 480: Securing Computer Systems. Firewalls
CIT 480: Securing Computer Systems Firewalls Topics 1. What is a firewall? 2. Types of Firewalls 1. Packet filters (stateless) 2. Stateful firewalls 3. Proxy servers 4. Application layer firewalls 3. Configuring
More informationApplication Firewalls
Application Moving Up the Stack Advantages Disadvantages Example: Protecting Email Email Threats Inbound Email Different Sublayers Combining Firewall Types Firewalling Email Enforcement Application Distributed
More informationClassification of Firewalls and Proxies
Classification of Firewalls and Proxies By Dhiraj Bhagchandka Advisor: Mohamed G. Gouda (gouda@cs.utexas.edu) Department of Computer Sciences The University of Texas at Austin Computer Science Research
More informationResilient Botnet Command and Control with Tor
Resilient Botnet Command and Control with Tor Dennis Brown July 2010 10/14/10 1 Who am I? Dennis Brown Security Researcher for Tenable Network Solutions Toorcon 10, 11 Defcon 18 PaulDotCom Podcast Rhode
More informationSecurity Type of attacks Firewalls Protocols Packet filter
Overview Security Type of attacks Firewalls Protocols Packet filter Computer Net Lab/Praktikum Datenverarbeitung 2 1 Security Security means, protect information (during and after processing) against impairment
More informationSecurity in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity
Basic Security Requirements and Techniques Confidentiality The property that stored or transmitted information cannot be read or altered by an unauthorized party Integrity The property that any alteration
More informationFirewall-Friendly VoIP Secure Gateway and VoIP Security Issues
Firewall-Friendly VoIP Secure Gateway and VoIP Security Issues v Noriyuki Fukuyama v Shingo Fujimoto v Masahiko Takenaka (Manuscript received September 26, 2003) IP telephony services using VoIP (Voice
More information20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7
20-CS-6053-00X Network Security Spring, 2014 An Introduction To Network Security Week 1 January 7 Attacks Criminal: fraud, scams, destruction; IP, ID, brand theft Privacy: surveillance, databases, traffic
More informationTechnical White Paper BlackBerry Security
Technical White Paper BlackBerry Security For Microsoft Exchange Version 2.1 Research In Motion Limited 2002 Research In Motion Limited. All Rights Reserved Table of Contents 1. INTRODUCTION... 1 2. ARCHITECTURE...
More informationFirewalls and Intrusion Detection
Firewalls and Intrusion Detection What is a Firewall? A computer system between the internal network and the rest of the Internet A single computer or a set of computers that cooperate to perform the firewall
More informationWhat is Web Security? Motivation
brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web
More informationSIP Trunking Configuration with
SIP Trunking Configuration with Microsoft Office Communication Server 2007 R2 A Dell Technical White Paper End-to-End Solutions Team Dell Product Group - Enterprise THIS WHITE PAPER IS FOR INFORMATIONAL
More informationWhy VPN Alone Will not Secure your Wireless Network
Why VPN Alone Will not Secure your Wireless Network Christian H. Mosveen Department of Computer Science University of Auckland E-mail: cmos024@ec.auckland.ac.nz Abstract Any wireless device will, because
More informationA VULNERABILITY AUDIT OF THE U.S. STATE E-GOVERNMENT NETWORK SYSTEMS
A VULNERABILITY AUDIT OF THE U.S. STATE E-GOVERNMENT NETWORK SYSTEMS Dr. Jensen J. Zhao, Ball State University, jzhao@bsu.edu Dr. Allen D. Truell, Ball State University, atruell@bsu.edu Dr. Melody W. Alexander,
More informationSeminar Computer Security
Seminar Computer Security DoS/DDoS attacks and botnets Hannes Korte Overview Introduction What is a Denial of Service attack? The distributed version The attacker's motivation Basics Bots and botnets Example
More informationSPAM FILTER Service Data Sheet
Content 1 Spam detection problem 1.1 What is spam? 1.2 How is spam detected? 2 Infomail 3 EveryCloud Spam Filter features 3.1 Cloud architecture 3.2 Incoming email traffic protection 3.2.1 Mail traffic
More informationVirtual Private Networks
Virtual Private Networks Jonathan Reed jdreed@mit.edu MIT IS&T VPN Release Team Overview Basic Networking Terms General Concepts How the VPN works Why it s useful What to watch out for Q&A Networking 101
More informationDetecting peer-to-peer botnets
Detecting peer-to-peer botnets Reinier Schoof & Ralph Koning System and Network Engineering University of Amsterdam mail: reinier.schoof@os3.nl, ralph.koning@os3.nl February 4, 2007 1 Introduction Spam,
More informationBest Practices for Controlling Skype within the Enterprise. Whitepaper
Best Practices for Controlling Skype within the Enterprise Whitepaper INTRODUCTION Skype (rhymes with ripe ) is a proprietary peer-to-peer (P2P) voice over Internet protocol (VoIP) network, founded by
More informationwww.pandasecurity.com 100% Malware-Free E-mail: A Guaranteed Approach
100% Malware-Free E-mail: A Guaranteed Approach 2 100% Malware-Free E-mail: A Guaranteed Approach Panda Security's Mail Filtering Managed Service Guarantees Clean E-mail Table of Contents Table of Contents...
More informationWICKSoft Mobile Documents for the BlackBerry Security white paper mobile document access for the Enterprise
WICKSoft Mobile Documents for the BlackBerry Security white paper mobile document access for the Enterprise WICKSoft Corporation http://www.wicksoft.com Copyright WICKSoft 2007. WICKSoft Mobile Documents
More informationProxy Server, Network Address Translator, Firewall. Proxy Server
Proxy Server, Network Address Translator, Firewall 1 Proxy Server 2 1 Introduction What is a proxy server? Acts on behalf of other clients, and presents requests from other clients to a server. Acts as
More informationFirewall Cracking and Security By: Lukasz Majowicz Dr. Stefan Robila 12/15/08
Firewall Cracking and Security By: Lukasz Majowicz Dr. Stefan Robila 12/15/08 What is a firewall? Firewalls are programs that were designed to protect computers from unwanted attacks and intrusions. Wikipedia
More informationFirewall Firewall August, 2003
Firewall August, 2003 1 Firewall and Access Control This product also serves as an Internet firewall, not only does it provide a natural firewall function (Network Address Translation, NAT), but it also
More informationCS 640 Introduction to Computer Networks. Network security (continued) Key Distribution a first step. Lecture24
Introduction to Computer Networks Lecture24 Network security (continued) Key distribution Secure Shell Overview Authentication Practical issues Firewalls Denial of Service Attacks Definition Examples Key
More informationWEB SITE SECURITY. Jeff Aliber Verizon Digital Media Services
WEB SITE SECURITY Jeff Aliber Verizon Digital Media Services 1 SECURITY & THE CLOUD The Cloud (Web) o The Cloud is becoming the de-facto way for enterprises to leverage common infrastructure while innovating
More informationWhere every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
More informationINTERNET SECURITY: THE ROLE OF FIREWALL SYSTEM
INTERNET SECURITY: THE ROLE OF FIREWALL SYSTEM Okumoku-Evroro Oniovosa Lecturer, Department of Computer Science Delta State University, Abraka, Nigeria Email: victorkleo@live.com ABSTRACT Internet security
More informationFirewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall.
Firewalls 1 Firewalls Idea: separate local network from the Internet Trusted hosts and networks Firewall Intranet Router DMZ Demilitarized Zone: publicly accessible servers and networks 2 1 Castle and
More informationSoftware Engineering 4C03 SPAM
Software Engineering 4C03 SPAM Introduction As the commercialization of the Internet continues, unsolicited bulk email has reached epidemic proportions as more and more marketers turn to bulk email as
More informationNetwork Security Policy
Network Security Policy I. PURPOSE Attacks and security incidents constitute a risk to the University's academic mission. The loss or corruption of data or unauthorized disclosure of information on campus
More informationE-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications
Learning objectives E-commerce Security Threats and Protection Mechanisms. This lecture covers internet security issues and discusses their impact on an e-commerce. Nov 19, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html
More informationCyber Security In High-Performance Computing Environment Prakashan Korambath Institute for Digital Research and Education, UCLA July 17, 2014
Cyber Security In High-Performance Computing Environment Prakashan Korambath Institute for Digital Research and Education, UCLA July 17, 2014 Introduction: Cyber attack is an unauthorized access to a computer
More informationCS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013
CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access
More informationFirewalls and Software Updates
Firewalls and Software Updates License This work by Z. Cliffe Schreuders at Leeds Metropolitan University is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License. Contents General
More information