Security Protocols: SSH. Michael E. Locasto University of Calgary
|
|
- Bruce Thomas
- 8 years ago
- Views:
Transcription
1 Security Protocols: SSH Michael E. Locasto University of Calgary
2 Agenda Philosophy: data protec?on on the network Discussion of SSH SSH history Authen?ca?on Mechanisms SSH2 design overview / architecture Subtle issues 4/2/15 Michael E. Locasto, CPSC 2
3 QoD theshadow asks: Is there any prac?cal way of guaranteeing the authen?city of a fingerprint/public key on the first connec?on? 4/2/15 Michael E. Locasto, CPSC 3
4 Mo?va?ng Ques?on Where is the Right Place to Place Security in the Network? Applica?on layer: filecrypt protocol layer: PEM, S/MIME, PGP Transport layer: SSL, TLS Network layer: IPsec 4/2/15 Michael E. Locasto, CPSC 4
5 4/2/15 Michael E. Locasto, CPSC 5
6 4/2/15 Michael E. Locasto, CPSC 6
7 The Role of SSH Removes complexity from applica?ons that want to use cryptographic protec?on on the network Doesn t require changes to the OS, TCP/IP stack Provides transparent encryp?on, integrity protec?on, authen?ca?on, and authoriza?on Protects against replay a]acks 4/2/15 Michael E. Locasto, CPSC 7
8 Replaces a number of tools (r- tools, telnet) that have weak authen?ca?on models and no encryp?on SSH is a cri?cal protocol and piece of sobware that addresses a number of network security problems 4/2/15 Michael E. Locasto, CPSC 8
9 History of SSH Developed in 1995 by a researcher at the University of Helsinki aber passwords were sniffed on their network Ini?ally open source, started a company to market the product The OpenBSD project took over an early version and created OpenSSH Different protocol versions (1.3, 1.5, 2.0) 4/2/15 Michael E. Locasto, CPSC 9
10 SSH, SCP, and SFTP SSH a secure replacement for telnet/remote command prompt SFTP a protocol layered on top of SSH for file transfer (similar interface to bp, +session) SCP a syntax very close to cp(1), no session 4/2/15 Michael E. Locasto, CPSC 10
11 Tunneling Assume Alice and Bob want to communicate via an applica?on that does not have encryp?on built in (e.g., POP3) SSH port forwarding is a good op?on - realize that data only encrypted between SSH client and server - ssh L 13373: :110 pop.foo.edu - configure client to talk to : /2/15 Michael E. Locasto, CPSC 11
12 The SSH- 2 Protocol Three major sub- protocols - SSH Transport Layer Protocol - SSH Authen?ca?on Protocol - SSH Connec?on Protocol Auth & Conn at same level SSH TRANS is the fundamental building block - Confiden?al integrity- protected pipe to authen?cated peer 4/2/15 Michael E. Locasto, CPSC 12
13 4/2/15 Michael E. Locasto, CPSC 13
14 4/2/15 Michael E. Locasto, CPSC 14
15 Interes?ng Parts of SSH TRANS Session- key establishment PFS Neither side dictates what session key is Key material is hashed by SHA- 1 Cer?ficates SSH2 is ready to use PKI Currently, admins maintain db of host keys 4/2/15 Michael E. Locasto, CPSC 15
16 4/2/15 Michael E. Locasto, CPSC 16
17 SSH- 2::SSH CONN Provides a number of services layered on top of SSH TRANS port forwarding X11 forwarding Compression Mul?ple sessions over 1 connec?on 4/2/15 Michael E. Locasto, CPSC 17
18 SSH- 2::SSH Auth Use SSH AUTH over SSH TRANS to authen?cate public key password host based DSA or RSA 4/2/15 Michael E. Locasto, CPSC 18
19 Differences Between SSH- 1 and SSH- 2 Algorithm nego?a?on for all parts (SSH1 just selected data encryp?on algorithm) More key exchange methods Cer?ficates for public keys Stronger integrity checking (not CRC) Re- keying 4/2/15 Michael E. Locasto, CPSC 19
20 SSH Agent Re- authen?ca?ng mul?ple?mes is a pain (retype passphrase) (use only with public key authen?ca?on) Can have local client (SSH Agent sobware) remember your iden?ty Keeps private keys in memory 4/2/15 Michael E. Locasto, CPSC 20
21 Authen?ca?on in SSH Two major forms password- based (uses PAM on the backend) public- key based (more secure) Honorable men?on: GSSAPI (e.g., Kerberos) host- based (s?ll uses public key auth) 4/2/15 Michael E. Locasto, CPSC 21
22 Password- Based Authen?ca?on SSH client authen?cates server and agrees on a session key Then you authen?cate yourself to the host - are you a legal user of this machine? - server uses some auth mechanism to provide you a real shell Philosophical ques?on: since we re going through such trouble to use a lot of security, why retain a weak authen?ca?on mechanism? 4/2/15 Michael E. Locasto, CPSC 22
23 Public Key Authen?ca?on Password- based authen?ca?on reveals your secret. It s difficult to come up with a good password why give it away so oben? Password::account is a 1 to 1 rela?on Different keypairs provide finger- grained control and audit of user ac?vity e.g., root account access 4/2/15 Michael E. Locasto, CPSC 23
24 Public Key Auth (cont) Create public & private keypair w/ ssh- keygen Distribute your public key to the servers you are interested in logging into, place in ~/.ssh/ authorized_keys2 Put private keys??? (~/.ssh2/ directory) - carry around with you? - single client, mul?ple clients 4/2/15 Michael E. Locasto, CPSC 24
25 Logging in with Public Key Auth ssh enter passphrase $ Authen?cator is created Private key and passphrase never leave client SSH server authen?cates you, not login(1) - footnote: privilege separa?on 4/2/15 Michael E. Locasto, CPSC 25
26 C - > S : locasto S - > C : challenge C - > S : encrypt(challenge, priv_key) S checks if stored public key for locasto decrypts challenge properly S - > C : fail or pass 4/2/15 Michael E. Locasto, CPSC 26
27 SSH ATTACKS AND BUGS 4/2/15 Michael E. Locasto, CPSC 27
28 4/2/15 Michael E. Locasto, CPSC 28
29 SSH- 1 CRC A]ack Ac?ve inser?on a]ack; can insert arbitrary commands to the server June 1998 (Futoransky & Kargieman) CRC is not a cryptographically strong integrity check SSH2 includes strong integrity checks to avoid this a]ack 4/2/15 Michael E. Locasto, CPSC 29
30 Weaknesses of TCP/IP SSH is great, but built on top of TCP/IP vuln to DoS a]ack bogus control / rou?ng packets can be injected password guessing (common a]ack) does not address traffic analysis Really problems w/ anything 4/2/15 Michael E. Locasto, CPSC 30
31 Man in the Middle Because of lack of PKI, the host- key trust requirement is basis of client s trust in server The first?me you connect, vulnerable to a MITM a]ack Admins change server keys at certain intervals (machine reboot or re- install) 4/2/15 Michael E. Locasto, CPSC 31
32 Concluding Remarks Hopefully this talk and the tutorial session has convinced you to use SSH and perhaps even public- key based authen?ca?on! Understand how SSH works and what it does not address 4/2/15 Michael E. Locasto, CPSC 32
33 4/2/15 Michael E. Locasto, CPSC 33
34 RFC 4253 Ques?ons What is the standard ssh port? (4.1) What is the recommended re- keying period? (9) What three arguments does the RFC make that the addi?onal overhead is negligible? (5.3) What is the recommended minimum effec?ve key length (6.3) 4/2/15 Michael E. Locasto, CPSC 34
35 THE END 4/2/15 Michael E. Locasto, CPSC 35
The Pitfalls of Encrypted Networks in Banking Operations Compliance Success in two industry cases
The Pitfalls of Encrypted Networks in Banking Operations Compliance Success in two industry cases Elba Horta Regional Sales Manager, Southern Europe SSH Communica1ons Security elba.horta@ssh.com ENABLE,
More informationHow To Understand And Understand The Ssl Protocol (Www.Slapl) And Its Security Features (Protocol)
WEB Security: Secure Socket Layer Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - COMP581 - L22 1 Outline of this Lecture Brief Information on SSL and TLS Secure Socket Layer (SSL) Transport Layer Security
More informationTELE 301 Network Management. Lecture 16: Remote Terminal Services
TELE 301 Network Management Lecture 16: Remote Terminal Services Haibo Zhang Computer Science, University of Otago TELE301 Lecture 16: Remote Terminal Services 1 Today s Focus Remote Terminal Services
More informationThe Seven Habits of State-of-the-Art Mobile App Security
#mstrworld The Seven Habits of State-of-the-Art Mobile App Security Mobile Security 8 July 2014 Anand Dwivedi, Product Manager, MicroStrategy strworld Agenda - Seven Habits of State of the Art Mobile App
More informationChapter 17. Transport-Level Security
Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics
More informationAn Overview of the Secure Shell (SSH)
White Paper An Overview of the Secure Shell (SSH) 4848 tramway ridge dr. ne suite 101 albuquerque, nm 87111 505-332 -5700 www.vandyke.com Overview of Secure Shell... 2 Introduction to Secure Shell... 2
More informationConfiguring SSH and Telnet
This chapter describes how to configure Secure Shell Protocol (SSH) and Telnet on Cisco NX-OS devices. This chapter includes the following sections: Finding Feature Information, page 1 Information About
More informationNetwork Security. Computer Security & Forensics. Security in Compu5ng, Chapter 7. l Network Defences. l Firewalls. l Demilitarised Zones
Network Security Security in Compu5ng, Chapter 7 Topics l Network AAacks l Reconnaissance l AAacks l Spoofing l Web Site Vulnerabili5es l Denial of Service l Network Defences l Firewalls l Demilitarised
More informationSecurity. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1
Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions
More informationSecurity of information systems secure file transfer
Security of information systems secure file transfer Who? Mateusz Grotek, 186816 Paweł Tarasiuk, 186875 When? October 30, 2012 Introduction SSH Different solutions Summary Questions Table of contents Problem
More informationChapter 7 Transport-Level Security
Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell
More informationHow To Understand And Understand The Security Of A Key Infrastructure
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used
More information3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol
Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Network Layer: IPSec Transport Layer: SSL/TLS Chapter 4: Security on the Application Layer Chapter 5: Security
More informationNetwork Management Card Security Implementation
[ APPLICATION NOTE #67 ] OFFER AT A GLANCE Offers Involved Network Management Card, APC Security Wizard Applications Configuration and monitoring of network managed devices Broad Customer Problem Secure
More informationIntroduction to Computer Security
Introduction to Computer Security Network Security Pavel Laskov Wilhelm Schickard Institute for Computer Science Circuit switching vs. packet switching OSI and TCP/IP layered models TCP/IP encapsulation
More informationWhat IT Auditors Need to Know About Secure Shell. SSH Communications Security
What IT Auditors Need to Know About Secure Shell SSH Communications Security Agenda Secure Shell Basics Security Risks Compliance Requirements Methods, Tools, Resources What is Secure Shell? A cryptographic
More informationPrivileged Account Management Mar3n Cannard, Security Solu3ons Architect
Privileged Account Management Mar3n Cannard, Security Solu3ons Architect Customer Use Cases - Introduc3on A US-based Natural Gas and Electric company serving multiple states Project Requirements Only grant
More informationAMSAC Open Mee*ng, Internet2 Member Mee*ng 10/4/2011 4:30PM 306A
Client (Personal) Cer/ficates: Should We Be Thinking About Cer/ficate Use Cases or Should We Be Thinking About The Sort of Creden/al Deployment Model We Need? AMSAC Open Mee*ng, Internet2 Member Mee*ng
More informationEmail Security. Michael E. Locasto University of Calgary
Email Security Michael E. Locasto University of Calgary Agenda Read Chapter 20 and 21 - don t need to memorize PEM details background: RFCs, Chapter 22 Concept queskon: Where do we put security? SMTP Refresher
More informationExam Questions SY0-401
Exam Questions SY0-401 CompTIA Security+ Certification http://www.2passeasy.com/dumps/sy0-401/ 1. A company has implemented PPTP as a VPN solution. Which of the following ports would need to be opened
More informationSecuring Ship-to-Shore Data Flow
Securing Ship-to-Shore Data Flow Background on Common File Transfer Methods Today corporations, government entities, and other organizations rely on Electronic File Transfers as an important part of their
More informationTopics in Network Security
Topics in Network Security Jem Berkes MASc. ECE, University of Waterloo B.Sc. ECE, University of Manitoba www.berkes.ca February, 2009 Ver. 2 In this presentation Wi-Fi security (802.11) Protecting insecure
More information7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More informationIntroduction to Computer Security
Introduction to Computer Security Network Security Pavel Laskov Wilhelm Schickard Institute for Computer Science Circuit switching vs. packet switching OSI and TCP/IP layered models TCP/IP encapsulation
More informationSecurity Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)
Security Protocols Security Protocols Necessary to communicate securely across untrusted network Provide integrity, confidentiality, authenticity of communications Based on previously discussed cryptographic
More informationCSA SDP Working Group
CSA SDP Working Group An Open Source Code Project for a Software Defined Perimeter to Defend Cloud Applications from DDoS CSA Conference - Berlin November 2015 DHS Problem Addressing the Changing Perimeter
More informationSecurity in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity
Basic Security Requirements and Techniques Confidentiality The property that stored or transmitted information cannot be read or altered by an unauthorized party Integrity The property that any alteration
More informationApache web server: ConceI avanza0 (Lezione 2, Parte I) Emiliano Casalicchio (C) emiliano.casalicchio@uniroma1.it
Corso di Proge+azione di Re0 e Sistemi Informa0ci Apache web server: ConceI avanza0 (Lezione 2, Parte I) Emiliano Casalicchio emiliano.casalicchio@uniroma1.it Agenda ConceI e pra0ca sul Virtual hos0ng
More informationSBClient SSL. Ehab AbuShmais
SBClient SSL Ehab AbuShmais Agenda SSL Background U2 SSL Support SBClient SSL 2 What Is SSL SSL (Secure Sockets Layer) Provides a secured channel between two communication endpoints Addresses all three
More informationExecutive Summary and Purpose
ver,1.0 Hardening and Securing Opengear Devices Copyright Opengear Inc. 2013. All Rights Reserved. Information in this document is subject to change without notice and does not represent a commitment on
More informationThick Client Application Security
Thick Client Application Security Arindam Mandal (arindam.mandal@paladion.net) (http://www.paladion.net) January 2005 This paper discusses the critical vulnerabilities and corresponding risks in a two
More informationEmail Security. Guevara Noubir Network Security Northeastern University
Guevara Noubir Network Security Northeastern University 1 Email One of the most widely used applica>ons of the Internet but s>ll rela>vely insecure Designed without security concerns How does email work?
More informationUnderstanding Secure Shell Host Keys
Understanding Secure Shell Host Keys White Paper 4848 tramway ridge dr. ne suite 101 albuquerque, nm 87111 505-332 -5700 www.vandyke.com Understanding Host Keys Think about the last time you faxed personal
More informationClient Server Registration Protocol
Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are
More informationNetwork Security Essentials Chapter 5
Network Security Essentials Chapter 5 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 5 Transport-Level Security Use your mentality Wake up to reality From the song, "I've Got
More informationSSL Tunnels. Introduction
SSL Tunnels Introduction As you probably know, SSL protects data communications by encrypting all data exchanged between a client and a server using cryptographic algorithms. This makes it very difficult,
More informationVirtual Private Networks
Virtual Private Networks ECE 4886 Internetwork Security Dr. Henry Owen Definition Virtual Private Network VPN! Virtual separation in protocol provides a virtual network using no new hardware! Private communication
More informationSecurity Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2
BlackBerry Enterprise Service 10 BlackBerry Device Service Solution Version: 10.2 Security Technical Overview Published: 2014-09-10 SWD-20140908123239883 Contents 1 About BlackBerry Device Service solution
More informationInstall and configure SSH server
Copyright IBM Corporation 2009 All rights reserved Install and configure SSH server What this exercise is about... 1 What you should be able to do... 1 Introduction... 1 Part 1: Install and configure freesshd
More informationINTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli 4-25-2002
INTERNET SECURITY: FIREWALLS AND BEYOND Mehernosh H. Amroli 4-25-2002 Preview History of Internet Firewall Technology Internet Layer Security Transport Layer Security Application Layer Security Before
More informationTransport Level Security
Transport Level Security Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More informationSecurity Configuration Guide P/N 300-010-493 Rev A05
EMC VPLEX Security Configuration Guide P/N 300-010-493 Rev A05 June 7, 2011 This guide provides an overview of VPLEX security configuration settings, including secure deployment and usage settings needed
More informationDRAFT Standard Statement Encryption
DRAFT Standard Statement Encryption Title: Encryption Standard Document Number: SS-70-006 Effective Date: x/x/2010 Published by: Department of Information Systems 1. Purpose Sensitive information held
More informationComputer Networks. Secure Systems
Computer Networks Secure Systems Summary Common Secure Protocols SSH HTTPS (SSL/TSL) IPSec Wireless Security WPA2 PSK vs EAP Firewalls Discussion Secure Shell (SSH) A protocol to allow secure login to
More informationSecurity (II) ISO 7498-2: Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012
Course Outline: Fundamental Topics System View of Network Security Network Security Model Security Threat Model & Security Services Model Overview of Network Security Security Basis: Cryptography Secret
More informationPrivacy- Preserving P2P Data Sharing with OneSwarm. Presented by. Adnan Malik
Privacy- Preserving P2P Data Sharing with OneSwarm Presented by Adnan Malik Privacy The protec?on of informa?on from unauthorized disclosure Centraliza?on and privacy threat Websites Facebook TwiFer Peer
More informationFINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE
Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security
More informationSecure File Multi Transfer Protocol Design
Journal of Software Engineering and Applications, 2011, 4, 311-315 doi:10.4236/jsea.2011.45034 Published Online May 2011 (http://www.scirp.org/journal/jsea) 311 Murali Krishna, Pradeep Jamwal, K. S. R.
More informationNetwork Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide
Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead
More informationDesign considera-ons and Guiding Principles for Implemen-ng Cloud Security. William Stearns Security Analyst CloudPassage
Design considera-ons and Guiding Principles for Implemen-ng Cloud Security William Stearns Security Analyst CloudPassage In a nutshell How do Cloud Servers differ from Data Center Servers? How do the differences
More informationUsing etoken for SSL Web Authentication. SSL V3.0 Overview
Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents
More informationNetwork Security. Lecture 3
Network Security Lecture 3 Design and Analysis of Communication Networks (DACS) University of Twente The Netherlands Security protocols application transport network datalink physical Contents IPSec overview
More informationBasic network security threats
Basic network security threats Packet sniffing Packet forgery (spoofed from address) DNS spoofing wrong IP address for hostname Assume bad guy controls network - Can read all your packets - Can tamper
More informationSecure Shell. The Protocol
Usually referred to as ssh The name is used for both the program and the protocol ssh is an extremely versatile network program data encryption and compression terminal access to remote host file transfer
More informationSecure access to the DESY network using SSH
1 November 29, 2007 Secure access to the DESY network using SSH UCO @ DESY November 29, 2007, Hamburg 2 Contents 1 General Information 4 1.1 How to reach UCO............................... 4 2 Introduction
More informationLINUX SECURITY COOKBOOK. DanieIJ. Barren, Richard E Silverman, and Robert G. Byrnes
LINUX SECURITY COOKBOOK DanieIJ. Barren, Richard E Silverman, and Robert G. Byrnes ORELLY Beijing " Cambridge " Farnham " Koln " Paris " Sebastopol " Taipei - Tokyo Table of Contents Preface............,....................................................A
More informationMichal Ludvig, SUSE Labs, 01/30/2004, Secure networking, 1
Michal Ludvig, SUSE Labs, 01/30/2004, Secure networking, 1 Communication between User and Server: In the form of packets. Traverse several Routers. Can be intercepted by a BadBoy. Michal Ludvig, SUSE Labs,
More informationReal-Time Communication Security: SSL/TLS. Guevara Noubir noubir@ccs.neu.edu CSU610
Real-Time Communication Security: SSL/TLS Guevara Noubir noubir@ccs.neu.edu CSU610 1 Some Issues with Real-time Communication Session key establishment Perfect Forward Secrecy Diffie-Hellman based PFS
More informationAPNIC elearning: IPSec Basics. Contact: training@apnic.net. esec03_v1.0
APNIC elearning: IPSec Basics Contact: training@apnic.net esec03_v1.0 Overview Virtual Private Networks What is IPsec? Benefits of IPsec Tunnel and Transport Mode IPsec Architecture Security Associations
More informationWhat is Web Security? Motivation
brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web
More informationCloud S ecurity Security Processes & Practices Jinesh Varia
Cloud Security Processes & Practices Jinesh Varia Overview Certifications Physical Security Backups EC2 Security S3 Security SimpleDB Security SQS Security Best Practices AWS Security White Paper Available
More informationIf you prefer to use your own SSH client, configure NG Admin with the path to the executable:
How to Configure SSH Each Barracuda NG Firewall system is routinely equipped with an SSH daemon listening on TCP port 22 on all administrative IP addresses (the primary box IP address and all other IP
More informationUsing sftp in Informatica PowerCenter
Using sftp in Informatica PowerCenter Applies to: Informatica PowerCenter Summary This article briefs about how to push/pull files using SFTP program in Informatica PowerCenter. Author Bio Author(s): Sukumar
More informationCommunication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009
16 th lecture Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009 1 25 Organization Welcome to the New Year! Reminder: Structure of Communication Systems lectures
More informationEUCIP - IT Administrator. Module 5 IT Security. Version 2.0
EUCIP - IT Administrator Module 5 IT Security Version 2.0 Module 5 Goals Module 5 Module 5, IT Security, requires the candidate to be familiar with the various ways of protecting data both in a single
More informationDr. Arjan Durresi. Baton Rouge, LA 70810 Durresi@csc.LSU.Edu These slides are available at: http://www.csc.lsu.edu/~durresi/csc4601_07/
Set of Problems 2 Dr. Arjan Durresi Louisiana State University Baton Rouge, LA 70810 Durresi@csc.LSU.Edu These slides are available at: http://www.csc.lsu.edu/~durresi/csc4601_07/ Louisiana State University
More informationInvest in security to secure investments. Breaking SAP Portal. Dmitry Chastuhin Principal Researcher at ERPScan
Invest in security to secure investments Breaking SAP Portal Dmitry Chastuhin Principal Researcher at ERPScan 1 About ERPScan The only 360- degree SAP Security solu8on - ERPScan Security Monitoring Suite
More informationAllSeen Summit 2015: IoT: Taking PKI Where No PKI Has Gone Before Presented by: Scott Rea DigiCert Sr. PKI Architect ALLSEEN ALLIANCE
AllSeen Summit 2015: IoT: Taking PKI Where No PKI Has Gone Before Presented by: Scott Rea DigiCert Sr. PKI Architect Agenda Slide Title 3 Trust and PKI 9 Web Security - PKI example 26 Traditional PKI Principles
More informationCS615 - Aspects of System Administration
CS615 - Aspects of System Administration Slide 1 CS615 - Aspects of System Administration SSL, SSH Department of Computer Science Stevens Institute of Technology Jan Schaumann jschauma@stevens.edu http://www.cs.stevens.edu/~jschauma/615/
More informationChapter 8. Network Security
Chapter 8 Network Security Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Need for Security Some people who
More informationSoftware Defined Perimeter
So#ware Defined Perimeter Software Defined Perimeter A new approach to access control Junaid Islam, Co Chair Before we start, two ideas we believe strongly Complexity is the primary reason security systems
More informationProtec'ng Informa'on Assets - Week 10 - Identity Management and Access Control. MIS 5206 Protec/ng Informa/on Assets Greg Senko
Protec'ng Informa'on Assets - Week 10 - Identity Management and Access Control In the News Readings MIS5206 Week 10 Identity Management and Access Control Test Taking Tip Quiz In the News Discuss items
More informationResilience improving features of MPLS, IPv6 and DNSSEC
Resilience improving features of MPLS, IPv6 and DNSSEC So?ris Ioannidis Ins%tute of Computer Science (ICS) Founda%on for Research and Technology Hellas (FORTH) Crete, Greece MPLS, IPv6 and DNSSEC MPLS
More informationnoway.toonux.com 09 January 2014
noway.toonux.com p3.7 10 noway.toonux.com 88.190.52.71 Debian Linux 0 CRITICAL 0 HIGH 5 MEDIUM 2 LOW Running Services Service Service Name Risk General Linux Kernel Medium 22/TCP OpenSSH 5.5p1 Debian 6+squeeze4
More informationLinux VPS with cpanel. Getting Started Guide
Linux VPS with cpanel Getting Started Guide First Edition October 2010 Table of Contents Introduction...1 cpanel Documentation...1 Accessing your Server...2 cpanel Users...2 WHM Interface...3 cpanel Interface...3
More informationUsing SFTP on the z/os Platform
Using SFTP on the z/os Platform Thursday, December 10 th 2009 Steve Goetze Kirk Wolf http://dovetail.com info@dovetail.com Copyright 2009, Dovetailed Technologies Slide 1 Dovetailed Technologies Our operating
More informationCornerstones of Security
Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to
More informationREPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB
REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB Conducted: 29 th March 5 th April 2007 Prepared By: Pankaj Kohli (200607011) Chandan Kumar (200607003) Aamil Farooq (200505001) Network Audit Table of
More informationConnecting to Linux From Other Systems
September 7, 2010 ssh: The Secure SHell ssh: The Secure SHell Bert Example How It Works Public Key Encryption Server Fingerprint SSH Config Used to access a linux computer from anywhere Bert Example ssh
More informationSecuring IP Networks with Implementation of IPv6
Securing IP Networks with Implementation of IPv6 R.M.Agarwal DDG(SA), TEC Security Threats in IP Networks Packet sniffing IP Spoofing Connection Hijacking Denial of Service (DoS) Attacks Man in the Middle
More informationINF3510 Information Security University of Oslo Spring 2011. Lecture 9 Communication Security. Audun Jøsang
INF3510 Information Security University of Oslo Spring 2011 Lecture 9 Communication Security Audun Jøsang Outline Network security concepts Communication security Perimeter security Protocol architecture
More informationClearswift Information Governance
Clearswift Information Governance Implementing the CLEARSWIFT SECURE Encryption Portal on the CLEARSWIFT SECURE Email Gateway Version 1.10 02/09/13 Contents 1 Introduction... 3 2 How it Works... 4 3 Configuration
More informationAuthentication Types. Password-based Authentication. Off-Line Password Guessing
Authentication Types Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4:
More informationIs Your SSL Website and Mobile App Really Secure?
Is Your SSL Website and Mobile App Really Secure? Agenda What is SSL / TLS SSL Vulnerabilities PC/Server Mobile Advice to the Public Hong Kong Computer Emergency Response Team Coordination Centre 香 港 電
More informationF-Secure SSH. for Windows. User s Guide
F-Secure SSH for Windows User s Guide "F-Secure" and the triangle symbol are registered trademarks of F-Secure Corporation and F-Secure product names and symbols/logos are either trademarks or registered
More informationFL EDI SECURE FTP CONNECTIVITY TROUBLESHOOTING GUIDE. SSL/FTP (File Transfer Protocol over Secure Sockets Layer)
FL EDI SECURE FTP CONNECTIVITY TROUBLESHOOTING GUIDE This troubleshooting guide covers secure file transfers using the SFTP and SSL/FTP file transfer protocols for Claims, POC, and Medical EDI transmissions.
More informationCPS 590.5 Computer Security Lecture 9: Introduction to Network Security. Xiaowei Yang xwy@cs.duke.edu
CPS 590.5 Computer Security Lecture 9: Introduction to Network Security Xiaowei Yang xwy@cs.duke.edu Previous lectures Worm Fast worm design Today Network security Cryptography building blocks Existing
More informationAuthentication applications Kerberos X.509 Authentication services E mail security IP security Web security
UNIT 4 SECURITY PRACTICE Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security Slides Courtesy of William Stallings, Cryptography & Network Security,
More informationSCP - Strategic Infrastructure Security
SCP - Strategic Infrastructure Security Lesson 1 - Cryptogaphy and Data Security Cryptogaphy and Data Security History of Cryptography The number lock analogy Cryptography Terminology Caesar and Character
More informationNetwork Security Fundamentals
APNIC elearning: Network Security Fundamentals 27 November 2013 04:30 pm Brisbane Time (GMT+10) Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security IPv6
More informationIntroduction to Network Security. 1. Introduction. And People Eager to Take Advantage of the Vulnerabilities
TÜBİTAK Ulusal Elektronik ve Kriptoloji Araştırma Enstitüsü Introduction to Network Security (Revisit an Historical 12 year old Presentation) Prof. Dr. Halûk Gümüşkaya Why Security? Three primary reasons
More informationSSH, SSL, and IPsec: wtf?
SSH, SSL, and IPsec: wtf? Eric Rescorla RTFM, Inc. ekr@rtfm.com Eric Rescorla SSH, SSL, and IPsec 1 What are we trying to accomplish? Alice, Bob want to talk to each other But they re worried about attack
More information2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries
Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application
More informationWS_FTP Professional 12. Security Guide
WS_FTP Professional 12 Security Guide Contents CHAPTER 1 Secure File Transfer Selecting a Secure Transfer Method... 1 About SSL... 2 About SSH... 2 About OpenPGP... 2 Using FIPS 140-2 Validated Cryptography...
More informationSY0-201. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.
system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. From a high-level standpoint, attacks on computer systems and networks can be grouped
More informationUsing IKEv2 on Juniper Networks Junos Pulse Secure Access Appliance
Using IKEv2 on Juniper Networks Junos Pulse Secure Access Appliance Juniper Networks, Inc. 1 Table of Contents Before we begin... 3 Configuring IKEv2 on IVE... 3 IKEv2 Client Side Configuration on Windows
More informationAPNIC elearning: Network Security Fundamentals. 20 March 2013 10:30 pm Brisbane Time (GMT+10)
APNIC elearning: Network Security Fundamentals 20 March 2013 10:30 pm Brisbane Time (GMT+10) Introduction Presenter/s Nurul Islam Roman Senior Training Specialist nurul@apnic.net Specialties: Routing &
More information4.1: Securing Applications Remote Login: Secure Shell (SSH) E-Mail: PEM/PGP. Chapter 5: Security Concepts for Networks
Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application Layer Secure Applications Network Authentication Service: Kerberos 4.1:
More informationNetwork-Enabled Devices, AOS v.5.x.x. Content and Purpose of This Guide...1 User Management...2 Types of user accounts2
Contents Introduction--1 Content and Purpose of This Guide...........................1 User Management.........................................2 Types of user accounts2 Security--3 Security Features.........................................3
More informationCer$ficates- as- an- Insurance (CaaI): Incen$vizing Accountability in SSL/TLS
Cer$ficates- as- an- Insurance (CaaI): Incen$vizing Accountability in SSL/TLS Stephanos Matsumoto (CMU/ETH Zurich) Raphael M. Reischuk (ETH Zurich) Workshop on the Security of Emerging Network Technologies
More information