Computer Networks. Secure Systems

Similar documents
Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Network Access Security. Lesson 10

Chapter 7 Transport-Level Security

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Exam Questions SY0-401

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

Network Security Fundamentals

Chapter 1 Network Security

Overview SSL/TLS HTTPS SSH. TLS Protocol Architecture TLS Handshake Protocol TLS Record Protocol. SSH Protocol Architecture SSH Transport Protocol

APNIC elearning: Network Security Fundamentals. 20 March :30 pm Brisbane Time (GMT+10)

APNIC elearning: IPSec Basics. Contact: esec03_v1.0

Cornerstones of Security

Virtual Private Networks

Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

Topics in Network Security

Chapter 17. Transport-Level Security

The following chart provides the breakdown of exam as to the weight of each section of the exam.

WLAN Authentication and Data Privacy

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

Network Security Part II: Standards

CPS Computer Security Lecture 9: Introduction to Network Security. Xiaowei Yang

CS 4803 Computer and Network Security

Connecting to and Setting Up a Network

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

Chapter 32 Internet Security

Security Awareness. Wireless Network Security

IPsec VPN Security between Aruba Remote Access Points and Mobility Controllers

Príprava štúdia matematiky a informatiky na FMFI UK v anglickom jazyku

Michal Ludvig, SUSE Labs, 01/30/2004, Secure networking, 1

File Transfer Protocol (FTP) & SSH

Computer and Network Security Exercise no. 4

Chapter 4: Security of the architecture, and lower layer security (network security) 1

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

Network Security Essentials Chapter 5

Architecture. The DMZ is a portion of a network that separates a purely internal network from an external network.

Security perimeter. Internet. - Access control, monitoring and management. Differentiate between insiders and outsiders - Different types of outsiders

DMZ Network Visibility with Wireshark June 15, 2010

Administrator's Guide

Chapter 12. Security Policy Life Cycle. Network Security 8/19/2010. Network Security

ΕΠΛ 674: Εργαστήριο 5 Firewalls

Reverse Shells Enable Attackers To Operate From Your Network. Richard Hammer August 2006

Overview. Firewall Security. Perimeter Security Devices. Routers

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli

How To Understand And Understand The Security Of A Key Infrastructure

Internet Firewall CSIS Internet Firewall. Spring 2012 CSIS net13 1. Firewalls. Stateless Packet Filtering

Question How do I access the router s web-based setup page? Answer

Digi Connect WAN Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering

Developing Network Security Strategies

ETSF10 Part 3 Lect 2

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol

21.4 Network Address Translation (NAT) NAT concept

CTS2134 Introduction to Networking. Module Network Security

Outline. INF3510 Information Security. Lecture 10: Communications Security. Communication Security Analogy. Network Security Concepts

Chapter 6 CDMA/802.11i

Introduction to Computer Security

Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )

(d-5273) CCIE Security v3.0 Written Exam Topics

Remote Connectivity for mysap.com Solutions over the Internet Technical Specification

Chapter 4 Virtual Private Networking

ΕΠΛ 475: Εργαστήριο 9 Firewalls Τοίχοι πυρασφάλειας. University of Cyprus Department of Computer Science

Solution of Exercise Sheet 5

SonicWALL PCI 1.1 Implementation Guide

Secure SCADA Network Technology and Methods

Lecture 17 - Network Security

Setting up a WiFi Network (WLAN)

IP Security. IPSec, PPTP, OpenVPN. Pawel Cieplinski, AkademiaWIFI.pl. MUM Wroclaw

Symm ym e m t e r t ic i c cr c yptogr ypt aphy a Ex: RC4, AES 2

Secure Use of the New NHS Network (N3): Good Practice Guidelines

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Internet Security. Internet Security Voice over IP. Introduction. ETSF10 Internet Protocols ETSF10 Internet Protocols 2011

Communication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009

The next generation of knowledge and expertise Wireless Security Basics

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

Internet Privacy Options

Security Engineering Part III Network Security. Security Protocols (II): IPsec

Network Security. Lecture 3

Workflow Guide. Establish Site-to-Site VPN Connection using RSA Keys. For Customers with Sophos Firewall Document Date: November 2015

Bypassing PISA AGM Theme Seminar Presented by Ricky Lou Zecure Lab Limited

VPN. VPN For BIPAC 741/743GE

Lecture 10: Communications Security

Chapter 10. Network Security

Joe Davies Principal Writer Windows Server Documentation

Other VPNs TLS/SSL, PPTP, L2TP. Advanced Computer Networks SS2005 Jürgen Häuselhofer

Configuring Security Solutions

Application Note: Onsight Device VPN Configuration V1.1

Chapter 9. IP Secure

Virtual Private Network VPN IPSec Testing: Functionality Interoperability and Performance

Internet Security. Contents. ITS335: IT Security. Internet Security. Secure . Summary

Securing an IP SAN. Application Brief

Linux MDS Firewall Supplement

CCNA Security 1.1 Instructional Resource

Introduction to Security and PIX Firewall

Protocol Security Where?

How To Set Up An Ip Firewall On Linux With Iptables (For Ubuntu) And Iptable (For Windows)

Transcription:

Computer Networks Secure Systems

Summary Common Secure Protocols SSH HTTPS (SSL/TSL) IPSec Wireless Security WPA2 PSK vs EAP Firewalls Discussion

Secure Shell (SSH) A protocol to allow secure login to a remote machine Provides the following guarantees Privacy (via encryption) Authentication (Public/Private keys) Data Integrity

SSH (Cont ) SSH is a suite of protocols SSH-TRANS (transport protocol) SSH-AUTH (authentication protocol) SSH-CONN (connection protocol) Each protocol serves a specific purpose

SSH-TRANS & SSH-AUTH Use TCP to create a connection to the host and authenticate (the host) using RSA. How do you authenticate the servers public key? A symmetric session key is then established and used. The user then needs to authenticate their id with the remote host. How is this done?

SSH-CONN Extends SSH to support applications other than a remote shell. X Windows IMAP mail clients Etc How? Port Forwarding

Port Forwarding Uses SSH to form a secure tunnel between hosts. When data arrives at host B, SSH will forward the incoming data to the appropriate port. Host A Host B Application client Direct connection Application server SSH Forwarded connection SSH

HTTPS HTTPS = HTTP running on Secure Channel Originally the secure channel was SSL Developed by Netscape The new standard is TLS Developed by IETF HTTPS will run on either SSL or TLS (SSL/TLS)

Transport Layer Security (TLS) Allows for a variety of different security algorithms to be used. Both sides agree to a set of algorithms Application (e.g., HTTP) Secure transport layer TCP IP Subnet

IPSec A framework for providing security services to the network layer Optional in IPv4 but mandatory in IPv6 Idea: if you provide security in a lower layer then all layers above implicitly inherit that protection

IPSec (Cont ) 2 Types Authentication Header Authentication only Encapsulating Security Payload Authentication plus confidentiality ESP encrypts the entire IP payload. Why is this a problem? Doesnʼt play nicely with firewalls

Summary Common Secure Protocols SSH HTTPS (SSL/TSL) IPSec Wireless Security WPA2 PSK vs EAP Firewalls Discussion

WPA2 WiFi Protected Access 2 Can be broken into two logical units Authentication Encryption Why not talk about other protocols? WEP (virtually useless) WPA (nearly identical to WPA2 but not quite)

WPA2 Authentication Supports 2 Authentication Mechanisms Pre-shared Key (PSK) Extensible Authentication Protocol (EAP) PSK common in homes and home offices. requires that both the host and access point share a common key EAP Usually implemented in enterprises using a RADIUS server

WPA2 Encryption After authenticating the wireless device then establishes a session key with the access point. The session key is really a collection of keys that is used by the Temporal Key Integrity Protocol (TKIP) Each frame transmitted encrypts the data using AES and a key, which is provided by TKIP.

TKIP Ensures that each packet is sent with its own unique encryption key If an attacker knows the initial set of keys then they can decrypt the traffic It is computationally infeasible to determine the what the next key will be

Summary Common Secure Protocols SSH HTTPS (SSL/TSL) IPSec Wireless Security WPA2 PSK vs EAP Firewalls Discussion

Firewall A system which is a sole point of connectivity between a network and all other external networks and protects that network from the external networks Firewall Rest of the Internet Local site

Firewall Services The key service is access control decides which message flow into and out of the network Example: disallow any outgoing messages from a specific IP Allows admins to create zones of trust The three common zones are Internal Network Demilitarized Zone (DMZ) External Network

Zones of Trust You can define an arbitrary number of zones Each subsequent zone must be less restrictive than the previous Common Setup Internal Network -- trust everything in this zone DMZ -- allow external network access but the internal network hosts see this host as outside the firewall External Network -- donʼt trust anyone out here If you donʼt trust someone you can still communicate with them but rules will apply

Access Control Filter based on IP, TCP, UDP, and other headers. Uses the data provided and a set of rules to determine whether or not to forward the traffic Rules are configured in the firewall There can be a lot of rules to manage If a rule is missing or malformed it can create an unwanted security hole

Stateful Firewalls Many programs dynamically assign clients port numbers. Consider the following scenario Internal host initiates connection to external host using a dynamic port External host responds to the client What will the firewall do? Stateless firewall -- discard the data Stateful firewall -- allow the data through Keeps track of the state of all connections to allow for this dynamic mapping to happen

Summary Common Secure Protocols SSH HTTPS (SSL/TSL) IPSec Wireless Security WPA2 PSK vs EAP Firewalls Discussion

Discussion Questions Benefits of a firewall? Problems with firewalls? Open Q/A on any remaining security questions?

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information