Internet Privacy Options

Similar documents
Secure Client Applications

Application Note. Onsight TeamLink And Firewall Detect v6.3

Internet Security. Internet Security Voice over IP. Introduction. ETSF10 Internet Protocols ETSF10 Internet Protocols 2011

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

Chapter 5. Data Communication And Internet Technology

Application Note. Firewall Requirements for the Onsight Mobile Collaboration System and Hosted Librestream SIP Service v5.0

Security. TestOut Modules

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Application Note. Onsight Connect Network Requirements V6.1

VPN VPN requirements Encryption VPN-Types Protocols VPN and Firewalls

Transport and Network Layer

Cornerstones of Security

Overview. Protocols. VPN and Firewalls

VPN. Date: 4/15/2004 By: Heena Patel

Application Note. Onsight Connect Network Requirements v6.3

Sophos UTM. Remote Access via PPTP. Configuring UTM and Client

Digi Connect WAN Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering

Corporate VPN Using Mikrotik Cloud Feature. By SOUMIL GUPTA BHAYA Mikortik Certified Trainer

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )

Intranet Security Solution

Chapter 4 Firewall Protection and Content Filtering

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Bypassing PISA AGM Theme Seminar Presented by Ricky Lou Zecure Lab Limited

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Hiding Tracks on the Net

Virtual Private Networks

Chapter 4: Networking and the Internet

VPN s and Mobile Apps for Security Camera Systems: EyeSpyF-Xpert

Bit Chat: A Peer-to-Peer Instant Messenger

How To Understand And Understand The Security Of A Key Infrastructure

Internet Protocol: IP packet headers. vendredi 18 octobre 13

NEFSIS DEDICATED SERVER

Connecting to and Setting Up a Network

Chapter 12 Supporting Network Address Translation (NAT)

Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300

Lab Exercise SSL/TLS. Objective. Step 1: Open a Trace. Step 2: Inspect the Trace

Computer Networks. Secure Systems

Other VPNs TLS/SSL, PPTP, L2TP. Advanced Computer Networks SS2005 Jürgen Häuselhofer

Virtual Private Networks

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

Decryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright Palo Alto Networks

This chapter describes how to set up and manage VPN service in Mac OS X Server.

Application Delivery Networking

Advanced Higher Computing. Computer Networks. Homework Sheets

UIP1868P User Interface Guide

Network Configuration Settings

DMZ Network Visibility with Wireshark June 15, 2010

High Performance VPN Solutions Over Satellite Networks

Covert Channels. Some instances of use: Hotels that block specific ports Countries that block some access

Network Security. Lecture 3

7.1. Remote Access Connection

Why SSL is better than IPsec for Fully Transparent Mobile Network Access

White Paper How to Remotely Access Ethernet I/O Over the Internet

Synology QuickConnect

Firewalls. ITS335: IT Security. Sirindhorn International Institute of Technology Thammasat University ITS335. Firewalls. Characteristics.

Firewalls. Contents. ITS335: IT Security. Firewall Characteristics. Types of Firewalls. Firewall Locations. Summary

Network Security Fundamentals

Sophos UTM. Remote Access via SSL. Configuring UTM and Client

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

Network Security Topologies. Chapter 11

APNIC elearning: Network Security Fundamentals. 20 March :30 pm Brisbane Time (GMT+10)

APNIC elearning: IPSec Basics. Contact: esec03_v1.0

Network: several computers who can communicate. bus. Main example: Ethernet (1980 today: coaxial cable, twisted pair, 10Mb 1000Gb).

Secure Use of the New NHS Network (N3): Good Practice Guidelines

GPRS / 3G Services: VPN solutions supported

LifeSize Transit Deployment Guide June 2011

Best practices on cellular M2M deployment. Paul Bunnell November 2014

SSL EXPLAINED SSL EXPLAINED

Sophos UTM. Remote Access via IPsec. Configuring UTM and Client

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Configuring Global Protect SSL VPN with a user-defined port

COMPUTER NETWORK TECHNOLOGY (300)

SSL Guide. (Secure Socket Layer)

Chapter 4 Firewall Protection and Content Filtering

Internet Ideal: Simple Network Model

Topics in Network Security

Chapter 4: Security of the architecture, and lower layer security (network security) 1

SSL Web Proxy. Generally to access an internal web server which is behind a NAT router, you have the following two methods:

IP Security. IPSec, PPTP, OpenVPN. Pawel Cieplinski, AkademiaWIFI.pl. MUM Wroclaw

Secure Network Design: Designing a DMZ & VPN

Packet Capture. Document Scope. SonicOS Enhanced Packet Capture

Chapter 4 Security and Firewall Protection

Technical papers Virtual private networks

CS5008: Internet Computing

TCP/IP Basis. OSI Model

Cisco Virtual Office Express

Secured Voice over VPN Tunnel and QoS. Feature Paper

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

The Internet, Intranets, and Extranets. What is the Internet. What is the Internet cont d.

How To Configure Apple ipad for Cyberoam L2TP

Chapter 8 Router and Network Management

How Your Computer Accesses the Internet through your Wi-Fi for Boats Router

Electronic Service Agent TM. Network and Transmission Security And Information Privacy

GregSowell.com. Mikrotik Security

DrayTek Vigor High Performance Firewall Router. - VPN - Up to 200 concurrent tunnels. - Load Balancing & Failover between WAN ports

Network setup and troubleshooting

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Network Security. Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT)

Transcription:

2 Privacy Internet Privacy Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 19 June 2014 Common/Reports/internet-privacy-options.tex, r892 1 Privacy Acronyms and Abbreviations IP Internet Protocol ISP Internet Service Provider HTTP HyperText Transfer Protocol HTTPS HTTP over SSL SSL Secure Sockets Layer (same as TLS) TCP Transmission Control Protocol TLS Transport Layer Security (same as SSL) Tor The Onion Router VPN Virtual Private Network

4 Privacy Contents What is the Internet? Security in the Internet Internet Privacy 3 Privacy What is the Internet? Network Collection of computer networks connected together using routers, where hosts and routers communicate using the Internet Protocol Access networks: connect to core networks; home, company LAN, mobile networks Core networks: connect to access networks and other core networks; run by ISPs, telecom companies Applications Web browsing, email, instant messaging, voice and video calls, collaboration, audio/video streaming, games,...

6 Privacy What does the Internet look like? allows your computer to communicate with another computer (a web server) 5 Privacy What does the Internet look like? Home computer connects via WiFi or LAN to ADSL router ADSL router connects via telephone cable to your ISPs router Your ISP connects to other ISPs and so on

8 Privacy How are computers identified in the Internet? IP addresses: 32 bits, often in dotted decimal notation 106.187.46.22, 61.91.8.94, 203.131.209.82 Each host (computer, server) has a globally unique IP address What about NAT and private addresses, e.g. 192.168.1.1? Routers also have IP addresses Humans use domain names, e.g. www.example.com DNS maps domain name to IP address sandilands.info 106.187.46.22 ict.siit.tu.ac.th 203.131.209.82 7 Privacy How does IP work? 1. Your computer creates an IP packet Source address: your computer; destination address: server 2. Sends IP packet to your local (default) router 3. Router forwards IP packet to next router, and so on 4. IP packet eventually arrives at destination Routing: finds the path of routers between source and destination, creates routing tables

10 Privacy How does web browsing work? 9 Privacy How does web browsing work?

12 Privacy How does web browsing work? 11 Privacy Contents What is the Internet? Security in the Internet Internet Privacy

14 Privacy Security in the Internet Internet security includes: Confidentiality: keeping data secret (encryption) User Authentication: ensuring the other entity is who they say they are (passwords, keys) Data Integrity: ensuring fake/modified data is not accepted (encryption, signatures) Privacy: keeping actions secret (?)... Terminology can be confusing: Confidentiality = secrecy = data privacy Our focus: privacy of actions and confidentiality of data 13 Privacy Confidentiality and Privacy Why keep data confidential? Competitors cannot steal your ideas and trade secrets Criminals cannot steal your money Employer/government/parents cannot see the information you are exchanging with others... Why keep actions private? Employer cannot determine you are looking for new job Whistle-blower cannot be identified People do not know your medical conditions Governments cannot determine if you are plotting against them...

16 Privacy Some Common Requirements Security I don t want anyone but the server to read my data I don t want others to know I am communicating with the server During the communication After the communication has taken place I don t want the server to be able to identify me I want to bypass blocks at a firewall Convenience I want it free I want it easy to setup/use I want it to perform well 15 Privacy Contents What is the Internet? Security in the Internet Internet Privacy

18 Privacy Assumptions Encryption algorithms are strong Path between you and a server is unpredictable, may change Computers (and users) uniquely identified by IP address Firewall blocks based on destination IP address 17 Privacy Notation and Terminology U You, your computer S (Web) Server (also Srv) P Proxy server V VPN server (also VPN) E Tor Exit Relay Tx Tor Relay FW Firewall Src Source IP address Dst Destination IP address

20 Privacy Basic Browsing with HTTP (Firewall Enabled) 19 Privacy Basic Browsing with HTTP (No Firewall)

22 Privacy Confidentiality of Data when Browsing HTTPS: normal HTTP but using a secure transport (SSL/TLS) Encrypts data between browser and web server (both directions) Relies on certificates for distributing public key of web server Self-signed certificates or invalid certificates should not be trusted 21 Privacy Basic Browsing with HTTPS (Firewall Enabled)

24 Privacy Basic Browsing with HTTPS (No Firewall) 23 Privacy Web Proxy Website that sends HTTP request to web server on your behalf; HTTP response forwarded back to you Proxy web site provides form to enter URL of web server you want to visit Common usage models: free, ad-supported, pay per month

26 Privacy HTTP Exchange via Web Proxy 25 Privacy Proxy and HTTP

28 Privacy Proxy and HTTPS 27 Privacy Virtual Private Networks Tunnelling: packets at one layer are encapsulated into packets at the same or higher layer Encryption: tunnelling protocols usually also encrypt the inner packet Different VPN technologies: Application layer: SSH (*) Transport layer: TLS (OpenVPN) Network layer: IPsec Data link layer: PPTP, L2TP Create a virtual interface on your computer (Inner) IP packets sent to virtual interface enter the tunnel Tunnel encapsulates, encrypts the data and creates new (outer) IP packet Outer IP packets sent via real interface

30 Privacy VPN and HTTP 29 Privacy VPN and HTTPS

32 Privacy Tor: The Onion Router Design for anonymous communications in public Internet Computers in Internet act as TOR relays Your computer selects set of relays to send via to reach TOR exit node SSL encryption used between each TOR node Keys exchanged so TOR node can decrypt receive packet and knows next TOR node to send to A TOR node only knows the previous TOR node and next TOR node in path Doesn t know original source or final destination TOR exit node sends received packets across normal Internet 31 Privacy Tor and HTTP

Privacy Tor and HTTPS 33 Comparison of Privacy Techniques

36 Comparison of Tunnelling Protocols Privacy Contents What is the Internet? Security in the Internet Internet Privacy

38 Privacy Network Address Translation (NAT) We assumed: computers uniquely identified by IP address Many access networks use NAT: Computers assigned private IP address Access network assigned single public (globally unique) IP address NAT keeps maps private IP to unique public IP and port pairs Server privacy: NAT may help (server identifies your network, but not your specific computer) Network privacy: NAT operator often the entity trying to hide from Easy for NAT operator to identify you from your private IP 37 Privacy Firewalls and Deep Packet Inspection (DPI) We assumed: firewall blocks based on IP address only If your computer sends to an unblocked destination, can bypass firewall Firewalls may block based on other info: ports, protocols, application data If firewall read the HTTP GET Request or HTML in the HTTP Response, then it may block content even if IP is accepted Inspect the details of each packet can be very slow

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information