The Aerospace Clinic 2002 Team Members Nick Hertl (Project Manager) Will Berriel Richard Fujiyama Chip Bradford Faculty Advisor Professor Michael Erlinger.

Slides:

Advertisements

Similar presentations

Internet Peer-to-Peer Application Infrastructure Darren New Invisible Worlds, Inc.

Advertisements

FIREWALLS Chapter 11.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

Winter CMPE 155 Week 7. Winter Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.

Network Security. Reasons to attack Steal information Modify information Deny service (DoS)

Firewalls : usage Data encryption Access control : usage restriction on some protocols/ports/services Authentication : only authorized users and hosts.

Module 5: Configuring Access for Remote Clients and Networks.

SCSC 455 Computer Security Virtual Private Network (VPN)

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Security Firewall Firewall design principle. Firewall Characteristics.

The Aerospace Clinic 2002 Team Members Nick Hertl (Project Manager) Will Berriel Richard Fujiyama Chip Bradford Faculty Advisor Professor Michael Erlinger.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

1 Java Networking – Part I CS , Spring 2008/9.

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

Firewalls CS591 Topics in Internet Security November Steve Miskovitz, Steve Peckham, Kan Hayashi.

What Is TCP/IP? The large collection of networking protocols and services called TCP/IP denotes far more than the combination of the two key protocols.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.

Quick Tour of the Web Technologies: The BIG picture LECTURE A bird’s eye view of the different web technologies that we shall explore and study.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 9 Network Policy and Access Services in Windows Server 2008.

A Brief Taxonomy of Firewalls

Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Intranet, Extranet, Firewall. Intranet and Extranet.

Chapter 6: Packet Filtering

Presented by Xiaoyu Qin Virtualized Access Control & Firewall Virtualization.

Networks – Network Architecture Network architecture is specification of design principles (including data formats and procedures) for creating a network.

Windows 7 Firewall.

Component 9 – Networking and Health Information Exchange Unit 1-1 ISO Open Systems Interconnection (OSI) This material was developed by Duke University,

Module 9: Configuring IPsec. Module Overview Overview of IPsec Configuring Connection Security Rules Configuring IPsec NAP Enforcement.

Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

Network Firewall Technologies By: David W Chadwick Implementing a Distributed Firewall By: Sotiris Ioannidis Angelos D. Keromytis Steve M. Bellovin Jonathan.

Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.

The Aerospace Clinic 2002 Team Members Nick Hertl (Project Manager) Will Berriel Richard Fujiyama Chip Bradford Faculty Advisor Professor Michael Erlinger.

Establishing communication with Envirobat using TCP/IP Presented by Apourva Parthasarathy Date : 18/06/13.

Module 5: Configuring Access for Remote Clients and Networks.

Internet Protocol B Bhupendra Ratha, Lecturer School of Library and Information Science Devi Ahilya University, Indore

Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

WebServices, GridServices and Firewalls Matthew J. Dovey Technical Manager Oxford e-Science Centre

Packet Filtering COMP 423. Packets packets datagram To understand how firewalls work, you must first understand packets. Packets are discrete blocks of.

ECEN “Internet Protocols and Modeling”, Spring 2012 Course Materials: Papers, Reference Texts: Bertsekas/Gallager, Stuber, Stallings, etc Class.

1 Transport Protocols Relates to Lab 5. An overview of the transport protocols of the TCP/IP protocol suite. Also, a short discussion of UDP.

SOCKS By BITSnBYTES (Bhargavi, Maya, Priya, Rajini and Shruti)

Data Security in Local Network Using Distributed Firewall Presented By- Rahul N.Bais Guide Prof. Vinod Nayyar H.O.D Prof.Anup Gade.

Securing Access to Data Using IPsec Josh Jones Cosc352.

VIRTUAL SERVERS Chapter 7. 2 OVERVIEW Exchange Server 2003 virtual servers Virtual servers in a clustering environment Creating additional virtual servers.

UDP: User Datagram Protocol. What Can IP Do? Deliver datagrams to hosts – The IP address in a datagram header identify a host – treats a computer as an.

25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.

Transport Protocols Relates to Lab 5. An overview of the transport protocols of the TCP/IP protocol suite. Also, a short discussion of UDP.

Building Distributed Educational Applications using P2P

Securing the Network Perimeter with ISA 2004

Cryptography and Network Security Chapter 16

Protocols and networks in the TCP/IP model initially.

Transport Protocols Relates to Lab 5. An overview of the transport protocols of the TCP/IP protocol suite. Also, a short discussion of UDP.

Packet Switching To improve the efficiency of transferring information over a shared communication line, messages are divided into fixed-sized, numbered.

Transport Protocols Relates to Lab 5. An overview of the transport protocols of the TCP/IP protocol suite. Also, a short discussion of UDP.

I. Basic Network Concepts

Transport Protocols Relates to Lab 5. An overview of the transport protocols of the TCP/IP protocol suite. Also, a short discussion of UDP.

Firewalls Purpose of a Firewall Characteristic of a firewall

Firewalls Routers, Switches, Hubs VPNs

Transport Protocols An overview of the transport protocols of the TCP/IP protocol suite. Also, a short discussion of UDP.

دیواره ی آتش.

Lecture 2: Overview of TCP/IP protocol

Computer Networks Protocols

Transport Protocols Relates to Lab 5. An overview of the transport protocols of the TCP/IP protocol suite. Also, a short discussion of UDP.

Presentation transcript:

The Aerospace Clinic 2002 Team Members Nick Hertl (Project Manager) Will Berriel Richard Fujiyama Chip Bradford Faculty Advisor Professor Michael Erlinger Aerospace Liaisons Joseph Betser, PhD Rayford Sims

Overview Background Information Tunnel Technical Approach –Completed work –Tunnel Demo –Future work Questions

Background TCP/IP Network Security Firewalls BEEP IDXP

TCP/IP Main protocols used over the Internet Provides reliable, full-duplex, peer-to- peer communication Most current application protocols use this directly: HTTP (web), SMTP ( ), etc. Multiple connections to the same machine are handled using ports

Today’s Internet

Network Security Only authorized users should be able to access private networks Some data and services should only be available internally Firewalls are used in most corporations to restrict access to network resources

Firewalls Set of rules to restrict network traffic Can filter by any combination of: –Source IP –Destination IP –Port –Protocol Rule sets are usually static

Today’s Internet with Firewalls

BEEP Blocks Extensible Exchange Protocol General framework for the rapid creation of application-level protocols Provides a message framing mechanism and many common services (profiles) Application chooses services (e.g. security) or protocol (HTTP, IDXP) Requires an underlying transport protocol – TCP

Tomorrow’s Internet with BEEP

IDXP Intrusion Detection eXchange Protocol Standard communication of Intrusion Detection messages (IDMEF) BEEP profile Firewall must not block authorized messages

The Internet with Tunnel

Tunnel Our focus is Tunnel for IDXP messages

Tunnel Uses XML messages to establish a tunnel: Parsed at every host.

Tunnel Characteristics –Poke a “controlled” hole in firewall – short lived –Mutual authentication of client/server –Application level security Differs from –SSH which has one sided authentication –VPNs which are long lived –IPSec which requires OS modification

Problem Statement Evaluate and implement the Tunnel specification as a BEEP profile in at least two programming languages.

Deliverables Evaluation of Tunnel specification –Will this work? –What needs more clarification? Tunnel Implementation in C and Java –Fully documented code tree for both languages –Sample Client/Server/Proxy Applications

Completed Work Evaluated Tunnel Specification Chose BEEP Implementations Implemented –Host to Host Tunnel –Single Firewall Tunnel Some interoperability testing

Fall Schedule

Tunnel Evaluation No standard way to extend the DTD. Previously no IPv6 support in the DTD. Possibility for loops with misconfigured servers. No way to specify a Time-To-Live when using a dynamic route, ie: connecting to a service rather than a host.

BEEP Implementations: JAVA: –PermaBEEP 0.8 (Better API) –Beepcore–java (TLS support) C –Roadrunner 0.9 (More fully implemented) –Beepcore–C 0.2 (Abandoned)

Host to Host Tunnel Profile and application can successfully open a tunnel to a host with no firewall in between.

Single Firewall Tunnel

Tunnel host1.example.com proxy.example.com host2.example.com Transport Connect TCP

Tunnel host1.example.com proxy.example.com host2.example.com Transport Connect BEEP Greeting Advertise services (Tunnel, maybe others)

Tunnel host1.example.com proxy.example.com host2.example.com Transport Connect BEEP Greeting Start Tunnel

Tunnel host1.example.com proxy.example.com host2.example.com Transport Connect BEEP Greeting Start Tunnel Transport Connect TCP

Tunnel host1.example.com proxy.example.com host2.example.com Transport Connect BEEP Greeting Start Tunnel Transport Connect BEEP Greeting Advertise services (Tunnel, maybe others)

Tunnel host1.example.com proxy.example.com host2.example.com Transport Connect BEEP Greeting Start Tunnel Transport Connect BEEP Greeting Start Tunnel

Tunnel host1.example.com proxy.example.com host2.example.com Transport Connect BEEP Greeting Start Tunnel Transport Connect BEEP Greeting Start Tunnel OK

Tunnel host1.example.com proxy.example.com host2.example.com Transport Connect BEEP Greeting Start Tunnel OK Transport Connect BEEP Greeting Start Tunnel OK proxy now transparently forwards messages

Tunnel host1.example.com proxy.example.com host2.example.com Transport Connect BEEP Greeting Start Tunnel OK Transport Connect BEEP Greeting Start Tunnel OK BEEP Greeting Advertise services (proxy now invisible)

Future Work Firewall daemon (Enforce Security Policy) Multi-Firewall Support More interoperability testing between C and Java implementations. Bug squashing Final report

Spring Schedule

Questions?