Secure Authentication A Brief Overview PacNOG 6 Workshop Nadi, Fiji Hervey Allen.

Slides:

Advertisements

Similar presentations

Dan Fleck.  WAMP – Windows Apache MySQL PHP -  LAMP – Linux Apache MySQL PHP ◦ There are.

Advertisements

A+ Guide to Software, 4e Chapter 9 Windows on the Internet.

© Copyright 1997, The University of New Mexico C-1 Internet Service Provider Services What to do once you’re connected.

Advanced Web 2012 Lecture 2 Sean Costain How the Web Works - Refresh Sean Costain 2012 The web is a matrix of servers that handle client requests.

John Degenhart Joseph Allen.  What is FTP?  Communication over Control connection  Communication over Data Connection  File Type  Data Structure.

SquirrelMail for Webmail AfNOG 2012 Scalable Internet Services (SS-E) Presented by Michuki Mwangi Serrekunda, Gambia (Original Materials by Joelja)

Securing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.

Introducing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.

© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Strategies in Linux Platforms and.

SquirrelMail for Webmail AfNOG 2013 Scalable Internet Services (SS-E) Presented by Michuki Mwangi Lusaka, Zambia (Original Materials by Joelja)

Remote access and file transfer Getting files on and off Bio-Linux.

Telnet/SSH: Connecting to Hosts Internet Technology1.

CS 350 Chapter-6. A brief history of TCP/IP 1983 TCP/IP came to ARPAnet ARPAnet and MILNET dissolved in 1990 BSD UNIX.

Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.

SIMPLE ROUTER The slide made by Salim Malakouti. Next we will create the Router  What do I we mean by a router?  Routers work similar to a map. It receives.

Chapter 10 Intro to Routing & Switching.  Upon completion of this chapter, you should be able to:  Explain how the functions of the application layer,

Security & Cryptographic Methods PacNOG 6 Hervey Allen PacNOG 6 Hervey Allen.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols.

Shadow Security Scanner Li,Guorui. Introduction Remote computer vulnerabilities scanner Runs on Windows Operating Systems SSS also scans servers built.

Secure Shell for Computer Science Nick Czebiniak Sung-Ho Maeung.

SSH and SSL CIT304 University of Sunderland Harry R. Erwin, PhD.

Chapter 1: The Internet and the WWW CIS 275—Web Application Development for Business I.

Apache and... Virtual Hosts ---- aliases mod_rewrite ---- htaccess AFNOG 11 Kigali, Rwanda May 2010 Dorcas Muthoni Courtesy: Hervey Allen.

TELE 301 Lecture 17: FTP … 1 Overview Last Lecture –Remote Terminal Services (SSH) This Lecture –File transfer and web caching Next Lecture –Directory.

TPR5: Custom Configurations Steve Lewis, Web Manager, SUNY Brockport TPR5: Custom Configurations: Unlock the Power of Apache Steven Lewis Web Manager SUNY.

CHAPTER 10 Session Hijacking. INTRODUCTION The act of taking over a connection of some sort, for examples, network connection, a modem connection or other.

Network Security: Lab#3 Transport-Level Security Tools J. H. Wang May 12, 2011.

NETWORKING IN LINUX. WHAT IS LINUX..? Freely implemention of UNIX-like Kernel. Free & Open source Software. Developed by Linus Torvalds in 1991.

Apache Traffic Redirection Jed Reynolds

Internet Business Foundations © 2004 ProsoftTraining All rights reserved.

Tunneling and Securing TCP Services Nathan Green.

Application Services COM211 Communications and Networks CDA College Theodoros Christophides

G CITRIXHACKIN. Citrix Presentation Server 4.5 New version is called XenApp/Server Common Deployments Nfuse classic CSG – Citrix Secure Gateway Citrix.

1 Apache and... Virtual Hosts ---- aliases mod_rewrite ---- htaccess AFNOG X Cairo, Egypt May 2009 Hervey Allen.

UMBC’s WebAuth Robert Banz – UMBC

ORAFACT The Secure Shell. ORAFACT Secure Shell Replaces unencrypted utilities rlogin and telnet rsh rcp Automates X11 authentication Supports tunneling.

FTP File Transfer Protocol Graeme Strachan. Agenda  An Overview  A Demonstration  An Activity.

Secure Authentication A Brief Overview PacNOG I Workshop June 22, 2005 Nadi, Fiji Hervey Allen.

Phil Hurvitz Securing UNIX Servers with the Secure.

AfNOG 2007 Abuja Secure Authentication A Brief Overview AfNOG 2007 April 26, 2007 Abuja, Nigeria Hervey Allen.

LO1 Know types of Network Systems and Protocols. Application Layer Protocols.

Linux Services Configuration

Host Security Overview Onion concept of security Defense in depth How secure do you need to be? You can only reduce risk Tradeoffs - more security means:

Apache HTTP Server from 10,000 feet An open source Apache feature overview and discussion.

Unix network Services. Configuring a network interface In Unix there are essentially two commands that are used to enable TCP/IP. ifconfig route.

An Introduction to E-Commerce Security By Graham Mead.

File Manager A Robust User Interface to the Stanford Microarray Database (SDM) M.S. Pilot Adviser: M. W. Berry John Clayton England, III 04/10/2003.

FileZilla Introduction to Web Programming Kirkwood Community College Fred McClurg © Copyright 2015, Fred McClurg, All Rights Reserved.

Protocols Monil Adhikari. Agenda Introduction Port Numbers Non Secure Protocols FTP HTTP Telnet POP3, SMTP Secure Protocols HTTPS.

Web Security. Introduction Webserver hacking refers to attackers taking advantage of vulnerabilities inherent to the web server software itself These.

SquirrelMail for Webmail Quick and Dirty Michuki Mwangi for AfNOG 2010.

Feeling RESTful? Well, first we’ll define a Web Service –A web page meant to be consumed by a computer via an autonomous program as opposed to a web browser.

SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.

Client Server Model. Server Applications (Software) Management and maintenance of Data including Management and maintenance of Data including User login.

COSC 432 Shi Li 12/8/2008. File Transfer Protocol (FTP) Used to transfer files and data between computers via internet Defined as RFC959 Developed in.

PuTTY Introduction to Web Programming Kirkwood Continuing Education by Fred McClurg © Copyright 2016, All Rights Reserved ssh client.

Communication protocols 2. HTTP Hypertext Transfer Protocol, is the protocol of World Wide Web (www) Client web browser Web server Request files Respond.

Secure services Unit-IV CHAP-1

Apache and... Virtual Hosts ---- aliases mod_rewrite ---- htaccess

Aplikasi Jaringan.

Telnet/SSH Connecting to Hosts Internet Technology.

File Transfer Protocol

Chapter 4 Core TCP/IP Protocols

CGS 3175: Internet Applications Fall 2009

SSH – the practical solution

HACKIN G CITRIX.

Lecture 14: JSON and Web SERVICES

Chapter 7 Network Applications

Computer Networks Protocols

MESSAGE ACCESS AGENT: POP AND IMAP

Presentation transcript:

Secure Authentication A Brief Overview PacNOG 6 Workshop Nadi, Fiji Hervey Allen

What are we talking about? Any service you run that authenticates should not do so in the clear. This includes: – pop – imap – shell login – file transfer – web login (think webmail) – sending (think smtp)

Some replacements – POP ==> POPS with ssl cert (port 110 vs. 995) – imap ==> imaps with ssl cert (port 143 vs. 993) – smtp authed with TLS (port 465/other vs. 25) – telnet ==> ssh – ftp ==> sftp or scp – http login via https with ssl cert – http upload is harder – anonymous ftp is OK. Watch uploads

Avoiding the ssh tunnel SSH tunneling is cool and powerful, but can circumvent some secure practices and is hard for most users. You can use pops, imaps, and smtp with tls to remove the need for most ssh tunnels. This can avoid the need for users doing this. ssh -C -f -L 1100:localhost:110 sleep 10000

It can be painful... Windows has no built-in ssh/sftp/scp client. This can make secure shell login requirements painful. For secure web login simply force the login page to be https. Most scripting and programatic interfaces make this easy. In PHP: if ($_SERVER["HTTPS"] != 'on') { header("Location: \.$_SERVER['PHP_SELF']."?referrer=$referrer"); }

Secure Web Login Apache supports redirecting using the mod_rewrite module. Real world example: # Turn on use of the mod_rewrite module RewriteEngine on # trac logins must be secure RewriteCond %{SERVER_PORT} !443 RewriteCond %{REQUEST_URI} ^/trac RewriteRule ^(.*)$ [R=301]

But, it's worth it Start to get your user community used to the idea of “no passwords in the clear” Has the potential to steer your organization clear of potential liability issues in the future. You'll sleep better at night... ;-)