Lecture 10 Page 1 CS 236 Online SSL and TLS SSL – Secure Socket Layer TLS – Transport Layer Security The common standards for securing network applications.

Slides:



Advertisements
Similar presentations
Encrypting Wireless Data with VPN Techniques
Advertisements

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Agenda Virtual Private Networks (VPNs) Motivation and Basics Deployment Topologies IPSEC (IP Security) Authentication Header (AH) Encapsulating Security.
SCSC 455 Computer Security Virtual Private Network (VPN)
Guide to Network Defense and Countermeasures Second Edition
OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program or UCSF Campus VPN.
Virtual Private Networks and IPSec
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
CS682 – Network Management and Security Session 7.
Virtual Private Networking Karlene R. Samuels COSC513.
Internet Protocol Security (IPSec)
Remote Networking Architectures
Securing Insecure Networks SSL/TLS & IPSec. 4-1: Cryptographic System Copyright Pearson Prentice-Hall
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
Virtual Private Network
Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.
Course 201 – Administration, Content Inspection and SSL VPN
Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 IPSec or SSL VPN? Decision Criteria.
Lecture 10 Page 1 CS 136, Fall 2014 Network Security, Continued Computer Security Peter Reiher November 13, 2014.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Chapter 20: Getting from the Office to the Road: VPNs BAI617.
CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.
OpenVPN OpenVPN: an open source, cross platform client/server, PKI based VPN.
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet.
Secure Socket Layer (SSL)
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
BZUPAGES.COM. What is a VPN VPN is an acronym for Virtual Private Network. A VPN provides an encrypted and secure connection "tunnel" path from a user's.
Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014.
Lecture 11 Page 1 Advanced Network Security Cryptography and Networks: IPSec and SSL/TLS Advanced Network Security Peter Reiher August, 2014.
Lecture 13 Page 1 CS 136, Spring 2009 Network Security: Firewalls continued, VPNS, Honeypots CS 136 Computer Security Peter Reiher May 14, 2009.
Tunneling and Securing TCP Services Nathan Green.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
VPN. What is VPN An arrangement that provides connections between: An arrangement that provides connections between: –Offices –remote workers and –the.
Lecture 13 Page 1 CS 136, Fall 2010 Network Security: Virtual Private Networks, Wireless Networks, and Honeypots CS 136 Computer Security Peter Reiher.
Lecture 12 Page 1 CS 236 Online Virtual Private Networks VPNs What if your company has more than one office? And they’re far apart? –Like on opposite coasts.
Lecture 12 Page 1 CS 136, Fall 2011 Network Security: Con’t CS 136 Computer Security Peter Reiher November 3, 2011.
SSL/TLS How to send your credit card number securely over the internet.
1 Virtual Private Networks (VPNs) and IP Security (IPSec) G53ACC Chris Greenhalgh.
Lecture 12 Page 1 CS 236, Spring 2008 Virtual Private Networks VPNs What if your company has more than one office? And they’re far apart? –Like on opposite.
Chapter 32 Internet Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Virtual Private Network. ATHENA Main Function of VPN  Privacy  Authenticating  Data Integrity  Antireplay.
Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Chapter 14 Network Encryption
Cryptography and Network Security Chapter 16 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Lecture 16 Page 1 CS 188,Winter 2015 Security in Distributed Systems CS 188 Distributed Systems March 5, 2015.
Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.
 authenticated transmission  secure tunnel over insecure public channel  host to host transmission is typical  service independent WHAT IS NEEDED?
Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Lecture 10 Page 1 CS 236 Online Encryption and Network Security Cryptography is widely used to protect networks Relies on encryption algorithms and protocols.
Virtual Private Networks and IPSec
Network Security: Firewalls, Network Cryptography, and Honeypots Computer Security Peter Reiher February 9, 2017.
Virtual Private Network (VPN)
Virtual Private Networks
Firewall Configuration and Administration
Network Security: Firewalls continued, Virtual Private Networks, and Honeypots CS 136 Computer Security Peter Reiher February 18, 2010.
Virtual Private Networks
Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls
Presentation transcript:

Lecture 10 Page 1 CS 236 Online SSL and TLS SSL – Secure Socket Layer TLS – Transport Layer Security The common standards for securing network applications in Internet –E.g., web browsing Essentially, standards to negotiate, set up, and apply crypto

Lecture 10 Page 2 CS 236 Online The Basics of SSL Usually a client/server operation Client contacts server A negotiation over authentication, key exchange, and cipher takes place Authentication is performed and key agreed upon Then all packets are encrypted with that key and cipher at application level

Lecture 10 Page 3 CS 236 Online Common Use Server authenticates to client using an X.509 certificate –Typically, client not authenticated Though option allows it Client provides material to server to derive session key Client and server derive same session key, start sending encrypted packets

Lecture 10 Page 4 CS 236 Online Crypto in TLS/SSL Several options supported RSA or elliptic curve for PK part AES, DES, 3DES, or others for session cryptography Not all are regarded as still secure Chosen by negotiation between client and server

Lecture 10 Page 5 CS 236 Online Use of SSL/TLS The core crypto for web traffic Commonly used for many other encrypted communications Used in all major browsers Usually not part of OS per se –But all major OSes include libraries or packages that implement it

Lecture 10 Page 6 CS 236 Online Security Status of SSL/TLS Kind of complex SSL is not very secure Early versions of TLS not so secure Later versions of TLS fairly secure –Depending on cipher choice Recent chosen-plaintext attacks shown to work on all versions –In special circumstances

Lecture 10 Page 7 CS 236 Online Virtual Private Networks VPNs What if your company has more than one office? And they’re far apart? –Like on opposite coasts of the US How can you have secure cooperation between them? Could use leased lines, but...

Lecture 10 Page 8 CS 236 Online Encryption and Virtual Private Networks Use encryption to convert a shared line to a “private line” Set up a firewall at each installation’s network Set up shared encryption keys between the firewalls Encrypt all traffic using those keys

Lecture 10 Page 9 CS 236 Online Actual Use of Encryption in VPNs VPNs run over the Internet Internet routers can’t handle fully encrypted packets Obviously, VPN packets aren’t entirely encrypted They are encrypted in a tunnel mode –Often using IPSec Gives owners flexibility and control

Lecture 10 Page 10 CS 236 Online Key Management and VPNs All security of the VPN relies on key secrecy How do you communicate the key? –In early implementations, manually –Modern VPNs use IKE or proprietary key servers How often do you change the key? –IKE allows frequent changes

Lecture 10 Page 11 CS 236 Online VPNs and Firewalls VPN encryption is typically done between firewall machines –VPN often integrated into firewall product Do I need the firewall for anything else? Probably, since I still need to allow non-VPN traffic in and out Need firewall “inside” VPN –Since VPN traffic encrypted –Including stuff like IP addresses and ports –“Inside” can mean “later in same box”

Lecture 10 Page 12 CS 236 Online VPNs and Portable Computing Increasingly, workers connect to offices remotely –While on travel –Or when working from home VPNs offer a secure solution –Typically as software in the portable computer Usually needs to be pre-configured

Lecture 10 Page 13 CS 236 Online VPN Deployment Issues Desirable not to have to pre-deploy VPN software –Clients get access from any machine Possible by using downloaded code –Connect to server, download VPN applet, away you go –Often done via web browser –Leveraging existing SSL code –Authentication via user ID/password –Implies you trust the applet... Issue of compromised user machine

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.