Secure Communications ● Cleartext vs. encryption and encapsulation ● Protocols not to use ● SSH – scp/ftp – SSH tunnelling ● VPN.

Slides:



Advertisements
Similar presentations
Encrypting Wireless Data with VPN Techniques
Advertisements

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
SCSC 455 Computer Security Virtual Private Network (VPN)
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
Guide to Network Defense and Countermeasures Second Edition
Virtual Private Networks and IPSec
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Telnet/SSH Tim Jansen, Mike Stanislawski. TELNET is short for Terminal Network Enables the establishment of a connection to a remote system, so that the.
TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.
Remote Networking Architectures
Network Address Translation, Remote Access and Virtual Private Networks BSAD 146 Dave Novak Sources: Network+ Guide to Networks, Dean 2013.
Virtual Private Network (VPN) © N. Ganesan, Ph.D..
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
1 © J. Liebeherr, All rights reserved Virtual Private Networks.
VPN TUNNELING PROTOCOLS PPTP, L2TP, L2TP/IPsec Ashkan Yousefpour Amirkabir University of Technology.
Module 11: Supporting Remote Users. Overview Establishing Remote Access Connections Connecting to Virtual Private Networks Configuring Authentication.
NetComm Wireless VPN Functionality Feature Spotlight.
1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.
Understanding VPN Concepts Virtual Private Network (VPN) enables computers to –Communicate securely over insecure channels –Exchange private encrypted.
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)
1 L2TP OVERVIEW 18-May Agenda VPN Tunneling PPTP L2F LT2P.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists.
Linux Networking and Security Chapter 11 Network Security Fundamentals.
12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet.
Chapter 13 – Network Security
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
Secure Shell for Computer Science Nick Czebiniak Sung-Ho Maeung.
Andreas Steffen, , 11-SSH.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen M. Liebi Institute for Internet Technologies and Applications.
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
VIRTUAL PRIVATE NETWORK By: Tammy Be Khoa Kieu Stephen Tran Michael Tse.
Hands-On Microsoft Windows Server Introduction to Remote Access Routing and Remote Access Services (RRAS) –Enable routing and remote access through.
BZUPAGES.COM. What is a VPN VPN is an acronym for Virtual Private Network. A VPN provides an encrypted and secure connection "tunnel" path from a user's.
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
Tunneling and Securing TCP Services Nathan Green.
The University of Oklahoma Virtual Private Network How it works.
Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 13 FTP and Telnet.
1 Virtual Private Networks (VPNs) and IP Security (IPSec) G53ACC Chris Greenhalgh.
XWN740 X-Windows Configuring and Using Remote Access (Chapter 13: Pages )‏
Virtual Private Network. ATHENA Main Function of VPN  Privacy  Authenticating  Data Integrity  Antireplay.
SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.
Virtual Private Networks
Virtual Private Network Access for Remote Networks
Getting Connected to NGS while on the Road…
Secure services Unit-IV CHAP-1
Virtual Private Networks and IPSec
Virtual Private Networks
Virtual Private Networks
Virtual Private Network (VPN)
Microsoft Windows NT 4.0 Authentication Protocols
Chapter 18 IP Security  IP Security (IPSec)
Remote Access Lecture 2.
XWN740 X-Windows Configuring and Using Remote Access
How data travels through a network The Internet
Virtual Private Networks (VPN)
CIT 480: Securing Computer Systems
Telnet/SSH Connecting to Hosts Internet Technology.
Virtual Private Network (VPN)
Lab 7 - Topics Establishing SSH Connection Install SSH Configure SSH
Firewalls Routers, Switches, Hubs VPNs
Remote Access Services RAS Routing and Remote Access Services RRAS Remote Desktop Terminal Services Virtual Private Networking VPN.
Getting Connected to NGS while on the Road…
SSH – the practical solution
Chapter 7 Network Applications
Virtual Private Network zswu
Topic 12: Virtual Private Networks
Presentation transcript:

Secure Communications ● Cleartext vs. encryption and encapsulation ● Protocols not to use ● SSH – scp/ftp – SSH tunnelling ● VPN

Cleartext vs. Security ● Once upon a time, the Internet was a friendly place ● Most communications (rsh, telnet, ftp) used cleartext authentication, in which usernames and passwords were sent over the network without any effort to hide them ● This is no longer appropriate!

Review: IP Datagram ● The header contains info about the type of datagram this is and the source and destination IP addresses ● The data appears without any encryption whatsoever; a packet sniffer can read your username, password, private data, etc. IP headersUnencrypted data

Encryption ● The datagram headers are left unchanged, but the data is encrypted. ● Example: encrypted telnet (uses Kerberos session key as encryption key) kinit telnet -faxl username isua1.iastate.edu IP headersEncrypted data

Encapsulation ● The data is hidden, and the port number can be altered to override firewall settings. IP headersUnencrypted data Encrypted datagram New IP header The packet is encrypted......and encapsulated in a new datagram.

Secure Shell ● Replaces rsh, telnet, ftp ● Provides encrypted connection between host and client ● Provides user authentication based on public/private keys or passwords ● Multiple datastreams can be multiplexed through the SSH connection

SSH connection (3 layers) ● Transport Protocol: host and client connect on port 22 and negotiate encryption and optional compression protocols ● User Authentication Protocol: User is authenticated by – Public/private key exchange – Password (cleartext but encrypted) – Other methods (GSSAPI/Kerberos V) ● Connection Protocol: user channel is multiplexed into several logical data channels

Text-mode SSH ● Replaces rsh, rlogin and telnet ● Use ssh ● If you haven't connected to that host before, you may be asked to accept the host's public key (this can be turned off for greater security)

SCP and SFTP ● To copy files to or from a secure host ● To: scp filename ● From: scp filename ● Secure FTP (sftp) looks like the normal ftp client, but uses ssh as the tunnel: sftp

X over SSH ● X is a cleartext protocol and inherently insecure ● Running X through an SSH tunnel makes it an encrypted connection ● Log in with ssh -X then start X applications on the host. ● ssh -x disables X tunneling

Tunneling Other Protocols ● Forward port nnn on the client to port mmm on the host: ssh -L nnn:hostname:mmm ● Forward port mmm on the host to port nnn on the client ssh -R nnn:hostname:mmm ● For info on using VNC over SSH, see

Virtual Private Network (VPN) ● Used to connect a remote machine or LAN to corporate LAN over the Internet – Eliminates expensive dedicated lines – Maintains security via encryption – Allows remote machines to appear as if they have a "campus" IP address

Connecting a Remote Machine to a LAN Hub VPN Router The Internet The VPN provides an encrypted tunnel through the insecure Internet.

VPN Hardware ● Server side: – Almost always dedicated hardware (could use a Linux machine, but quickly becomes performance limited) ● Client side: – For single remote machine, use software on client machine – For small to large LAN, use another dedicated router

VPN Implementations ● PPP over SSH – Connects PPP client to PPP server through an SSH tunnel instead of a dialup connection – Simple to implement, but subject to serious timing problems –

VPN Implementations ● Point-to-Point Tunneling Protocol (PPTP) – Microsoft implementation (Windows NT) – Uses PPP through a data channel (which may be encrypted and/or compressed) and a separate control channel – Not considered very secure – See and

VPN Implementations ● IPsec – one channel for authentication and exchanging encryption keys, plus one or more data channels; two protocols at the IP level plus one at a higher level – Used by the ISU VPN server and newer versions of Windows – See HOWTO.html

VPN Implementations ● CIPE – designed specifically for building encrypting routers – tunnels encrypted IP packets in UDP packets, so can forward all types of TCP/IP packets – Linux and Windows implementations: see and

● VPN servers at ISU are administered by ITS ● Software is available from ● To install in Linux, you must have the kernel source installed (package kernel-source)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.