Network Layer Security Update

Slides:

Advertisements

Similar presentations

Encrypting Wireless Data with VPN Techniques

Advertisements

CCSDS Security Working Group Spring 2014 Meeting 10 November – 13 November 2014 London, England Okechukwu Mezu, Charles Sheehe NASA/Glenn.

 IPv6 Has built in security via IPsec (Internet Protocol Security). ◦ IPsec Operates at OSI layer 3 or internet layer of the Internet Protocol Suite.

IPv6 Network Security.

Internet Security CS457 Seminar Zhao Cheng. Security attacks interruption, interception, modification, fabrication passive attack, active attack.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Security at the Network Layer: IPSec

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

K. Salah1 Security Protocols in the Internet IPSec.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.

What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.

CCSDS IPsec Compatibility Testing

32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.

CCSDS IPsec Compatibility Testing 10/28/2013 OKECHUKWU MEZU CHARLES SHEEHE CCSDS GRC POC.

An Introduction to Encrypting Messages on the Internet Mike Kaderly INFS 750 Summer 2010.

Karlstad University IP security Ge Zhang

Cyber Security for Energy Delivery Systems NSTB What’s an ICP ? And why is it Useful for Utilities ? Dave Teumim, CISSP Teumim Technical, LLC.

IPSec ● IP Security ● Layer 3 security architecture ● Enables VPN ● Delivers authentication, integrity and secrecy ● Implemented in Linux, Cisco, Windows.

IP Security. P R E S E N T E D B Y ::: Semester : 8 ::: Year : 2009 Naeem Riaz Maria Shakeel Aqsa Nizam.

© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 4: Configuring Site to Site VPN with Pre-shared keys.

FINAL YEAR PROJECT. FINAL YEAR PROJECT IMPLEMENTATION OF VPN USING IPSEC.

Attacking IPsec VPNs Charles D George Jr. Overview Internet Protocol Security (IPSec) is a suite of protocols for authenticating and encrypting packets.

Virtual Private Network. ATHENA Main Function of VPN  Privacy  Authenticating  Data Integrity  Antireplay.

IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.

Virtual Private Network Chapter 4. Lecturer : Trần Thị Ngọc Hoa2 Objectives  VPN Overview  Tunneling Protocol  Deployment models  Lab Demo.

IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.

IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.

1 IPSec: An Overview Dr. Rocky K. C. Chang 4 February, 2002.

K. Salah1 Security Protocols in the Internet IPSec.

Computer Science and Engineering Computer System Security CSE 5339/7339 Session 27 November 23, 2004.

IPv6 Security By Eric Pennington COSC 356 – Network Security Dr. Oblitey

CCSDS IPsec Compatibility Testing 05/4/2016 CHARLES SHEEHE, CCSDS GRC POC OKECHUKWU MEZU, Test Engineer 1.

VPN’s Andrew Stormer COSC 356 Fall What is a VPN? Acronym – Virtual Private Network Acronym – Virtual Private Network Connects two or more private.

CSCI 465 Data Communications and Networks Lecture 26

CCSDS IPsec Compatibility Testing

Virtual Private Networks and IPSec

Palo Alto Networks Certified Network Security Engineer

IPsec Problems and Solutions

CCSDS Security Credentials Blue Book

The CCSDS Security WG is chartered to:

UNIT 7- IP Security 1.IP SEC 2.IP Security Architecture

Virtual Private Networks

100% Exam Passing Guarantee & Money Back Assurance

Virtual Private Network

Encryption and Network Security

Distributed Systems.

Chapter 18 IP Security  IP Security (IPSec)

Internet and Intranet Fundamentals

CSE 4905 IPsec II.

CCSDS IPsec Compatibility Testing

Implementing Network Access Protection

Internet Security CS457 Seminar Zhao Cheng

UNIT.4 IP Security.

Agenda CCSDS Network Layer Security IPSec+IKE Profile for CCSDS

VPNs and IPSec Review VPN concepts Encryption IPSec Lab.

Sheila Frankel Systems and Network Security Group, ITL

Security Protocols in the Internet

Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls

Net431:advanced net services

Encrypting OVN tunnels with IPsec

Virtual Private Networks (VPN)

Computer Networks Protocols

Chapter 6 IP Security.

Presentation transcript:

Network Layer Security Update 10/23/2016 CHARLES SHEEHE, CCSDS GRC POC

Discussions with Area Director Area director would like another round of build and test because of the minimal set of successfully completed test.

Status IPsec compatibility testing for CCSDS Key deliverable Reported Last year IPsec compatibility testing for CCSDS Evaluate IPsec/CCSDS related standards Define CCSDS/IPsec approved parameters by CCSDS working group Develop Test Plan Approval of Test Plan Perform independent testing based on defined IPsec parameters Modify test plan test only IPV4 Connection between agencies end point devices. Started compatibility testing Completed compatibility tests Documentation of test results Document Lessons Learned Present results to CCSDS working group April 2016 Key deliverable Test report in CCSDS format for yellow book

CCSDS IPsec Compatibility Testing 05/4/2016 CHARLES SHEEHE, CCSDS GRC POC OKECHUKWU MEZU, Test Engineer

IPsec Project Overview Performing Encapsulating Security Payload (ESP) using pre-shared keys on a CCSDS Internet Protocol (IP) packet going from source node over a satellite in space to a destination node Why this is important? Network Layer Security Adaptation Profile, which is to adapt and standardize the IETF's Internet Protocol Security (IPsec) protocol for use by CCSDS on missions replacing SCPS-SP Two independent compatible developments are required prior to acceptance NASA GRC IPsec implementation will satisfy one independent development CNES IPsec implementation will satisfy the second independent development Compatibility tests to ensure interoperability Compatibility test will be recorded in the CCSDS 356.1-Y-1 book as official documentation of testing CCSDS IPsec NASA development and testing started November 2013

IPsec Project Process IPsec compatibility testing for CCSDS Evaluate IPsec/CCSDS related standards Define CCSDS/IPsec approved parameters by CCSDS working group Develop Test Plan Approval of Test Plan Perform independent testing based on defined IPsec parameters Modify test plan test only IPV4 Connection between agencies end point devices. Started compatibility testing Completed compatibility tests Documentation of test results Document Lessons Learned Present results to CCSDS working group April 2016 Key deliverable Test report in CCSDS format for yellow book

NASA Internal IPV4 IPsec VPN Tunnel Tests Cisco 3825 Router Ground Station R1 CCSDS Satellite R2 GE 0/0 192.168.1.1 GE 0/1 192.168.2.1 GE 0/0 192.168.2.2 GE 0/1 192.168.3.1 GE 0/1 192.168.4.1 GE 0/2 192.168.3.2 192.168.1.2 192.168.4.2 IPsec VPN Legend GE – Gigabit Ethernet Receive Station R3 Internal IPsec IPv4 tests completed Linux Box Linux Box Tunnel represents a direct logical connection between R1 & R3 through R2. However, all communication between R1 & R3 go through R2 (representing a satellite/networked cloud)

CCSDS IPV4 IPsec VPN Tunnel Legend GE – Gigabit Ethernet Current CCSDS IPv4 IPsec VPN Tunnel setup and configuration

Modified* CCSDS Yellow Book IPsec Test Matrix # IPV4 ESP Tunnel Integrity IPcomp Authenticated Encryption Confidentiality Manual Key Auto Key No Rekey 1* 4 X 2 X* 3* 5 6 7 8 * firewall restrictions, No IP Compression allowed and Phase one tunnel requires HASH, Tests #1 & #3 were not completed due to compatibility issues between Cisco & Palo Alto routers on Manual keying of 10

CCSDS IPsec Compatibility issues Firewall restrictions Firewall will not allow compressed packets to pass through. Internet Protocol compression is being removed from future Internet Engineering Task Force Transport Layer Security. Firewall requires an null hash value for phase one tunnel Compatibility issues, Palo Alto devices would not allow manual keying options. of 10

Lessons Learned Configurations must be shared and tested in advance. Successful test configuration files should be maintained for future connection issue. IPcomp should be removed from IP security documentation compressed packets not allowed to pass through firewall because they can not be inspected. Internet Protocol compression is being removed from future Internet Engineering Task Force Transport Layer Security Firewalls, vendor equipment and software differences are major obstacle to connections with legacy / space systems

We at NASA Glenn would like to thank; Julien Airaud and the team from CNES, it has been a much valued partnership.

Backup

Questions