The Aerospace Clinic 2002 Team Members Nick Hertl (Project Manager) Will Berriel Richard Fujiyama Chip Bradford Faculty Advisor Professor Michael Erlinger.

Slides:



Advertisements
Similar presentations
Encrypting Wireless Data with VPN Techniques
Advertisements

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Module 5: Configuring Access to Internal Resources.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
1 © NOKIA Presentation_Name.PPT / DD-MM-YYYY / Initials Company Confidential The Internet offers no inherent security services to its users; the data transmitted.
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.
Beth Johnson April 27, What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external.
Circuit & Application Level Gateways CS-431 Dick Steflik.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Internet Protocol Security (IPSec)
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
WSV404 DirectAccess Server (Server 2008 R2) DirectAccess Client (Windows 7) Internet Native IPv6 6to4 Teredo IP-HTTPS Tunnel over IPv4 UDP, HTTPS,
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.
A Brief Taxonomy of Firewalls
Intranet, Extranet, Firewall. Intranet and Extranet.
1/28/2010 Network Plus Security Review Identify and Describe Security Risks People –Phishing –Passwords Transmissions –Man in middle –Packet sniffing.
CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.
SOCKS Group: Challenger Member: Lichun Zhan. Agenda Introduction SOCKS v4 SOCKS v5 Summary Conclusion References Questions.
Internet-Based Client Access
Web Server Administration Chapter 10 Securing the Web Environment.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod9_L8 1 Network Security 2 Module 6 – Configure Remote Access VPN.
Chapter 6: Packet Filtering
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Services Working at a Small-to-Medium Business or ISP – Chapter 7.
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
Chapter 13 – Network Security
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
SSH and SSL CIT304 University of Sunderland Harry R. Erwin, PhD.
1 The Firewall Menu. 2 Firewall Overview The GD eSeries appliance provides multiple pre-defined firewall components/sections which you can configure uniquely.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.
Module 11: Remote Access Fundamentals
Abdullah Alshalan Garrett Drown Team 3 CSE591: Virtualization and Cloud Computing.
The Aerospace Clinic 2002 Team Members Nick Hertl (Project Manager) Will Berriel Richard Fujiyama Chip Bradford Faculty Advisor Professor Michael Erlinger.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
Tunneling and Securing TCP Services Nathan Green.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
Module 6: Integrating ISA Server 2004 and Microsoft Exchange Server.
Data Communications and Networks
Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.
Protocols COM211 Communications and Networks CDA College Olga Pelekanou
SOCKS By BITSnBYTES (Bhargavi, Maya, Priya, Rajini and Shruti)
Data Security in Local Network Using Distributed Firewall Presented By- Rahul N.Bais Guide Prof. Vinod Nayyar H.O.D Prof.Anup Gade.
K. Salah1 Security Protocols in the Internet IPSec.
The Aerospace Clinic 2002 Team Members Nick Hertl (Project Manager) Will Berriel Richard Fujiyama Chip Bradford Faculty Advisor Professor Michael Erlinger.
Securing Access to Data Using IPsec Josh Jones Cosc352.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
VIRTUAL SERVERS Chapter 7. 2 OVERVIEW Exchange Server 2003 virtual servers Virtual servers in a clustering environment Creating additional virtual servers.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Defining Network Infrastructure and Network Security Lesson 8.
Chapter 18 IP Security  IP Security (IPSec)
Securing the Network Perimeter with ISA 2004
Working at a Small-to-Medium Business or ISP – Chapter 7
Working at a Small-to-Medium Business or ISP – Chapter 7
Transport Protocols Relates to Lab 5. An overview of the transport protocols of the TCP/IP protocol suite. Also, a short discussion of UDP.
* Essential Network Security Book Slides.
Working at a Small-to-Medium Business or ISP – Chapter 7
دیواره ی آتش.
Presentation transcript:

The Aerospace Clinic 2002 Team Members Nick Hertl (Project Manager) Will Berriel Richard Fujiyama Chip Bradford Faculty Advisor Professor Michael Erlinger Aerospace Liaisons Joseph Betser, PhD Rayford Sims

Overview: Background Information Alternatives to Tunnel Technical Approach –Completed work –Future work Questions

Background TCP/IP Firewalls Security BEEP IDXP Tunnel

TCP/IP Main protocols used over the Internet Provides reliable, full-duplex, peer-to-peer communication Most current application protocols use this directly: HTTP (web), SMTP ( ), etc. Multiple connections to the same machine are handled using ports

Firewalls Set of rules to restrict TCP/IP traffic Can filter by any combination of source and destination IP address and port Rule sets are usually static—not easy to handle "only allow Joe's messages through" if Joe doesn't always connect from the same computer

Security Firewalls attempt to ensure this To allow Joe access, he must first prove he is who he claims to be (login/authenticate) SSH Tunnel is a common solution—handles authentication SSH not without drawbacks, however (discussed later) Tunnel is a better solution, but first...

BEEP General framework for rapidly creating application-level protocols Requires an underlying transport protocol (TCP) Provides a message framing mechanism and many common service "profiles" Profiles provide transparent addition of properties to a connection (i.e. security)

IDXP Intrusion Detection eXchange Protocol BEEP profile used to transfer intrusion detection alert information from various sensors within a large network to a central repository where an administrator or correlation program can take actions against an attack if needed Firewall must not block messages

Tunnel General purpose proxy routing BEEP profile Our focus is Tunnel for IDXP message

Tunnel Uses XML messages to establish a tunnel: Example...

Tunnel host1.example.com proxy.example.com host2.example.com Transport Connect Usually TCP

Tunnel host1.example.com proxy.example.com host2.example.com Transport Connect BEEP Greeting Advertise services (Tunnel, maybe others)

Tunnel host1.example.com proxy.example.com host2.example.com Transport Connect BEEP Greeting Start Tunnel

Tunnel host1.example.com proxy.example.com host2.example.com Transport Connect BEEP Greeting Start Tunnel Transport Connect Usually TCP

Tunnel host1.example.com proxy.example.com host2.example.com Transport Connect BEEP Greeting Start Tunnel Transport Connect BEEP Greeting Advertise services (Tunnel, maybe others)

Tunnel host1.example.com proxy.example.com host2.example.com Transport Connect BEEP Greeting Start Tunnel Transport Connect BEEP Greeting Start Tunnel

Tunnel host1.example.com proxy.example.com host2.example.com Transport Connect BEEP Greeting Start Tunnel Transport Connect BEEP Greeting Start Tunnel OK

Tunnel host1.example.com proxy.example.com host2.example.com Transport Connect BEEP Greeting Start Tunnel OK Transport Connect BEEP Greeting Start Tunnel OK proxy now transparently forwards messages

Tunnel host1.example.com proxy.example.com host2.example.com Transport Connect BEEP Greeting Start Tunnel OK Transport Connect BEEP Greeting Start Tunnel OK BEEP Greeting Advertise services (proxy now invisible)

Alternatives to Tunnel SSL/TLS SASL SSH VPN IPsec

SSH (Secure Shell) Tunnelling Client/Server applications Provides encryption, client authentication Mass adoption leaves port 22 open Commonly used to tunnel through firewalls Application dependency on SSH Explicit endpoint connections Lacks host authentication Tunnel offers auth/encry details, address anonymity, doesn't require explicit endpoint

SSL v3 / TLS v1(RFC 2246) HTTPS, NNTP, IMAP, POP Lives between TCP and application API is similar to BSD socket API Encryption Server authentication and optional host Simple client configuration – no AC Certificate spoofing, man-in-the-middle attacks

SASL (RFC 2222) (Simple Authentication and Security Layer) SSL with an A? Framework for adding auth/encry/integrity Allows network admin to configure proper security levels for the environment BEEP makes use of SASL

VPN (Virtual Private Network) Secure, private, transparent network Encryption, strong authentication Intrusive on the client Tunnel is easier to deploy and administer, allows more policy flexibility

IPsec (IP Security) Protects everything running on top of IP, including TCP and UDP Requires kernel modification No recompiling necessary to get benefit IPsec does not work with NAT Tunnel is easier to deploy, works with NAT, and configurable

Completed Work Proposal Submitted Tunnel Evaluated Beep Implementations Chosen No – Hop Tunnel Implementation

Tunnel Issues: No IPv6 support in the DTD or a standard way to extend the DTD. Possibility for loops with misconfigured servers. No way to specify a Time-To-Live when using a dynamic route, ie: connecting to a service rather than a host.

Beep Implementations: JAVA: –PermaBEEP 0.8 –Beepcore–java C –Roadrunner 0.9 –Beepcore–C 0.2

No-Hop Tunnel Profile and application can successfully open a tunnel to a host with no firewall in between.

Future Work One–Hop Tunnel Firewall Proxy–Hopping Multi–Hop Proxying Interoperability between C and JAVA implementations

Schedule

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.