Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Sponsored by the U.S. Department of Defense © 2000 by Carnegie Mellon.

Slides:

Advertisements

Similar presentations

Encrypting Wireless Data with VPN Techniques

Advertisements

Heroix Longitude - multiplatform, automated application performance monitoring and management software.

Defence R&D Canada R et D pour la défense Canada Dynamic VPN Controller Developed by NRNS Inc. July 2, 2003.

Lori Fitterling LI843 SSL Secured Sockets Layer. What is Secure Sockets Layer (SSL)? It is protection of data transferred over the Internet using encryption.

MyFloridaMarketPlace Roundtable Technical/Networking Presentation March 19, :00 a.m. – noon.

Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference th November, 2006.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

Securing the Borderless Network March 21, 2000 Ted Barlow.

Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.

S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,

Chapter 7 HARDENING SERVERS.

PKI 2: Protezione del traffico Web tramite SSL Fabrizio Grossi.

Extranet for Security Professionals Essential Services Analysis Heather T. Kowalski Tong Xu Ying Hao Hui Huang Bill Halpin Oct. 31, 2000.

Extranet for Security Professionals (ESP)

A survey of commercial tools for intrusion detection 1. Introduction 2. Systems analyzed 3. Methodology 4. Results 5. Conclusions Cao er Kai. INSA lab.

1 Carnegie Mellon University CERT Coordination Center Firewalls CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh.

Hands-On Microsoft Windows Server 2003 Networking Chapter 1 Windows Server 2003 Networking Overview.

Presented by C.SARITHA ( 07R91A0568) INTRUSION DETECTION SYSYTEM.

Internet Protocol Security (IPSec)

ESP: A Final Analysis Bill Halpin Ying Hao Hui Huang H. T. Kowalski Tong Xu December 7, 2000.

1 Carnegie Mellon University CERT Coordination Center Firewalls Institute of Internal Auditors Advanced Technology Conference and InfoExpo September 21,

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

NETWORK SECURITY.

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Secure Knowledge Management: and.

Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

JVM Tehnologic Company profile & core business Founded: February 1992; –Core business: design and implementation of large software applications mainly.

Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.

Network Services Lesson 6. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Setting up common networking services Understanding.

September 1, 1998IT System for CIMSS, IISc1 By the IT Subcommittee of the CIMSS Project –Jayant Haritsa (SERC) –R. Krishnamurthy (SERC) –Anurag Kumar (ECE,

Session 11: Security with ASP.NET

Technology Overview. Agenda What’s New and Better in Windows Server 2003? Why Upgrade to Windows Server 2003 ?  From Windows NT 4.0  From Windows 2000.

Chapter 13 – Network Security

© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.

Module 8 Configuring Mobile Computing and Remote Access in Windows® 7.

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

TECHNOLOGY GUIDE THREE Protecting Your Information Assets.

© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.

Network Security Techniques by Bruce Roy Millard Division of Computing Studies Arizona State University

Module 9: Fundamentals of Securing Network Communication.

The Grid System Design Liu Xiangrui Beijing Institute of Technology.

1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.

Hands-On Microsoft Windows Server Implementing Microsoft Internet Information Services Microsoft Internet Information Services (IIS) –Software included.

1 Securing Internet Sessions with Sorbet Fred Long, Robert Seacord, Scott A. Hissam, John Robert August, 1999 Software Engineering Institute Carnegie Mellon.

Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.

S E C U R E C O M P U T I N G Not For Public Release 1 Intrusion Tolerant Server Infrastructure Dick O’Brien OASIS PI Meeting July 25, 2001.

INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used? Tripwire.

Secure  Message interception (confidentiality)  Message interception (blocked delivery)  Message interception and subsequent replay  Message.

Understand Internet Security LESSON Security Fundamentals.

Understand Network Isolation Part 2 LESSON 3.3_B Security Fundamentals.

 authenticated transmission  secure tunnel over insecure public channel  host to host transmission is typical  service independent WHAT IS NEEDED?

The overview How the open market works. Players and Bodies  The main players are –The component supplier  Document  Binary –The authorized supplier.

IS 4506 Windows NTFS and IIS Security Features.  Overview Windows NTFS Server security Internet Information Server security features Securing communication.

© 2001, Cisco Systems, Inc. CSPFA 2.0—16-1 Chapter 16 Cisco PIX Device Manager.

SSL: Secure Socket Layer By: Mike Weissert. Overview Definition History & Background SSL Assurances SSL Session Problems Attacks & Defenses.

OSSEC HIDS ● Jonathan Schipp ● Dubois County Linux User Group ● Sept 4 th, 2011 ● jonschipp (at) gmail.com.

Virtual Private Network (VPN)

TECHNOLOGY GUIDE THREE

Securing the Network Perimeter with ISA 2004

Module 8: Securing Network Traffic by Using IPSec and Certificates

Forefront Security ISA

Welcome To : Group 1 VC Presentation

Using SSL – Secure Socket Layer

VPN: Virtual Private Network

KNOWLEDGE MANAGEMENT (KM) Session # 34

Module 8: Securing Network Traffic by Using IPSec and Certificates

Unit 8 Network Security.

Designing IIS Security (IIS – Internet Information Service)

Presentation transcript:

Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by the U.S. Department of Defense © 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute ESP Technical Overview Marty Lindner September 2000

© 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 2 Agenda What is “ESP” Goals of the ESP ESP Technology Overview

© 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 3 What is the “ESP” ESP E xtranet for S ecurity P rofessional

© 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 4 What is the “ESP” From a users perspective the ESP is a web site that is used by a group of people sharing a common interest or need

© 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 5 What is the “ESP” From an IT professionals perspective the ESP is a secure web environment created by using Commercial Off The Shelf (COTS) products Good Programming Practices Strict network policies enforced by multiple firewalls and intrusion detection systems Automated intrusion detection software developed for the ESP environment

© 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 6 What is the “ESP” A set of collaboration tools used thru a common web interface Mail Tool Calendar Tool Document Collaboration Tool Document Library

© 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 7 Goals of the ESP Minimal cost to the end users Provide a mechanism for sharing FOUO/SBU information over the public internet Maintain the highest level of security

© 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 8 ESP Technology Overview

© 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 9 ESP Infrastructure Workstation Database Servers Firewall Router Web Servers The Internet To: George Marty From: Steve

© 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 10 End User Workstation Workstation Database Servers Firewall Router Web Servers The Internet To: George Marty From: Steve

© 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 11 End User Workstation One of the ESP goals is to minimize the cost to the end user The only end user requirement is a web browser that supports U.S. domestic encryption (128 bits)

© 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 12 The Internet Workstation Database Servers Firewall Router Web Servers The Internet To: George Marty From: Steve

© 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 13 The Internet The ESP technology makes one assumption about the Internet You can not trust it! To overcome this lack of trust, the ESP uses the Secure Socket Layer (SSL) protocol and X.509 certificates to provide authenticity, integrity and confidentiality

© 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 14 SSL Security Workstation Database Servers Firewall Router Web Servers The Internet SSL provides a secure path through the Internet To: George Marty From: Steve

© 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 15 Firewall Strategy Workstation Database Servers Firewall Router Web Servers The Internet Multiple inline firewalls create more complex maze for intruders to navigate To: George Marty From: Steve

© 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 16 Firewall Strategy Multiple firewalls randomly inserted into the network topology Sidewinder Guardian Cisco Secure PIX Firewall Linux IPchains

© 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 17 Network Monitoring Workstation Database Servers Firewall Router Web Servers The Internet Passive network monitoring tools assist and automate the intrusion detection process To: George Marty From: Steve

© 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 18 Network Monitoring Several passive network monitoring agents are used to detect signs of intrusion Real Secure Snort

© 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 19 Web Server Security Workstation Database Servers Firewall Router Web Servers The Internet The middleware enhances security by incorporating additional authentication techniques To: George Marty From: Steve

© 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 20 Web Server Security System is dedicated to web services only No additional services offered Software Hardened Windows NT Tripwire system integrity software Netscape Enterprise Server 3.63 home.netscape.com Cold Fusion Server

© 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 21 Database Security Workstation Database Servers Firewall Router Web Servers The Internet The database only responds to authenticated requests from the Web servers To: George Marty From: Steve

© 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 22 Database Security Database servers only except communications from an authenticated IPsec session