How to extend Intranet security to the home

Slides:

Advertisements

Similar presentations

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Advertisements

HotNets-VI 1 Architecting Citywide Ubiquitous Wi-Fi Access Nishanth Sastry Jon Crowcroft, Karen Sollins.

| Copyright © 2009 Juniper Networks, Inc. | 1 WX Client Rajoo Nagar PLM, WABU.

1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.

SMC2804WBRP-G Barricade™ g 2.4GHz 54Mbps Wireless Cable/DSL Broadband Router with USB Print Server SMC2804WBRP-G

DMZ (De-Militarized Zone)

DMZ (De-Militarized Zone)

Network Security Essentials Chapter 11

CST Computer Networks NAT CST 415 4/10/2017 CST Computer Networks.

LMF/TTR Raimo Vuopionperä 6WINIT: Ericsson (Research) Objectives (6WINIT Kick-Off, London) Raimo Vuopionperä (Ph. D.), NomadicLab (LMF/TTR)

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

IP Masquerading Homes and Businesses: When you only have one IP but you have LOTS of machines.

5-Network Defenses Dr. John P. Abraham Professor UTPA.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Firewalling Techniques Prabhaker Mateti. ACK Not linux specific Not linux specific Some figures are from 3com Some figures are from 3com.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

CS682 – Network Management and Security Session 7.

Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.

Wi-Fi Structures.

Hands-On Microsoft Windows Server 2003 Networking Chapter 1 Windows Server 2003 Networking Overview.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

Remote Networking Architectures

1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.

Fermilab VPN Service What is a VPN ?.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.

1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.

Chapter 6 Configuring, Monitoring & Troubleshooting IPsec

Course 201 – Administration, Content Inspection and SSL VPN

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

Intranet, Extranet, Firewall. Intranet and Extranet.

CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.

Csci5233 Computer Security1 Bishop: Chapter 27 System Security.

VPN’s – promise, pitfall, implementation and policy don murdoch odu – isso dmurdoch odu dot edu.

Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014.

PRESENTED BY P. PRAVEEN Roll No: 1009 – 11 – NETWORK SECURITY M.C.A III Year II Sem.

Homework 02 NAT 、 DHCP 、 Firewall 、 Proxy. Computer Center, CS, NCTU 2 Basic Knowledge  DHCP Dynamically assigning IPs to clients  NAT Translating addresses.

Citrix Secure Gateway v1.1 Customer Presentation Aug 2002 Customer Presentation Aug 2002.

CERN - European Organization for Nuclear Research Beyond ACB – VPN’s FOCUS June 13 th, 2002 Frédéric Hemmer & Denise Heagerty- IT Division.

1 Copyright © 2015 Pexus LLC Patriot PS Personal Server How to configure as a Mail server.

1 Week #5 Routing and NAT Network Overview Configuring Routing Configuring Network Address Translation Troubleshooting Routing and Remote Access.

Security fundamentals Topic 10 Securing the network perimeter.

A Network Security -Firewall Bruce Turin.

REGIONAL COLLEGE FOR EDUCATION RESEARCH & TECHNOLOGY.

Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.

VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.

I NTRODUCTION TO F IREWALLS. O VERVIEW OF F IREWALLS As the name implies, a firewall acts to provide secured access between two networks A firewall may.

SMOOTHWALL FIREWALL By Nitheish Kumarr. INTRODUCTION  Smooth wall Express is a Linux based firewall produced by the Smooth wall Open Source Project Team.

Lecture 10 Page 1 CS 236 Online SSL and TLS SSL – Secure Socket Layer TLS – Transport Layer Security The common standards for securing network applications.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Defining Network Infrastructure and Network Security Lesson 8.

أمن المعلومات لـ أ. عبدالرحمن محجوب حمد mtc.edu.sd أمن المعلومات Information Security أمن المعلومات Information Security  أ. عبدالرحمن محجوب  Lec (5)

Security fundamentals

Virtual Private Networks and IPSec

NAT、DHCP、Firewall、FTP、Proxy

CONNECTING TO THE INTERNET

Virtual Private Networks

Network Address Translation

Computer Data Security & Privacy

6.6 Firewalls Packet Filter (=filtering router)

Lecture # 7 Firewalls الجدر النارية. Lecture # 7 Firewalls الجدر النارية.

Digital Pacman: Firewall Edition

Server-to-Client Remote Access and DirectAccess

Virtual Private Network

Cengage Learning: Computer Networking from LANs to WANs

Presentation transcript:

How to extend Intranet security to the home Home Workers Node How to extend Intranet security to the home

Requirements Secure enough to be acceptable by intranet security officers intrusion denial of service Convenient enough to be acceptable by employees intranet should feel local at home full internet access

System overview Client (e.g. PC) e-box ISP Firewall Resource Evil spouse Client (e.g. PC) Local net e-box Evil ISP employee Access net ISP Evil hacker Internet Firewall Who cares Intranet Resource (e.g. Web)

Universe splitter DNS requests are intercepted Intranet names are assigned a local private range IP address Name + IP nr. registered at guard Packages with these addresses are forwarded to guard Guard tunnels packages if profile allows NAT used for Internet access

Logical view Client (e.g. PC) Guard DNS Proxy device Guard Firewall ? people.ericsson.se ? www.apple.com Client (e.g. PC) 10.0.0.14 ! Guard DNS 17.254.0.91 ! DNS ? www.apple.com 17.254.0.91 ! ? 10.0.0.14 GET 10.0.0.14=people.ericsson.se e-box Proxy device Guard ? 17.254.0.91 GET ? Ab%$12AnC^6as*mS (SSL) www. apple. com Firewall proxy people. ericsson. se ? 195.16.78.12 GET Profiles

Spouse attack Only defined local clients can access guard services Profile at firewall defines limited resource access Auditing Login can be strengthened by SMS login

ISP attack Eavesdropping impossible due to SSL link between guard and firewall Denial of service can be prevented with multiple ISPs

Hacker attack Private IP range used for intranet aliases are skipped by every router e-box does not allow remote login No forwarding of external packets via guard Only access is from client on local net. This requires physical access (e-box alarm system?)

Guard DNS Act as DNS server for local net Detect requests for intranet services Assign private IP number as alias Inform guard of assignment If not known, forward to system DNS Simple package, can be written in Java (IBM has done it)

Proxy device Intercept IP packets in guard range Push packets to Guard Very simple Linux device driver. Many examples available Written in C

Guard Create an SSL tunnel over the internet to the firewall Authenticate secure Inform firewall of private aliases Forward packets both ways SSL software freely available

Firewall Accept tunnels from guards Authenticate Forward packets if they are allowed by the profile of the e-box Manage the profiles of the employee Certificates Self care Company policies Standard solutions?

Strengths Allows any type of client Offers full internet access PCs Web pads Offers full internet access games, LDAP, applets Allows multiple intranets if e-box is trusted No special cards

Weaknesses Local net is not fully secure No standard software New concept, requires convincing security officers