The Aerospace Clinic 2002 Team Members Nick Hertl (Project Manager) Will Berriel Richard Fujiyama Chip Bradford Faculty Advisor Professor Michael Erlinger.

Slides:



Advertisements
Similar presentations
Internet Peer-to-Peer Application Infrastructure Darren New Invisible Worlds, Inc.
Advertisements

FIREWALLS Chapter 11.
CCNA – Network Fundamentals
Winter CMPE 155 Week 7. Winter Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.
Module 5: Configuring Access for Remote Clients and Networks.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
The Aerospace Clinic 2002 Team Members Nick Hertl (Project Manager) Will Berriel Richard Fujiyama Chip Bradford Faculty Advisor Professor Michael Erlinger.
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
1 Java Networking – Part I CS , Spring 2008/9.
Circuit & Application Level Gateways CS-431 Dick Steflik.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.
Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 9 Network Policy and Access Services in Windows Server 2008.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
A Brief Taxonomy of Firewalls
Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
Intranet, Extranet, Firewall. Intranet and Extranet.
Web Server Administration Chapter 10 Securing the Web Environment.
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
Chapter 6: Packet Filtering
Jaringan Komputer Dasar OSI Transport Layer Aurelio Rahmadian.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
Presented by Xiaoyu Qin Virtualized Access Control & Firewall Virtualization.
Component 9 – Networking and Health Information Exchange Unit 1-1 ISO Open Systems Interconnection (OSI) This material was developed by Duke University,
Module 12: Routing Fundamentals. Routing Overview Configuring Routing and Remote Access as a Router Quality of Service.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.
Crossing firewalls Liane Tarouco Leandro Bertholdo RNP POP/RS.
Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.
Module 5: Configuring Access for Remote Clients and Networks.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
1 實驗九:建置網路安全閘道器 教師: 助教:. 2 Outline  Background  Proxy – Squid  Firewall – IPTables  VPN – OpenVPN  Experiment  Internet gateway  Firewall  VPN.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
SOCKS By BITSnBYTES (Bhargavi, Maya, Priya, Rajini and Shruti)
Advanced UNIX programming Fall 2002, lecture 16 Instructor: Ashok Srinivasan Acknowledgements: The syllabus and power point presentations are modified.
Data Security in Local Network Using Distributed Firewall Presented By- Rahul N.Bais Guide Prof. Vinod Nayyar H.O.D Prof.Anup Gade.
The Aerospace Clinic 2002 Team Members Nick Hertl (Project Manager) Will Berriel Richard Fujiyama Chip Bradford Faculty Advisor Professor Michael Erlinger.
Securing Access to Data Using IPsec Josh Jones Cosc352.
VIRTUAL SERVERS Chapter 7. 2 OVERVIEW Exchange Server 2003 virtual servers Virtual servers in a clustering environment Creating additional virtual servers.
FIREWALLS Created and Presented by: Dawn Blitch & Fredda Hutchinson.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY IT375 Window Enterprise Administration Course Name – IT Introduction to Network Security Instructor.
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
Virtual Private Networks
Transport Protocols Relates to Lab 5. An overview of the transport protocols of the TCP/IP protocol suite. Also, a short discussion of UDP.
Prepared By : Pina Chhatrala
Securing the Network Perimeter with ISA 2004
Introducing To Networking
Working at a Small-to-Medium Business or ISP – Chapter 7
Working at a Small-to-Medium Business or ISP – Chapter 7
Transport Protocols Relates to Lab 5. An overview of the transport protocols of the TCP/IP protocol suite. Also, a short discussion of UDP.
Transport Protocols Relates to Lab 5. An overview of the transport protocols of the TCP/IP protocol suite. Also, a short discussion of UDP.
I. Basic Network Concepts
Transport Protocols Relates to Lab 5. An overview of the transport protocols of the TCP/IP protocol suite. Also, a short discussion of UDP.
Working at a Small-to-Medium Business or ISP – Chapter 7
Firewalls Routers, Switches, Hubs VPNs
Transport Protocols An overview of the transport protocols of the TCP/IP protocol suite. Also, a short discussion of UDP.
دیواره ی آتش.
Lecture 2: Overview of TCP/IP protocol
By Seferash B Asfa Wossen Strayer University 3rd December 2003
Computer Networks Protocols
Transport Protocols Relates to Lab 5. An overview of the transport protocols of the TCP/IP protocol suite. Also, a short discussion of UDP.
Presentation transcript:

The Aerospace Clinic 2002 Team Members Nick Hertl (Project Manager) Will Berriel Richard Fujiyama Chip Bradford Faculty Advisor Professor Michael Erlinger Aerospace Liaisons Joseph Betser, PhD Rayford Sims

Overview Background Information Tunnel Technical Approach –Completed work –Tunnel Demo –Future work Questions

Background TCP/IP Network Security Firewalls BEEP IDXP

TCP/IP Main protocols used over the Internet Provides reliable, full-duplex, peer-to- peer communication Most current application protocols use this directly: HTTP (web), SMTP ( ), etc. Multiple connections to the same machine are handled using ports

Network Security Only authorized users should be able to access private networks Some data and services should only be available internally Firewalls are used in most corporations to restrict access to network resources

Firewalls Set of rules to restrict network traffic Can filter by any combination of: –Source IP –Destination IP –Port –Protocol Rule sets are usually static

BEEP Blocks Extensible Exchange Protocol General framework for the rapid creation of application-level protocols Requires an underlying transport protocol Provides a message framing mechanism and many common service "profiles" Profiles provide transparent addition of properties to a connection (i.e. security)

Existing BEEP Profiles SSL/TLS SASL IDXP Others that don’t apply to our system. Tunnel (soon… :-)

IDXP Intrusion Detection eXchange Protocol Standard communication of Intrusion Detection messages (IDMEF) Firewall must not block authorized messages

Tunnel General purpose proxy routing BEEP profile Our focus is Tunnel for IDXP message

Tunnel Uses XML messages to establish a tunnel: Other XML attributes allow routing by IP address, service, or potentially user defined extensions.

Alternatives to Tunnel SSH –Application not intended for this purpose VPN –Long lived –Invasive to client IPsec –Requires kernel modification –Few organizations use this

Completed Work Evaluated Tunnel Specification Chose BEEP Implementations Implemented –No-Hop Tunnel –One-Hop Tunnel Some interoperability testing

Fall Schedule

Tunnel Evaluation No standard way to extend the DTD. Previously no IPv6 support in the DTD. Possibility for loops with misconfigured servers. No way to specify a Time-To-Live when using a dynamic route, ie: connecting to a service rather than a host.

Beep Implementations: JAVA: –PermaBEEP 0.8 (Better API) –Beepcore–java (TLS support) C –Roadrunner 0.9 (More fully implemented) –Beepcore–C 0.2 (Abandoned)

No-Hop Tunnel Profile and application can successfully open a tunnel to a host with no firewall in between.

One-Hop Tunnel

Let’s take a look.

Tunnel host1.example.com proxy.example.com host2.example.com Transport Connect Usually TCP

Tunnel host1.example.com proxy.example.com host2.example.com Transport Connect BEEP Greeting Advertise services (Tunnel, maybe others)

Tunnel host1.example.com proxy.example.com host2.example.com Transport Connect BEEP Greeting Start Tunnel

Tunnel host1.example.com proxy.example.com host2.example.com Transport Connect BEEP Greeting Start Tunnel Transport Connect Usually TCP

Tunnel host1.example.com proxy.example.com host2.example.com Transport Connect BEEP Greeting Start Tunnel Transport Connect BEEP Greeting Advertise services (Tunnel, maybe others)

Tunnel host1.example.com proxy.example.com host2.example.com Transport Connect BEEP Greeting Start Tunnel Transport Connect BEEP Greeting Start Tunnel

Tunnel host1.example.com proxy.example.com host2.example.com Transport Connect BEEP Greeting Start Tunnel Transport Connect BEEP Greeting Start Tunnel OK

Tunnel host1.example.com proxy.example.com host2.example.com Transport Connect BEEP Greeting Start Tunnel OK Transport Connect BEEP Greeting Start Tunnel OK proxy now transparently forwards messages

Tunnel host1.example.com proxy.example.com host2.example.com Transport Connect BEEP Greeting Start Tunnel OK Transport Connect BEEP Greeting Start Tunnel OK BEEP Greeting Advertise services (proxy now invisible)

Future Work Firewall daemon (Enforce Security Policy) Multi–Hop Proxying More interoperability testing between C and Java implementations. Support for java server as proxy? Bug squashing Final report

Spring Schedule

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.