SOCKS By BITSnBYTES (Bhargavi, Maya, Priya, Rajini and Shruti)

Slides:

Advertisements

Similar presentations

Enabling Secure Internet Access with ISA Server

Advertisements

Chapter 17 Networking Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles, 6/E William.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

Module 5: Configuring Access to Internal Resources.

Network Layer and Transport Layer.

The Aerospace Clinic 2002 Team Members Nick Hertl (Project Manager) Will Berriel Richard Fujiyama Chip Bradford Faculty Advisor Professor Michael Erlinger.

Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

Circuit & Application Level Gateways CS-431 Dick Steflik.

Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion.

Remote Networking Architectures

Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

Understanding VPN Concepts Virtual Private Network (VPN) enables computers to –Communicate securely over insecure channels –Exchange private encrypted.

Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.

CLIENT A client is an application or system that accesses a service made available by a server. applicationserver.

Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Intranet, Extranet, Firewall. Intranet and Extranet.

Human-Computer Interface Course 5. ISPs and Internet connection.

1 3 Web Proxies Web Protocols and Practice. 2 Topics Web Protocols and Practice WEB PROXIES  Web Proxy Definition  Three of the Most Common Intermediaries.

CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.

SOCKS Group: Challenger Member: Lichun Zhan. Agenda Introduction SOCKS v4 SOCKS v5 Summary Conclusion References Questions.

Lesson 24. Protocols and the OSI Model. Objectives At the end of this Presentation, you will be able to:

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 3: TCP/IP Architecture.

Chapter 6: Packet Filtering

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Services Working at a Small-to-Medium Business or ISP – Chapter 7.

Chapter 13 – Network Security

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.

Jaringan Komputer Dasar OSI Transport Layer Aurelio Rahmadian.

Networks – Network Architecture Network architecture is specification of design principles (including data formats and procedures) for creating a network.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Services Networking for Home and Small Businesses – Chapter 6.

Hands-On Microsoft Windows Server Introduction to Remote Access Routing and Remote Access Services (RRAS) –Enable routing and remote access through.

Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.

SOCKS (SOCKet Secure) Presentation by: Group KangKong

1 Networking Chapter Distributed Capabilities Communications architectures –Software that supports a group of networked computers Network operating.

Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.

1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

Tunneling and Securing TCP Services Nathan Green.

1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.

© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.

Application Layer Khondaker Abdullah-Al-Mamun Lecturer, CSE Instructor, CNAP AUST.

BASIC INTERNET PROTOCOLS: http, ftp, telnet. Mirela Walczak.

Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.

Protocols COM211 Communications and Networks CDA College Olga Pelekanou

1 Firewalls - Introduction l What is a firewall? –Firewalls are frequently thought of as a very complex system that is some sort of magical, mystical..

Lesson 2a © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—2-1 Firewall Technologies and the Cisco Security Appliance.

1 An Introduction to Internet Firewalls Dr. Rocky K. C. Chang 12 April 2007.

TOOLS FOR PROXYING. Tools for Proxying Many available applications provide proxy capabilities. The major commercial vendors have embraced hybrid technologies.

Securing Access to Data Using IPsec Josh Jones Cosc352.

IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.

Presented By Hareesh Pattipati.  Introduction  Firewall Environments  Type of Firewalls  Future of Firewalls  Conclusion.

IST 201 Chapter 11 Lecture 2. Ports Used by TCP & UDP Keep track of different types of transmissions crossing the network simultaneously. Combination.

Team: Unison Richard Bhuleskar Atul Patil Vinit Mahedia Virendra Kucherriya Vasanthnag Vasili.

Working at a Small-to-Medium Business or ISP – Chapter 7

Chapter 3: Windows7 Part 4.

Working at a Small-to-Medium Business or ISP – Chapter 7

File Transfer Protocol

* Essential Network Security Book Slides.

Working at a Small-to-Medium Business or ISP – Chapter 7

1 TRANSMISSION CONTROL PROTOCOL / INTERNET PROTOCOL (TCP/IP) K. PALANIVEL Systems Analyst, Computer Centre Pondicherry University, Puducherry –

Introduction to Network Security

Cengage Learning: Computer Networking from LANs to WANs

Computer Networks Protocols

Presentation transcript:

SOCKS By BITSnBYTES (Bhargavi, Maya, Priya, Rajini and Shruti)

Outline Definition History Major components Working Features Functions Applications

Need for protocol Widespread use of firewalls Need to provide a general framework for sophisticated application layer protocols to transparently and securely traverse a firewall with strong authentication capabilities Need to provide a framework for client-server applications in both TCP and UDP domains to conveniently and securely use the services of a network firewall

What is SOCKS? Acronym for SOCKet Secure Networking proxy protocol for TCP/IP based network applications Intermediate layer between application layer and transport layer

History Originally developed by David Koblas in 1992 Protocol extended to version 4 by Ying-Da Lee of NEC Designed to allow clients to communicate with Internet servers through firewalls Two major versions of SOCKS –  SOCKS V4  SOCKS V5

Components of SOCKS SOCKS server – implemented at the application layer SOCKS client – implemented between application and transport layer SOCKS Server SOCKS ClientApplication LayerTransport Layer Application Layer Secure Proxy data channel

How does it work? Establishes a secure proxy data channel between two computers in a client/server environment SOCKS server handles requests from clients inside a network's firewall and allows/rejects connection requests, based on the requested Internet destination or user identification Once a connection and a subsequent "bind" request have been set up, the flow of information exchange follows the usual protocol Client's perspective - SOCKS is transparent Server's perspective - SOCKS is a client

How does it work? SOCKS is typically implemented on proxy servers SOCKS uses sockets to represent and keep track of individual connections Client side of SOCKS is built into Web browsers Server side can be added to a proxy server The SOCKS server –  authenticates and authorizes requests  establishes a proxy connection  relays data between hosts

Relation with OSI reference model

Purpose of SOCKS Enables Hosts on one side of the SOCKS server to gain access to the other side of the SOCKS server without requiring direct IP-reachability Clients behind a firewall wanting to access exterior servers connect to a SOCKS proxy server which controls the eligibility of the client to access the external server and passes the request on to the server.

Major Functions The SOCKS protocol performs four functions:  Making connection requests  Setting up proxy circuits  Relaying application data  Performing user authentication (optional)

Two versions of SOCKS SOCKSv4  Makes connection request  Sets up proxy server  Relays application data SOCKSv5  Adds authentication to V4 - Username/Password (RFC 1929) - GSS-API (RFC 1961)  Authentication Method Negotiation  Address Resolution Proxy  UDP proxy

Control flow of SOCKS

Features Allows for transparent network access across multiple proxy servers Provides a flexible framework for developing secure communications by easily integrating other security technologies Rapid deployment of new network applications Simple network security policy management

Benefits Single communication protocol to authenticate users and establish communication channels Universal – works with several internet protocols Application-Independent proxy Can be used with either UDP or TCP based protocols Bi-directional proxy support

Benefits (continued..) Easy deployment of authentication and encryption methods Firewall tunneling service - allows many machines behind a firewall to access the Internet without actually being on the Internet themselves

Drawbacks SOCKS v4 does not support UDP and authentication The SOCKSv5 protocol does not support SOCKSv4 protocol SOCKS implementations do not support data encryption (except for some commercial software) making data transfers vulnerable to interception

Applications Most common use - Network firewall Authorized data relay between Hosts Supported as a proxy configuration option in popular Web browsers and instant messaging programs Found in some VPN implementations Emerging as one of the best ways to secure multimedia applications across the Internet

Summary SOCKS is easy to deploy and manage SOCKS is transparent to the user, while providing multiple layers of security Allows client-server applications to transparently use the services of a network firewall without requiring direct IP- rechability

References RFC base SOCKS v5 specification RFC 1929, RFC additional details CKSGeneralFAQ/index.asp CKSGeneralFAQ/index.asp

The SOCKS reference architecture and client are owned by Permeo Technologies, spin-off from NEC. NEC Corporation has promoted SOCKS. A SOCKSv4 implementation is available through anonymous ftp from ftp://ftp.nec.com:/pub/socks/ftp://ftp.nec.com:/pub/socks/ SOCKV5 Reference implementation by Permeo.

Questions?