Presentation is loading. Please wait.

Presentation is loading. Please wait.

Team: Unison Richard Bhuleskar Atul Patil Vinit Mahedia Virendra Kucherriya Vasanthnag Vasili.

Similar presentations


Presentation on theme: "Team: Unison Richard Bhuleskar Atul Patil Vinit Mahedia Virendra Kucherriya Vasanthnag Vasili."— Presentation transcript:

1 Team: Unison Richard Bhuleskar Atul Patil Vinit Mahedia Virendra Kucherriya Vasanthnag Vasili

2  Abbreviation for “SOCKetS”.  Allows client-server applications to transparently use the services which are behind network firewall.  General Proxy for TCP/IP based applications.

3  Need generic framework to transparently and securely traverse firewall.  Need strong authentication for traversal.  Conveniently and Securely use firewall services.

4 SOCKS and OSI Application Transport Physical Application Transport Physical Transport Physical ClientFirewall (SOCKS Proxy) Server

5 SOCKS Connection SOCKS SERVER Internet Web server Amazon.com SOCKS request Firewall Corporate network

6 Packet changes Destination address: amazon.com Destination port: 80 (HTTP) Data: "GET /page.html“ Destination address: socks_server.com Destination port: TCP 1080 (SOCKS) Data: Destination address = amazon.com, Destination port = TCP 80 (HTTP), Data = "GET /page.html"

7 SOCKS Flexibility SOCKS SERVER Internet SOCKS (HTTP) Firewall SOCKS (FTP) HTTP Server FTP Server

8 SOCKS in your system

9 SOCKS: Client Server Rendezvous  Client Sends The Message to Server :  Server Says :  VERNMETHODSMETHOD 111 to 255 VERMETHOD 11

10 SOCKS : Request Structure VERCMD RSV ATYP DST.ADDRDST.PORT 11X’00’1Variable2 Where,  VER : protocol version : X'05'  CMD : CONNECT : X'01' BIND : X'02' UDP ASSOCIATE : X'03'  RSV : RESERVED  ATYP : address type of following address IP V4 address : X'01‘ DOMAINNAME : X'03‘ IP V6 address : X'04‘  DST.ADDR desired destination address  DST.PORT desired destination port in network octet order

11 SOCKS : Reply Structure VERREP RSV ATYP BIND.ADDRBIND.PORT 11X’00’1Variable2 Where,  VER : protocol version : X'05'  CMD : X'00' succeeded X'01' general SOCKS server failure X'02' connection not allowed by ruleset X'03' Network unreachable X'04' Host unreachable X'05' Connection refused X'06' TTL expired X'07' Command not supported X'08' Address type not supported X'09' to X'FF' unassigned  BIND.ADDR : Server Bound Address  DST.PORT : Server Bound port in network octet order

12 Features  Transparent network access across multiple servers.  Hides internal network addresses. Only SOCKS server have IP address.  Simple network security policy management.  Rapid deployment of new network application

13 Security Considerations  Designed for application layer protocols to traverse across the firewalls.  Authentication and encapsulation - negotiated between SOCKS server and client.  Authentication mechanisms supported by server are configurable.

14 Benefits  Adds value to security-oriented product.  Only allows configured users to communicate transparently across firewall.  Authenticates user and establishes communication channel.  Use with TCP/UDP. Supports ICMP redirection  Handles all application (HTTP, Telnet, FTP….)

15 Drawbacks  Non Transparent Proxy: Client software needs to be modified. connect()  Rconnect() listen()  Rlisten()  Non Caching Proxy: Does not cache or log, URL that are accessed.

16 Conclusion  SOCKS enhances Firewall usability.  In addition to rule based access, provides user based authentication for external network access.  Useful for corporate networks.

17 References  RFC 1928 - http://faqs.org/rfcs/rfc1928.html  Firewall: In and Out on the net - www.medialab.di.unipi.it/doc/JNetSec/jns_ch12.htm  Tech View: Ten myths about SOCKS - http://www.commsdesign.com/main/1999/06/9906topten.htm  What is SOCKS? http://www.infosecwriters.com/text_resources/pdf/what_is_socks.pdf  SOCKS: Protocol for sessions traversal across firewall securely - http://www.networkdictionary.com/protocols/socks.php  SOCKS - http://en.wikipedia.org/wiki/SOCKS

18


Download ppt "Team: Unison Richard Bhuleskar Atul Patil Vinit Mahedia Virendra Kucherriya Vasanthnag Vasili."

Similar presentations


Ads by Google