• No results found

Computer Networks. Secure Systems

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Computer Networks. Secure Systems"

Copied!
24
0
0

Loading.... (view fulltext now)

Download now ( 24 Page )

Full text

(1)

Computer Networks

(2)

Summary

Common Secure Protocols

(3)

Secure Shell (SSH)

A protocol to allow secure login to a

remote machine

Provides the following guarantees…

 Privacy (via encryption)

(4)

SSH (Cont…)

SSH is a suite of protocols

 SSH-TRANS (transport protocol)

 SSH-AUTH (authentication protocol)  SSH-CONN (connection protocol)

(5)

SSH-TRANS & SSH-AUTH

 Use TCP to create a connection to the host and

authenticate (the host) using RSA.

 How do you authenticate the servers public key?

 A symmetric session key is then established

and used.

 The user then needs to authenticate their id

with the remote host.

(6)

SSH-CONN

Extends SSH to support applications

other than a remote shell.

 X Windows

 IMAP mail clients  Etc…

How?

(7)

Port Forwarding

 Uses SSH to form a secure tunnel between

hosts.

 When data arrives at host B, SSH will forward

the incoming data to the appropriate port.

Application

client Applicationserver

SSH Forwarded connection SSH Direct connection

(8)

HTTPS

 HTTPS = HTTP running on Secure Channel

 Originally the secure channel was SSL

 Developed by Netscape

 The new standard is TLS

 Developed by IETF

(9)

Transport Layer Security (TLS)

Allows for a variety of different security

algorithms to be used.

 Both sides agree to a set of algorithms

Application (e.g., HTTP) Secure transport layer

TCP IP

(10)

IPSec

A framework for providing security

services to the network layer

Optional in IPv4 but mandatory in IPv6

Idea: if you provide security in a lower

(11)

IPSec (Cont…)

2 Types

 Authentication Header

• Authentication only

 Encapsulating Security Payload

• Authentication plus confidentiality

ESP encrypts the entire IP payload. Why

is this a problem?

(12)

Summary

Common Secure Protocols

(13)

WPA2

WiFi Protected Access 2

 Can be broken into two logical units…

• Authentication

• Encryption

Why not talk about other protocols?

 WEP (virtually useless)

(14)

WPA2 Authentication

 Supports 2 Authentication Mechanisms

 Pre-shared Key (PSK)

 Extensible Authentication Protocol (EAP)

 PSK

 common in homes and home offices.

 requires that both the host and access point share a

common key

 EAP

 Usually implemented in enterprises using a RADIUS

(15)

WPA2 Encryption

 After authenticating the wireless device then

establishes a “session key” with the access point.

 The “session key” is really a collection of keys

that is used by the Temporal Key Integrity Protocol (TKIP)

 Each frame transmitted encrypts the data using

(16)

TKIP

Ensures that each packet is sent with its

own unique encryption key

If an attacker knows the initial set of keys

then they can decrypt the traffic

It is computationally infeasible to

(17)

Summary

Common Secure Protocols

(18)

Firewall

A system which is a sole point of

connectivity between a network and all

other external networks and protects that

network from the external networks

(19)

Firewall Services

 The key service is access control

 decides which message flow into and out of the

network

• Example: disallow any outgoing messages from a specific IP

Allows admins to create zones of trust

 The three common zones are…

• Internal Network

• Demilitarized Zone (DMZ)

(20)

Zones of Trust

 You can define an arbitrary number of zones

 Each subsequent zone must be less restrictive than

the previous

 Common Setup

 Internal Network -- trust everything in this zone

 DMZ -- allow external network access but the internal

network hosts see this host as outside the firewall

 External Network -- donʼt trust anyone out here

 If you donʼt trust someone you can still

(21)

Access Control

 Filter based on IP, TCP, UDP, and other

headers.

 Uses the data provided and a set of rules to

determine whether or not to forward the traffic

 Rules are configured in the firewall

 There can be a lot of rules to manage

 If a rule is missing or malformed it can create an

(22)

Stateful Firewalls

 Many programs dynamically assign clients port

numbers. Consider the following scenario…

 Internal host initiates connection to external host

using a dynamic port

 External host responds to the client  What will the firewall do?

 Stateless firewall -- discard the data

 Stateful firewall -- allow the data through

 Keeps track of the state of all connections to allow

(23)

Summary

Common Secure Protocols

(24)

Discussion Questions

Benefits of a firewall?

Problems with firewalls?

Open Q/A on any remaining security

References

Download now ( PDF - 24 Page - 117.65 KB )

Related documents

Population receptive field tuning properties of visual cortex during childhood

therefore used population receptive field (pRF) mapping (Dumoulin and Wandell, 2008) to investigate whether late childhood improvements in spatial vision are reflected in

Towards the future-proofing of UK infrastructure

Increasingly,  in  their  respective  roles,  infrastructure  owners,  designers,  builders,  governments   and  operators  are  being  required  to  consider

Invest in Canada BUSINESS SERVICES. Canada s competitive advantages

The following Canadian and foreign cities selected for benchmarking are locations likely to have several types of business services providers, including accounting,

INDUSTRY OVERVIEW SOURCE OF INFORMATION

These include 12 natural gas supply and demand, natural gas production and exploration activity, natural gas reserves in place, natural gas storage capacities and activities,

FEU CBO 2017 Tax Last Minute Tips 11.11.17 v3

The appeal shall be filed within fifteen (15) days from notice of the trial court’s decision. The CTA’s decision may then be appealed before the SC through a petition for

The Beautiful Struggle Of Black Feminism: Changes In Representations Of Black Womanhood Examined Through The Artwork Of Elizabeth Catlett And Mickalene Thomas

Jones moved to Harlem and began the Black Arts Repertory Theater/ School (BARTS). The creation of BART marked the beginning of the Black Arts Movement. As the Black

Schumpeter, History of Economic Analysis.

res mathematicas solemus, inquirerem sedulo curavi (I have sedulously tried.. Aesthetical and ethical values were thus explained in a manner suggestive of that in which Italian

Diagnosis of meningioma by time-resolved fluorescence spectroscopy

Using an instrumental apparatus that enables simultaneous recording of both time- integrated 共spectra兲 and time-resolved fluorescence, this study intends to 共1兲 determine