CIT 480: Securing Computer Systems

Similar documents
Firewalls, Tunnels, and Network Intrusion Detection

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1

Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,

IPSec. Overview. Overview. Levente Buttyán

CIS 6930/4930 Computer and Network Security. Topic 8.1 IPsec

Virtual Private Networks (VPN)

Virtual Private Networks.

The IPsec protocols. Overview

Network Security Protocols NET 412D

Service Managed Gateway TM. Configuring IPSec VPN

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

Cisco How Virtual Private Networks Work

IP Security IK2218/EP2120

Internet Security. - IPSec, SSL/TLS, SRTP - 29th. Oct Lee, Choongho

Creating VPN s with IPsec

CSE543 Computer and Network Security Module: Network Security

IP Security. Have a range of application specific security mechanisms

Protocol Architecture (2) Suguru Yamaguchi Nara Institute of Science and Technology Department of Information Science

CIT 480: Securing Computer Systems

CSCE 715: Network Systems Security

CSC 6575: Internet Security Fall 2017

CSE509: (Intro to) Systems Security

Network Encryption 3 4/20/17

Configuration of an IPSec VPN Server on RV130 and RV130W

Int ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28

Virtual Private Networks

VPN and IPsec. Network Administration Using Linux. Virtual Private Network and IPSec 04/2009

VPN Ports and LAN-to-LAN Tunnels

Cryptography and Network Security. Sixth Edition by William Stallings

Network Security Fundamentals

TCP/IP Filtering. Main TCP/IP Filtering Dialog Box. Route Filters Button. Packet Filters Button CHAPTER

Virtual Private Networks

IPSec implementation for SCTP

HUAWEI USG6000 Series Next-Generation Firewall Technical White Paper VPN HUAWEI TECHNOLOGIES CO., LTD. Issue 1.1. Date

Analysis of VPN Protocols

School of Computer Sciences Universiti Sains Malaysia Pulau Pinang

Cryptography and Network Security Chapter 16. Fourth Edition by William Stallings

VPN Overview. VPN Types

Firewalls. IT443 Network Security Administration Slides courtesy of Bo Sheng

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )

SSL VPN Virtual Private Networks based on Secure Socket Layer

Virtual Private Network

INTERNET PROTOCOL SECURITY (IPSEC) GUIDE.

Case 1: VPN direction from Vigor2130 to Vigor2820

CONTENTS. vii. Chapter 1 TCP/IP Overview 1. Chapter 2 Symmetric-Key Cryptography 33. Acknowledgements

Lehrstuhl für Netzarchitekturen und Netzdienste Fakultät für Informatik Technische Universität München. ilab. Lab 8 SSL/TLS and IPSec

The Internet community has developed application-specific security mechanisms in a number of application areas, including electronic mail (S/MIME,

AIT 682: Network and Systems Security

Virtual private networks

CPET 581 E-Commerce & Business Technologies. References

Netzwerksicherheit [NetSec]

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to

Module 9. Configuring IPsec. Contents:

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

CSC 4900 Computer Networks: Security Protocols (2)

CS 393 Network Security. Nasir Memon Polytechnic University Module 13 Virtual Private Networks

Configuring L2TP over IPsec

Active Directory in Networks Segmented by Firewalls

Netzwerksicherheit [NetSec] Systemsicherheit [SysSec]

HC-711 Q&As. HCNA-CBSN (Constructing Basic Security Network) - CHS. Pass Huawei HC-711 Exam with 100% Guarantee

Sample excerpt. Virtual Private Networks. Contents

This chapter discusses the statistics used to monitor the VPN activity on the BANDIT products.

HP Instant Support Enterprise Edition (ISEE) Security overview

Network Security: IPsec. Tuomas Aura T Network security Aalto University, Nov-Dec 2014

ISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version :

Cryptography and Network Security

IP Security. Cunsheng Ding HKUST, Kong Kong, China

CIT 380: Securing Computer Systems. Network Security Concepts

IPsec (AH, ESP), IKE. Guevara Noubir CSG254: Network Security

Distributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013

IBM i Version 7.2. Security Virtual Private Networking IBM

Time Synchronization Security using IPsec and MACsec

IPSec VPN Setup with IKE Preshared Key and Manual Key on WRVS4400N Router

Lecture 9: Network Level Security IPSec

Microsoft Privacy Protected Network Access: Virtual Private Networking and Intranet Security

Introduction to IPsec. Charlie Kaufman

Set Up a Remote Access Tunnel (Client to Gateway) for VPN Clients on RV016, RV042, RV042G and RV082 VPN Routers

CloudBridge :31:07 UTC Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement

Virtual Tunnel Interface

Lecture 12 Page 1. Lecture 12 Page 3

Network Security - ISA 656 IPsec IPsec Key Management (IKE)

Network Security and Cryptography. December Sample Exam Marking Scheme

A Technical Overview of the Lucent Managed Firewall

Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2.

Data Communication Prof.A.Pal Dept of Computer Science & Engineering Indian Institute of Technology, Kharagpur Lecture - 40 Secured Communication - II

DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0

CS 356 Internet Security Protocols. Fall 2013

Cryptography and secure channel. May 17, Networks and Security. Thibault Debatty. Outline. Cryptography. Public-key encryption

Junos Security. Chapter 8: IPsec VPNs Juniper Networks, Inc. All rights reserved. Worldwide Education Services

CTS2134 Introduction to Networking. Module 08: Network Security

How to Configure Forcepoint NGFW Route-Based VPN to AWS with BGP TECHNICAL DOCUMENT

HW/Lab 4: IPSec and Wireless Security. CS 336/536: Computer Network Security DUE 11 am on 12/01/2014 (Monday)

Hillstone IPSec VPN Solution

... Lecture 10. Network Security I. Information & Communication Security. Prof. Dr. Kai Rannenberg

review of the potential methods

Transport Level Security

Internet Protocol and Transmission Control Protocol

Application Layer. Presentation Layer. Session Layer. Transport Layer. Network Layer. Data Link Layer. Physical Layer

On the Internet, nobody knows you re a dog.

VPN Auto Provisioning

Transcription:

CIT 480: Securing Computer Systems Tunneling and VPNs CIT 480: Securing Computer Systems Slide #1

Topics 1. Tunneling 1. Encapsulation 2. Security 3. SSH 2. Virtual Private Networks 1. Site-to-site 2. Remote access CIT 480: Securing Computer Systems Slide #2

Tunneling Tunneling: Encapsulation of one network protocol in another protocol Carrier Protocol: protocol used by network through which the information is travelling (usually IP). Encapsulating Protocol: protocol (GRE, IPsec, SSL) that is wrapped around original data. Passenger Protocol: protocol that carries original data (usually IP). Can be used to encrypt connections or provider other security features not available to passenger protocol. CIT 480: Securing Computer Systems Slide #3

Tunneling Encapsulation Passenger Protocol Carrier Protocol Encapsulating Protocol CIT 480: Securing Computer Systems Slide #4

Tunneling vs. Eavesdropping Client Encapsulating protocol (does end-to-end encryption and decryption) Server TCP/IP Untrusted Internet TCP/IP Payloads are encrypted here Slide #5

IPsec IPsec is a protocol suite for securing IP communications by authenticating and encrypting each packet. AH: enables recipient to identify originator of message and verify message integrity. Provides protection against replay attacks. ESP: encrypts the packet payload to protect confidentiality. IKE: protocol for endpoints to exchange encryption keys. Slide #6

IPsec Encapsulation Slide #7

SSH Tunneling CIT 480: Securing Computer Systems Slide #8

SSH Tunneling SSH can tunnel a single TCP port if SSH is available on both client and server. User has login on both client and server. SSH command to create tunnel is running. SSH calls this capability port forwarding. Tunneling protocols for an SSH tunnel: Carrier Protocol: IP Encapsulating Protocol: ssh Passenger Protocol: TCP on a specific port CIT 480: Securing Computer Systems Slide #9

POP-3 Forwarding Example Requirements Securely retrieve e-mail via POP3 from pop3svr. The default TCP port for POP3 is 110. User has account named user on pop3svr. ssh -L 110:pop3svr:110 -l user pop3svr Uses ssh to login to pop3svr as user Creates tunnel from port 110 (leftmost port #) on localhost localhost to port 110 (rightmost post #)of pop3svr User configures mail client to use localhost as POP3 server, server, then proceeds as normal CIT 480: Securing Computer Systems Slide #10

IPSec IPSec defines a set of protocols to provide confidentiality and authenticity for IP packets Each protocol can operate in one of two modes, transport mode or tunnel mode. In transport mode, additional IPsec header information is inserted before the data of the original packet, and only the payload of the packet is encrypted or authenticated. In tunnel mode, a new packet is constructed with IPsec header information, and the entire original packet, including its header, is encapsulated as the payload of the new packet. CIT 480: Securing Computer Systems Slide #11

Virtual Private Network (VPN) Site to Site VPN Remote Access VPN CIT 480: Securing Computer Systems Slide #12

Virtual Private Network A private network consisting of multiple networks connected by a private tunnel through a public network instead of dedicated leased lines. Requirements Confidentiality: encryption Integrity: MACs, sequencing, timestamps Firewall Interactions Tunnel all protocols via encapsulating protocol. Firewall permits encapsulating protocol through. CIT 480: Securing Computer Systems Slide #13

Types of VPNs Remote access VPNs allow authorized clients to access a private network that is referred to as an intranet. For example, an organization may wish to allow employees access to the company network remotely but make it appear as though they are local to their system and even the Internet itself. To accomplish this, the organization sets up a VPN endpoint, known as a network access server, or NAS. Clients typically install VPN client software on their machines, which handle negotiating a connection to the NAS and facilitating communication. Site-to-site VPN solutions are designed to provide a secure bridge between two or more physically distant networks. Before VPN, organizations wishing to safely bridge their private networks purchased expensive leased lines to directly connect their intranets with cabling. CIT 480: Securing Computer Systems Slide #14

VPN and Firewall Architecture Behind the Firewall In front of the Firewall CIT 480: Securing Computer Systems Slide #15

Key Points 1. Tunneling 1. Carrier protocol 2. Encapsulating protocol 3. Passenger protocol 2. Encapsulating protocols 1. IPsec 2. ssh 3. Virtual Private Networks 1. Site-to-site 2. Remote access 3. VPN/Firewall architecture CIT 480: Securing Computer Systems Slide #16

References 1. William Cheswick, Steven Bellovin, and Avriel Rubin, Firewalls and Internet Security, 2 nd edition, 2003. 2. Simson Garfinkel, Gene Spafford, and Alan Schwartz, Practical UNIX and Internet Security, 3 rd edition, O Reilly & Associates, 2003. 3. Goodrich and Tammasia, Introduction to Computer Security, Pearson, 2011. 4. Ed Skoudis, Counter Hack Reloaded, Prentice Hall, 2006. 5. Elizabeth Zwicky, Brent Chapman, Simon Cooper, Building Internet Firewalls, 2 nd edition, O Reilly & Associates, 2000. CIT 480: Securing Computer Systems Slide #17

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback