Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Communications ● Cleartext vs. encryption and encapsulation ● Protocols not to use ● SSH – scp/ftp – SSH tunnelling ● VPN.

Published byPierce Potter Modified over 7 years ago

Similar presentations

Presentation on theme: "Secure Communications ● Cleartext vs. encryption and encapsulation ● Protocols not to use ● SSH – scp/ftp – SSH tunnelling ● VPN."— Presentation transcript:

1 Secure Communications ● Cleartext vs. encryption and encapsulation ● Protocols not to use ● SSH – scp/ftp – SSH tunnelling ● VPN

2 Cleartext vs. Security ● Once upon a time, the Internet was a friendly place ● Most communications (rsh, telnet, ftp) used cleartext authentication, in which usernames and passwords were sent over the network without any effort to hide them ● This is no longer appropriate!

3 Review: IP Datagram ● The header contains info about the type of datagram this is and the source and destination IP addresses ● The data appears without any encryption whatsoever; a packet sniffer can read your username, password, private data, etc. IP headersUnencrypted data

4 Encryption ● The datagram headers are left unchanged, but the data is encrypted. ● Example: encrypted telnet (uses Kerberos session key as encryption key) kinit username@IASTATE.EDU telnet -faxl username isua1.iastate.edu IP headersEncrypted data

5 Encapsulation ● The data is hidden, and the port number can be altered to override firewall settings. IP headersUnencrypted data Encrypted datagram New IP header The packet is encrypted......and encapsulated in a new datagram.

6 Secure Shell ● Replaces rsh, telnet, ftp ● Provides encrypted connection between host and client ● Provides user authentication based on public/private keys or passwords ● Multiple datastreams can be multiplexed through the SSH connection

7 SSH connection (3 layers) ● Transport Protocol: host and client connect on port 22 and negotiate encryption and optional compression protocols ● User Authentication Protocol: User is authenticated by – Public/private key exchange – Password (cleartext but encrypted) – Other methods (GSSAPI/Kerberos V) ● Connection Protocol: user channel is multiplexed into several logical data channels

8 Text-mode SSH ● Replaces rsh, rlogin and telnet ● Use ssh username@hostname ● If you haven't connected to that host before, you may be asked to accept the host's public key (this can be turned off for greater security)

9 SCP and SFTP ● To copy files to or from a secure host ● To: scp filename username@host:filename ● From: scp username@host:filename filename ● Secure FTP (sftp) looks like the normal ftp client, but uses ssh as the tunnel: sftp username@hostname

10 X over SSH ● X is a cleartext protocol and inherently insecure ● Running X through an SSH tunnel makes it an encrypted connection ● Log in with ssh -X username@hostname then start X applications on the host. ● ssh -x disables X tunneling

11 Tunneling Other Protocols ● Forward port nnn on the client to port mmm on the host: ssh -L nnn:hostname:mmm user@hostname ● Forward port mmm on the host to port nnn on the client ssh -R nnn:hostname:mmm user@hostname ● For info on using VNC over SSH, see http://www.it.iastate.edu/pub/lnt315/lnt315.pdf

12 Virtual Private Network (VPN) ● Used to connect a remote machine or LAN to corporate LAN over the Internet – Eliminates expensive dedicated lines – Maintains security via encryption – Allows remote machines to appear as if they have a "campus" IP address

13 Connecting a Remote Machine to a LAN Hub VPN Router The Internet The VPN provides an encrypted tunnel through the insecure Internet.

14 VPN Hardware ● Server side: – Almost always dedicated hardware (could use a Linux machine, but quickly becomes performance limited) ● Client side: – For single remote machine, use software on client machine – For small to large LAN, use another dedicated router

15 VPN Implementations ● PPP over SSH – Connects PPP client to PPP server through an SSH tunnel instead of a dialup connection – Simple to implement, but subject to serious timing problems – http://www.tldp.org/HOWTO/ppp-ssh/index.html

16 VPN Implementations ● Point-to-Point Tunneling Protocol (PPTP) – Microsoft implementation (Windows NT) – Uses PPP through a data channel (which may be encrypted and/or compressed) and a separate control channel – Not considered very secure – See http://pptpclient.sourceforge.net/ and http://www.poptop.org/

17 VPN Implementations ● IPsec – one channel for authentication and exchanging encryption keys, plus one or more data channels; two protocols at the IP level plus one at a higher level – Used by the ISU VPN server and newer versions of Windows – See http://tldp.org/HOWTO/VPN-Masquerade- HOWTO.html

18 VPN Implementations ● CIPE – designed specifically for building encrypting routers – tunnels encrypted IP packets in UDP packets, so can forward all types of TCP/IP packets – Linux and Windows implementations: see http://sourceforge.net/projects/cipe-linux and http://cipe-win32.sourceforge.net/

19 VPN@ISU ● VPN servers at ISU are administered by ITS ● Software is available from http://www.sitelicensed.iastate.edu http://www.sitelicensed.iastate.edu ● To install in Linux, you must have the kernel source installed (package kernel-source)

Download ppt "Secure Communications ● Cleartext vs. encryption and encapsulation ● Protocols not to use ● SSH – scp/ftp – SSH tunnelling ● VPN."

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206) 217-7048

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
SCSC 455 Computer Security Virtual Private Network (VPN)

SCSC 455 Computer Security Virtual Private Network (VPN)
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Virtual Private Networks and IPSec

Virtual Private Networks and IPSec
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Telnet/SSH Tim Jansen, Mike Stanislawski. TELNET is short for Terminal Network Enables the establishment of a connection to a remote system, so that the.

Telnet/SSH Tim Jansen, Mike Stanislawski. TELNET is short for Terminal Network Enables the establishment of a connection to a remote system, so that the.
TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.

TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.
Remote Networking Architectures

Remote Networking Architectures
Network Address Translation, Remote Access and Virtual Private Networks BSAD 146 Dave Novak Sources: Network+ Guide to Networks, Dean 2013.

Network Address Translation, Remote Access and Virtual Private Networks BSAD 146 Dave Novak Sources: Network+ Guide to Networks, Dean 2013.
Virtual Private Network (VPN) © N. Ganesan, Ph.D..

Virtual Private Network (VPN) © N. Ganesan, Ph.D..
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
1 © J. Liebeherr, All rights reserved Virtual Private Networks.

1 © J. Liebeherr, All rights reserved Virtual Private Networks.
VPN TUNNELING PROTOCOLS PPTP, L2TP, L2TP/IPsec Ashkan Yousefpour Amirkabir University of Technology.

VPN TUNNELING PROTOCOLS PPTP, L2TP, L2TP/IPsec Ashkan Yousefpour Amirkabir University of Technology.
Module 11: Supporting Remote Users. Overview Establishing Remote Access Connections Connecting to Virtual Private Networks Configuring Authentication.

Module 11: Supporting Remote Users. Overview Establishing Remote Access Connections Connecting to Virtual Private Networks Configuring Authentication.
NetComm Wireless VPN Functionality Feature Spotlight.

NetComm Wireless VPN Functionality Feature Spotlight.
1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.

1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.
Understanding VPN Concepts Virtual Private Network (VPN) enables computers to –Communicate securely over insecure channels –Exchange private encrypted.

Understanding VPN Concepts Virtual Private Network (VPN) enables computers to –Communicate securely over insecure channels –Exchange private encrypted.

Similar presentations

Ads by Google