We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Modified over 4 years ago
1 © NOKIA Presentation_Name.PPT / DD-MM-YYYY / Initials Company Confidential The Internet offers no inherent security services to its users; the data transmitted in the Internet is insecure and vulnerable to various kinds of attacks. The data that is transmitted can be altered in transit, the source address of the data packets can be altered, the data packets can be intercepted and resent, etc. This thesis introduces two different security protocols, namely IPSEC and SSH, on a F-server platform in a single-point-of-contact environment, and evaluates each protocols suitability and PKI extension for the given environment. Literature survey
2 © NOKIA Presentation_Name.PPT / DD-MM-YYYY / Initials Company Confidential Secure Shell in a clustered single-point-of- contact corporate environment By Olli Tuominen Supervisor Jorma Jormakka SSH IPSEC
3 © NOKIA Presentation_Name.PPT / DD-MM-YYYY / Initials Company Confidential Security attacks Active attack Passive attack Security services Authentication Data confidentiality Data Integrity No repudiation Cryptographic basics Types of cryptographic functions secret key cryptography public key cryptography key management Hash algorithms Digital signatures and authentication protocols
4 © NOKIA Presentation_Name.PPT / DD-MM-YYYY / Initials Company Confidential The most important development from the work on public key cryptography is the digital signature public-key authentication allows people to check the integrity of signed documents Digital signatures provide the highest levels of data integrity, since any tampering after signing invalidates the signature. They also provide unforgeable origin authentication, since they are based on the sender's private signing key, and authenticated by the public verifying key. Both protocols SSH and IPSEC are cryptographically equally strong
5 © NOKIA Presentation_Name.PPT / DD-MM-YYYY / Initials Company Confidential PKI Security in different levels of the TCP/IP stack Application LayerApplication Protocol SSH Transport LayerTCP/UDPTLS Network LayerIPIPSEC Data Link Layer
6 © NOKIA Presentation_Name.PPT / DD-MM-YYYY / Initials Company Confidential SSH protocol overview IPSEC protocol overview Protocol evaluation Analysis -Security criteria -Interoperability criteria - Complexity of deployment criteria - Environment usability criteria -Scalability criteria
7 © NOKIA Presentation_Name.PPT / DD-MM-YYYY / Initials Company Confidential Introduction to the clustered environment Evaluated protocols in conjunction with PKI -SSH with PKI -IPSEC with PKI Investments very similar. Same advantages for both; binding of end-entity to a certificate. SSH vs. IP VPN conclusion -both on different layers, suited for different scenarios -SSH software based, IPSEC VPN usually needs hardware -not necessarily exclusive -IPSEC is more expensive to implement and to maintain, low ROI (return on investment) -IPSEC requires investments also from partnering organizations -IPSEC better suited for VPN use -SSH able to provide end-to-end security, IPSEC not well suited for that -SSH is point-to-point, IPSEC not, IPSEC always open, and encrypts everything, regardless of the need. -> high bandwidth consumption
8 © NOKIA Presentation_Name.PPT / DD-MM-YYYY / Initials Company Confidential -SSH has good interoperability for products with different vendors -IPSEC more easy to use for the end-user -SSH can encrypt applications with known port numbers only -IPSEC can encrypt every application that runs on top of it, including FTP -SSH cannot encrypt FTP traffic properly -Administrative burdens very different in nature for IPSEC and SSH -IPSEC has complex IPSEC policies, with SSH the administrator has to concern himself only with authentication and access control, IPSEC virtually part of the LAN perimeter -Processing delays between SSH and IPSEC are insignificant SFTP vs. IPSEC secured FTP -SFTP provides better control over end users - FTP is inherently a insecure protocol
9 © NOKIA Presentation_Name.PPT / DD-MM-YYYY / Initials Company Confidential -SFTP doesn’t require open ports on the firewall or NAT services PKI integration into the corporate network -previous experiences -recommendations -implementation in a phased approach -benefits
10 © NOKIA Presentation_Name.PPT / DD-MM-YYYY / Initials Company Confidential Conclusions SSH is a very portable protocol, and it has a very wide platform support. SSH implementations are very interoperable, due to the extensive standardization of the protocol. IPSEC has been traditionally more difficult to port to other operating systems. The implementations on different platforms vary greatly for IPSEC. IPSEC is very prone to configuration errors. IPSEC has issues with traversal of firewalls and NATs, more standardization is needed. The needed configurations are much easier for SSH than for IPSEC. SSH is significantly easier to maintain and administer than IPSEC, also after the implementation process. The installation process with IPSEC is significantly more complex. Needs to be integrated into the kernel. The needed policy configuration and centralized management are complex and error prone features.
11 © NOKIA Presentation_Name.PPT / DD-MM-YYYY / Initials Company Confidential SSH not as user friendly, requires tunnel setup configuration from users. Not very transparent. Not suited for VPN functionality. SSH is a point-to-point application, and best suited for terminal use and file transfer. IPSEC very user friendly, problem in providing feedback for the user. More encompassing security solution. The administrative work that comes with IPSEC is far more complex than it is with SSH. SSH scales badly without the use of certificates in distributing its public keys. IPSEC has the same problem with its pre-shared secrets Recommended configurations -SSH implementation and configuration in Linux based clustered environment -Authentication and access control with SSH
12 © NOKIA Presentation_Name.PPT / DD-MM-YYYY / Initials Company Confidential Thank you
Encrypting Wireless Data with VPN Techniques
Internet Protocol Security (IP Sec)
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
Guide to Network Defense and Countermeasures Second Edition
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
SCSC 455 Computer Security Virtual Private Network (VPN)
The Aerospace Clinic 2002 Team Members Nick Hertl (Project Manager) Will Berriel Richard Fujiyama Chip Bradford Faculty Advisor Professor Michael Erlinger.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.
October 22, 2002Serguei A. Mokhov, 1 Intro to Internet-services from Security Standpoint, Part II SOEN321-Information-Systems Security.
Virtual Private Networks and IPSec
Evaluation of an internet protocol security based virtual private network solution Thesis written by Arto Laukka at TeliaSonera Finland Oyj SupervisorProfessor.
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Goal of The Paper What exactly is a VPN? Why do you need a VPN? what are some of the technologies used in deploying a VPN? How does a VPN work?
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Internet Protocol Security (IPSec)
© 2019 SlidePlayer.com Inc. All rights reserved.