Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Aerospace Clinic 2002 Team Members Nick Hertl (Project Manager) Will Berriel Richard Fujiyama Chip Bradford Faculty Advisor Professor Michael Erlinger.

Published byGwendolyn Tyler Modified over 8 years ago

Similar presentations

Presentation on theme: "The Aerospace Clinic 2002 Team Members Nick Hertl (Project Manager) Will Berriel Richard Fujiyama Chip Bradford Faculty Advisor Professor Michael Erlinger."— Presentation transcript:

1 The Aerospace Clinic 2002 Team Members Nick Hertl (Project Manager) Will Berriel Richard Fujiyama Chip Bradford Faculty Advisor Professor Michael Erlinger Aerospace Liaisons Joseph Betser, PhD Rayford Sims

2 Overview Background Information Tunnel Technical Approach –Completed work –Tunnel Demo –Future work Questions

3 Background TCP/IP Network Security Firewalls BEEP IDXP

4 TCP/IP Main protocols used over the Internet Provides reliable, full-duplex, peer-to- peer communication Most current application protocols use this directly: HTTP (web), SMTP (email), etc. Multiple connections to the same machine are handled using ports

5 Network Security Only authorized users should be able to access private networks Some data and services should only be available internally Firewalls are used in most corporations to restrict access to network resources

6 Firewalls Set of rules to restrict network traffic Can filter by any combination of: –Source IP –Destination IP –Port –Protocol Rule sets are usually static

7 BEEP Blocks Extensible Exchange Protocol General framework for the rapid creation of application-level protocols Requires an underlying transport protocol Provides a message framing mechanism and many common service "profiles" Profiles provide transparent addition of properties to a connection (i.e. security)

8 Existing BEEP Profiles SSL/TLS SASL IDXP Others that don’t apply to our system. Tunnel (soon… :-)

9 IDXP Intrusion Detection eXchange Protocol Standard communication of Intrusion Detection messages (IDMEF) Firewall must not block authorized messages

10 Tunnel General purpose proxy routing BEEP profile Our focus is Tunnel for IDXP message

11 Tunnel Uses XML messages to establish a tunnel: Other XML attributes allow routing by IP address, service, or potentially user defined extensions.

12 Alternatives to Tunnel SSH –Application not intended for this purpose VPN –Long lived –Invasive to client IPsec –Requires kernel modification –Few organizations use this

13 Completed Work Evaluated Tunnel Specification Chose BEEP Implementations Implemented –No-Hop Tunnel –One-Hop Tunnel Some interoperability testing

14 Fall Schedule

15 Tunnel Evaluation No standard way to extend the DTD. Previously no IPv6 support in the DTD. Possibility for loops with misconfigured servers. No way to specify a Time-To-Live when using a dynamic route, ie: connecting to a service rather than a host.

16 Beep Implementations: JAVA: –PermaBEEP 0.8 (Better API) –Beepcore–java 0.9.07 (TLS support) C –Roadrunner 0.9 (More fully implemented) –Beepcore–C 0.2 (Abandoned)

17 No-Hop Tunnel Profile and application can successfully open a tunnel to a host with no firewall in between.

18 One-Hop Tunnel

19 Let’s take a look.

20 Tunnel host1.example.com proxy.example.com host2.example.com Transport Connect Usually TCP

21 Tunnel host1.example.com proxy.example.com host2.example.com Transport Connect BEEP Greeting Advertise services (Tunnel, maybe others)

22 Tunnel host1.example.com proxy.example.com host2.example.com Transport Connect BEEP Greeting Start Tunnel

23 Tunnel host1.example.com proxy.example.com host2.example.com Transport Connect BEEP Greeting Start Tunnel Transport Connect Usually TCP

24 Tunnel host1.example.com proxy.example.com host2.example.com Transport Connect BEEP Greeting Start Tunnel Transport Connect BEEP Greeting Advertise services (Tunnel, maybe others)

25 Tunnel host1.example.com proxy.example.com host2.example.com Transport Connect BEEP Greeting Start Tunnel Transport Connect BEEP Greeting Start Tunnel

26 Tunnel host1.example.com proxy.example.com host2.example.com Transport Connect BEEP Greeting Start Tunnel Transport Connect BEEP Greeting Start Tunnel OK

27 Tunnel host1.example.com proxy.example.com host2.example.com Transport Connect BEEP Greeting Start Tunnel OK Transport Connect BEEP Greeting Start Tunnel OK proxy now transparently forwards messages

28 Tunnel host1.example.com proxy.example.com host2.example.com Transport Connect BEEP Greeting Start Tunnel OK Transport Connect BEEP Greeting Start Tunnel OK BEEP Greeting Advertise services (proxy now invisible)

29 Future Work Firewall daemon (Enforce Security Policy) Multi–Hop Proxying More interoperability testing between C and Java implementations. Support for java server as proxy? Bug squashing Final report

30 Spring Schedule

31 Questions?

Download ppt "The Aerospace Clinic 2002 Team Members Nick Hertl (Project Manager) Will Berriel Richard Fujiyama Chip Bradford Faculty Advisor Professor Michael Erlinger."

Similar presentations

Internet Peer-to-Peer Application Infrastructure Darren New Invisible Worlds, Inc.

Internet Peer-to-Peer Application Infrastructure Darren New Invisible Worlds, Inc.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
CCNA – Network Fundamentals

CCNA – Network Fundamentals
Winter 20021 CMPE 155 Week 7. Winter 20022 Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.

Winter CMPE 155 Week 7. Winter Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
The Aerospace Clinic 2002 Team Members Nick Hertl (Project Manager) Will Berriel Richard Fujiyama Chip Bradford Faculty Advisor Professor Michael Erlinger.

The Aerospace Clinic 2002 Team Members Nick Hertl (Project Manager) Will Berriel Richard Fujiyama Chip Bradford Faculty Advisor Professor Michael Erlinger.
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.

Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
1 Java Networking – Part I CS 236607, Spring 2008/9.

1 Java Networking – Part I CS , Spring 2008/9.
Circuit & Application Level Gateways CS-431 Dick Steflik.

Circuit & Application Level Gateways CS-431 Dick Steflik.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.

Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.
Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.

Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.

1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 9 Network Policy and Access Services in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 9 Network Policy and Access Services in Windows Server 2008.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
A Brief Taxonomy of Firewalls

A Brief Taxonomy of Firewalls

Similar presentations

Ads by Google