An Analysis on NAT Security

Slides:



Advertisements
Similar presentations
Internet Security CS457 Seminar Zhao Cheng. Security attacks interruption, interception, modification, fabrication passive attack, active attack.
Advertisements

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.
Network Security. Reasons to attack Steal information Modify information Deny service (DoS)
H. 323 and firewalls: Problem Statement and Solution Framework Author: Melinda Shore, Nokia Presenter: Shannon McCracken.
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.
SCSC 455 Computer Security Virtual Private Network (VPN)
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
NAT (Network Address Translator) Atif Karamat In the name of God the most merciful and the most compassionate.
By Rod Lykins.  Background  Benefits  Security Advantages ◦ Address Space ◦ IPSec  Remaining Security Issues  Conclusion.
Internet Protocol Security (IPSec)
K. Salah1 Security Protocols in the Internet IPSec.
Network Services Lesson 6. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Setting up common networking services Understanding.
Worldwide Product Marketing Group United States - Spain - UK - France - Germany - Singapore - Taipei Barricade™ VPN Broadband Routers (4 and 8 port)
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)
Day15 IP Space/Setup. IP Suite of protocols –TCP –UDP –ICMP –GRE… Gives us many benefits –Routing of packets over internet –Fragmentation/Reassembly of.
Network Address Translation (NAT) CS-480b Dick Steflik.
Mobile IP Traversal Of NAT Devices By, Vivek Nemarugommula.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 9: Securing Network Traffic Using IPSec.
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
NECP: the Network Element Control Protocol IETF WREC Working Group November 11, 1999.
Page 1 NAT & VPN Lecture 8 Hassan Shuja 05/02/2006.
Chapter 13 – Network Security
Microsoft DirectAccess & Work Folders NICHOLAS A. HAY MONROE COUNTY ISD
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
CIT 384: Network AdministrationSlide #1 CIT 384: Network Administration VPNs.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Abdullah Alshalan Garrett Drown Team 3 CSE591: Virtualization and Cloud Computing.
What’s New in Fireware v11.9.5
TCP/IP Protocols Contains Five Layers
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
IP Security IP sec IPsec is short for Internet Protocol Security. It was originally created as a part of IPv6, but has been retrofitted into IPv4. It.
The University of Oklahoma Virtual Private Network How it works.
Network Address Translation Current problems with IP addresses:  Address depletion  Scaling in routing Solutions:  IPv6  CIDR  NAT.
Hands-On Microsoft Windows Server 2003 Networking Chapter 9 IP Security.
Virtual Private Network. ATHENA Main Function of VPN  Privacy  Authenticating  Data Integrity  Antireplay.
V IRTUAL P RIVATE N ETWORKS K ARTHIK M OHANASUNDARAM W RIGHT S TATE U NIVERSITY.
Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.
K. Salah1 Security Protocols in the Internet IPSec.
IPv6 Security By Eric Pennington COSC 356 – Network Security Dr. Oblitey
Kittiphan Techakittiroj (25/06/59 19:10 น. 25/06/59 19:10 น. 25/06/59 19:10 น.) Network Address Translation Kittiphan Techakittiroj
Lecture 10 Page 1 CS 236 Online Encryption and Network Security Cryptography is widely used to protect networks Relies on encryption algorithms and protocols.
11 SECURING NETWORK TRAFFIC WITH IPSEC Chapter 6.
Firewalls, Network Address Translators(NATs), and H.323
Virtual Private Networks
IPsec Problems and Solutions
NAT (Network Address Translation)
Virtual Private Networks
Version B.00 H7076S Module 3 Slides
Encryption and Network Security
Virtual Private Networks
Chapter 18 IP Security  IP Security (IPSec)
Network Address Translation
IP Security IP sec IPsec is short for Internet Protocol Security. It was originally created as a part of IPv6, but has been retrofitted into IPv4. It works.
SECURING NETWORK TRAFFIC WITH IPSEC
IT443 – Network Security Administration Instructor: Bo Sheng
Internet Security CS457 Seminar Zhao Cheng
IPSec IPSec is communication security provided at the network layer.
CIT 480: Securing Computer Systems
Introducing To Networking
תרגול 11 – אבטחה ברמת ה-IP – IPsec
Security Protocols in the Internet
Remote Access Services RAS Routing and Remote Access Services RRAS Remote Desktop Terminal Services Virtual Private Networking VPN.
Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls
Windows Firewall Adem Enes POLAT
Virtual Private Network
Presentation transcript:

An Analysis on NAT Security Trojans - II Balachandar Sankar Pragadesh Rajasekaran

Agenda Quick Glance on NAT Problems with NAT NAT Security IPSec Windows 2003 Server Issues with NAT Conclusion

Quick Glance on NAT NAT - Network Address Translation Enabling a Local Area Network to use one set of IP addresses for internal traffic. Provides a single public address for a set of internal addresses. Solution for deficit IPv4 addresses. Provides firewall for internal network. http://www.sbbi.net/site/jafs/docs/upnp-nat.html

Problems with NAT IPSec is used to secure integrity of message and authentication. NAT doesn’t support the actual functionality of IPsec. IKE embeds the source IP address. ESP encrypts header – TCP checksum & ports Problem using Windows Server 2003 VPN servers behind a NAT device

NAT security – solving IPSec NAT-T Adds UDP header encapsulating ESP header Adds original sender IP address to NAT-OA (NAT Original Header) payload Prevent problems related to ports, source IP address and TCP checksum. IPSec in Tunnel Mode

NAT Security – Windows XP SP2 By default, the IPSec NAT-T security association is disabled. Consider the following situation The Server-1 resides behind a NAT and the NAT is configured to allow IPSEc NAT-T traffic. The Client-1, which is outside the NAT, uses IPSec NAT-T security association to connect with the Server-1.

NAT Security – Windows XP SP2 (contd…) Another client (say Client-2), which is inside a NAT, establishes connection with the Client-1 through IPSec NAT-T security association. A condition may occur where the Client -1 may reestablish connection with the Client-2. This condition may cause the NAT-T traffic intended for client-2 to be redirected to Server-1.

NAT Security – windows 2003 server NAT-T - IPSec cannot be used when Windows Server 2003 VPN servers are used behind a NAT device since IPSec usage is compromised and chances for the packets routing to different machines are possible within NAT. Solutions: VPN servers public IP addresses can be used so clients can connect to them directly rather than through NAT. Editing the windows registry to restore the ability to connect to servers behind a NAT with IPSec/NAT-T.

Issues with NAT Increasing the probability of mis-addressing. NAT breaks certain applications making them more difficult to run. (incorrect ports) Servers can’t be run within a NAT network unless configured. Dynamic IP addressing by ADSL changes IP for every 20 hours. Since all users behind Nat uses the same public IP address, information related to connectivity is lost

Conclusion NAT security issues are still being solved. Though some major issues are solved, still the problem exists. IPv6 will change the infrastructure of NAT.

Questions ??

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.