SSH and SSL CIT304 University of Sunderland Harry R. Erwin, PhD.

Slides:

Advertisements

Similar presentations

Cryptography and Network Security Chapter 16

Advertisements

Cryptography and Network Security

Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

Securing Network Communication. 2 Security Issues in Communication Privacy  Anyone can see content Integrity  Someone might alter content Authentication.

The Aerospace Clinic 2002 Team Members Nick Hertl (Project Manager) Will Berriel Richard Fujiyama Chip Bradford Faculty Advisor Professor Michael Erlinger.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.

OpenSSH (SSH - Secure SHell) Silvio C. Sampaio Doctoral Programme in Informatics Engineering PRODEI011 - Computer Systems Security –

© 2004, The Technology Firm SSL Packet Decodes From Wikipedia, the free encyclopedia.  Secure Sockets Layer (SSL) is a cryptographic.

Cunsheng Ding HKUST, Hong Kong, CHINA

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

EEC 688/788 Secure and Dependable Computing Lecture 8 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.

Secure Shell (SSH) 4/19/06 Diane Conner Zoltan Csizmadia Doug Le.

Cs490ns-cotter1 SSH / SSL Supplementary material.

SSH Secure Login Connections over the Internet

Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.

OpenSSH: A Telnet Replacement Presented by Aaron Grothe Heimdall Linux, Inc.

CS 350 Chapter-6. A brief history of TCP/IP 1983 TCP/IP came to ARPAnet ARPAnet and MILNET dissolved in 1990 BSD UNIX.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

Internet-Based Client Access

Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.

SUSE Linux Enterprise Server Administration (Course 3037) Chapter 10 Manage Remote Access.

Secure Socket Layer (SSL)

1 Defining Network Security Security is prevention of unwanted information transfer What are the components? –...Physical Security –…Operational Security.

TCP/IP and Internet Security CSEM02 University of Sunderland Harry R. Erwin, PhD.

SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.

Shell Protocols Elly Bornstein Hiral Patel Pranav Patel Priyank Desai Swar Shah.

User Authentication By Eric Sita. Message Security Privacy: To expect confidentiality from a sender. Authentication: To be sure of someone's identity.

Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)

Andreas Steffen, , 11-SSH.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen M. Liebi Institute for Internet Technologies and Applications.

CIT 384: Network AdministrationSlide #1 CIT 384: Network Administration VPNs.

CHAPTER 10 Session Hijacking. INTRODUCTION The act of taking over a connection of some sort, for examples, network connection, a modem connection or other.

Network Security Essentials Chapter 5

ECE Prof. John A. Copeland fax Office: Klaus 3362.

Cryptography and Network Security (SSL)

CSCE 815 Network Security Lecture 26 SSH and SSH Implementation April 24, 2003.

TLS/SSL - How and Why PCI Flags it but why do we care? By: MadHat Unspecific.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.

Tunneling and Securing TCP Services Nathan Green.

1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.

Application Services COM211 Communications and Networks CDA College Theodoros Christophides

Secure Shell (SSH) Presented By Scott Duckworth April 19, 2007.

IM NTU Distributed Information Systems 2004 Security -- 1 Security Yih-Kuen Tsay Dept. of Information Management National Taiwan University.

ORAFACT The Secure Shell. ORAFACT Secure Shell Replaces unencrypted utilities rlogin and telnet rsh rcp Automates X11 authentication Supports tunneling.

1 SSH / SSL Supplementary material. 2 Secure Shell (SSH) One of the primary goals of the ARPANET was remote access Several different connections allowed.

Team 6 Decrypting Encryption Jeffrey Vordick, Charles Sheefel, and Shyam Rasaily.

INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.

Web Security Web now widely used by business, government, individuals but Internet & Web are vulnerable have a variety of threats – integrity – confidentiality.

Cryptography and Network Security Chapter 16 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

SSL(HandShake) Protocol By J.STEPHY GRAFF IIM.SC(C.S)

 authenticated transmission  secure tunnel over insecure public channel  host to host transmission is typical  service independent WHAT IS NEEDED?

Secure Socket Layer SSL and TLS. SSL Protocol Peer negotiation for algorithm support Public key encryptionPublic key encryption -based key exchange and.

SECURE SHELL MONIKA GUPTA COT OUTLINE What is SSH ? What is SSH ? History History Functions of Secure Shell ? Functions of Secure Shell ? Elements.

SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.

Chapter 7 : Web Security Lecture #1-Week 12 Dr.Khalid Dr. Mohannad Information Security CIT 460 Information Security Dr.Khalid Dr. Mohannad 1.

Lecture 6 (Chapter 16,17,18) Network and Internet Security Prepared by Dr. Lamiaa M. Elshenawy 1.

SSL: Secure Socket Layer By: Mike Weissert. Overview Definition History & Background SSL Assurances SSL Session Problems Attacks & Defenses.

Remote Access Lecture 2.

Secure Sockets Layer (SSL)

SECURE SHELL MONIKA GUPTA COT 4810.

SSH – The ‘Secure’ Shell

Chapter 4 Core TCP/IP Protocols

SSH – the practical solution

Presentation transcript:

SSH and SSL CIT304 University of Sunderland Harry R. Erwin, PhD

Resources Daniel J. Barrett and Richard E. Silverman, 2001, SSH, the Secure Shell, O’Reilly, ISBN: Eric Rescorla, 2001, SSL and TLS: Designing and Building Secure Systems, Addison-Wesley, ISBN:

The Problem IPv4 is insecure. Most TCP/IP services are unencrypted. This allows anyone to monitor and reconstruct connection traffic on the internet. The following needs can be identified: –Encrypted connections between parties known to each other. –Third-party authentication and encrypted connection establishment when parties are not known to each other.

Solutions SSH to support encrypted sessions SSL to provide trusted third-party authentication and to support encrypted sessions.

SSH “Secure shell” Transparent encryption. Modern, secure encryption algorithms Reliable, fast, and effective Client/server interaction Eliminates.rhosts and hosts.equiv

Services Provided Replaces: –rsh and telnet with ssh –rlogin with slogin –rcp with scp –ftp with sftp Protocols –ssh-1 –ssh-2

SSH1 Authentication Mechanisms 1.Kerberos 2.Rhosts (trusted host authentication, insecure) 3.RhostsRSA (trusted host authentication, insecure) 4.Public-key (RSA) 5.TIS 6.Password (various flavors, relatively insecure)

SSH2 Authentication Mechanisms 1.Public-key (DSA, RSA, OpenPGP) 2.Hostbased 3.Password

Ciphers SSH1 –3DES, IDEA, ARCFOUR (alleged RC4), DES SSH2 –3DES, Blowfish, Twofish, CAST-128, IDEA, ARCFOUR

Port Forwarding SSH can forward or tunnel ports, allowing you to run insecure services securely. ssh -L 3002:localhost:119 news.yoyo.com

A Simple Example ssh -l harry harry.sunderland.ac.uk This allows me to log into Another way of doing the same thing is ssh

Using scp scp This transfers myfile from my home directory on harry.sunderland.ac.uk to afile locally. You can also use sftp similarly to ftp.

Threats Countered Eavesdropping DNS and IP Spoofing Connection Hijacking Man-in-the-Middle Attacks Insertion Attack

SSL Secure Sockets Layer An authentication and encryption technique that provides security services to TCP by a socket- style API. Relies on certificates issued by a trusted third party. Invented by Netscape. Is slowly being replaced by TLS (Transport Layer Security)

Services Provided Secure http pop imap smtp ftp rmi corba iiop telnet ldap

SSL Functions Confidential transmission Message integrity Endpoint authentication

How It Works An understanding of how SSL works is necessary to use it safely. Uses public key (asymmetric) cryptography. Trusted third parties (Certificate Authorities) provide the certificates that contain the public keys. Supports many encryption algorithms.

SSL-Enabled UNIX Clients curl, ethereal, ettercap, lynx, stunnel, gabber, links, mutt, xchat, bitchx, lftp, neon, openldap, openslp, pine, various database managers.