Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Copyright © 2005, Cisco Systems, Inc. All rights reserved. Applying Security Principles to Networking Applications Mark Enright Dec.

Published byRaul Broadley Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Copyright © 2005, Cisco Systems, Inc. All rights reserved. Applying Security Principles to Networking Applications Mark Enright Dec."— Presentation transcript:

1 1 Copyright © 2005, Cisco Systems, Inc. All rights reserved. Applying Security Principles to Networking Applications Mark Enright enright@cisco.com Dec 08, 2005

2 222 Copyright © 2003, Cisco Systems, Inc. All rights reserved. EDCS-301795 What is Security in Computer Development Projects What are you protecting Why are you protecting it From whom are you protecting it How are you going to protect it What is the cost of protecting it

3 333 Copyright © 2003, Cisco Systems, Inc. All rights reserved. EDCS-301795 Wired Access Topology V V Internet Access Device Local Area Network (LAN) Wide Area Network (WAN)

4 444 Copyright © 2003, Cisco Systems, Inc. All rights reserved. EDCS-301795 Wireless Access Topology Internet Access Device Local Area Network (LAN) Wide Area Network (WAN)

5 555 Copyright © 2003, Cisco Systems, Inc. All rights reserved. EDCS-301795 Wireless Access Topology Internet Access Device Local Area Network (LAN) Wide Area Network (WAN)

6 666 Copyright © 2003, Cisco Systems, Inc. All rights reserved. EDCS-301795 Wireless Access Security Complication Physical Access to Local Area Network no longer exists – Anyone can intercept your conversations – Anyone can utilize your network resources

7 777 Copyright © 2003, Cisco Systems, Inc. All rights reserved. EDCS-301795 Security Solution For Wireless Access Authentication Encryption

8 888 Copyright © 2003, Cisco Systems, Inc. All rights reserved. EDCS-301795 Typical Solution for Wireless Access Internet 1) Where is Access Point “MyAP” 2) I am here. Prove you know my secret

9 999 Copyright © 2003, Cisco Systems, Inc. All rights reserved. EDCS-301795 Typical Solution for Wireless Access Internet 3) Here is my proof 4) OK. Here are session keys

10 10 Copyright © 2003, Cisco Systems, Inc. All rights reserved. EDCS-301795 So Whats The Problem? Wireless Access is a huge Consumer Market People are beoming concerned with Wireless Security My GrandMother cant use it

11 11 Copyright © 2003, Cisco Systems, Inc. All rights reserved. EDCS-301795 What Can We Do To Help Make it easy for Grandma to set up Wireless Security

12 12 Copyright © 2003, Cisco Systems, Inc. All rights reserved. EDCS-301795 Step 1. Configure Security Parameters Automatically Internet When Access Point is booted 1 st time: Configures Random Secure SSID Configures Random WPA Shared Secret Waits for Wireless Association on Secure SSID SSID: r@ndOm 55ID WPA-PSK: R@NDOM_P@SsW0Rd

13 13 Copyright © 2003, Cisco Systems, Inc. All rights reserved. EDCS-301795 Step 2. How Can We Transfer Security Parameters Securely?

14 14 Copyright © 2003, Cisco Systems, Inc. All rights reserved. EDCS-301795 Step 2. Trial One SSID: Well Known SSID Open Authentication 1) Where is my Access Point “Well Known SSID” 2) Here I am. Come on in

15 15 Copyright © 2003, Cisco Systems, Inc. All rights reserved. EDCS-301795 Step 2. Trial One SSID: Well Known SSID Open Authentication 3) Give me Security Parameters 4) Here They Are

16 16 Copyright © 2003, Cisco Systems, Inc. All rights reserved. EDCS-301795 Step 2. Trial One 1) Where is my Access Point “r@ndOm 55ID” 2) I am here. Prove you know my secret SSID: r@ndOm 55ID WPA-PSK: R@NDOM_P@SsW0Rd

17 17 Copyright © 2003, Cisco Systems, Inc. All rights reserved. EDCS-301795 Step 2. Trial One 3) Here is my proof 4) OK. Here are session keys SSID: r@ndOm 55ID WPA-PSK: R@NDOM_P@SsW0Rd

18 18 Copyright © 2003, Cisco Systems, Inc. All rights reserved. EDCS-301795 Step 2. Trial One Attack SSID: Well Known SSID Open Authentication 1) Where is my Access Point “Well Known SSID” 2) Here I am. Come on in

19 19 Copyright © 2003, Cisco Systems, Inc. All rights reserved. EDCS-301795 Step 2. Trial One Attack SSID: Well Known SSID Open Authentication 3) Give me Security Parameters 4) Here they are

20 20 Copyright © 2003, Cisco Systems, Inc. All rights reserved. EDCS-301795 Step 2. Trial Two What Authentication is possible given constraints – something we know – something we have – something we are – something we do If we can’t be sure, at least be safe

21 21 Copyright © 2003, Cisco Systems, Inc. All rights reserved. EDCS-301795 Step 2. Trial Two SSID: Well Known SSID Open Authentication Where is my Access Point “Well Known SSID” Here I am. Come on in Where is my Access Point “Well Known SSID” Here I am. Come on in

22 22 Copyright © 2003, Cisco Systems, Inc. All rights reserved. EDCS-301795 Step 2. Trial Two SSID: Well Known SSID Open Authentication 1) Give Me Security Parameters Hang on a sec Give Me Security Parameters Unable to guarantee unique access Access to all denied

23 23 Copyright © 2003, Cisco Systems, Inc. All rights reserved. EDCS-301795 Step 2. Trial 2 Attack Attacker just Associates and Listens

24 24 Copyright © 2003, Cisco Systems, Inc. All rights reserved. EDCS-301795 Trial 3. Use Trial 2 Method for Authentication Use SSL for Encryption

25 25 Copyright © 2003, Cisco Systems, Inc. All rights reserved. EDCS-301795 So Whats The Problem with IPSec? Network Protection is a huge Consumer Market People are beoming concerned with Security and look to IPSec for help My GrandMother cant use it

26 26 Copyright © 2003, Cisco Systems, Inc. All rights reserved. EDCS-301795 Network Address Translation Internet Local Area Network (LAN) Wide Area Network (WAN) 192.168.1.100 192.168.1.101 172.204.19.32 62.2.12.17

27 27 Copyright © 2003, Cisco Systems, Inc. All rights reserved. EDCS-301795 The RoadWarrior IPSec Problem With common implementations the IP Address need to be known a priori or else a global shared secret is used for Authentication Mobility and NAT make it hard to predict the IP Address

28 28 Copyright © 2003, Cisco Systems, Inc. All rights reserved. EDCS-301795 RoadWarrior Solution 2. Client configured Web Install client software Configure address of Home Gateway 3. Client software connects Logs on to HTTPS Initiates the IPSec VPN 1. Gateway configured SSL Username, password 4. Gateway accepts Authenticates Client by password Figures out current Client IP Address Provisions IPSec for Client IP Address Joins Client to Protected Network using IPSec VPN Home Gateway Internet Protected Network IPSec VPN Tunnel HTTPS Road Warrior Client

29 29 Copyright © 2003, Cisco Systems, Inc. All rights reserved. EDCS-301795

Download ppt "1 Copyright © 2005, Cisco Systems, Inc. All rights reserved. Applying Security Principles to Networking Applications Mark Enright Dec."

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Securing A Wireless Home Network. Wireless Facts Range about 50 - 200 feet from access point Security anyone can eavesdrop on an unsecured wireless network.

Securing A Wireless Home Network. Wireless Facts Range about feet from access point Security anyone can eavesdrop on an unsecured wireless network.
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Configure a Wireless Router LAN Switching and Wireless – Chapter 7.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Configure a Wireless Router LAN Switching and Wireless – Chapter 7.
Wi-Fi Security January 21, 2008 by Larry Finger. Wi-Fi Security Most laptops now come with built-in wireless capability, which can be very handy; however,

Wi-Fi Security January 21, 2008 by Larry Finger. Wi-Fi Security Most laptops now come with built-in wireless capability, which can be very handy; however,
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.

Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Man in the Middle Paul Box Beatrice Wilds Will Lefevers.

Man in the Middle Paul Box Beatrice Wilds Will Lefevers.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Protected Extensible Authentication Protocol

Protected Extensible Authentication Protocol
In this section, we'll cover one of the foundations of network security issues, It talks about VPN (Virtual Private Networks). What..,Why..,and How….?

In this section, we'll cover one of the foundations of network security issues, It talks about VPN (Virtual Private Networks). What..,Why..,and How….?
Wi-Fi Structures.

Wi-Fi Structures.
Wireless Networking. Wi-Fi or 802.11 Uses radio waves (like cell phones, tv and radio). Just like wired networking except without the wires. A hot spot.

Wireless Networking. Wi-Fi or Uses radio waves (like cell phones, tv and radio). Just like wired networking except without the wires. A hot spot.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Wireless Technologies Networking for Home and Small Businesses – Chapter 7.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Wireless Technologies Networking for Home and Small Businesses – Chapter 7.
Top-Down Network Design Chapter Eight Developing Network Security Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Top-Down Network Design Chapter Eight Developing Network Security Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
Wireless Network Security Lab Last Update 2011.06.01 1.0.0 1Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com.

Wireless Network Security Lab Last Update Copyright 2011 Kenneth M. Chipps Ph.D.
Network Address Translation, Remote Access and Virtual Private Networks BSAD 146 Dave Novak Sources: Network+ Guide to Networks, Dean 2013.

Network Address Translation, Remote Access and Virtual Private Networks BSAD 146 Dave Novak Sources: Network+ Guide to Networks, Dean 2013.

Similar presentations

Ads by Google