Presentation is loading. Please wait.

Presentation is loading. Please wait.

Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Sponsored by the U.S. Department of Defense © 2000 by Carnegie Mellon.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Sponsored by the U.S. Department of Defense © 2000 by Carnegie Mellon."— Presentation transcript:

1 Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Sponsored by the U.S. Department of Defense © 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute ESP Technical Overview Marty Lindner September 2000

2 © 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 2 Agenda What is “ESP” Goals of the ESP ESP Technology Overview

3 © 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 3 What is the “ESP” ESP E xtranet for S ecurity P rofessional

4 © 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 4 What is the “ESP” From a users perspective the ESP is a web site that is used by a group of people sharing a common interest or need

5 © 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 5 What is the “ESP” From an IT professionals perspective the ESP is a secure web environment created by using Commercial Off The Shelf (COTS) products Good Programming Practices Strict network policies enforced by multiple firewalls and intrusion detection systems Automated intrusion detection software developed for the ESP environment

6 © 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 6 What is the “ESP” A set of collaboration tools used thru a common web interface Mail Tool Calendar Tool Document Collaboration Tool Document Library

7 © 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 7 Goals of the ESP Minimal cost to the end users Provide a mechanism for sharing FOUO/SBU information over the public internet Maintain the highest level of security

8 © 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 8 ESP Technology Overview

9 © 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 9 ESP Infrastructure Workstation Database Servers Firewall Router Web Servers The Internet To: George Marty From: Steve

10 © 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 10 End User Workstation Workstation Database Servers Firewall Router Web Servers The Internet To: George Marty From: Steve

11 © 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 11 End User Workstation One of the ESP goals is to minimize the cost to the end user The only end user requirement is a web browser that supports U.S. domestic encryption (128 bits)

12 © 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 12 The Internet Workstation Database Servers Firewall Router Web Servers The Internet To: George Marty From: Steve

13 © 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 13 The Internet The ESP technology makes one assumption about the Internet You can not trust it! To overcome this lack of trust, the ESP uses the Secure Socket Layer (SSL) protocol and X.509 certificates to provide authenticity, integrity and confidentiality www.ietf.org\rfc\rfc2246.txt

14 © 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 14 SSL Security Workstation Database Servers Firewall Router Web Servers The Internet SSL provides a secure path through the Internet To: George Marty From: Steve

15 © 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 15 Firewall Strategy Workstation Database Servers Firewall Router Web Servers The Internet Multiple inline firewalls create more complex maze for intruders to navigate To: George Marty From: Steve

16 © 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 16 Firewall Strategy Multiple firewalls randomly inserted into the network topology Sidewinder 5.0 www.securecomputing.com Guardian www.netguard.com Cisco Secure PIX Firewall www.cisco.com Linux IPchains www.linuxdocs.org

17 © 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 17 Network Monitoring Workstation Database Servers Firewall Router Web Servers The Internet Passive network monitoring tools assist and automate the intrusion detection process To: George Marty From: Steve

18 © 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 18 Network Monitoring Several passive network monitoring agents are used to detect signs of intrusion Real Secure 3.2 www.iss.net Snort 1.6.3 www.snort.org

19 © 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 19 Web Server Security Workstation Database Servers Firewall Router Web Servers The Internet The middleware enhances security by incorporating additional authentication techniques To: George Marty From: Steve

20 © 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 20 Web Server Security System is dedicated to web services only No additional services offered Software Hardened Windows NT 4.0 www.microsoft.com Tripwire system integrity software 2.2.1 www.tripwire.com Netscape Enterprise Server 3.63 home.netscape.com Cold Fusion Server 4.5.1 www.alliare.com

21 © 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 21 Database Security Workstation Database Servers Firewall Router Web Servers The Internet The database only responds to authenticated requests from the Web servers To: George Marty From: Steve

22 © 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 22 Database Security Database servers only except communications from an authenticated IPsec session www.ietf.org\rfc\rfc2401.txt

Download ppt "Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Sponsored by the U.S. Department of Defense © 2000 by Carnegie Mellon."

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Heroix Longitude - multiplatform, automated application performance monitoring and management software.

Heroix Longitude - multiplatform, automated application performance monitoring and management software.
Defence R&D Canada R et D pour la défense Canada Dynamic VPN Controller Developed by NRNS Inc. July 2, 2003.

Defence R&D Canada R et D pour la défense Canada Dynamic VPN Controller Developed by NRNS Inc. July 2, 2003.
Lori Fitterling LI843 SSL Secured Sockets Layer. What is Secure Sockets Layer (SSL)? It is protection of data transferred over the Internet using encryption.

Lori Fitterling LI843 SSL Secured Sockets Layer. What is Secure Sockets Layer (SSL)? It is protection of data transferred over the Internet using encryption.
MyFloridaMarketPlace Roundtable Technical/Networking Presentation March 19, 2003 9:00 a.m. – noon.

MyFloridaMarketPlace Roundtable Technical/Networking Presentation March 19, :00 a.m. – noon.
Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference 2006 9 th November, 2006.

Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference th November, 2006.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
Securing the Borderless Network March 21, 2000 Ted Barlow.

Securing the Borderless Network March 21, 2000 Ted Barlow.
Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.

Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.
S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,

S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
PKI 2: Protezione del traffico Web tramite SSL Fabrizio Grossi.

PKI 2: Protezione del traffico Web tramite SSL Fabrizio Grossi.
Extranet for Security Professionals Essential Services Analysis Heather T. Kowalski Tong Xu Ying Hao Hui Huang Bill Halpin Oct. 31, 2000.

Extranet for Security Professionals Essential Services Analysis Heather T. Kowalski Tong Xu Ying Hao Hui Huang Bill Halpin Oct. 31, 2000.
Extranet for Security Professionals (ESP)

Extranet for Security Professionals (ESP)
A survey of commercial tools for intrusion detection 1. Introduction 2. Systems analyzed 3. Methodology 4. Results 5. Conclusions Cao er Kai. INSA lab.

A survey of commercial tools for intrusion detection 1. Introduction 2. Systems analyzed 3. Methodology 4. Results 5. Conclusions Cao er Kai. INSA lab.
1 Carnegie Mellon University CERT Coordination Center Firewalls CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh.

1 Carnegie Mellon University CERT Coordination Center Firewalls CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh.
Hands-On Microsoft Windows Server 2003 Networking Chapter 1 Windows Server 2003 Networking Overview.

Hands-On Microsoft Windows Server 2003 Networking Chapter 1 Windows Server 2003 Networking Overview.
Presented by C.SARITHA ( 07R91A0568) INTRUSION DETECTION SYSYTEM.

Presented by C.SARITHA ( 07R91A0568) INTRUSION DETECTION SYSYTEM.
Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)
ESP: A Final Analysis Bill Halpin Ying Hao Hui Huang H. T. Kowalski Tong Xu December 7, 2000.

ESP: A Final Analysis Bill Halpin Ying Hao Hui Huang H. T. Kowalski Tong Xu December 7, 2000.

Similar presentations

Ads by Google