applying security principles to networking applications
Download
Skip this Video
Download Presentation
Applying Security Principles to Networking Applications

Loading in 2 Seconds...

play fullscreen
1 / 29

Applying Security Principles to Networking Applications - PowerPoint PPT Presentation


  • 71 Views
  • Uploaded on

Applying Security Principles to Networking Applications. Mark Enright [email protected] Dec 08, 2005. What is Security in Computer Development Projects. What are you protecting Why are you protecting it From whom are you protecting it How are you going to protect it

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Applying Security Principles to Networking Applications' - devona


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
what is security in computer development projects
What is Security in Computer Development Projects
  • What are you protecting
  • Why are you protecting it
  • From whom are you protecting it
  • How are you going to protect it
  • What is the cost of protecting it
wired access topology

V

V

Wired Access Topology

Internet

Access Device

Local Area Network (LAN)

Wide Area Network (WAN)

wireless access topology
Wireless Access Topology

Internet

Access Device

Local Area Network (LAN)

Wide Area Network (WAN)

wireless access topology1
Wireless Access Topology

Internet

Access Device

Local Area Network (LAN)

Wide Area Network (WAN)

wireless access security complication
Wireless Access Security Complication
  • Physical Access to Local Area Network no longer exists
    • Anyone can intercept your conversations
    • Anyone can utilize your network resources
typical solution for wireless access
Typical Solution for Wireless Access

Internet

1) Where is Access Point “MyAP”

2) I am here. Prove you know my secret

typical solution for wireless access1
Typical Solution for Wireless Access

Internet

3) Here is my proof

4) OK. Here are session keys

so whats the problem
So Whats The Problem?
  • Wireless Access is a huge Consumer Market
  • People are beoming concerned with Wireless Security
  • My GrandMother cant use it
what can we do to help
What Can We Do To Help
  • Make it easy for Grandma to set up Wireless Security
slide12

Internet

Step 1. Configure Security Parameters Automatically

SSID: [email protected] 55ID

WPA-PSK: [email protected][email protected]

When Access Point is booted 1st time:

  • Configures Random Secure SSID
  • Configures Random WPA Shared Secret
  • Waits for Wireless Association on Secure SSID
step 2
Step 2.
  • How Can We Transfer Security Parameters Securely?
step 2 trial one
Step 2. Trial One

1) Where is my Access Point “Well Known SSID”

SSID: Well Known SSID

Open Authentication

2) Here I am. Come on in

step 2 trial one1
Step 2. Trial One

3) Give me Security Parameters

SSID: Well Known SSID

Open Authentication

4) Here They Are

step 2 trial one2
Step 2. Trial One

1) Where is my Access Point “[email protected] 55ID”

SSID: [email protected] 55ID

WPA-PSK: [email protected][email protected]

2) I am here. Prove you know my secret

step 2 trial one3
Step 2. Trial One

3) Here is my proof

SSID: [email protected] 55ID

WPA-PSK: [email protected][email protected]

4) OK. Here are session keys

step 2 trial one attack
Step 2. Trial One Attack

SSID: Well Known SSID

Open Authentication

1) Where is my Access Point “Well Known SSID”

2) Here I am. Come on in

step 2 trial one attack1
Step 2. Trial One Attack

SSID: Well Known SSID

Open Authentication

3) Give me Security Parameters

4) Here they are

step 2 trial two
Step 2. Trial Two
  • What Authentication is possible given constraints
    • something we know
    • something we have
    • something we are
    • something we do
  • If we can’t be sure, at least be safe
step 2 trial two1
Step 2. Trial Two

SSID: Well Known SSID

Open Authentication

Where is my Access Point “Well Known SSID”

Where is my Access Point “Well Known SSID”

Here I am. Come on in

Here I am. Come on in

step 2 trial two2
Step 2. Trial Two

SSID: Well Known SSID

Open Authentication

1) Give Me Security Parameters

Give Me Security Parameters

Hang on a sec

Unable to guarantee unique access

Access to all denied

step 2 trial 2 attack
Step 2. Trial 2 Attack
  • Attacker just Associates and Listens
trial 3
Trial 3.
  • Use Trial 2 Method for Authentication
  • Use SSL for Encryption
so whats the problem with ipsec
So Whats The Problem with IPSec?
  • Network Protection is a huge Consumer Market
  • People are beoming concerned with Security and look to IPSec for help
  • My GrandMother cant use it
network address translation
Network Address Translation

192.168.1.100

192.168.1.101

172.204.19.32

Internet

192.168.1.100

192.168.1.101

62.2.12.17

Local Area Network (LAN)

Wide Area Network (WAN)

the roadwarrior ipsec problem
The RoadWarrior IPSec Problem
  • With common implementations the IP Address need to be known a priori or else a global shared secret is used for Authentication
  • Mobility and NAT make it hard to predict the IP Address
roadwarrior solution
2. Client configured

Web Install client software

Configure address of Home Gateway

3. Client software connects

Logs on to HTTPS

Initiates the IPSec VPN

1. Gateway configured

SSL Username, password

4. Gateway accepts

Authenticates Client by password

Figures out current Client IP Address

Provisions IPSec for Client IP Address

Joins Client to Protected Network using IPSec VPN

IPSec VPN Tunnel

RoadWarrior Solution

HTTPS

Protected Network

Home

Gateway

Internet

Road Warrior Client

ad