1 / 57

Group 6

Group 6. A Study of Strengths and Weaknesses between Network Security Protocols. Jolie Beckner Aaron Hayner Jared Kozel Jordan Redman Justin Redman. Open System Interconnection Model. Defines an intense networking framework. Application Set. Layer 7 – Application Layer

clancy
Download Presentation

Group 6

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Group 6 A Study of Strengths and Weaknesses between Network Security Protocols Jolie Beckner Aaron Hayner Jared Kozel Jordan Redman Justin Redman

  2. Open System Interconnection Model • Defines an intense networking framework

  3. Application Set Layer 7 – Application Layer Layer 6 – Presentation Layer Layer 5 – Session Layer

  4. Transport Set Layer 4 – Transport Layer Layer 3 – Network Layer Layer 2 – Data Link Layer Layer 1 – Physical Layer

  5. Secure Sockets Layer/Transport Layer Security

  6. Secure Socket Layer/Transport Layer Security • Internet Age in the 1990’s brought demand for protection of information • Implemented by Netscape in 1996 • Essentially a cryptography protocol

  7. Encryption Protocols • Key agreements or establishment • Entity authentication • Symmetric encryption • Secured application-layer data transportation • Non-repudiation methodologies

  8. Encrypting Data on Internet

  9. SSL Advantages • Point authentication • Message integrity • Confidentiality

  10. Point Authentication • Process of determining the identity of a user that is attempting to access a network

  11. Message Integrity • SSL sends a message digest – fixed-length representation of the message, along with the message itself

  12. Confidentiality • Uses encryption algorithms during the SSL handshake

  13. Disadvantages • Early weak keys could be “brute forced”

  14. SSL Proxy Servers • Information unencrypted the moment after leaving the proxy server

  15. SSL/TLS Conclusion • But although SSL/TLS do have disadvantages, we should not toss out the protocol all together. As a user of the Internet, one has to be aware that just because they see the padlock in the lower right hand corner and “https” as a tag prefix, it does not mean their information is incapable of getting into the wrong hands. It simply means that you can hope the data security transferred to the appropriate server, unaltered and has not been intercepted.

  16. Secure Shell (SSH)

  17. Why do we need SSH? • Computer networks are common. • It is common for people to have multiple computer accounts. • Naturally, user wants a way to be able to connect to them all. • Functions: copying files, logging into computers remotely, transmitting commands, running programs.

  18. Why do we need SSH? • Could use FTP, Telnet, and rsh, however, these protocols lack network security. • Example: If a sensitive file is transmitted across the Internet, an intruder could intercept the file. • Approaches: Firewall, encryption, SSH.

  19. SSH History • SSH was developed in 1995 by Tatu Ylönen at Helsinki University of Technology. • Goal: To replace more archaic protocols at the time (rlogin, Telnet, rsh), which did not guarantee confidentiality or strong authentication. • This version, named SSH-1, was released in the summer of 1995, and 20,000 people in 50 countries used it by the end of the year.

  20. SSH History • In 1996, a revised version, SSH-2, was developed, and it was incompatible with SSH-1. • SSH-2 improved upon SSH-1, because SSH-1 had security, performance, and portability weaknesses. • Today, SSH is used by over two million people in 60 countries.

  21. What is SSH? • Widely-popular, powerful, software-based approach to network security. • Network protocol and program that allows users to establish a secure channel between a local and remote computer over an insecure network.

  22. How to use SSH • Typically run over UNIX environments. • Windows based apps, such as Putty, provide a UNIX-style terminal for “SSHing” to remote machines. • Commonly used commands: • ssh hostname // to log into a machine • ssh hostnamecommand // execute command on machine hostname • ssh –v hostname // login to machine hostname and print debug

  23. Benefits • Encryption: Data being sent by a computer to the network is automatically encrypted by SSH, then decrypted by SSH when it reaches the destination- results in Transparent Encryption. • Public-key cryptography:

  24. Benefits • Prevents: • Man-in-the-middle attacks • Manipulation of data • Interception of data • IP spoofing • IP source routing Prompts for password three times, then does not allow anymore tries, and contacts network admin.

  25. Weaknesses • SSH is dependent on TRUST. As with any encrypted protocol, if the people inside do not responsibly use SSH, the system can be compromised. • SSH-1 did not protect against man-in-the-middle attacks and brute force attacks. These issues were addressed in SSH-2.

  26. Weaknesses • Brute force attacks, although “supposedly” protected in SSH-2, have been recently performed with much success. • Sebastain Krahmer wrote a threaded SSH-2 brute force tool named “guess-who”, which allows up to 30 username/password attempts every second!

  27. Secure Copy Protocol (SCP)

  28. What is SCP? • Securely copies computer files between hosts on a network. • Available with UNIX or Linux OS. • SCP uses SSH to provide security and authentication.

  29. How to use SCP • Use the scp command to copy files between system. • Use the following command: scp filename1 userid@hostname:filename2

  30. Kerberos

  31. Kerberos • Developed at MIT as part of project Athena. • Kerberos main goal is to make a simple secure authentication process through • Single Sign On Access • By using a secret key that is never transferred over any network.

  32. Kerberos • Kerberos uses a trusted third party, the Key Distribution Center, and has three major parts to contribute to its success. • Authentication Server (AS) • Authenticates Server to Client • Ticket Granting Server (TGS) • Provides extra protection so the user password is only entered once • Service Server (SS) • Allows client to access service.

  33. A Visual Representation

  34. Application Server • User enters in user name and password • Request is sent to AS requesting services • AS checks database for user • AS returns a random key with service name, and users long term key • Calls the Ticket Granting Server

  35. Ticket Granting Server • Generates an initial ticket or a Ticket Granting Ticket (TGT) for the user. • The session for the TGT is encrypted using the users long term key. Now that the user has a TGT the user will not need their password again, instead they will just have to contact AS for a ticket but will never need to call the TGS again.

  36. The Service Server • Takes in the user’s encrypted session key (called the authenticator), and the ticket. • The service server then decrypts the session key with it’s long term key. • The authentication from the user to the service is now completed

  37. Advantages • Password is never sent over the network • In order to gain access the ticket, and the authenticator are both needed, so if the ticket is stolen, it can not be used on its own. • Kerberos is widely used by programmers, cryptologist, and security experts, so if there is any weakness in the process, it is found and fixed quickly. • Kerberos is freely available from MIT

  38. Disadvantages • The once considered “unbreakable” DES algorithm that Kerberos uses, is now believed to be able to be cracked. • Being that Kerberos uses the Key Distribution Center, if someone gains administrative access to the KDC, then they have just gained access to the entire Kerberos system. • Kerberos was only created for a single user system, in the case of a multi-user system it becomes highly vulnerable. • In the case of using a UNIX based operating system it is a very tedious process to transfer password from a UNIX database to a Kerberos database.

  39. IPSec

  40. IPSec • What is IPSec? • Protocol used with IP to deliver data privacy, integrity, authenticity, and anti-replay protection • Devices must share a ‘public key’ • Allows the implementation of VPNs (Virtual Private Networks) • Has two different types of modes • Tunnel • Transport

  41. VPN • Virtual Private Networks are established by using the IPSec protocol to provide only authorized access to a network

  42. Networks • When setting up networks, it is important to apply the security features that IPSec has to make the network more secure

  43. Transport Mode • Used for LANs • Sending UDPs (User Datagram Protocol) • Header is not encrypted, only payload

  44. Tunnel Mode • Used for large networks • Allows a ‘tunnel’ to be created between a host or network and a user • Entire IP packet is encapsulated into a new packet (including header)

  45. Transport vs. Tunnel Modes • Transport Mode • Encrypts just the payload • Tunnel Mode • Encrypts the entire IP Packet

  46. Security Provided • Provides authentication of another user over the network • Encrypting traffic sent and received • Integrity validation for unmodified packets • Anti-Replay, for session looping

  47. Strengths • Provided the first security for the IP datagram • Best available IP security protocol • Low cost for extra security • Reduces congestion at Hubs due to VPN tunneling

  48. Weaknesses • Too much flexibility • Ambiguities in definitions • Multiple ways to invoke functions • Main algorithm involved DES (Data Encryption Standard) has finite amount of encryptions

  49. Internet Key Exchange

  50. Internet Key Exchange • Why IKE? • Network vulnerability • Inadequacy of previous methods • Satisfy level 3 of OSI model

More Related