Cpre 532

1
Cpre 532

• Lecture 20

2
Outline

• Finish web
• Talk about firewalls

3
Digest Authentication

• Method that tries to solve clear text password
• Example of this is when a web page ask for user
  name and password
• Server sends a challenge string to client
• Client returns a hash which is a hash of the
  string and the password
• Downside, the server needs to know clear text
  password
• Similar to many other protocols

4
Extension
Server
Client
Random
Server Stores Hash(A)
Hash(A) random Hash(B) Hash(A) Hash(Username,
Realm, and Password) Hash(B) Hash(Access method
and URL)
5
Encrypted Transactions

• S-HTTP
• Secure HTTP
• Provides sender authentication
• Confidential messages
• Show message integrity
• Data is bound together in the same way PGP did
• SHTTP// How to use
• Negotiates
• Property
• Direction
• Strength of what we are negotiating
• Required and option parameters
• Other side can refuse
• Value
• Protection mode
• Encrypted
• Signed
• Authentication
• Encryption algorithm is referred to as bulk
  encryption

6
Cont

• S-HTTP
• Negotiation
• Message encapsulation
• PGP,PEM
• Signature
• RSA
• Public Key
• X509
• Browser is left to protect ones private key
• Uses port 80

7
Encrypted Transactions

• SSL
• Secure Socket Layer
• Broader application then HTTP
• Another layer to the mix, creates a secure layer
  between HTTP and TCP
• Uses port 443
• Negotiates like S-HTTP
• Browser is shipped with certificates for support
  of this service
• Communicates through an encrypted channel
• Less overhead for each connection than S-HTTP

8
Firewalls

• Sits between two networks
• Firewalls analyze packets and makes a yes or no
  decision based on a set of rules

Firewalls can look an one single layer or it can
look at packets at all layers to make a
decision The more layers the firewall examines,
the slower the throughput of the firewall The
more rules defined in the firewalls rule set the
lower the throughput
APP
Most firewalls examine packets at all of these
layers for maximum security Firewalls also can
be used for authentication
TCP
IP
Net
9
Firewalls cont

• Types of firewalls
• Duel-homed host
• Most common
• Contains two network cards
• Also called pass through firewalls
• Built
• Air gap firewalls
• Two different applications running on the
  Ethernet card
• Applications talk to pass traffic

Rule Set
TCP
TCP
IP
IP
Nic
Nic
10
Firewalls cont..

• Applications layer is difficult to build rule set
  for
• Email
• Web
• FTP
• With firewall rules, the answer to let the packet
  go through is no
• Administrator must open specific ports for
  communication

APP
APP
Net
Net
Shared Data
11
Firewalls cont

• Firewalls
• Application forwarder
• Acts like proxy
• Must authenticate with firewall then one would
  have an open channel to inside network
• Security issues
• Application firewalls are usually fully
  functional computers
• Sometimes other applications are running on
  firewall like DNS
• Remote access to firewalls
• Must have strong authentication and encryption
• Remote access application can be DOS
• Attacks on operating system running the firewall
• Configuration issues

12
Screening Routers

• Most of the time, screening routers look at TCP
  and IP layers
• Filter criteria
• IP number
• IP protocol type
• UDP, ICMP,TCP
• TCP port number
• Bad IP list,
• TCP port number
• Allow all SMTP
• Have quickest firewall, stop what the
  administrator believes to be bad to stop some of
  the traffic to application firewall to improve
  overall efficiency
• Screening routers are merging with IDS

I
SR
FW
SR
Bad list
Good List
13
Next Time

• More firewalls

14
Questions