![Page 1: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/1.jpg)
1
Class 12CSCI 6433
Dave Roberts
![Page 2: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/2.jpg)
22
Agenda
• FTP• TELNET• SSH• Programming for the Internet• Internet Security• Summary
![Page 3: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/3.jpg)
33
File Transfer Protocol FTP
FTP provides the ability to transfer files between computers.
FTP uses two TCP connections between client and server:• control connection is maintained throughout the
session, used only for passing control information• data connection is established each time data is
sent from server to client or client to server
![Page 4: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/4.jpg)
44
An FTP Session
![Page 5: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/5.jpg)
55
TELNET
• Telnet provides a bidirectional, interactive text-oriented facility using a virtual terminal connection.
• User data is sent in-band with Telnet control information
• Telnet provides a command-line interface (usually, to an operating system) on a remote host
Question: what transport protocol does Telnet use?
![Page 6: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/6.jpg)
66
TELNET and Security
• Original TELNET implementation had not security• Dialogues can be intercepted, including
passwords• New protocol, SSH, provides features of TELNET
along with encryption of communications and authentication
• Most TELNET installations are not being updated to new security features; SSH is used instead
![Page 7: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/7.jpg)
77
Secure Shell SSH
• Cryptographic network protocol for secure data communication, remote command-line login between two networked computers.
• Connects using a secure channel over an insecure network
• Server and client run SSH server and SSH client• Designed as replacement for TELNET
![Page 8: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/8.jpg)
88
Program Use of TCP
• Sockets available for programming are:o Datagram sockets using UPDo Stream sockets using TCPo Raw sockets that use IP
• Most applications use datagram or stream sockets• A socket is identified by:• Local socket address (IP address and port number)• For TCP only: Remote socket address (IP address and port
number)• Socket pairs:• Socket pair is a 4-tuple of local and remote IP addresses, port
numberso TCP: each socket pair has a socket numbero UDP: each socket pair has a socket number
• How to implement API is left to each operating system
![Page 9: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/9.jpg)
99
Windows Socket API (Winsock)
• Provides access to network services in Windows environment
• Uses TCP/IP• Based on Berkeley sockets API• API guarantees that conforming application will
work with a conforming protocol implementation from any vendor
![Page 10: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/10.jpg)
10
Winsock OperationClient
• Initialize Winsock.• Create a socket.• Connect to the server.• Send and receive
data.• Disconnect.
Server
• Initialize Winsock.• Create a socket.• Bind the socket.• Listen on the socket for
a client.• Accept a connection
from a client.• Receive and send data.• Disconnect.
![Page 11: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/11.jpg)
1111
Some Winsock Commands
• Accept—permits an incoming connection attempt on a socket
• Bind—associates a local address with a socket• Listen—places a socket in a state of listening for an
incoming connection• Connect—establishes a connection to a specified
socket• Send—send data on a connected socket• Recv—receive data from a connected socket• Transmitfile—transmits file data over a connected
socket• Closesocket—close an existing socket
![Page 12: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/12.jpg)
12
Internet Security
![Page 13: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/13.jpg)
13
First…
• A general comment about security.• The greatest security weakness is…• People!• Often, technical weaknesses are exploited by
obtaining help from people.
![Page 14: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/14.jpg)
14
Information Policy
• Information policy is essential for securityo Who is allowed to access what informationo Rules associated with disseminationo Rules for acting on violations
• People are always the weak links in securityo Policy weaknesses cause mistakeso Policy weaknesses can be exploited
14
![Page 15: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/15.jpg)
15
• Tonight we talk about Internet security, so we’ll omit people from the discussion. But understand that people are the weakest link, and that security policy is required in order for technical protections to work.
![Page 16: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/16.jpg)
16
Agenda
• The Problem• Attacks• Security measures
![Page 17: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/17.jpg)
17
Early vs. later design
Later designs tend to have protection features• DNS• SMTP• HTTP
The “guts” don’t have good security• IP• Network Layer
![Page 18: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/18.jpg)
18
Attacks
• Malware• Denial-of-service attack• Social engineering• Eavesdropping • Password guessing• War dialing—software and modem calls desktop computers,
looks for paths into corporate networks• Denial of service attacks—overwhelms capacity of a
computer so that it can’t process legitimate work• Protocol-based attacks—exploiting weaknesses in protocols• Source Quench• ARP Spoofing• Host attacks—exploiting weaknesses in hosts
![Page 19: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/19.jpg)
19
Malware
• Viruses—program that can replicate itself and spread to other computers
• Trojan horse—program that appears to be harmless but hides malicious functions
• Spyware—program that collects information with the user’s knowledge
• Worm—standalone malware that replicates itself in order to spread to other computers
• Bot—program that runs an automated task over the Internet
![Page 20: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/20.jpg)
20
Internet Protocol security
• Network layer securityo IPsec Protocol
o TLS (formerly known as SSL)
• Email security
• Background
• Pretty Good Privacy (PGP)
• Multipurpose Internet Mail Extensions (MIME)
• Message Authentication Code
• Firewalls
• Role of firewalls in Internet security and web security
• Types of firewalls• Packet filters
• Circuit-level gateways
• Application-level gateways
![Page 21: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/21.jpg)
21
Ipsec core protocols
![Page 22: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/22.jpg)
IPsec Authentication Header
22
![Page 23: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/23.jpg)
IPsec Encapsulating Security Payload
23
![Page 24: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/24.jpg)
24
IPSec Implementation
• Two methods:1. Router implementation: implement for pairs of
routers that route datagrams outside the organization (“bump in the wire”)
2. End Host Implementation: enables end-to-end security between any two devices on the network (“bump in the stack”)
![Page 25: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/25.jpg)
25
IPSec “bump in the wire”
![Page 26: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/26.jpg)
26
IPSec “bump in the stack”
![Page 27: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/27.jpg)
27
IpSec Modes
1. Transport Mode: protocol protects the message passed from the transport layer
2. Tunnel Mode: protocol protects a complete encapsulated IP diagram after the IP header has been applied
![Page 28: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/28.jpg)
28
Transport mode
![Page 29: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/29.jpg)
29
Tunnel mode
![Page 30: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/30.jpg)
30
TLS (formerly SSL)
• SSL was originally developed by Netscape through Version 3.0
• Now called Transport Layer Security (TLS)• Encryption takes place at the application layer• Uses asymmetric cryptography for key exchange,
symmetric cryptography for information protection, message authentication codes for message integrity
![Page 31: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/31.jpg)
31
Uses of SSL
• Variations of TLS are now in use in• HTTP• SMTP• Internet faxing• VOIP
![Page 32: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/32.jpg)
32
Connecting
• Some protocols use a different port number (i.e., port 443 for HTTPS)
• Others use regular port number, have the client request switching the connection to TLS (i.e., STARTTLS command for SMTP)
• Once connection is made, then asymmetric cryptography is used to negotiate the session and authenticate
• Then symmetric cryptography is used to protect the data transfer
![Page 33: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/33.jpg)
33
SMTP Security
• SMTP-AUTH extension (RFC 2554) defines authentication methods for SMTP
• SMTP-AUTH provides a method to specify a security mechanism, authenticate the exchange and negotiate a security profile
• Felt to be too complex for widespread adoption• Anti-Spam Research Group of the ITEF is working
on flexible, lightweight, scalable methods for source authentication
![Page 34: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/34.jpg)
34
Security Techniques
• Perimeter security—provide some kind of network boundary and divide service and network availability between “inside” and “outside”, determining the services and networks available to outsiders, extent to which outsiders can use resources
• Encryption—used to hide data, used for many aspects of security
• Authentication and authorization—reliably identify authorized users and allow access
• Intrusion detection—detecting actions that attempt to compromise confidentiality, integrity or availability of a resource
34
![Page 35: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/35.jpg)
35
Internet Security
• Security is difficult because datagram contents cannot be trusted• Datagrams pass through uncontrolled intermediaries,
can be changed• Authentication based on source addresses can’t be
trusted• Strong authentication based on encryption is more
trustworthy• Encryption protects information in transit from
change or access• A trusted key authority is needed if encryption is
to offer more than protection of information while in transit.
35
![Page 36: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/36.jpg)
36
Intrusion detection
• Detecting all possible intrusion attempts is not computable; too many computations, always one more method
• Typically heuristics, clustering algorithms, statistics are used as the basis for techniques
• Network IDS (NIDS) examines traffic at all layers, analyzes for suspicious activity
• WLAN IDS also looks for attempts to connect to rogue devices
• Host-based IDS (HIDS) analyze traffic and system-specific settings. Installed, configured on each machine.
![Page 37: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/37.jpg)
37
IDS Types
• Signature-based—relies on known traffic patterns, looks for anomalous patterns. Can be fooled by attack that is a small change from normal traffic. Usually very effective.
• Anomaly-based—detects any traffic that is incorrect or otherwise not normal.
• Stateful protocol inspection—like anomaly-based detection, but can examine traffic at network, transport layer and vendor-specific traffic at the application layer
![Page 38: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/38.jpg)
38
SMTP Security
• Easy to spoof an email address• Many security changes to SMTP have been resisted; some
popular features:• Checking IP address of a device attempting connection against
a “white list”• Limiting commands such as EXPN to prevent unauthorized
users from determining the e-mail addresses of users on mailing lists.
• Checking validity of envelope information before accepting a message for delivery.
• Limiting the size of e-mail messages that may be sent or the number that may be sent in a given period of time.
• Logging all access to the server to keep records of server use and check for abuse.
• Encryption can be used along with MIME encoding
![Page 39: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/39.jpg)
39
Firewalls
• Housing—separates garage from house or one apartment from another
• Automobiles—separates engine from passenger compartment
• Firewalls are intended to keep a fire localized until residents can escape and help can arrive
![Page 40: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/40.jpg)
40
Firewalls
• Often must protect a network from unwanted communication
• Internet firewall is the common mechanism for internet access control
• Firewall placed at the connection to external networks, partitions into two regions, inside and outside
• Firewalls must be placed at all Internet connections, forming a security perimeter
• A firewall is a router with filtering capabilities
40
![Page 41: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/41.jpg)
41
Firewall Properties
1. Single point connection between 2 or more networks where all traffic must pass
2. Traffic can be controlled through the device3. All traffic is logged
![Page 42: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/42.jpg)
42
Firewall Implementation
• Routers usually have a function called packet filter—will block datagrams by source, by application, etc.
• This is most often stateless filtering• Often, packet filter is a board in the router• No TCP/IP standard for packet filters, left up to
vendors
42
![Page 43: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/43.jpg)
43
Types of Packet Filters
1. Static—filter rules must be changed manually2. Dynamic—outside process changes the rules
dynamically 3. Stateful inspection—dynamic, but including
detailed inspection of data contained in the IP packet
Dynamic and stateful firewalls keep a dynamic state table to make changes to the filtering rules based on events
![Page 44: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/44.jpg)
44
Packet Filtering Example
44
![Page 45: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/45.jpg)
45
Stateful Firewalls
• Allows clients inside firewall to use services outside the firewall by keeping track of the state of network connections
• Watches outgoing connections, passes only packets that follow known connection patterns
• Techniques:• Soft state—timer removes inactive state
information after a timeout• Connection monitoring—firewall watches packets,
removes information when flow terminates
45
![Page 46: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/46.jpg)
46
Application Firewalls
• Firewall function at the application level• Provides multiple application proxies• Understand the operation of an application• Check messages and ensure that they follow the
pattern of the application• Bad messages are not passed on• Proxies can sometimes be tricked; important to
install new software releases promptly
![Page 47: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/47.jpg)
47
Proxy Access
• Generally it’s impossible to make all computers in an organization secure
• So one is made secure with application gateways, placed between firewalls
• This bastion host serves as a proxy for computers inside the network to access the Internet
• Firewalls are configured to pass only traffic to or from the bastion host
• Bastion host can inspect contents of traffic going through it, or it can just pass the traffic
47
![Page 48: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/48.jpg)
48
One-router dmz
48
![Page 49: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/49.jpg)
49
One-router dmz
49
![Page 50: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/50.jpg)
Firewall effect
From this level of
risk
To this
![Page 51: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/51.jpg)
51
Summary
• Internet must connect organizations with limited mutual trust
• IPsec protects at the IP layer, allows authentication or encryption of
data, tunneling to protect packet content
• TLS is used for protection at the transport layer, added to applications
• IDSes watch for behavior that indicates inappropriate activity
• Firewalls are used at Internet connections
• DMZs can provide considerable isolation
• Note that all of these have been added on to the Internet, rather than
designed in at the outset
51
![Page 52: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/52.jpg)
What we’ve talked about
![Page 53: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/53.jpg)
53
Protocol Dependencies
• We can now look at a complete picture of Internet
protocols and how they depend on each other.
• The chart illuminates some basic choices of
Internet protocol architecture
• Does today’s technology still require the difference
between UDP and TCP?
• Could ECC be used and a single protocol used to
replace both UDP and TCP?
53
![Page 54: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/54.jpg)
54
Protocol Dependencies
54
![Page 55: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/55.jpg)
55
IP as Universal Connector
55
![Page 56: Class 12 CSCI 6433 Dave Roberts 1. 2 Agenda FTP TELNET SSH Programming for the Internet Internet Security Summary 2](https://reader036.vdocuments.site/reader036/viewer/2022062423/56649e875503460f94b8a56c/html5/thumbnails/56.jpg)
56
Summary
• Rich functionality of TCP/IP comes from services
provided by applications
• Client on one machine can communicate with a
server on a different type of machine
• Intermediate machines do not have to forward
whole messages
• There are complex interdependencies among the
protocols56