Protecting Network Connections Using SSH and SSL - PowerPoint PPT Presentation

1 / 12
About This Presentation
Title:

Protecting Network Connections Using SSH and SSL

Description:

What is SSH and SSL? How can a Security Manager use SSH and SSL? ... Putty (SSH) OpenSSL. Stunnel (SSL) Web browsers (SSL) UNIX/Linux. OpenSSH. OpenSSL. Stunnel (SSL) ... – PowerPoint PPT presentation

Number of Views:47
Avg rating:3.0/5.0
Slides: 13
Provided by: dalh6
Category:

less

Transcript and Presenter's Notes

Title: Protecting Network Connections Using SSH and SSL


1
Protecting Network Connections Using SSH and SSL
  • CS652 - Nate Adams

2
Introduction
  • What is SSH and SSL?
  • How can a Security Manager use SSH and SSL?
  • How can a Hacker make use of SSH and SSL?
  • Where can I get more information?

3
What is SSH?
  • Secure Shell
  • Network protocol
  • Allows encrypted communication between hosts
  • Public key crypto-based
  • Tunneling (VPN)

4
What is SSL?
  • Secure Socket Layer
  • Network protocol
  • Allows encrypted communication between hosts
  • Public key crypto-based
  • Tunneling (VPN)

5
How a Security Manager Can Use SSH and SSL/TLS?
  • Secure sensitive data
  • Wrap insecure protocols
  • FTP
  • POP3
  • Secure Authentication
  • Port forwarding
  • Secure FTP or Copy
  • Proxy connections

6
How a Hacker Could Use SSH or SSL?
  • Many of the same uses but for malicious purposes
  • Hide malicious communication
  • Bypass firewalls and IDS/IPS
  • Exfiltrate data
  • Tunnel tools/connections

7
How to Protect Against the Hacker
  • Dont use export class or weak ciphers
  • Test implementations to ensure secure
    configurations
  • Implementation considerations
  • Older versions have vulnerabilities
  • Use SSH v2 (v1 MITM)
  • Use SSL v3 (v2 MITM) replaced by TLS (FIPS
    140-2)
  • Key management

8
What is Special About SSH and SSL?
  • Can be used to secure many insecure protocols
  • Extends usefulness of older protocols
  • Ubiquitous implementations
  • UNIX/Linux, Windows, etc
  • Many versions both open and closed source

9
Common OS Uses of SSH and SSL
  • Windows
  • Putty (SSH)
  • OpenSSL
  • Stunnel (SSL)
  • Web browsers (SSL)
  • UNIX/Linux
  • OpenSSH
  • OpenSSL
  • Stunnel (SSL)
  • Web browsers (SSL)

10
More information?
  • Web sites
  • OpenSSL Project
  • http//www.openssl.org/
  • OpenSSH
  • http//www.openssh.com/
  • SANS - SSH Techniques
  • https//www.sans.org/reading_room/special/index.ph
    p?idssh_techniques
  • NIST SP 800-52 and 800-113 Guidelines on TLS and
    SSL
  • http//csrc.nist.gov/publications/nistpubs/

11
Summary
  • What is SSH and SSL?
  • How can a Security Manager use SSH and SSL?
  • How can a Hacker make use of SSH and SSL?
  • Where can I get more information?

12
Pop Quiz Really?
  • Name
  • Name two things common to SSH and SSL?
  • SSH and SSL are not public key based? T/F
  • Name a typical risk common to the use of SSH and
    SSL?
Write a Comment
User Comments (0)
About PowerShow.com