DOCSLIB.ORG

Vpwns : Virtual Pwned Networks

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Vpwns : Virtual Pwned Networks Vpwns : Virtual Pwned Networks Citation for published version (APA): Appelbaum, J., Ray, M., Koscher, K., & Finder, I. (2012). Vpwns : Virtual Pwned Networks. In 2nd USENIX Workshop on Free and Open Communications on the Internet, FOCI '12, Bellevue, WA, USA, August 6, 2012 https://www.usenix.org/conference/foci12/workshop-program/presentation/appelbaum Document status and date: Published: 01/01/2012 Document Version: Publisher’s PDF, also known as Version of Record (includes final page, issue and volume numbers) Please check the document version of this publication: • A submitted manuscript is the version of the article upon submission and before peer-review. There can be important differences between the submitted version and the official published version of record. People interested in the research are advised to contact the author for the final version of the publication, or visit the DOI to the publisher's website. • The final author version and the galley proof are versions of the publication after peer review. • The final published version features the final layout of the paper including the volume, issue and page numbers. Link to publication General rights Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. • Users may download and print one copy of any publication from the public portal for the purpose of private study or research. • You may not further distribute the material or use it for any profit-making activity or commercial gain • You may freely distribute the URL identifying the publication in the public portal. If the publication is distributed under the terms of Article 25fa of the Dutch Copyright Act, indicated by the “Taverne” license above, please follow below link for the End User Agreement: www.tue.nl/taverne Take down policy If you believe that this document breaches copyright please contact us at: [email protected] providing details and we will investigate your claim. Download date: 27. Sep. 2021 vpwns: Virtual Pwned Networks Jacob Appelbaum Marsh Ray Security and Privacy Research Lab PhoneFactor, Inc. University of Washington & The Tor Project [email protected] [email protected] Karl Koscher Ian Finder Security and Privacy Research Lab Security and Privacy Research Lab University of Washington University of Washington [email protected] [email protected] Abstract participate in the economies of scale of the public in- User-accessed Virtual Private Network systems allow au- ternet, today are often used for purposes beyond merely thorized users remote access to protected or otherwise connecting private networks together. The availability of privileged networks while avoiding dependence on ISPs mature VPN implementations and the encryption and ac- along the route for data confidentiality and integrity. This cess control they provide would seem to make VPNs an direct expression of the internet’s end-to-end principle of attractive option for systems that provide user anonymity security is generally accepted as a highly successful de- or resist censorship. Nevertheless, many anonymity and sign. censorship circumvention systems that are built on top VPN services and technology advertising censor- of VPNs are easily subverted by active (and sometimes ship circumvention, resistance to data retention, and passive) attacks. Even with the best cryptography and anonymity as features are proliferating rapidly. But it careful coding practices, the security of the VPN may be is unclear that these security properties were included bypassed entirely. in the original design requirements of VPN protocols The anonymity community often ignores VPN-based and product implementations. Experience with dedi- solutions, considering them obviously flawed against cated anonymity networks (e.g., Tor) shows that strong strong attackers. Nevertheless, these solutions are rou- anonymity is not achieved by accident. The ‘P’ in VPN tinely employed by users who believe the claims of ven- notwithstanding, not all privacy methods are equal or dors. strongly anonymizing, which opens opportunities for at- Whenever a tool is pressed into service to provide data tackers when VPN-based systems are used for anonymity security properties for which it was not originally de- or even simple censorship circumvention. signed and tested, the potential for subtle security flaws This paper evaluates VPN anonymity, security and greatly increases. In the particular case of a VPN used privacy features including identity, geographic location, as an anonymizing service, the issues seem to arise pri- confidentiality of communications, and generalized se- marily from the conventional relationship the VPN client curity issues such as reachability and prevention of net- software has with the endpoint system’s routing table. work tampering. We find many popular VPN prod- After all, to the kernel it is “simply another network”, ucts are susceptible to a variety of practical user de- so the most common VPN implementation technique is anonymization attacks. Weaknesses stem from lack of for the active VPN connection to appear to the system as security analysis of the composition of VPNs, applica- another virtual network adapter. Consequently, enforce- tions, and the TCP/IP stack on each respective operat- ment and application of many VPN security properties ing system. Although we describe some potential miti- depend greatly on the local routing table. gations for vendors, the primary goal of this paper is to Applications generally prefer to remain unaware of raise awareness of the inherent risks which come from network state changes, at best they might implement repurposing off-the-shelf VPN systems to provide strong some notion of an “offline” mode. Because monitoring anonymity. the changes in the lower layers of the network stack is not an important goal in computing for most users, user 1 Introduction interfaces tend to minimize such details as long as basic connectivity is working. But these networking subsys- Virtual Private Network systems (VPNs), although orig- tem properties that are unimportant details under normal inally conceived as a tool to enable private networks to circumstances silently become security-critical consider- ations once the user begins relying upon the routing table 3.1 Use cases to ensure their anonymity. Many VPN providers or products seem to promise per- fect privacy and security. They rarely define cohesive threat models or explain details about the security eval- 2 VPN Security Mechanisms uations they expect users to make. It is exceedingly rare to find a provider or product development team that Routing table based network security is normally a per- discloses such threat model discussions or evaluations fectly acceptable architecture for classic VPN deploy- openly. In many cases the VPN vendors do not properly ment scenarios: if the routing table is wrong, the packet deploy SSL/TLS for their general websites or download simply cannot be delivered. Even when an unencrypted sites. packet does manage to escape via a physical interface, We consider users to belong to four primary use cases: usually it bears an RFC 1918 [3] private use address on • Users who require access to internal or otherwise either the source or destination so the packet is not likely protected resources to make it very far outside of the trusted network. Those • Users who wish to avoid Firesheep [11] or other who depend on such systems will eventually notice the small attackers (e.g., cafs Wi-Fi sniffing) failed connections, complain to their network adminis- • Users who wish to access the wider internet without trator and the misconfiguration will be resolved. censorship or surveillance But when the goal of the system is to provide strong • Users who wish to reposition themselves into differ- user anonymity, the requirements become much more ent legal frameworks (e.g., geographically limited stringent. Even a single leaked DNS query or TCP SYN content). packet may be enough to reveal the user’s identity en- tirely and subject them to consequences much greater than those of a failed connection. Under these new re- 4 Security Implementation Realities quirements, the method of securing traffic via the end- point system’s routing table is insufficient. It proves vul- The security realities of VPN deployments diverge sig- nerable to a number of generic problems that have the ef- nificantly from the claims made by vendors. fect of expanding the user’s attack surface dramatically. When a client connects to or disconnects from a VPN service, a significant amount of reconfiguration must be performed on the client network stack. In order for ef- 3 Security Claims and Properties fective anonymity to be achieved most of this reconfigu- ration must complete successfully. Device drivers must Many VPN providers or products seem to overpromise be loaded and unloaded, routing tables and name reso- in terms of where their products and tools work, mak- lution settings must be adjusted, some existing connec- ing extremely bold claims about privacy, security, and tions must be dropped, and some applications restarted. anonymity without having had their claims evaluated to To this end, many VPN systems provide custom client the standards found in the anonymity community. software. Some VPN client packages provide rich func- For example, AnchorFree’s Hotspot Shield website [7] tionality, allowing desktop settings to be reconfigured or claims the following: even arbitrary scripts pushed to the client to be executed with Administrator privileges. For example, a corporate • “VPN encrypts all traffic.” VPN, may require a qualifying anti-malware package be • “Protect yourself in Wi-Fi hotspots.” installed and client OS updates be applied before allow- • “Hide your IP and ensure anonymous browsing.” ing clients access to the network. • “Protect yourself from snoopers at Wi-Fi hotspots, The term ‘split tunnel’ refers to the technique of pass- hotels, airports, corporate offices.” ing some, but not all, net traffic over the VPN.
Load more

Recommended publications
  • Microsoft DNS
    1 a. Domain Name Service (DNS) encompassing Microsoft DNS From Wikipedia, the free encyclopedia Jump to: navigation, search Microsoft DNS is the name given to the implementation of domain name system services provided in Microsoft Windows operating systems. Contents [hide] 1 Overview 2 DNS lookup client o 2.1 The effects of running the DNS Client service o 2.2 Differences from other systems 3 Dynamic DNS Update client 4 DNS server o 4.1 Common issues 5 See also 6 References 7 External links [edit] Overview The Domain Name System support in Microsoft Windows NT, and thus its derivatives Windows 2000, Windows XP, and Windows Server 2003, comprises two clients and a server. Every Microsoft Windows machine has a DNS lookup client, to perform ordinary DNS lookups. Some machines have a Dynamic DNS client, to perform Dynamic DNS Update transactions, registering the machines' names and IP addresses. Some machines run a DNS server, to publish DNS data, to service DNS lookup requests from DNS lookup clients, and to service DNS update requests from DNS update clients. The server software is only supplied with the server versions of Windows. [edit] DNS lookup client Applications perform DNS lookups with the aid of a DLL. They call library functions in the DLL, which in turn handle all communications with DNS servers (over UDP or TCP) and return the final results of the lookup back to the applications. 2 Microsoft's DNS client also has optional support for local caching, in the form of a DNS Client service (also known as DNSCACHE). Before they attempt to directly communicate with DNS servers, the library routines first attempt to make a local IPC connection to the DNS Client service on the machine.
    [Show full text]
  • Vyatta-VPN 6.5R1 V01.Pdf
    VYATTA, INC. | Vyatta System VPN REFERENCE GUIDE Introduction to VPN IPsec Site‐to‐Site VPN Virtual Tunnel Interfaces Remote Access VPN OpenVPN Vyatta Suite 200 1301 Shoreway Road Belmont, CA 94002 vyatta.com 650 413 7200 1 888 VYATTA 1 (US and Canada) COPYRIGHT Copyright © 2005–2012 Vyatta, Inc. All rights reserved. Vyatta reserves the right to make changes to software, hardware, and documentation without notice. For the most recent version of documentation, visit the Vyatta web site at vyatta.com. PROPRIETARY NOTICES Vyatta is a registered trademark of Vyatta, Inc. Hyper‐V is a registered trademark of Microsoft Corporation. VMware, VMware ESX, and VMware server are trademarks of VMware, Inc. XenServer, and XenCenter are trademarks of Citrix Systems, Inc. All other trademarks are the property of their respective owners. RELEASE DATE: October 2012 DOCUMENT REVISION. 6.5R1 v01 RELEASED WITH: 6.5R1 PART NO. A0‐0222‐10‐0016 iii Contents Quick List of Commands . xi List of Examples . xvi Preface . xvii Intended Audience . xviii Organization of This Guide . xviii Document Conventions . xix Vyatta Publications . xx Chapter 1 Introduction to VPN . 1 Types of VPNs . 2 Supported Solutions . 3 Site‐to‐Site with IPsec . 3 Virtual Tunnel Interface. 4 Remote Access Using PPTP . 4 Remote Access Using L2TP and IPsec. 5 Site‐to‐Site and Remote Access Using OpenVPN . 5 Comparing VPN Solutions. 6 PPTP. 7 L2TP/IPsec. 7 Pre‐shared keys (L2TP/IPsec) . 8 X.509 certificates (L2TP/IPsec) . 8 VPNs and NAT . 8 Chapter 2IPsec Site‐to‐Site VPN. 9 IPsec Site‐to‐Site VPN Configuration . 10 IPsec Site‐to‐Site VPN Overview.
    [Show full text]
  • Vyos Documentation Release Current
    VyOS Documentation Release current VyOS maintainers and contributors Jun 04, 2019 Contents: 1 Installation 3 1.1 Verify digital signatures.........................................5 2 Command-Line Interface 7 3 Quick Start Guide 9 3.1 Basic QoS................................................ 11 4 Configuration Overview 13 5 Network Interfaces 17 5.1 Interface Addresses........................................... 18 5.2 Dummy Interfaces............................................ 20 5.3 Ethernet Interfaces............................................ 20 5.4 L2TPv3 Interfaces............................................ 21 5.5 PPPoE.................................................. 23 5.6 Wireless Interfaces............................................ 25 5.7 Bridging................................................. 26 5.8 Bonding................................................. 27 5.9 Tunnel Interfaces............................................. 28 5.10 VLAN Sub-Interfaces (802.1Q)..................................... 31 5.11 QinQ................................................... 32 5.12 VXLAN................................................. 33 5.13 WireGuard VPN Interface........................................ 37 6 Routing 41 6.1 Static................................................... 41 6.2 RIP.................................................... 41 6.3 OSPF................................................... 42 6.4 BGP................................................... 43 6.5 ARP................................................... 45 7
    [Show full text]
  • Brocade Vyatta Network OS Remote Access Ipsec VPN Configuration Guide, 5.2R1
    CONFIGURATION GUIDE Brocade Vyatta Network OS Remote Access IPsec VPN Configuration Guide, 5.2R1 Supporting Brocade 5600 vRouter, VNF Platform, and Distributed Services Platform 53-1004736-01 24 October 2016 © 2016, Brocade Communications Systems, Inc. All Rights Reserved. Brocade, the B-wing symbol, and MyBrocade are registered trademarks of Brocade Communications Systems, Inc., in the United States and in other countries. Other brands, product names, or service names mentioned of Brocade Communications Systems, Inc. are listed at www.brocade.com/en/legal/ brocade-Legal-intellectual-property/brocade-legal-trademarks.html. Other marks may belong to third parties. Notice: This document is for informational purposes only and does not set forth any warranty, expressed or implied, concerning any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the right to make changes to this document at any time, without notice, and assumes no responsibility for its use. This informational document describes features that may not be currently available. Contact a Brocade sales office for information on feature and product availability. Export of technical data contained in this document may require an export license from the United States government. The authors and Brocade Communications Systems, Inc. assume no liability or responsibility to any person or entity with respect to the accuracy of this document or any loss, cost, liability, or damages arising from the information contained herein or the computer programs that accompany it. The product described by this document may contain open source software covered by the GNU General Public License or other open source license agreements.
    [Show full text]
  • Master's Thesis Template
    DEGREE PROGRAMME IN WIRELESS COMMUNICATIONS ENGINEERING MASTER’S THESIS Wireless Backhaul in Future Cellular Communication Author Munim Morshed Supervisor Mika Ylianttila Second Examiner Jari Iinatti (Technical Advisor Jaakko Leinonen) August 2018 Morshed Munim. (2018) Wireless Backhaul for Future Cellular Communication. University of Oulu, Degree Programme in Wireless Communications Engineering. Master’s Thesis, 64 p. ABSTRACT In 5G technology, huge number of connected devices are needed to be considered where the expected throughput is also very ambitious. Capacity is needed and thus used frequencies are expected to get higher (above 6 GHz even up to 80 GHz), the Cell size getting smaller and number of cells arising significantly. Therefore, it is expected that wireless backhaul will be one option for Network operators to deliver capacity and coverage for high subscriber density areas with reduced cost. Wireless backhaul optimization, performance and scalability will be on the critical path on such cellular system. This master’s thesis work includes connecting a base station by using the wireless backhaul by introducing a VPN in the proposed network. We find the bottleneck and its solution. The network is using 3.5 GHz wireless link instead of LAN wire for backhaul link between the EnodeB and the core network (OpenEPC). LTE TDD band 42 acting as a Wireless Backhaul (Link between EnodeB and Band 42 CPE Router). The status and attachment procedure are observed from different nodes of the openEPC and from the VPN machine. Step by step we have established a tunnel between the CPE device and the VPN server using PPTP and L2TP with IPSec tunneling protocol.
    [Show full text]
  • Deployment+Advisory+Openvpn-NL
    To: Europaweg 4 2711 AH Zoetermeer Deployment Advisory OpenVPN-NL versie 1.4 P.O. Box 20010 2500 EA The Hague The Netherlands www.aivd.nl Contact T +31 (0)79 320 50 50 F +31 (0)70 320 07 33 Date October 24, 2018 MEMO For use at Security Level 2 Our reference 8f495785-or1-1.4 Enclosures Deployment Advisory 0 Page 1 of 17 OpenVPN-NL Copy number For use at Security Level 2 Valid until: 1-1-2024 Date Table of Contents October 24, 2018 Our reference 8f495785-or1-1.4 Page 2 of 17 1 Introduction ............................................................................................ 3 2 Product description .................................................................................. 4 2.1 OpenVPN software ............................................................................. 4 2.1.1 Main differences between vanilla OpenVPN and OpenVPN-NL ............... 4 2.2 System ............................................................................................. 5 2.3 Components ...................................................................................... 5 2.4 Infrastructure .................................................................................... 6 2.5 Classification ..................................................................................... 6 2.6 Deployment scenario’s ........................................................................ 7 3 Level of protection ................................................................................... 8 3.1 Criteria ............................................................................................
    [Show full text]
  • Configuring Tunneling Protocols and Advanced WAN Settings for the Contivity Secure IP Services Gateway 2
    Version 4.80 Part No. 315899-B Rev 00 August 2003 600 Technology Park Drive Billerica, MA 01821-4130 Configuring Tunneling Protocols and Advanced WAN Settings for the Contivity Secure IP Services Gateway 2 Copyright © 2003 Nortel Networks All rights reserved. August 2003. The information in this document is subject to change without notice. The statements, configurations, technical data, and recommendations in this document are believed to be accurate and reliable, but are presented without express or implied warranty. Users must take full responsibility for their applications of any products specified in this document. The information in this document is proprietary to Nortel Networks Inc. The software described in this document is furnished under a license agreement and may be used only in accordance with the terms of that license. The software license agreement is included in this document. Trademarks Nortel Networks, the Nortel Networks logo, Contivity, Preside, and Optivity are trademarks of Nortel Networks. Adobe and Acrobat Reader are trademarks of Adobe Systems Incorporated. AXENT and OmiGuard Defender are trademarks of AXENT Technologies, Inc. Check Point and Firewall 1 are trademarks of Check Point Software Technologies Ltd. Cisco and Cisco Systems are trademarks of Cisco Systems, Inc. Entrust and Entrust Authority are trademarks of Entrust Technologies, Incorporated. Java is a trademark of Sun Microsystems. Linux and Linux FreeS/WAN are trademarks of Linus Torvalds. Macintosh is a trademark of Apple Computer, Inc. Microsoft, Windows, Windows NT, and MS-DOS are trademarks of Microsoft Corporation. Netscape, Netscape Communicator, Netscape Navigator, and Netscape Directory Server are trademarks of Netscape Communications Corporation.
    [Show full text]
  • Version History (Changelog)
    Version History (ChangeLog) The revision history of each SoftEther VPN build is here.1 Download the latest binaries Download the source code • SoftEther VPN 4.38 Build 9760 RTM (August 17, 2021) ◦ Improve the stability of IPsec function with reducing consuming CPU time / network bandwidth / memory consumption even if your server receive a large number of IPsec packets from indiscriminate attack attempts (brute force attacks, reflection attacks, etc.) targeting generic IPsec VPN devices, which have been occurring frequently on the Internet recently. ◦ This RTM build includes all changes from the previously released Beta versions, Build 9754 and Build 9758. ◦ If you are using the system with L2TP/IPsec, EtherIP/IPsec or L2TPv3/ IPsec features enabled, we recommend that you apply the update. In addition, if you have been receiving indiscriminate attack attempt packets targeting IPsec VPN devices, which have been occurring frequently on the Internet since around August 2021, and have been experiencing reduced communication speed or failed VPN connections for legitimate users, we recommend that you apply the update. • SoftEther VPN 4.37 Build 9758 Beta (August 16, 2021) ◦ The frequency of notification of disconnected tunnel identification numbers via IPsec Informational Exchange packets is now limited, reducing the occurrence of nonsensical packet ping-pong between attackers targeting IPsec VPN devices with a wide range of global IP addresses. ◦ Recently, we have observed a brute-force cyber attack that originates from several IP addresses of cloud services and indiscriminately attempts to penetrate the network via IPsec VPN against a wide range of global IP addresses of the victim. Based on the behavior of the packets, it is believed that this cyber attack uses a dictionary attack to identify the pre-shared key of the IPsec VPN when a guessable word is used in the pre-shared key, and then establishes an IPsec VPN tunnel to break into various corporate networks.
    [Show full text]
  • Cisco Anyconnect Secure Mobility Client Administrator Guide, Release 4.9 Americas Headquarters Cisco Systems, Inc
    Cisco AnyConnect Secure Mobility Client Administrator Guide, Release 4.9 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
    [Show full text]
  • Four Main Tunneling Protocols for Vpn
    Four Main Tunneling Protocols For Vpn sometimesPellucid Shay procreate turkey-trot his air-mail.Bacchus Clarance conceivably documents and ammoniated fleetly if forged so elusively! Theo straddling or glidings. Undisputed Austin Organizations with high security needs may choose to perform extensive vulnerability assessments against the remote access components. A music History and Private Networks The Point-To-Point Tunneling Protocol. VPN Encryption by Surfshark Surfshark. It with four tunnels can. The packet filters are some cases where a ppp session key vector attribute is one of encryption and. This is pending: ssl certificates are four main tunneling protocols for vpn gateway must not. On most servers and split tunneling through up has four different servers By. These four main deployment provides ways to four main tunneling protocols for vpn. Virtual tunnel for tunneled. Unlike the main mode when choosing the four main protocols vpn tunneling for encryption. Cna 121 chapter14 Flashcards Quizlet. At any additional stack group discussed but rapidly as required it cannot be supplied by four main protocols vpn tunneling for various office networks are. The four layers are four main protocols for vpn tunneling. To you acknowledge that must run a vpn providers offer configuration of any new ip header during peak usage is. We can also helping organizations that involve updating or ipsec for encryption and their primary purpose of four major commercial purposes and ability of four main tunneling protocols for vpn products were created. What is they Best VPN Protocol for common Business Owners. Because key sent by law in a process because all relevant parameters negotiated through a smartcard or rth will govern.
    [Show full text]
  • Arvutivõrgu Ülesehitus Usuühendustele Karmeli Koguduse Näitel
    TALLINNA TEHNIKAÜLIKOOL Infotehnoloogia teaduskond Erki Toming 211246IDAR Arvutivõrgu ülesehitus usuühendustele Karmeli koguduse näitel Diplomitöö Juhendaja: Siim Vene MSc Kaasjuhendaja: Mait Mutso MS Tallinn 2021 Autorideklaratsioon Kinnitan, et olen koostanud antud lõputöö iseseisvalt ning seda ei ole kellegi teise poolt varem kaitsmisele esitatud. Kõik töö koostamisel kasutatud teiste autorite tööd, olulised seisukohad, kirjandusallikatest ja mujalt pärinevad andmed on töös viidatud. Autor: Erki Toming [pp.kk.aaaa] 2 Annotatsioon Lõputööst eesmärk on tõsta teadlikkust usuühenduse arvutivõrgu turvalisusest Rakvere Karmeli koguduse näitel. Töö sisaldab Arvutivõrgu uuringut hetkeseisust usuühendustes, Rakvere Karmeli koguduse arvutivõrgu ülesehitamist ja turvalisuse analüüsi. Esimeses osas leiab uuringu, kus selgub hetkeolukord usuühenduste arvutivõrgust, ning uuringu tulemusest tulenevalt lühidalt soovitused arvutivõrgu turvalisuse tõstmiseks ilma kulutusi tegemata. Teises osas leiab Rakvere Karmeli koguduse arvutivõrgu vajadused ning arvutivõrgu ülesehitust. Kolmandas osas on keskendatud turvalisusele ning turvalisuse aluseks võtnud ISKE meetmed. Lõputöös leiab analüüsi Rakvere Karmeli koguduse arvutivõrgust ISKE meetmetega. Töö tulemuseks on saadud Rakvere Karmeli koguduse uude kirikuhoonesse uus turvaline arvutivõrk, mida on võimalik väikeste kohendustega rakendata peaaegu kõigis usuühendustes. Lõputöö on kirjutatud Eesti keeles ning sisaldab teksti 21 leheküljel, 8 peatükki, 4 joonist, 2 tabelit. 3 Abstract Introduction of Computer
    [Show full text]
  • Nist Sp 800-113
    Special Publication 800-113 Guide to SSL VPNs Recommendations of the National Institute of Standards and Technology Sheila Frankel Paul Hoffman Angela Orebaugh Richard Park NIST Special Publication 800-113 Guide to SSL VPNs Recommendations of the National Institute of Standards and Technology Sheila Frankel Paul Hoffman Angela Orebaugh Richard Park C O M P U T E R S E C U R I T Y Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8930 July 2008 U.S. Department of Commerce Carlos M. Gutierrez, Secretary National Institute of Standards and Technology James M. Turner, Deputy Director GUIDE TO SSL VPNS Reports on Computer Systems Technology The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the nation’s measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analysis to advance the development and productive use of information technology. ITL’s responsibilities include the development of technical, physical, administrative, and management standards and guidelines for the cost-effective security and privacy of sensitive unclassified information in Federal computer systems. This Special Publication 800-series reports on ITL’s research, guidance, and outreach efforts in computer security and its collaborative activities with industry, government, and academic organizations. National Institute of Standards and Technology Special Publication 800-113 Natl. Inst. Stand. Technol. Spec. Publ. 800-113, 87 pages (July 2008) Certain commercial entities, equipment, or materials may be identified in this document in order to describe an experimental procedure or concept adequately.
    [Show full text]