DOCSLIB.ORG

DKIM) • Domain-Based Message Authentication, Reporting and Conformance (DMARC)

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
DKIM) • Domain-Based Message Authentication, Reporting and Conformance (DMARC) The iLab Experience a blended learning hands-on course concept Final Lecture Marc-Oliver Pahl, Jul 25, 2017 you set the focus your exercise iLab 1+2 info event online • Tell your friends! • https://www.net.in.tum.de/teaching/ws1718/ilab_information.html 25.4. 2.5. 9.5. 16.5. 23.5. 30.5. 8.6. 13.6. 20.6. 27.6. 4.7. (11.7.) 18.7. 25.7. , your exercise , Mini Lab Lectures IPv6 - part II Kick Off, Mini Labs, IPv6 - part Kick Off, I MiniLabs, BGP Mad Brainstorming Exercise Your Playground Advanced Wireless and Voting Presentation YE Topic Modern Cryptography Security Holes World-Wide-Web DIY1 - Smart Space HW DIY2 - Smart Space SW YE Didactics and Techniques YE 1st Lecture Giving good Feedback YE Review Presentation Wrap-Up YE Final Presentation, 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 IPv6 BGP Advanced WL SEC S2O 1 S2O 2 Your Exercise 2-3 mini labs summer term 2017 Introductory Lecture didactic concept | authoring tutorial | topic selection | assignment review teams ~2h Team Prepares Exercise ~30-35h slides for talk | prelab | lab | slides | tutor support * Internal Tests ~2h Student Run First Lecture Presentation presentation | feedback | quality alignment Revision Review ~20-25h Feedback review another team ~2h Received Feedback Pres. presentation | feedback | quality alignment Revising new lab ~20-25h updating learning material Somehow “Stable” ~2h Final Presentation how is it now | what did you change/ learn | your take home? wikimedia: Biser Todorov I give you some tools and experience and tools some you give I Learn from each other… Topic Brainstorming Result May 16, 2017 Topic Voting Event May 23, 2017 2017-07-04 First Lecture - What was good? What could be improved? 2017-07-04 Giving Feedback - What do you know about Feedback? 2017-07-04 Giving Feedback - What are your open Challenges? 2017-07-18 Review Reporting - What are your main Points for PreLab, Lab, and other aspects? Expected Artefacts Deadline X• 2 slide decks for your two • Week -5: • [Concept & Topic Madness] topic presentations (each • Prepare your 2x3 min talks talks one topic!) 22.5. Week -4: • [Topic Voting] Plan the structure and content of your lab, prelab, and lecture. • • 19.6. • Week 1: [Didactics & Techniques & Preparation] • Lecture Preparation (most relevant concepts?) • Prelab Preparation (detailing the lecture content + tools + more) • Slide deck lecture (2 talk!) • X Practical Part Lab Preparation (no cooking recipe) • 26.6. • Week 2+3: X• Ready PreLab, Lab • Work on your content. your exercise 11.7. X• Review report Week 4: Creation of Lecture, PreLab, Lab PreLab, of Lecture, Creation • • Review other team X• Slide on review feedback & • Get reviewed by other team planned improvements • Start improving based on the feedback 18.7. X• Final lecture slides • Week 5: peer grading peer • Improve your exercise based on the feedback XFinal PreLab, Lab, Peer Grade • 25.7. Revision • Week 6: • Finish your lab and the review reports. 30.7. Marc-Oliver Pahl 2017 http://www.utahcompose.com/sites/utahwrite/files/peer%20review%20kids.jpg The Peer Review You will grade your reviewed team. Your Final Lecture 15(+1) Minutes you set the focus The iLab Experience a blended learning hands-on course concept You make it interesting… Flickr:nist6dh Order of Presentations Team Topic 201 Email spoofing 202 War Rooms! 203 Hiding in plain sight Armin Baur & Moritz Kellermann EMAIL SPOOFING MY BANK NEEDS MY PASSWORD create your exercise create own 1 Motivation • Email Spoofing – My Bank needs my Password • Sender email address can be spoofed easily – People trust the sender address – Spam can be send on behalf of others • Messages can be manipulated 2 SMTP • Simple Mail Transfer Protocol (SMTP) • First RFC published August 1982 • Original design of SMTP has no facility to authenticate sender 3 SMTP MUA Mail User Agent MSA Mail Submission Agent MTA Mail Transmission Agent MDA Mail Delivery Agent 4 Email Header 5 Security Mechanisms • Sender Policy Framework (SPF) • DomainKeys Identifed Mail (DKIM) • Domain-based Message Authentication, Reporting and Conformance (DMARC) 6 SPF CC BY-SA 2.5: openspf.org • Checks that incoming mail from a domain comes from a host authorized by that domain • Authorizes hosts by IP addresses via DNS – TXT Resource Record – SPF Resource Record (obsolete) source.tld TXT= "v=spf1 ip4:192.0.2.0/24 mx a –all" 7 Spoofing MTA (Return-Path) 8 SPF 9 DKIM • Cryptographic signing of outgoing email • Prevents email manipulation • Public key is published via DNS – TXT Resource Record unknown._domainkey.source.tld TXT= "DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDeo/3jmZJii2wKBBpCiE 10 DMARC CC BY 3.0: dmarc.org • Prevents spoofing of email addresses • Requests reports about spoofed email • Publishes the DKIM signing policy of a domain – TXT Resource Record _dmarc.source.tld TXT= "v=DMARC1; p=reject;" 11 Spoofing Sender Email (From) 12 DMARC/DKIM 13 Lab • Analysing email headers • Spoofing MTA host address • Spoofing email address • Configure SPF, DKIM and DMARC 14 Teaser Practical Part (DNS) Switch Eve (MTA) Alice Bob (MTA + (MTA + MDA) MDA) 15 Order of Presentations Team Topic 201 Email spoofing 202 War Rooms! 203 Hiding in plain sight Andreas Janiak and Donika Mirdita WAR ROOMS! create your own your create exercise 1 What is War Rooms? Is inspired from the game over the wire, and was meant to learn and practice security concepts within a secure environment. The name was derived from the rooms = current pc and the battle against the system to win the victory file. http://overthewire.org 2 Motivation • Be comfortable working with the command line • Know how to debug and explore – Incomplete knowledge of networks – Handle unknown environments • Learn to use new tools • Improve skills with the old tools 3 Lecture Overview 1.IPv4/IPv6 Recap 2.Systemd-Networkd deamon 3.Linux tools 4.OverTheWire Demo 4 IPv4/IPv6 Recap Networks need to be able to interact with a variety of host configurations: • IPv4 and IPv6 compatibility • Dual Stack IPv4/IPv6 support • Gateway and Broadcast addresses • Routing for the Internet 5 Introduction to Systemd Linux service and system manager. • Runs as PID 1; starts the rest of the system • Enables control over daemons • Built-in daemons for logging and system configuration https://wiki.archlinux.org/index.php/systemd 6 Systemd Tools 1.Systemctl - manager for systemd 2.Journalctl - logging system 3.Systemd-networkd - network manager 4.Hostnamectl - system hostname manager 5.Services - Service Unit Configuration https://www.freedesktop.org/software/systemd/man/ 7 Linux tools • ssh, sshpass → secure shell • find → search data • grep → searches content • | → pipelines • nmap → network discovery and security tool 8 Over the wire demo Demo... 9 Teaser Practical Part 6 1 2 4 5 3 10 Order of Presentations Team Topic 201 Email spoofing 202 War Rooms! 203 Hiding in plain sight https://www.youtube.com/watch?v=4vlu8ld68fc https://www.youtube.com/watch?v=4vIu8ld68fc Hiding in plain sight plain in Hiding Schneider Yoav 2 create your own exercise Covert Channels De%nition How to encode and decode data Examples Detection and Prevention 3 Covert Channels „In computer security, a covert channel is a type of computer security attack that creates a capability to transfer information objects between processes that are not supposed to be allowed to communicate by the computer security policy” https://en.wikipedia.org/wiki/Covert_channel 4 Scenario Leak Data Control computers in a botnet Distribute Malware 5 „The Medium is the Message” Protokol Data Timing Physical Fan speed Blinking leds Marshall McLuhan, 1964 6 Source: https://en.wikipedia.org/wiki/File:Marshall_McLuhan.jpg „The Medium is the Message” Protokol Data Timing Physical Fan speed Blinking leds Source: https://en.wikipedia.org/wiki/File:Marshall_McLuhan.jpg 7 „The Medium is the Message” Protokol Data Timing Physical Fan speed Blinking leds 8 „The Medium is the Message” Protokol Data Timing Physical Fan speed Source (left): https://en.wikipedia.org/wiki/File:Benjamin_Franklin2_1895_Issue-1c.jpg Blinking leds Source (right): own work using: http://manytools.org/hacker-tools/steganography-encode-text-into-image/go 9 „The Medium is the Message” Printer Watermarks Source: https://pixabay.com/p-161063/?no_redirect 10 „The Medium is the Message” Protokol Source: https://en.wikipedia.org/wiki/Transmission_Control_Protocol 11 „The Medium is the Message” Example: Send “0x12345678” using the sourCe port 0x1234 Source: https://en.wikipedia.org/wiki/Transmission_Control_Protocol 12 „The Medium is the Message” Example: Send “0x12345678” using the sourCe port 0x5678 Source: https://en.wikipedia.org/wiki/Transmission_Control_Protocol 13 Detection Hard Pattern Based Anomally Based Source: https://upload.wikimedia.org/wikipedia/commons/c/cf/Binary_Code.jpg 14 Detection Hard Pattern Based Anomally Based Source: https://upload.wikimedia.org/wikipedia/commons/c/cf/Binary_Code.jpg 15 Prevention Software Isolation (VM) Air Gap, the ultimate defence? 16 The Following Learning Goals are Covered Lectu PreLa Lab in the re b Understand what covert channels are used for X X Learn about diEerent types of covert channels X X X Learn about some counter measures X X Introduce the packet manipulation tool scapy X X Create a covert channel with TCP Handshake X Bonus – Create a covert channel using DNS X 17 Source: https://en.wikipedia.org/wiki/File:FSB_Emblem.png Teaser Practical Part NSA FSB DNS Secret DB 18 Source: https://en.wikipedia.org/wiki/File:Seal_of_the_U.S._National_Security_Agency.svg
Load more

Recommended publications
  • Enabling TPM Based System Security Features
    Enabling TPM based system security features Andreas Fuchs <[email protected]> Who am I ? ● 13 year on/off TPMs ● Fraunhofer SIT: Trustworthy Platforms ● TCG-member: TPM Software Stack WG ● Maintainer – tpm2-tss: The libraries – tpm2-tss-engine: The openssl engine – tpm2-totp: Computer-to-user attestation (mjg’s tpm-totp reimplemented for 2.0) 2 The hardware stack ● Trusted Platform Module (TPM) 2.0 – Smartcard-like capabilities but soldered in – Remote Attestation capabilities – As separate chip (LPC, SPI, I²C) – In Southbridge / Firmware – Via TEEs/TrustZone, etc – Thanks to Windows-Logos in every PC ● CPU – OS, TSS 2.0, where the fun is... 3 The TPM Software Stack 2.0 ● Kernel exposes /dev/tpm0 with byte buffers ● tpm2-tss is like the mesa of TCG specs ● TCG specifications: – TPM spec for functionality – TSS spec for software API ● tpm2-tss implements the glue ● Then comes core module / application integration – Think GDK, but OpenSSL – Think godot, but pkcs11 – Think wayland, but cryptsetup 4 The TSS APIs System API (sys) Enhanced SYS (esys) Feature API (FAPI) • 1:1 to TPM2 cmds • Automate crypto for • Spec in draft form HMAC / encrypted • TBimplemented • Cmd / Rsp sessions • No custom typedefs U serialization • Dynamic TCTI • JSON interfaces s • No file I/O loading • Provides Policy e • No crypto • Memory allocations language r • No heap / malloc • No file I/O • Provides keystore S p TPM Command Transmission Interface (tss2-tcti) p a Abstract command / response mechanism, • No crypto, heap, file I/O a Decouple APIs
    [Show full text]
  • Master Thesis
    Master's Programme in Computer Network Engineering, 60 credits MASTER Connect street light control devices in a secure network THESIS Andreas Kostoulas, Efstathios Lykouropoulos, Zainab Jumaa Network security, 15 credits Halmstad 2015-02-16 “Connect street light control devices in a secure network” Master’s Thesis in Computer Network engineering 2014 Authors: Andreas Kostoulas, Efstathios Lykouropoulos, Zainab Jumaa Supervisor: Alexey Vinel Examiner: Tony Larsson Preface This thesis is submitted in partial fulfilment of the requirements for a Master’s Degree in Computer Network Engineering at the Department of Information Science - Computer and Electrical Engineering, at University of Halmstad, Sweden. The research - implementation described herein was conducted under the supervision of Professor Alexey Vinel and in cooperation with Greinon engineering. This was a challenging trip with both ups and downs but accompanied by an extend team of experts, always willing to coach, sponsor, help and motivate us. For this we would like to thank them. We would like to thank our parents and family for their financial and motivational support, although distance between us was more than 1500 kilometres. Last but not least we would like to thank our fellow researchers and friends on our department for useful discussions, comments, suggestions, thoughts and also creative and fun moments we spend together. i Abstract Wireless communications is a constantly progressing technology in network engineering society, creating an environment full of opportunities that are targeting in financial growth, quality of life and humans prosperity. Wireless security is the science that has as a goal to provide safe data communication between authorized users and prevent unauthorized users from gaining access, deny access, damage or counterfeit data in a wireless environment.
    [Show full text]
  • Peer-To-Peer Protocol and Application Detection Support
    Peer-to-Peer Protocol and Application Detection Support This appendix lists all the protocols and applications currently supported by Cisco ASR 5500 ADC. • Supported Protocols and Applications, page 1 Supported Protocols and Applications This section lists all the supported P2P protocols, sub-protocols, and the applications using these protocols. Important Please note that various client versions are supported for the protocols. The client versions listed in the table below are the latest supported version(s). Important Please note that the release version in the Supported from Release column has changed for protocols/applications that are new since the ADC plugin release in August 2015. This will now be the ADC Plugin Build number in the x.xxx.xxx format. The previous releases were versioned as 1.1 (ADC plugin release for December 2012 ), 1.2 (ADC plugin release for April 2013), and so on for consecutive releases. New in this Release This section lists the supported P2P protocols, sub-protocols and applications introduced in the ADC Plugin release for December 1, 2017. ADC Administration Guide, StarOS Release 21.6 1 Peer-to-Peer Protocol and Application Detection Support New in this Release Protocol / Client Client Version Group Classification Supported from Application Release 6play 6play (Android) 4.4.1 Streaming Streaming-video ADC Plugin 2.19.895 Unclassified 6play (iOS) 4.4.1 6play — (Windows) BFM TV BFM TV 3.0.9 Streaming Streaming-video ADC Plugin 2.19.895 (Android) Unclassified BFM TV (iOS) 5.0.7 BFM — TV(Windows) Clash Royale
    [Show full text]
  • The Difficulties of a Peer-To-Peer VPN on the Hostile Internet
    The difficulties of The difficulties of a peer-to-peer a peer-to-peer VPN on the hostile Internet VPN on the hostile Internet Guus Sliepen Brussel, February 6, 2010 Introduction Communicating over the Internet The problem of NAT The problem of MTU Other problems Authentiation and authorization The end Guus Sliepen [email protected] 1.1 Tinc development started in September 1997, after The difficulties of introduction of ethertap in Linux 2.1.53. a peer-to-peer VPN on the hostile Internet Current features: Guus Sliepen • Connects multiple sites together • Can act as router (layer 3) or switch (layer 2) Introduction Communicating • Full support for IPv6 over the Internet The problem of • No central server NAT • You configure some endpoints, tinc will do the rest The problem of MTU Modus operandi: Other problems Authentiation and • Metadata exchanges via TCP authorization The end • VPN packets directly via UDP • Fall back to TCP if UDP is not possible 1.2 The competition: The difficulties of a peer-to-peer y VPN on the • CIPE hostile Internet • VTuny Guus Sliepen • IPsec • OpenVPN Introduction Communicating • Hamachi over the Internet The problem of But also: NAT The problem of • GVPE MTU • CloudVPN Other problems Authentiation and • SocialVPN authorization • n2n The end • VDE 1.3 Network before VPN is configured: The difficulties of a peer-to-peer VPN on the hostile Internet Guus Sliepen Introduction Communicating over the Internet The problem of NAT The problem of MTU Other problems Authentiation and authorization The end Blue cloud: the Internet
    [Show full text]
  • Comparison of Virtual Networks Solutions for Community Clouds
    KTH Royal Institute of Technology Bachelor Thesis Comparison of Virtual Networks Solutions for Community Clouds Examiner: Vladimir Vlassov Author: Albert Avellana Supervisors: Paris Carbone, Hooman Peiro Information and Communication Technology School February 2014 KTH Royal Institute of Technology Abstract Information and Communication Technology School Bachelor Thesis Comparison of Virtual Networks Solutions for Community Clouds by Albert Avellana Cloud computing has a huge importance and big impact nowadays on the IT world. The idea of community clouds has emerged recently in order to satisfy several user expectations. Clommunity is a European project that aims to provide a design and implementation of a self-configured, fully distributed, decentralized, scalable and robust cloud for a community of users across a commmunity network. One of the aspects to analyze in this design is which kind of Virtual Private Network (VPN) is going to be used to interconnect the nodes of the community members interested in access cloud services. In this thesis we will study, compare and analyze the possibility of using Tinc, IPOP or SDN-based solutions such as OpenFlow to establish such a VPN. Acknowledgements I would like to express my gratitude to all those who gave me the possibility to do this thesis in KTH. Firstly, I would like to thank Vlad for the opportunity he gave me to do this thesis and for his support. Secondly, thanks to my thesis supervisors: Paris Carbone and Hooman Peiro, who guided me through the research, helped me and gave me recommendations during this period. Also, I would like to thank F´elixFreitag and Leandro Navarro from Universitat Polit`ecnica de Catalunya for supporting me from Barcelona and make this stay in Stockholm possi- ble.
    [Show full text]
  • TPM2 Software Community (Slides)
    TPM2 Software Community https://github.com/tpm2-software Philip Tricca (Intel) Andreas Fuchs (Fraunhofer SIT) Agenda Intro & Architecture boot: tcti-uefi verify system: tpm2-totp decrypt disk: cryptsetup/clevis vpn: strongswan / openconnect server: openssl learning, experimenting, prototyping develop: Join us TSS2 Design Use-case driven – Support for constrained environments to full OS: Layered design – Separate transport layer from APIs – Both synchronous and async: event-driven programming – Details exposed if needed, “sane defaults” otherwise Lower layers provide data transport & direct access to TPM2 commands – “Expert” applications in constrained environments – Minimal dependencies (c99, libc) Upper layers provide convenience functions & abstractions – Crypto for sessions, dynamic memory allocation, transport layer configuration – More features → more dependencies TSS2 Design System API (tss2-sys) Enhanced SYS (tss2- Feature API (FAPI) • 1:1 to TPM2 cmds esys) • Spec in draft form • Automate crypto for • No implementation yet • Command / Response HMAC / encrypted • File I/O U serialization sessions • Requires heap s • No file I/O • Dynamic TCTI loading • Automate retries e • No crypto • Memory allocations • Context based state r • No heap / malloc • No file I/O • Must support static linking S p TPM Command Transmission Interface (tss2-tcti) a • Abstract command / response mechanism, No crypto, heap, file I/O c • Dynamic loading / dlopen API Decouple APIs from command transport / IPC e K TPM Access Broker and Resource Manager
    [Show full text]
  • Laboratorio 4 Vnps: Open VPN Y TINC
    DEPARTAMENTO DE TECNOLOGÍA ELECTRÓNICA ESCUELA TÉCNICA SUPERIOR DE INGENIERÍA INFORMÁTICA Laboratorio 4 VNPs: Open VPN y TINC Enunciados de Prácticas de Laboratorio Tecnologías Avanzadas de la Información 1. Introducción y objetivos El uso de tecnologías VPN es fundamental para interconectar redes privadas a través de redes públicas de forma segura. En la teoría de esta asignatura se tratan ampliamente las VPNs y las técnicas de cifrado en las que se basan estas tecnologías. Para profundizar en los conocimientos teóricos se propone en este laboratorio la puesta en funcionamiento de dos tipos de VPNs, una centralizada (OpenVPN) y otra distribuida (TINC). La duración estimada de esta sesión de laboratorio es de 4 horas. Tanto OpenVPN como TINC son soluciones VPNs open source basadas en SSL. Con ellas se cubre un amplio rango de aplicaciones como: acceso remoto, unión de nodos remotos mediante VPN, seguridad Wi-Fi, balanceo de carga, etc. Su principal ventaja frente a otras soluciones comerciales es la facilidad y reducido coste de implantación. Ambas tecnologías operan en la capa 2 o 3 del modelo OSI uniendo mediante túneles todos los nodos distribuidos por la red. Se requiere una instalación tanto en el cliente como en el servidor y son compatibles con Linux, Windows, OSX, Android y algunos más. En esta sesión de laboratorio el alumno debe poner operativas dos VPNs en el entorno virtual de laboratorio. Se desarrolla de manera guiada en las primeras secciones la instalación y la puesta en marcha básica de la VPN. Posteriormente se plantean tareas de mayor dificultad para realizar de manera no guiada, no siendo necesaria la realización de las últimas propuestas de configuración.
    [Show full text]
  • On the Design of Autonomic, Decentralized Vpns
    On the Design of Autonomic, Decentralized VPNs David Isaac Wolinsky, Kyungyong Lee, P. Oscar Boykin, Renato Figueiredo University of Florida Abstract—Decentralized and P2P (peer-to-peer) VPNs (virtual whereas existing decentralized solutions require manual con- private networks) have recently become quite popular for con- figuration of links between peers, which is beyond the scope necting users in small to medium collaborative environments, of Archer’s target users. Current P2P VPN approaches either such as academia, businesses, and homes. In the realm of VPNs, there exist centralized, decentralized, and P2P solutions. Central- lack scalability or proper security components to be useful for ized systems require a single entity to provide and manage VPN VPN approaches. server(s); decentralized approaches allow more than one entity to We began our original foray into user-friendly VPN ap- share the management responsibility for the VPN infrastructure, proaches with IPOP [2]. Previous work on IPOP focused on while existing P2P approaches rely on a centralized infrastructure the routing mechanisms and address allocation with multiple but allow users to bypass it to form direct low-latency, high- throughput links between peers. In this paper, we describe a virtual networks (VNs) sharing a single P2P overlay. Though novel VPN architecture that can claim to be both decentralized a shared has significant drawbacks as misconfigured or ma- and P2P, using methods that lower the entry barrier for VPN licious peers could disable the entire overlay, rendering all deployment compared to other VPN approaches. Our solution VPNs useless, and the system would have to be recreated as extends existing work on IP-over-P2P (IPOP) overlay networks to there exists no methods to remove the peer from the overlay.
    [Show full text]
  • Tinc Manual Setting up a Virtual Private Network with Tinc
    tinc Manual Setting up a Virtual Private Network with tinc Ivo Timmermans and Guus Sliepen This is the info manual for tinc version 1.0.26, a Virtual Private Network daemon. Copyright c 1998-2014 Ivo Timmermans, Guus Sliepen <[email protected]> and Wessel Dankers <[email protected]>. Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are preserved on all copies. Permission is granted to copy and distribute modified versions of this manual under the con- ditions for verbatim copying, provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. Chapter 1: Introduction 1 1 Introduction Tinc is a Virtual Private Network (VPN) daemon that uses tunneling and encryption to create a secure private network between hosts on the Internet. Because the tunnel appears to the IP level network code as a normal network device, there is no need to adapt any existing software. The encrypted tunnels allows VPN sites to share information with each other over the Internet without exposing any information to others. This document is the manual for tinc. Included are chapters on how to configure your computer to use tinc, as well as the configuration process of tinc itself. 1.1 Virtual Private Networks A Virtual Private Network or VPN is a network that can only be accessed by a few elected computers that participate. This goal is achievable in more than just one way. Private networks can consist of a single stand-alone Ethernet LAN.
    [Show full text]
  • Toward Authentication Mechanisms for Wi-Fi Mesh Networks
    Toward Authentication Mechanisms for Wi-Fi Mesh Networks Mohammad Salim Saay Thesis presented in fulfilment of the requirements for the degree of Master of Science at the University of the Western Cape Supervisor: Dr William Tucker May 2011 Declaration I, Mohammad Salim Saay, declare that this thesis \Toward Authentication Mechanisms for Wi-Fi Mesh Networks" is my own work, that it has not been submitted before for any degree or assessment at any other university, and that all the sources I have used or quoted have been indicated and acknowledged by means of complete references. Signature: . Date: . Mohammad Salim Saay. iii Contents Declaration iii List of Figures ix List of Tables xi Acknowledgments xiii Abstract xv Key words xvii Glossary xix 1. Introduction 1 1.1 Background . 1 1.2 Motivation . 8 1.3 Research questions . 9 1.4 Overall approach . 10 1.5 Thesis outline . 11 2. Related work 13 2.1 802.11 authentication mechanisms . 13 2.1.1 Closed network . 14 2.1.2 MAC address Filtering . 14 2.1.3 Password Authentication . 15 2.1.4 CHAP: Challenge-handshake authentication protocol . 16 2.1.5 Shared key authentication . 18 2.1.6 WEP: Wired equivalent privacy . 19 2.1.7 WPA: Wi-Fi protected access . 20 2.1.8 WPA2: Wi-Fi protected access II . 22 2.1.9 EAP: Extensible authentication protocol|IEEE 802.1X . 22 2.1.10 EAP-RADIUS: Remote authentication dial in user service . 24 2.1.11 EAP-TLS: EAP-transport layer security . 26 2.1.12 EAP-TTLS: EAP-tunnel transport layer security .
    [Show full text]
  • Today's Howtos Today's Howtos
    Published on Tux Machines (http://www.tuxmachines.org) Home > content > today's howtos today's howtos By Roy Schestowitz Created 18/01/2021 - 3:37pm Submitted by Roy Schestowitz on Monday 18th of January 2021 03:37:49 PM Filed under HowTos [1] Install Inkscape 1.0.2 In Ubuntu / LinuxMint / Debian | Tips On UNIX[2] Inkscape is a free and open-source professional vector graphics editor software that runs on Linux, Mac OS X, and Windows desktop computers. It is suitable for illustrators and web designers and it is an alternative to Adobe Illustrator. It supports many SVG features (markers, alpha blending, clones, etc..) and easy to use. How to enable PowerTools on CentOS 8 [3] The PowerTools repository, which is available on CentOS/RHEL 8, provides developer related tools and libraries. Some EPEL packages depend on packages available from PowerTools. Thus if you have set up the EPEL repository on your CentOS, it is recommended that you enable PowerTools as well. Install gscan2pdf 2.11.0 in Ubuntu / Linux Mmint [4] gscan2pdf a GUI tool used to produce PDF?s or DjVus from Scanned documents,gscan2pdf works on all Linux / BSD machines gscan2pdf team released a newer version 2.11.0 recently and yet to be updated in official Jeffrey Ratcliffe PPA for Ubuntu 20.04 and lower versions. This tutorial will be helpful for beginners to install gscan2pdf 2.11.0 in Ubuntu 20.10, Ubuntu 20.04, Linux Mint 20.1, and lower versions of Ubuntu and Linux Mint. How to set up WireGuard VPN server on Ubuntu 20.04 [5] Traditionally, VPN implementation has existed in two forms.
    [Show full text]
  • Presentation-Netmcr-Tinc.Pdf
    net tinc VPN A quick introduction... Images: TJA, gobeirne, SKAO, mtearle About tinc ● Info about authors – Ivo Timmermans – Guus Sliepen ● Two current versions – 1.0 and 1.1 (in beta) ● Goals are: – Security – Reliability – Efficiency – Scalability – Ease Of Use Uses for tinc ● Remote Access ● “VPN” ● Interconnect Networks What it is... ● Userspace Implementation ● SSL based encryption ● Some support for Windows / Mac OS X / Android ● Mesh and Point-to-Point (plus discovery if you want it) ● Switched or Routed networks What it is not ... ● Standard. Uses dedicated tinc protocol over the wire ● Control connection over TCP, traffic over TCP or UDP Quick tour of configuration file structure ● /etc/tinc/<network name> ● /etc/tinc/<network – tinc.conf name>/hosts – rsa_key.priv – <hostname> – tinc-up – <hostname>-up – tinc-down – <hostname>-down – host-up – host-down – subnet-up – subnet-down tinc.conf ● Name Name = tymnet Port = 661 ● Mode ConnectTo = bremen ● ConnectTo ConnectTo = mitre ● LocalDiscovery ● Port ● StrictSubnets -up and -down scripts #!/bin/bash ● Substitutions ● Triggered on: ip link set $INTERFACE up ip addr add 172.16.86.20/32 dev $INTERFACE – Tinc startup ip route add 172.16.86.0/24 dev $INTERFACE – Subnet – Host Host Configuration Address = 192.0.2.16 661 ● Address Subnet = 172.16.86.20/32 -----BEGIN RSA PUBLIC KEY----- ● MIICCgKCAgEA2SeJQsu/FUo7Kbh1hSIrbvm05BdThU0sncSSnXHeNJmgjV/IUEdq Subnet 3OUXrM3ED0uJ5AHjXYoIlotj2heKXJx9qzGnZ14nRqlceQpM0fscATSz6nO2KqqO yXze/jYh8ys7m9v9uiy4x+tUPa0JAJ6hJATWX7HrGrziIUN4DUdNMveuUC52uv5V
    [Show full text]