DOCSLIB.ORG

Table of Contents I. Introduction A. What Is the Internet

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Table of Contents I. Introduction a. What is the Internet …………………………………………………….... 3 b. Why do you need to be anonymous in the internet? ………………… 3 II. The ways for determining you on the internet …………………………. 7 a. IP Address …………………………………………………………………. 7 b. Cookies …………………………………………………………………… 7 c. Browser …………………………………………………………………… 8 d. JavaScript, ActiveX, and Flash Support ………………………………. 8 III. Who and why is it necessary to be anonymous in the internet …… 9 IV. Top 10 Frequently Asked Questions about Internet Security ……... 11 V. VPN …………………………………………………………………………… 16 a. What is VPN ……………………………………………………………... 16 b. How VPN does helps in internet security? ……….….….….….….…. 16 c. The other uses and advantages of using VPN …..….….….….….….…. 16 d. How VPN does operate? ……….….….….….….….….….….….….….….. 17 e. VPN Protocols ….….….….….….….….….….….….….….….….………. 17 i. OpenVPN ….….….….….….….….….….….….….….….….……… 17 ii. PPTP ….….….….….….….….….….….….….….….….….……...... 18 iii. L2TP ….….….….….….….….….….….….….….….….….………… 18 iv. Single ….….….….….….….….….….….….….….….….….……… 19 v. Double ….….….….….….….….….….….….….….….….….……… 19 vi. Triple ….….….….….….….….….….….….….….….….….………… 19 f. Table: Comparison of VPN Protocols ….….….….….….….….….………. 19 g. The Best VPN Protocol ….….….….….….….….….….….….….….……… 20 VI. SOCKS ………….….….….….….….….….….….….….….….….….….……… 21 a. What is SOCKs? ………….….….….….….….….….….….….….….…… 21 b. What are uses of SOCKs? ……….….….….….….….….….….….………. 21 c. How SOCKs does operate? …….….….….….….….….….…..….……….. 22 d. SOCKS Specifications …..….….….….….….….….….….….….….……… 23 e. Advantages and Disadvantages of using SOCKs ……………………… 24 1 VII. VPN ààà SOCKS Chain …………..….….….….….….….….….……………….. 25 a. What is VPN à SOCKs Chain ………….….….….….….….….….………. 25 b. VPN vs. SOCKS ……….….….….….…….….….….….…………………… 25 c. How VPN à SOCKs Chain operates? …..….….….….….…….…………. 25 d. Advantages of using VPN à SOCKs Chain …..….….….….….………… 26 e. How you can use VPN à SOCKs Chain? ….….….….…….….…………. 27 i. OpenVPN Chain ……………….….…..…..….….….….….……… 27 ii. PPTP+FreeCap Chain ………….….….….….….….….…….……... 28 2 Introduction What is the Internet? The Internet, the World Wide Web, or simply referred to, as “the net” is the inter- connection of many computers within a vast network. A lot of data and information have been globally available to billions of people that need it, in an ease by the help of the internet. Why do you need to be anonymous in the internet? However, despite the internet’s usefulness to human, it can also provide negative effect that relates to security and privacy risks. When you connect to the internet, your device, or computer automatically send information to the web servers. This information includes your viewing habits, the terms you had searched, your geographical location, your address, phone number, employment details, your credit card numbers, and more. Websites that you visits keeps logs of this data, and even though you trust the integrity of that website, the fact that they are storing your information clearly means that you are still not safe and potentially at risk for data security invasions. You cannot prevent this to happen, but you can change what is happening or do something about it. Being anonymous on the internet does not just covers security and data protection. Another good use of being anonymous from the internet is it can give you the freedom you need to get access to p2p 1, torrents 2, and porn contents from the internet and stay undetected or hidden. Internet anonymity for this purpose has been reportedly to be successful, thus enriching the experience of the internet user for its purpose and objectives. 1. p2p – P2P stands for Peer-To-Peer. It is a type of network communication, which allows file and data sharing between hardware and software without passing through the services of a server. 2. torrents – or torrent, a peer-to-peer file sharing (P2P) communications protocol/software/company. 3 There is also a massive suing of thousands of p2p/torrent users or downloaders for their illegal downloads that have been reported from the past few years. Quoting from online news articles and news publications or sources: NEW YORK (CNNMoney) -- The turn of the 21st century was rife with bitter anti- piracy lawsuits pitting studios against their potential customers, with music labels banding together to blast Napster -- and its massive user base -- to smithereens. Get ready for round two. This time, it is BitTorrent users facing off against the movie studios. Nearly 50,000 users of BitTorrent's peer-to-peer downloading software have been targeted in a sting over the past few months, accused of illegally downloading one of two movies. Source: 50,000 BitTorrent users sued for alleged illegal downloads In the last 12 months, copyright infringement lawsuits in the United States, mainly against torrent users (and a few hundred ed2k users), have targeted 99,924 defendants. The profitable pay-up-or-else scheme has been embraced by many. Of the 80 cases that were filed originally, 68 are still active, with 70,914 defendants still being targeted. Mass P2P lawsuits are a new revenue stream for the adult entertainment and movie studio industries. Copyright holders try to obtain the personal details of users who are allegedly sharing their material online, and once they do, they offer the defendant the opportunity to settle the case for somewhere between a few hundred to a couple of thousand dollars. The victims are told this will allow them to avoid a full trial and potentially even bigger financial penalties. Source: Almost 100,000 US torrent users sued in the last 12 months 4 CONCORD, N.H. (AP) — Renee Elderd never thought to ask her husband about the music he downloaded and listened to on their computer. Turns out she should have.Last September, a few months after Elderd's husband moved out, a police officer showed up at her Nashua home with a lawsuit from the recording industry. She was accused of copyright infringement. "The bottom line is, he wanted to do the right thing and get out of the lawsuit and not pay all the fees," Persson said. "With the amounts they're settling for, it doesn't make any sense for people to fight these." Source: Woman struggling with music downloading lawsuit It says at least 33 people have been detained for internet subversion and two prisoners had subsequently died after apparent torture or ill-treatment. Amnesty said a former police officer, Li Dawei, was the subject of one of the longest sentences. He was jailed for 11 years after being convicted of downloading articles from democracy sites abroad. Source: China accused of jailing net users Downloading from torrent sites or peer to peer sites have been reported to be an illegal action as per it gives internet users the easy access to copyrighted materials and media stuffs that they should be getting with a price, hence they get it for free easily from torrents or p2p sites. Since the beginning of the flourishing of the internet era; the law, or anti-piracy acts and campaigns have been enforced by the governments of every country in the world. The government, from then have become strict, and without further amnesty, depending on the state you belong, you are possibly going to jail if proven that you are breaching over this kind of illegal activities. Even though this only pertains to downloads from the internet. 5 Obviously, you can get yourself sued only if you have been traced for doing those illegal actions. However, with the right knowledge of internet anonymity, you can put your mind at ease as per your identity is hidden, whenever you are accessing p2p or torrent sites. This adds another kind of security for you as an internet user. Getting anonymous from the internet can start from you and will only be from the end-user, whether he decided to make his information private, or unreal that are sent on the web servers for the norm compliance. There are a lot of method that you can use in order to get anonymous from the web, thus giving yourself the maximum freedom you need for your every internet actions, without the fear of getting sued or sent to jail just by this stuffs that seems to be illegal on the first hand. 6 The Ways for Determining You on the Internet Once you are connected on the internet, through any website, your machine automatically sends data and information to their webservers. This information includes your IP Address, Cookies, Browser, and JavaScript, Active X, and Flash support capability of your machine that you are using to connect on the internet. IP Address IP Address, or internet proxy address, refers to the proxy you are using on that moment you are connecting on the internet. This can come into numbers or names, often referred to as hostnames. With your IP address, your current location and ISP 1 can be tracked easily. In the case of seeking for internet censorship and anonymity, you never want to expose your real IP address. There are many ways that you can do to change the IP address you have. Cookies Cookies refer to unique data that are encrypted in a way it contains vital information that deals with your log-ins on different sites. In the internet, speaking of cookies does not pertain to those baked breads that are edible. When you visit a website, or any webserver, your computer sends a specific cookie to the site, to make yourself remembered by the site. Some invasion can be done through cookie sniffing, in which nasty people can jack up into your privacy, when they successfully stole your cookie. This is a big risk to your security and privacy. However, you always have the option to get your browser rejects on accepting and sending cookies, thus making your web browsing safer, secure, and anonymous. 1. ISP – Internet Service Providers 7 Browser Your browser is the application software, or program that you are using on browsing the internet. The most popular among computer browsers are Internet Explorer from Microsoft, Google Chrome from Google, Mozilla Firefox from Mozilla, and Safari Browser from Apple. When you browse any webpage through your browser, the webserver that you are connected to instantly knows your Browser name.
Recommended publications
  • Your Performance Task Summary Explanation

    Your Performance Task Summary Explanation

    Lab Report: 13.3.4 Configure Remote Wipe Your Performance Your Score: 0 of 1 (0%) Pass Status: Not Passed Elapsed Time: 17 seconds Required Score: 100% Task Summary Actions you were required to perform: In Remotely wipe Maggie's iPad Explanation In this lab, your task is to assist Maggie with a remote wipe as follows: Log in to icloud.com using the following credentials: Apple ID: [email protected] Password: maggieB123 Using Find iPhone, select her iPad and erase it. Enter a phone number and message to be displayed on the iPad. Complete this lab as follows: 1. In the URL field in Chrome, enter icloud.com and press Enter. 2. Maximize the window for easier viewing. 3. In the Sign in to iCloud field, enter [email protected] and press Enter. 4. Enter maggieB123 and press Enter. 5. Select Find iPhone. 6. Select All Devices. 7. Select Maggie's iPad. 8. Select Erase iPad. 9. Select Erase. 10. In the Enter AppleID to continue field, enter [email protected] and press Enter. 11. Enter maggieB123 and press Enter. 12. In the Number field, enter a phone number of your choosing to be displayed on the iPad. 13. Click Next. 14. Enter a message of your choosing to be displayed on the iPad. 15. Click Done. 16. Click OK. Lab Report: 13.3.6 Require a Screen Saver Password Your Performance Your Score: 0 of 3 (0%) Pass Status: Not Passed Elapsed Time: 8 seconds Required Score: 100% Task Summary Actions you were required to perform: In Enable the screen saver In Enable the screen saver after 10 minutes In Show the logon screen when the computer wakes Explanation In this lab, your task is to complete the following: Enable the screen saver (you choose the screen saver type to use).
  • Ipv4 WAN (Internet) Layer 2 Tunneling Protocol (L2TP) Configuration on RV120W and RV220W

    Ipv4 WAN (Internet) Layer 2 Tunneling Protocol (L2TP) Configuration on RV120W and RV220W

    IPv4 WAN (Internet) Layer 2 Tunneling Protocol (L2TP) Configuration on RV120W and RV220W Objectives Layer 2 Tunneling Protocol (L2TP) establishes a Virtual Private Network (VPN) that allows remote hosts to connect to one another through a secure tunnel. It does not provide any encryption or confidentiality by itself but relies on an encryption protocol that it passes within the tunnel to provide privacy. One of its biggest advantages is that it encrypts the authentication process which makes it more difficult for someone to "listen in" on your transmission to intercept and crack the data. L2TP does not only provide confidentiality but also data integrity. Data integrity is protection against modification of date between the time it left the sender and the time it reached the recipient. This document explains how to configure the IPv4 WAN (Internet) for use with Layer 2 Tunneling Protocol (L2TP) on the RV120W and RV220W. Applicable Devices • RV120W • RV220W Software Version • v1.0.4.17 IPv4 WAN (Internet) L2TP Configuration Step 1. Log in to the web configuration utility and choose Networking > WAN (Internet) > IPv4 WAN(Internet). The IPv4 WAN (Internet) page opens: Step 2. Choose L2TP from the Internet Connection Type drop-down list. Step 3. Enter the username provided from ISP in the User Name field. Step 4. Enter the password provided from ISP in the password field. Step 5. (Optional) Enter the secret pass phrase if provided by the ISP in the Secret field. Step 6. Click the desired radio button for the Connection Type: • Keep Connected — This keeps the device connected to the network for all the time.
  • Secure Shell Encrypt and Authenticate Remote Connections to Secure Applications and Data Across Open Networks

    Secure Shell Encrypt and Authenticate Remote Connections to Secure Applications and Data Across Open Networks

    Product overview OpenText Secure Shell Encrypt and authenticate remote connections to secure applications and data across open networks Comprehensive Data security is an ongoing concern for organizations. Sensitive, security across proprietary information must always be protected—at rest and networks in motion. The challenge for organizations that provide access to applications and data on host systems is keeping the data Support for Secure Shell (SSH) secure while enabling access from remote computers and devices, whether in a local or wide-area network. ™ Strong SSL/TLS OpenText Secure Shell is a comprehensive security solution that safeguards network ® encryption traffic, including internet communication, between host systems (mainframes, UNIX ™ servers and X Window System applications) and remote PCs and web browsers. When ™ ™ ™ ™ Powerful Kerberos included with OpenText Exceed or OpenText HostExplorer , it provides Secure Shell 2 (SSH-2), Secure Sockets Layer (SSL), LIPKEY and Kerberos security mechanisms to ensure authentication security for communication types, such as X11, NFS, terminal emulation (Telnet), FTP support and any TCP/IP protocol. Secure Shell encrypts data to meet the toughest standards and requirements, such as FIPS 140-2. ™ Secure Shell is an add-on product in the OpenText Connectivity suite, which encrypts application traffic across networks. It helps organizations achieve security compliance by providing Secure Shell (SSH) capabilities. Moreover, seamless integration with other products in the Connectivity suite means zero disruption to the users who remotely access data and applications from web browsers and desktop computers. Secure Shell provides support for the following standards-based security protocols: Secure Shell (SSH)—A transport protocol that allows users to log on to other computers over a network, execute commands on remote machines and securely move files from one machine to another.
  • Telnet Client 5.11 Ssh Support

    Telnet Client 5.11 Ssh Support

    TELNET CLIENT 5.11 SSH SUPPORT This document provides This document describes how to install and configure SSH support in Wavelink Telnet Client 5.11. information on the SSH support available in Telnet Client 5.11 OVERVIEW OF SSH SUPPORT Secure Shell (SSH) is a protocol developed for transmitting private information over the Internet. SSH OVERVIEW encrypts data that is transferred over the Telnet session. • Overview of SSH The Telnet Client supports SSH version 1 and 2 and will automatically select the most secure protocol Support that the SSH server supports. • Installing Windows SSH Support This document describes the following: • Configuring the host • Installing Windows SSH support utility profile for SSH • Configuring the host profile for SSH support support • Deploying Windows • Deploying Windows SSH support to the device through Avalanche or ActiveSync SSH Support • Revision History INSTALLING WINDOWS SSH SUPPORT Installing SSH support is a two-step process. First, install SSH support on the PC from which you will deploy Telnet. Once you install SSH support on the PC, use Avalanche or ActiveSync to deploy the utility to the device. To install SSH support on your PC: 1. Obtain the installation executable for SSH support. NOTE: To obtain the Wavelink SSH support utility install, go to http://www.wavelink.com/downloads/ files/sshagreement.aspx. 2. Install SSH support on the PC from which you will deploy the Telnet Client. CONFIGURING THE HOST PROFILE FOR SSH SUPPORT SSH support is configured from the Host Profiles window of the configuration utility. NOTE: SSH is only an active option if SSH support has been installed on the PC running the Telnet Client configuration utility.
  • Application Note

    Application Note

    Remote Access Serial Communications - Serial Server RFL eXmux 3500® IP Access Multiplexer The RFL eXmux 3500 is a hardened IP Access Multiplexer engineered for mission critical infrastructures that seamlessly transport voice, serial, video and Ethernet data communications over Ethernet/IP or MPLS networks. The eXmux 3500 is a Layer 2 device with an integrated managed Ethernet switch which allows the eXmux 3500 to be used either in a private network with other eXmux 3500’s or as part of a larger Ethernet/IP/MPLS network. Both fiber (using SFPs) and RJ-45 connections are available for the eXmux 3500; uplink speeds of up to a Gigabit are possible. This application note illustrates the eXmux-3500 IP access multiplexer basic remote access communications with remote devices that has serial (RS232, DB9) interface functionality using the Serial Server IU as depicted in Figure 1 below. LAN 1 LAN 2 PC-1 PC-2 IP Address=10.10.12.100 Remote Access Using Serial Server IP Address=10.10.11.100 ethernet ethernet Ethernet/IP Network P1 P5 P5 P1 SSrv Port 1 eXmux 3500-1 eXmux 3500-2 SSrv Port 2 IP address=10.10.12.12 IP Address=10.10.11.12 RS-232 comm port RS-232 comm port Figure 1…Remote Access Communication Topology Serial Server IU Implementation The Serial Server (SSrv) is an IP-based interface unit (IU) of the eXmux 3500 that supports remote communications to a serial device connected either RS-232 or RS-485/4W using either standard Telnet (Unsecured) or SSH (Secure Shell - Tunneling) IP applications.
  • GPRS Tunneling Protocol (GTP) Processing

    GPRS Tunneling Protocol (GTP) Processing

    TECHNOLOGY BRIEF GPRS Tunneling Protocol (GTP) Processing GPRS Tunneling Protocol or GTP for short is a mechanism used exclusively in cellular SUMMARY networks to tunnel IP packets through a mobile network core. The protocol was Comprehensive discussion of GTP introduced in the late 1990s when the first generation of packetized data—known protocol and how an Accolade as General Packet Radio Services or GPRS—was adopted. GPRS is often referred to adapter can help with GTP as 2.5G because it runs over GSM (2nd Generation or 2G mobile technology). GTP deduplication has moved on from those humble beginnings and is used in an updated form in KEY POINTS both 4G (LTE) and emerging 5G cellular networks. The main benefit of GTP is that • GTP is used exclusively in mobile a user’s IP address can be decoupled from routing and related decisions within networks a mobile network core. This is what allows a cellular customer to move around • Accolade ANIC adapters can fully from base station to base station and still maintain uninterrupted connectivity parse GTP packets and offer to external networks such as the Internet. It also allows for multiple services such value added capabilities such as as VoLTE (Voice over LTE) to be provisioned on the same device. In short, GTP is a deduplication crucial tunneling protocol that is indispenable in all modern mobile networks. HOW IT WORKS Figure 1 depicts a mobile phone (referred to as “user equipment” or “UE” in the industry) accessing an Internet web server with IP address 74.125.71.104. The phone or UE is initially connected to base station #1 (referred to as an eNodeB or “eNB” in LTE) and generates a simple IP packet to access the web server.
  • Networking Telnet

    Networking Telnet

    IBM i Version 7.2 Networking Telnet IBM Note Before using this information and the product it supports, read the information in “Notices” on page 99. This edition applies to IBM i 7.2 (product number 5770-SS1) and to all subsequent releases and modifications until otherwise indicated in new editions. This version does not run on all reduced instruction set computer (RISC) models nor does it run on CISC models. This document may contain references to Licensed Internal Code. Licensed Internal Code is Machine Code and is licensed to you under the terms of the IBM License Agreement for Machine Code. © Copyright International Business Machines Corporation 1998, 2013. US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Telnet................................................................................................................... 1 What's new for IBM i 7.2..............................................................................................................................1 PDF file for Telnet........................................................................................................................................ 1 Telnet scenarios...........................................................................................................................................2 Telnet scenario: Telnet server configuration.........................................................................................2 Telnet scenario: Cascaded Telnet
  • SOCKS Protocol Version 6

    SOCKS Protocol Version 6

    SOCKS Protocol Version 6 draft-olteanu-intarea-socks-6-08 Vladimir Olteanu IETF 106 What’s new ● DNS provided by SOCKS ● Options for Happy Eyeballs at the proxy Clients need DNS-like features ● A and AAAA – LD_PRELOAD for non-SOCKS-aware apps: gedaddrinfo() separate from connect() – Happy Eyeballs: need to do queries separately ● TXT – ESNI ● MX, Service Binding, etc. – <Insert future use case here> Providing DNS-like features ● Individual SOCKS options (removed in -08) – Have to keep up with use cases – Duplicate DNS functionality – Until -07: A, AAAA, PTR ● Having the client use DNS – Hard to convey policies: resolver IPs, plaintext / over TLS / over HTTPS etc., maybe credentials, etc. – Provide a DNS proxy Why not separate DNS from SOCKS? Client Proxy Server HTTP/SOCKS :1080 HTTP :80 DNS :53 Why not separate DNS from SOCKS? Client Proxy Server HTTP/SOCKS :1080 HTTP :80 DNS :53 WHICH TOR CIRCUIT? ● Need context for DNS query – Otherwise: privacy leaks, suboptimal CDN use DNS provided by SOCKS ● Clients make CONNECT request to 0.0.0.0:53 – Proxy needn’t provide a valid bind address ● Plaintext DNS over SOCKS (opt. over TLS) – TCP by default: SOCKS + UDP more cumbersome to use ● Implementation in Sixtysocks – Run separate DNS proxy locally – Translate 0.0.0.0:53 to 127.0.0.1:53 Happy Eyeballs ● RFC 8305: resolve and connect to a server using both IPv4 and IPv6, keep only one connection – Failover from IPv6 to IPv4 – Better responsiveness if one is faster ● Clients can implement Happy Eyeballs locally – Have DNS + CONNECT Happy Eyeballs:
  • EDS3000 Device Server Command Reference EDS3008/16/32PR EDS3008/16PS

    EDS3000 Device Server Command Reference EDS3008/16/32PR EDS3008/16PS

    EDS3000 Device Server Command Reference EDS3008/16/32PR EDS3008/16PS Part Number PMD-00014 Revision B December 2020 Intellectual Property © 2021 Lantronix, Inc. All rights reserved. No part of the contents of this publication may be transmitted or reproduced in any form or by any means without the written permission of Lantronix. Lantronix is a registered trademark of Lantronix, Inc. in the United States and other countries. Patented: http://patents.lantronix.com; additional patents pending. Windows is a registered trademark of Microsoft Corporation. Wi-Fi is registered trademark of Wi-Fi Alliance Corporation. All other trademarks and trade names are the property of their respective holders. Warranty For details on the Lantronix warranty policy, please go to our web site at www.lantronix.com/support/warranty. Contacts Lantronix, Inc. 7535 Irvine Center Drive Suite 100 Irvine, CA 92618, USA Toll Free: 800-526-8766 Phone: 949-453-3990 Fax: 949-453-3995 Technical Support Online: www.lantronix.com/support Sales Offices For a current list of our domestic and international sales offices, go to the Lantronix web site at www.lantronix.com/about/contact. Disclaimer All information contained herein is provided “AS IS.” Lantronix undertakes no obligation to update the information in this publication. Lantronix does not make, and specifically disclaims, all warranties of any kind (express, implied or otherwise) regarding title, non-infringement, fitness, quality, accuracy, completeness, usefulness, suitability or performance of the information provided herein. Lantronix shall have no liability whatsoever to any user for any damages, losses and causes of action (whether in contract or in tort or otherwise) in connection with the user’s access or usage of any of the information or content contained herein.
  • DESIGN ALTERNATIVES for Virtual Private Networks

    DESIGN ALTERNATIVES for Virtual Private Networks

    DESIGN ALTERNATIVES FOR Virtual Private Networks G.I. Papadimitriou1, M. S. Obaidat2, C. Papazoglou3 and A.S. Pomportsis4 1Department of Informatics, Aristotle University, Box 888, 54124 Thessaloniki, Greece 2Department of Computer Science, Monmouth University, W. Long Branch, NJ 07764, USA 3Department of Informatics, Aristotle University, Box 888, 54124 Thessaloniki, Greece 4Department of Informatics, Aristotle University, Box 888, 54124 Thessaloniki, Greece Keywords. Virtual private networks (VPNs), PPTP, L2TP, IPSec, tunneling, encryption, SSL, QoS Abstract. Virtual private networks (VPNs) are becoming more and more important for all kinds of businesses with a wide spectrum of applications and configurations. This paper presents the basic concepts related to VPNs. These include the different types of VPN services, namely Intranet, Extranet and Remote Access VPNs. The concept of tunneling, which is fundamental in VPNs, is discussed in great detail. The tunneling protocols that are employed by VPNs, such as PPTP, L2TP and IPSec are also presented. Furthermore, the issue of Quality of Service, QoS, support in VPN configurations is briefly addressed. 1 Introduction The best way to come up with a definition of the term Virtual Private Network (VPN) is to analyze each word separately. Having done that, Ferguson and Huston (1998) came up with the following definition: A VPN is a communications environment in which access is controlled to permit peer connections only within a defined community of interest, and is constructed through some form of partitioning of a common underlying communications medium, where this underlying communications medium provides services to the network on a non-exclusive basis. Ferguson and Huston also provided a simpler and less formal description.
  • New Techniques to Enhance the Capabilities of the Socks Network Security Protocol

    New Techniques to Enhance the Capabilities of the Socks Network Security Protocol

    NEW TECHNIQUES TO ENHANCE THE CAPABILITIES OF THE SOCKS NETWORK SECURITY PROTOCOL Mukund Sundararajan and Mohammad S. Obaidat Computer Science Department, Monmouth University, West Long Branch, NJ, U.S.A. Keywords: Security protocols for computer networks, SOCKS, telecommunications, multicast, UDP tunneling. Abstract: SOCKS is an industry standard network security protocol used in private networks to allow secure traversal of application layer traffic through the boundaries of the network. Standardized by IETF in Request for Comments (RFC) 1928 (Leech et al., 1996) as SOCKS Version 5, this protocol has found widespread use in various security frameworks to allow a variety of application layer protocols to securely traverse a firewall. This paper is the result of research performed on the usability of the protocol in application domains such as multicast. We discuss some of the shortcomings of the SOCKS protocol and provide a framework and the methods for enhancing the capabilities of the protocol in areas such as multicast and advanced TCP and UDP capabilities not addressed by the current standard of the protocol. The methods proposed are being implemented in a reference implementation by the authors. 1 INTRODUCTION Operating in a client server mode, application nodes or computers within a SOCKS protected In today’s global and geographically dispersed network are ‘socksified’ by a socks client library that organizational world, network security is a key provides a transparent abstraction layer between the concern to organizations and individuals. With application and the kernel socket library and hides advances in technology, most of today’s the implementation details of the socks protocol from organizations have their key resources and data the application.
  • Firewalls and Vpns

    Firewalls and Vpns

    Firewalls and VPNs Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 [email protected] Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-17/ Washington University in St. Louis http://www.cse.wustl.edu/~jain/cse571-17/ ©2017 Raj Jain 23-1 Overview 1. What is a Firewall? 2. Types of Firewalls 3. Proxy Servers 4. Firewall Location and Configuration 5. Virtual Private Networks These slides are based on Lawrie Brown’s slides supplied with William Stalling’s th book “Cryptography and Network Security: Principles and Practice,” 7 Ed, 2017. Washington University in St. Louis http://www.cse.wustl.edu/~jain/cse571-17/ ©2017 Raj Jain 23-2 What is a Firewall? Interconnects networks with differing trust Only authorized traffic is allowed Auditing and controlling access Can implement alarms for abnormal behavior Provides network address translation (NAT) and usage monitoring Implements VPNs Washington University in St. Louis http://www.cse.wustl.edu/~jain/cse571-17/ ©2017 Raj Jain 23-3 Firewall Limitations Cannot protect from attacks bypassing it E.g., sneaker net, utility modems, trusted organisations, trusted services (e.g., SSL/SSH) Cannot protect against internal threats E.g., disgruntled or colluding employees Cannot protect against access via Wireless LAN If improperly secured against external use, e.g., personal hot spots Cannot protect against malware imported via laptops, PDAs, and storage infected outside Washington University in St. Louis http://www.cse.wustl.edu/~jain/cse571-17/ ©2017 Raj Jain 23-4 Firewalls – Packet Filters Examine each IP packet (no context) and permit or deny according to rules Washington University in St.