DOCSLIB.ORG

Routerlab: Tunneling

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Routerlab: Tunneling Overview L2/L3/L4 VPN Other tunneling technologies Routerlab: Tunneling Thorben Kr¨uger original slides by Philipp S. Tiesel and Franziska Lichtblau June 1, 2016 1 / 27 Overview L2/L3/L4 VPN Other tunneling technologies 1 Overview 2 L2/L3/L4 VPN IPSec OpenVPN 3 Other tunneling technologies 2 / 27 Overview L2/L3/L4 VPN Other tunneling technologies Overview 3 / 27 Overview L2/L3/L4 VPN Other tunneling technologies Tunneling: Use cases • Secure communication (encryption and authentification) • Connecting discontiguous network segments • Enabling telecommuting • Bypass restrictive firewalls and proxies • Transition technology (IPv6 over IPv4) • Traffic engineering 4 / 27 Overview L2/L3/L4 VPN Other tunneling technologies What is tunneling? • Embed one protocol inside of another protocol • Establishing of logical layers through the network • Virtual Private Network • What can be tunneled. through what. { IP over IP { IP over UDP { TCP over SSH { See RFC 1217 for escalation of this idea. 5 / 27 Overview IPSec L2/L3/L4 VPN OpenVPN Other tunneling technologies L2/L3/L4 VPN 6 / 27 Overview IPSec L2/L3/L4 VPN OpenVPN Other tunneling technologies Overview • MPLS establishes layer 2 tunnels based on labels assigned to packets • IPSec provides encryption and authentication in IP packet level • OpenVPN is a point-to-point tunneling technology which can be used in bridged or routed networks • PPPoE is a link layer protocol for encapsulating PPP frames inside ethernet frames 7 / 27 Overview IPSec L2/L3/L4 VPN OpenVPN Other tunneling technologies IPSec 8 / 27 Overview IPSec L2/L3/L4 VPN OpenVPN Other tunneling technologies Basics • Encryption and authentication of IP packets on layer 3 • Usually used as a tunneling technology even if an established connection is not strictly necessary • Initially designed to enable opportunistic encryption between Internet nodes • Implementations: strongswan, openswan/libreswan, freeswan 9 / 27 Overview IPSec L2/L3/L4 VPN OpenVPN Other tunneling technologies Authentication Header • Ensures integrity and authenticity of IP packets • Inserts a header into the IP packet including a cryptographic checksum of the packet's contents. • Protects the non mutable fields of an IP datagram • Caution: Trying to use AH through NAT needs extra consideration as NAT makes changes to authenticated header fields • IPSec in AH mode without encryption is possible, but rarely used (on purpose) 10 / 27 Overview IPSec L2/L3/L4 VPN OpenVPN Other tunneling technologies Encapsualted Security Payload • Responsible for encryption of IP packets • Provides authenticity as well, but src- and dst IP are not part of the checksum • Prevention from IP spoofing through authentication of communication end points when the tunnel is established 11 / 27 Overview IPSec L2/L3/L4 VPN OpenVPN Other tunneling technologies Tunnel mode • Entire IP packet is protected by IPSec • New IP header is wrapped "around" the old packet • Original IP header not visible • Commonly used between gateways with ESP enabled Singed by ESP Auth Trailer Encrypted with ESP Header New ESP IP TCP/ ESP ESP AUTH IP Data Header UDP Trailer Trailer Header Header Original IP Packet 12 / 27 Overview IPSec L2/L3/L4 VPN OpenVPN Other tunneling technologies Transport mode • Original IP header used for encapsulation (not encrypted) • Usually used for end-to-end security • IPSec is running on the end hosts Singed by ESP Auth Trailer Encrypted with ESP Header Original ESP TCP/ ESP ESP AUTH IP Data Header UDP Trailer Trailer Header IP Header Original IP Packet Original IP Header moved to the front 13 / 27 v Overview IPSec L2/L3/L4 VPN OpenVPN Other tunneling technologies IKE - Internet Key Exchange • Security Associations: Security policies for communication between entities need to be defined • Key management protocol: Exchange of keys for encryption and authentication over unsecured channels • Manages Security Associations (SAs) for IPSec • IKE for IPSec is not mandatory, but widely used { Automatic negotiation of specific parameters { CA support { Ability to change encryption keys during an IPSec session 14 / 27 Overview IPSec L2/L3/L4 VPN OpenVPN Other tunneling technologies OpenVPN 15 / 27 Overview IPSec L2/L3/L4 VPN OpenVPN Other tunneling technologies OpenVPN: Basics • SSL/TLS based user-space VPN: Works on various devices/platform • Works based on virtual network interfaces • Layer 2 (TAP mode) & Layer 3 (TUN Mode) • Encapsulation in UDP or TCP 16 / 27 Overview IPSec L2/L3/L4 VPN OpenVPN Other tunneling technologies Layer 3: TUN Mode • Virtual point-to-point link • End points have tunX interface • TUN interfaces get IP adresses out of the same subnet • Communication routed through this interfaces 17 / 27 Overview IPSec L2/L3/L4 VPN OpenVPN Other tunneling technologies Layer 2: TAP Mode • Use case: Merge two ethernet broadcast domains • Bridging mode: Packet forwarding based on layer 2 adresses • Forwarding between virtual TAP devices and bridge to the local LAN • Used when applications running over the VPN rely on network broadcast (like online games) 18 / 27 Overview IPSec L2/L3/L4 VPN OpenVPN Other tunneling technologies Encapsulation • OpenVPN traffic is wrapped in UDP connection (TCP possible as well) • Usage of arbitrary ports for easy bypass of firewalls • Nearly no problems with NATs 19 / 27 Overview IPSec L2/L3/L4 VPN OpenVPN Other tunneling technologies Encryption and Authentication • Based on OpenSSL - for encryption, key exchange, . • PSK (pre shared key), SSL/TSL certificates, username/password • Authentication based on SSL certificate chain 20 / 27 Overview IPSec L2/L3/L4 VPN OpenVPN Other tunneling technologies IPSec vs. OpenVPN • Traditionally: OpenVPN easier to deploy - works "out of the box" • Today: Modern IPSec implementations are up to the task as well • Virtual interfaces of OpenVPN make routing possible • IPSec works based on SAs and corresponding policies 21 / 27 Overview L2/L3/L4 VPN Other tunneling technologies Other tunneling technologies 22 / 27 Overview L2/L3/L4 VPN Other tunneling technologies IPv6 Transition technologies • Problem: You want to adopt IPv6 as a future technology, but nobody is using IPv6 yet. • Possible solution: Wrap your new IPv6 packets in IPv4 packets and send them through the existing Internet { 6to4: No explicit tunnel setup, but communication via relay routers { Teredo: IPv6 traffic encapsulated in IPv4 based UDP datagrams { ... 23 / 27 Overview L2/L3/L4 VPN Other tunneling technologies IPv6 Transition technologies • Problem: You have migrated your access provider network to IPv6, but many endpoints in the internet only have IPv4. • Possible solution: Use tunneling and NAT to allow host in a IPv6 network to use IPv4 (DS-Lite (RFC 6333)) { Let the CPE assigns IPv4 RFC1918 addresses to end hosts and announce itself as default gateway. { The CPE/B4 then encapsulates all IPv4 packets in IPv6 and sends them to the Address Family Transition Router (AFTR) { The AFTR decapsulates the IPv4 Packets and NATs them to a global unicast IPv4 address { This way, providers can use IPv6 in the backbone while still offering IPv4 services to customers 24 / 27 Overview L2/L3/L4 VPN Other tunneling technologies Layer 2 tunneling: MPLS • MPLS: Establishes tunnels on layer 2 level between different network segments • Layer 2 packets get a 32 bit label - forwarding decision only based on assigned labels • Each label corresponds to virtual link (similar to VLANs) • Avoids complexity of IP based routing • Is used through the Internet (not only in local LANs like VLANs) 25 / 27 Overview L2/L3/L4 VPN Other tunneling technologies Cellular Backhaul: GTP • GPRS Tunneling Protocol (GTP): used for many different purposes in an GPRS / EPC backbone. • Used to encapsulate cellular data traffic and control traffic • Basic building block to allow mobility • Based on UDP 26 / 27 Overview L2/L3/L4 VPN Other tunneling technologies Thank you Any Questions? 27 / 27.
Load more

Recommended publications
  • Master Thesis
    Master's Programme in Computer Network Engineering, 60 credits MASTER Connect street light control devices in a secure network THESIS Andreas Kostoulas, Efstathios Lykouropoulos, Zainab Jumaa Network security, 15 credits Halmstad 2015-02-16 “Connect street light control devices in a secure network” Master’s Thesis in Computer Network engineering 2014 Authors: Andreas Kostoulas, Efstathios Lykouropoulos, Zainab Jumaa Supervisor: Alexey Vinel Examiner: Tony Larsson Preface This thesis is submitted in partial fulfilment of the requirements for a Master’s Degree in Computer Network Engineering at the Department of Information Science - Computer and Electrical Engineering, at University of Halmstad, Sweden. The research - implementation described herein was conducted under the supervision of Professor Alexey Vinel and in cooperation with Greinon engineering. This was a challenging trip with both ups and downs but accompanied by an extend team of experts, always willing to coach, sponsor, help and motivate us. For this we would like to thank them. We would like to thank our parents and family for their financial and motivational support, although distance between us was more than 1500 kilometres. Last but not least we would like to thank our fellow researchers and friends on our department for useful discussions, comments, suggestions, thoughts and also creative and fun moments we spend together. i Abstract Wireless communications is a constantly progressing technology in network engineering society, creating an environment full of opportunities that are targeting in financial growth, quality of life and humans prosperity. Wireless security is the science that has as a goal to provide safe data communication between authorized users and prevent unauthorized users from gaining access, deny access, damage or counterfeit data in a wireless environment.
    [Show full text]
  • Kommentarer Till Utgåvan Debian 10 (Buster), 64-Bit PC
    Kommentarer till utgåvan Debian 11 (bullseye), 64-bit PC The Debian Documentation Project (https://www.debian.org/doc/) 5 oktober 2021 Kommentarer till utgåvan Debian 11 (bullseye), 64-bit PC Detta dokument är fri mjukvara; du kan vidaredistribuera det och/eller modifiera det i enlighet med villkoren i Free Software Foundations GNU General Public License version 2. Detta program är distribuerat med förhoppning att det ska vara användbart men HELT UTAN GARAN- TIER; inte ens underförstådd garanti om SÄLJBARHET eller att PASSA ETT SÄRSKILT SYFTE. Läs mer i GNU General Public License för djupare detaljer. Du borde ha fått en kopia av GNU General Public License tillsammans med det här programmet; om inte, skriv till Free Software Foundation, Inc., 51 Franklin Street. Fifth Floor, Boston, MA, 02110-1301 USA. Licenstexten kan också hämtas på https://www.gnu.org/licenses/gpl-2.0.html och /usr/ share/common-licenses/GPL-2 på Debian-system. ii Innehåll 1 Introduktion 1 1.1 Rapportera fel i det här dokumentet . 1 1.2 Bidra med uppgraderingsrapporter . 1 1.3 Källor för det här dokumentet . 2 2 Vad är nytt i Debian 11 3 2.1 Arkitekturer med stöd . 3 2.2 Vad är nytt i distributionen? . 3 2.2.1 Skrivbordsmiljöer och kända paket . 3 2.2.2 Utskrifter och scanning utan drivrutiner . 4 2.2.2.1 CUPS och utskrifter utan drivrutiner . 4 2.2.2.2 SANE och scannrar utan drivrutiner . 4 2.2.3 Nytt generellt kommando ”open” . 5 2.2.4 Control groups v2 . 5 2.2.5 Beständig systemd-journal .
    [Show full text]
  • AWS Site-To-Site VPN User Guide AWS Site-To-Site VPN User Guide
    AWS Site-to-Site VPN User Guide AWS Site-to-Site VPN User Guide AWS Site-to-Site VPN: User Guide Copyright © Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon's trademarks and trade dress may not be used in connection with any product or service that is not Amazon's, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored by Amazon. AWS Site-to-Site VPN User Guide Table of Contents What is Site-to-Site VPN ..................................................................................................................... 1 Concepts ................................................................................................................................... 1 Working with Site-to-Site VPN ..................................................................................................... 1 Site-to-Site VPN limitations ......................................................................................................... 2 Pricing ...................................................................................................................................... 2 How AWS Site-to-Site VPN works ........................................................................................................ 3 Site-to-Site VPN Components .....................................................................................................
    [Show full text]
  • Building Ipv6 Based Tunneling Mechanisms for Voip Security
    WK,QWHUQDWLRQDO0XOWL&RQIHUHQFHRQ6\VWHPV6LJQDOV 'HYLFHV Building IPv6 Based Tunneling Mechanisms for VoIP Security Amzari J. Ghazali, Waleed Al-Nuaimy, Ali Al-Ataby, Majid A. Al-Taee Department of Electrical Engineering and Electronics University of Liverpool, UK e-mail: {amzari.ghazali, wax, ali.ataby, altaeem}@liv.ac.uk Abstract—Internet protocol version 6 (IPv6) was such as Toredo, 6to4 and manual configuration [4]. developed to resolve the IPv4 address exhaustion Despite the benefits of using IPv6, there are still problem and support new features. However, IPv6 still challenges and obstacles in implementing and comprises some defectiveness of IPv4 protocol such as practically using IPv6 VoIP [5]. The issues of the multimedia security. This paper presents IPv6-based transition from the current IPv4 network to IPv6 as tunneling mechanisms for securing Voice over Internet Protocol (VoIP) network traffic using OpenSwan IPSec well as VoIP performance for both IP versions need (site-to-site). IPSec with Triple Data Encryption to be assessed and compared. Algorithm (3DES) is used to create a Virtual Private Evaluation of VoIP performance with IPSec in Network (VPN) on top of existing physical networks. IPv4, IPv6 and 6to4 networks using Teredo for NAT Secure communication mechanisms can therefore be provided for data and control information transmitted traversal in a test LAN was previously reported in between networks. Secure VoIP-oriented mechanisms [6]. The testbed used softphones to setup calls, and on VPN IPv6 have been designed, implemented and background traffic was generated to create congestion tested successfully using open source approaches. The on the links and routers. The results demonstrated the performance of the IPv6 VoIP network is assessed feasibility of using a single Linux box to handle experimentally in terms of several performance metrics IPSec, 6to4 and NAT processing, and it was found including jitter, throughput and packet loss rate.
    [Show full text]
  • Digital Safety & Security Lt Cdr Mike Rose RN ©
    RNIOA Article 15 [17/05/2020] characteristics linked to their IP address to enable ‘tracking.’ Where internet-based criminality is Digital Safety & Security involved, the acquisition of banking and credit card Lt Cdr Mike Rose RN © data is often the main objective. Introduction The aim of this article is to help people understand Prior to the introduction of the internet, personal the risks they face and how to attempt to mitigate computers for home use were self-contained in that them. So, whether you’re accessing the internet the operating system was bought and installed by with your mobile phone, PC, tablet or laptop, you’re the supplier/user, and external communications potentially exposed to every hacker, digital thief and using the PC were not yet technically developed. spammer across the globe. Not to mention that The most likely risk therefore was the possibility of viruses, trojan horses, spyware and adware are someone switching on unattended, non-password- always just one click away. You wouldn’t drive protected computers and copying sensitive without insurance, a seat belt and a GPS device, information onto an external memory device. so, similarly, when you “surf the net”, you need to Essentially, users were in control of their computing make sure that you are well “buckled up” and well- equipment and paid real money for the services informed. This article is written as a guide to “safe and software they used to a known vendor. surfing” and is just as important for personal users as it is for large tech companies. Malicious websites Spyware, which is software that steals your sensitive data without consent, lurks in many corners of the internet; often in places where you'd least expect it.
    [Show full text]
  • CS670: Network Security
    Cristina Nita-Rotaru CS670: Network security IPsec. TLS. Sources 1. Many slides courtesy of Christo Wilson and Wil Robertson 2. IPSec Key management based on slides from B. LaMacchia 3. Analysis of the HTTPS Certificate Ecosystem, IMC 2013: https://jhalderm.com/pub/papers/https-imc13.pdf 4. Analysis of SSL certificate reissues and revocations in the wake of Heartbleed, IMC 2014: http://www.ccs.neu.edu/home/cbw/pdf/imc254-zhang.pdf 2 IPSec; TLS 1: Protecting IP: IPsec OSI/ISO Model Application Application Presentation Presentation Session Session Transport Transport Network Network Data Link Data Link Physical Layer Physical Layer 4 IPSec; TLS IPsec design goals } Design philosophy: applications cannot be trusted to implement end-to-end security properly and security should be built into the network itself } Transparent to applications (below transport layer ) } Goal: Facilitate direct IP connectivity between sensitive hosts through untrusted networks } It is designed to be extremely flexible } Different crypto algorithms and key exchange supported } Different security services compositions } Different granularities of protection 5 IPSec; TLS Security goals } IPsec provides: } access control } integrity } data origin authentication } rejection of replayed packets } confidentiality } IETF IPSEC Working Group } Documented in RFCs and Internet drafts 6 IPSec; TLS Security and deployment mechanisms } Operates based on security associations } Deployment: } Transport-mode: encapsulates an upper-layer protocol (e.g. TCP or UDP) and preapends an
    [Show full text]
  • FIPS 140-2 Non-Proprietary Security Policy Oracle Linux 7 Libreswan
    FIPS 140-2 Non-Proprietary Security Policy Oracle Linux 7 Libreswan Cryptographic Module FIPS 140-2 Level 1 Validation Software Version: R7-2.0.0 Date: April 06, 2018 Document Version 1.2 © Oracle Corporation This document may be reproduced whole and intact including the Copyright notice. Title: Oracle Linux 7 Libreswan Cryptographic Module Security Policy April 06, 2018 Author: Atsec Information Security Contributing Authors: Oracle Linux Engineering Oracle Security Evaluations – Global Product Security Oracle Corporation World Headquarters 500 Oracle Parkway Redwood Shores, CA 94065 U.S.A. Worldwide Inquiries: Phone: +1.650.506.7000 Fax: +1.650.506.7200 oracle.com Copyright © 2018, Oracle and/or its affiliates. All rights reserved. This document is provided for information purposes only and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. Oracle specifically disclaim any liability with respect to this document and no contractual obligations are formed either directly or indirectly by this document. This document may reproduced or distributed whole and intact including this copyright notice. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Oracle Linux 7 Libreswan Cryptographic Module Security Policy i
    [Show full text]
  • Nist Sp 800-77 Rev. 1 Guide to Ipsec Vpns
    NIST Special Publication 800-77 Revision 1 Guide to IPsec VPNs Elaine Barker Quynh Dang Sheila Frankel Karen Scarfone Paul Wouters This publication is available free of charge from: https://doi.org/10.6028/NIST.SP.800-77r1 C O M P U T E R S E C U R I T Y NIST Special Publication 800-77 Revision 1 Guide to IPsec VPNs Elaine Barker Quynh Dang Sheila Frankel* Computer Security Division Information Technology Laboratory Karen Scarfone Scarfone Cybersecurity Clifton, VA Paul Wouters Red Hat Toronto, ON, Canada *Former employee; all work for this publication was done while at NIST This publication is available free of charge from: https://doi.org/10.6028/NIST.SP.800-77r1 June 2020 U.S. Department of Commerce Wilbur L. Ross, Jr., Secretary National Institute of Standards and Technology Walter Copan, NIST Director and Under Secretary of Commerce for Standards and Technology Authority This publication has been developed by NIST in accordance with its statutory responsibilities under the Federal Information Security Modernization Act (FISMA) of 2014, 44 U.S.C. § 3551 et seq., Public Law (P.L.) 113-283. NIST is responsible for developing information security standards and guidelines, including minimum requirements for federal information systems, but such standards and guidelines shall not apply to national security systems without the express approval of appropriate federal officials exercising policy authority over such systems. This guideline is consistent with the requirements of the Office of Management and Budget (OMB) Circular A-130. Nothing in this publication should be taken to contradict the standards and guidelines made mandatory and binding on federal agencies by the Secretary of Commerce under statutory authority.
    [Show full text]
  • FIPS 140-2 Security Policy
    Red Hat Enterprise Linux 6.2 Openswan Cryptographic Module v2.0 FIPS 140-2 Security Policy version 1.1 Last Update: 2012-11-13 Red Hat Enterprise Linux 6.2 Openswan Cryptographic Module version 2.0 FIPS 140-2 Security Policy Contents 1 Cryptographic Module Specification .................................................................................................... .................. 3 1.1 Description of Module ............................................................................................................. .................. ... 3 1.2 Description of Approved Mode .......................................................................................................... ............ 4 1.3 Cryptographic Module Boundary ......................................................................................... ......................... 5 1.3.1 Hardware Block Diagram ................................................................................................................. .......... 6 1.3.2 Software Block Diagram .......................................................................................................... ................... 7 1.4 Red Hat Enterprise Linux 6.2 Cryptographic Modules and FIPS 140-2 Certification ......................... .......... 7 1.4.1 Platforms ............................................................................................................................... ............. ........ 8 1.4.2 FIPS Approved Mode .......................................................................................................................
    [Show full text]
  • Bohrende Fragen Wireguard
    01/2018 VPN mit Wireguard aufsetzen Titelthema Bohrende Fragen Wireguard 38 Wer ein Virtual Private Network einrichten möchte, kämpft oftmals mit einer nicht ganz simplen Konfiguration. Wireguard verspricht, dass der Tunnelbau auch einfacher und flinker gelingen kann. Falko Benthin www.linux-magazin.de Quelltext und setzt auf starke Verschlüs- selungsalgorithmen, wofür Donenfeld Trevor Perrins Noise Protocol Framework [9] ins Boot nimmt. Für Zertifikate setzt das Wireguard-Protokoll auf Ed25519, für den Schlüsselaustausch auf Curve25519 (ECDHE) und für den Datentransport auf Chacha20-poly1305. Wireguard unterstützt allerdings nur eine kryptografische Suite, die sich je- doch bei Problemen ohne Weiteres aus- tauschen lässt. Anwender müssen ihre Verschlüsselungs-Suite also nicht mehr aus verschiedenen Chiffren selbst zusam- menbasteln. Das reduziert die Komple- xität und vermindert das Risiko von Si- cherheitslücken. Wireguard arbeitet aus © Péter Gudella, 123RF © Péter Sicht des Administrators zustandslos und bringt einen integrierten Schutz gegen VPNs (Virtual Private Networks) gelten In freien Wildbahn treffen Admins Wire- Denial-of-Service-Attacken mit. als sichere Nummer, wenn es darum guard bislang noch eher selten an. Das geht, das Home Office mit dem Firmen- dürfte vor allem daran liegen, dass das Installation und netz, Firmensitze mit der Zentrale oder Projekt noch nicht im offiziellen Linux- Inbetriebnahme Geschäftsreisende mit ihrer Kundenda- Kernel steckt und aktuell nur für Linux tenbank zu verbinden. Privatnutzer ver- und OS X verfügbar ist. Daneben feh- Die Repositories zahlreicher Distributio- wenden VPNs, um beispielsweise sicher len Sicherheits-Audits und das Protokoll nen bieten Wireguard bereits an, sodass über das Internet auf die heimische Wet- kann sich noch ändern. Experimentierfreudige es leicht mit Hilfe terstation mit angeschlossenem Daten- Trotzdem haben es manche VPN-Provi- der entsprechenden Paketverwaltung in- bankserver zuzugreifen.
    [Show full text]
  • Notas De Publicación De Debian 10 (Buster), 32-Bit MIPS (Big Endian)
    Notas de publicación de Debian 10 (buster), 32-bit MIPS (big endian) El proyecto de documentación de Debian (https://www.debian.org/doc/) 2 de octubre de 2021 Notas de publicación de Debian 10 (buster), 32-bit MIPS (big endian) Esta documentación es software libre; puede redistribuirla o modificarla bajo los términos de la Licencia Pública General GNU, versión 2, publicada por la «Free Software Foundation». Este programa se distribuye con el deseo de ser útil, pero SIN GARANTÍA ALGUNA; ni siquiera la garantía implícita de MERCADEO o AJUSTE A PROPÓSITOS ESPECÍFICOS. Si desea más detalles, consulte la Licencia Pública General de GNU. Debería haber recibido una copia de la Licencia Pública General de GNU junto con este programa; si no fue así, escriba a la Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. El texto de la licencia se puede encontrar también en https://www.gnu.org/licenses/gpl-2. 0.html y en /usr/share/common-licenses/GPL-2 en los sistemas Debian. ii Índice general 1. Introducción 1 1.1. Cómo informar de fallos en este documento . 1 1.2. Cómo contribuir con informes de actualización . 1 1.3. Fuentes de este documento . 2 2. Las novedades de Debian 10 3 2.1. Arquitecturas soportadas . 3 2.2. ¿Qué novedades hay en la distribución? . 3 2.2.1. Arranque seguro UEFI . 4 2.2.2. AppArmor activo por omisión . 4 2.2.3. Bastionado opcional de APT . 5 2.2.4. Actualizaciones desatendidas para publicaciones estables . 5 2.2.5. Mejora sustancial en las páginas de manual para usuarios que hablan alemán .
    [Show full text]
  • Evolution of the Transport Layer Security As Internet Security Protocol: Impact, Improvements and Extent
    Norberto Novoa Torres, et. al. International Journal of Engineering Research and Applications www.ijera.com ISSN: 2248-9622, Vol. 10, Issue 11, (Series-II) November 2020, pp. 27-34 RESEARCH ARTICLE OPEN ACCESS Evolution Of The Transport Layer Security As Internet Security Protocol: Impact, Improvements And Extent. Johana Alejandra Mendoza Aguilera*, Norberto Novoa Torres** *(Engineering Department, Universidad Distrital Francisco José de Caldas, Facultad Tecnologica, Bogotá D.C. – Colombia. ** (Engineering Department, Universidad Distrital Francisco José de Caldas, Facultad Tecnologica, Bogotá D.C. – Colombia. ABSTRACT Although, it presents the use of SSL and TLS as protection mechanisms of communication trough encryption in data transportation making it been the most used crucial service, like messaging, financial transactions, etc., At the same time, it becomes in an attack target through its different versions which they have managed to be successful because of different methods. Making the protocol to evolve rapidly in its implementation modes and present improvements by means of hybrid solutions with the aim to solve those found security breaches or to give power to other services. In this document it is presented an analysis of these affirmations, managing to determine how safe the protocol is at the moment and how it prepares to the future. Keywords – Comunication, Safe protocols, Security, SSL, TLS. --------------------------------------------------------------------------------------------------------------------------------------- Date of Submission: 06-11-2020 Date of Acceptance: 19-11-2020 --------------------------------------------------------------------------------------------------------------------------------------- has been done until now. Or, if it is planned to I. INTRODUCTION include improvements that keep it situating as one of Nowadays, technology presents high the best solutions talking about information and safe advantages ahead of the challenges of security communications it refers.
    [Show full text]