Upload
basil-alexander
View
215
Download
0
Embed Size (px)
Citation preview
Network Security: Lab#3Transport-Level Security
ToolsJ. H. Wang
May 12, 2011
Objectives
• To learn to use transport-level security tools– SSL/TLS clients/servers
• To learn to access secure Web services– HTTPS
• To learn to use secure shell– SSH
Packages Used in this Lab
• OpenSSL: an open source implementation of SSL and TLS protocols– (again!)
• PuTTY: an implementation of SSH– PuTTY: for telnet and ssh– PSFTP: for secure FTP
OpenSSL• Homepage: http://www.openssl.org/• Current version: 1.0.0d (open source)
– Source: • Unix/Linux: openssl-1.0.0d.tar.gz
– Binary: • Win32 OpenSSL : http://www.slproweb.com/products/Wi
n32OpenSSL.html– Win32 OpenSSL v1.0.0d– Visual C++ 2008 Redistributables
• Steps– Install (skipped)– OpenSSL command-line tool
Experiment Scenario
• Running a generic SSL/TLS server• Connecting to a SSL/TLS server • Connecting to a secure remote Web
server• Remote login a host• Transferring files to/from a remote
host
OpenSSL Command-Line Tools
• OpenSSL command-line tool– s_server: a generic SSL/TLS server
• cd \OpenSSL-Win32\bin• openssl s_server -cert PEM\server.pem • Or openssl s_server -cert PEM\server.pem -acce
pt 443 -www– For HTML output
– s_client: a generic SSL/TLS client• openssl s_client• Default: localhost:443
Another Example
• Another example:– s_server: other options
• cd \OpenSSL-Win32\bin• openssl s_server -cert PEM\server.pem -accept 4
43 -www– For HTML output
– Use a Web browser to connect• https://localhost/
Yet Another Example
• Still another example:– s_server: other options
• cd \OpenSSL-Win32\bin• openssl s_server -cert PEM\server.pem -accept 443 -WWW
– For simulating a Web server– Put a file under the directory \OpenSSL-Win32\bin
• cp index.html \OpenSSL-Win32\bin\– Use a Web browser to connect and get the page
• https://localhost/index.html
HTTPS
• HTTP over TLS– Implemented on most browsers
• Example services– CSIE Webmail: https://csie.ntut.edu.tw/mail/– Gmail: https://mail.google.com/– Facebook: https://www.facebook.com/
• You can also setup a secure Web server– E.g. Apache-SSL, Apache+mod_ssl
Creating a Secure Web Server
• Apache-SSL: Apache-1.3.41+SSL-1.60– Homepage: http://www.apach-ssl.org/– Configuration files, digital certificates
• Mod_ssl: 2.8.31 with Apache 1.3.41– Homepage: http://www.modssl.org/ – Installation: See Tab [Example]
Secure Shell
• PuTTY beta 0.60: a free implementation of Telnet and SSH for Windows and Unix– http://www.chiark.greenend.org.uk/~sgtath
am/putty/download.html– For Windows: (Binaries)
• putty.exe: Telnet and SSH client• psftp.exe: SFTP client
– For Unix: (Source)• Putty-0.60.tar.gz
Examples on Windows
• Ex.1: Connecting to a remote host with PuTTY (similar to Telnet)
• Ex.2: Transferring a file to/from a remote host with PSFTP (similar to FTP)
Connecting to a remote host
Transferring a file to/from a remote host
Examples on UNIX/Linux
• Ex.1: Connecting to a remote host (similar to Telnet)– ssh -l <user> <host>
• Ex.: ssh -l <user> 140.124.13.2• You can run commands on a remote host
• Ex.2: Transferring a file to/from a remote host (similar to FTP)– sftp <user>@<host>
• Ex.: sftp <user>@140.124.13.2• You can upload your homepage to the server
Some Commands in UNIX/Linux
• Displaying the files– ls
• Change directory– cd <directory>
• In FTP/sftp:– Displaying the files: ls– Displaying the local files: !dir– Change directory: cd <dir>– Change local directory: lcd <dir>– Upload files: put <filename>– Download files: get <filename>– Quit the system: bye
Summary
• Running a generic SSL/TLS server• Connecting to a SSL/TLS server• HTTPS• Secure shell