Lab#3

Download Report

Transcript Lab#3 

Network Security: Lab#3
Transport-Level Security Tools
J. H. Wang
May 12, 2011
Objectives
• To learn to use transport-level security
tools
– SSL/TLS clients/servers
• To learn to access secure Web services
– HTTPS
• To learn to use secure shell
– SSH
Packages Used in this Lab
• OpenSSL: an open source implementation
of SSL and TLS protocols
– (again!)
• PuTTY: an implementation of SSH
– PuTTY: for telnet and ssh
– PSFTP: for secure FTP
OpenSSL
• Homepage: http://www.openssl.org/
• Current version: 1.0.0d (open source)
– Source:
• Unix/Linux: openssl-1.0.0d.tar.gz
– Binary:
• Win32 OpenSSL :
http://www.slproweb.com/products/Win32OpenSSL.html
– Win32 OpenSSL v1.0.0d
– Visual C++ 2008 Redistributables
• Steps
– Install (skipped)
– OpenSSL command-line tool
Experiment Scenario
• Running a generic SSL/TLS server
• Connecting to a SSL/TLS server
• Connecting to a secure remote Web server
• Remote login a host
• Transferring files to/from a remote host
OpenSSL Command-Line Tools
• OpenSSL command-line tool
– s_server: a generic SSL/TLS server
• cd \OpenSSL-Win32\bin
• openssl s_server -cert PEM\server.pem
• Or openssl s_server -cert PEM\server.pem -accept 443
-www
– For HTML output
– s_client: a generic SSL/TLS client
• openssl s_client
• Default: localhost:443
Another Example
• Another example:
– s_server: other options
• cd \OpenSSL-Win32\bin
• openssl s_server -cert PEM\server.pem -accept 443 www
– For HTML output
– Use a Web browser to connect
• https://localhost/
Yet Another Example
• Still another example:
– s_server: other options
• cd \OpenSSL-Win32\bin
• openssl s_server -cert PEM\server.pem -accept 443 -WWW
– For simulating a Web server
– Put a file under the directory \OpenSSL-Win32\bin
• cp index.html \OpenSSL-Win32\bin\
– Use a Web browser to connect and get the page
• https://localhost/index.html
HTTPS
• HTTP over TLS
– Implemented on most browsers
• Example services
– CSIE Webmail:
https://csie.ntut.edu.tw/mail/
– Gmail: https://mail.google.com/
– Facebook: https://www.facebook.com/
• You can also setup a secure Web server
– E.g. Apache-SSL, Apache+mod_ssl
Creating a Secure Web Server
• Apache-SSL: Apache-1.3.41+SSL-1.60
– Homepage: http://www.apach-ssl.org/
– Configuration files, digital certificates
• Mod_ssl: 2.8.31 with Apache 1.3.41
– Homepage: http://www.modssl.org/
– Installation: See Tab [Example]
Secure Shell
• PuTTY beta 0.60: a free implementation of
Telnet and SSH for Windows and Unix
– http://www.chiark.greenend.org.uk/~sgtath
am/putty/download.html
– For Windows: (Binaries)
• putty.exe: Telnet and SSH client
• psftp.exe: SFTP client
– For Unix: (Source)
• Putty-0.60.tar.gz
Examples on Windows
• Ex.1: Connecting to a remote host with
PuTTY (similar to Telnet)
• Ex.2: Transferring a file to/from a remote
host with PSFTP (similar to FTP)
Connecting to a remote host
Transferring a file to/from a
remote host
Examples on UNIX/Linux
• Ex.1: Connecting to a remote host (similar
to Telnet)
– ssh -l <user> <host>
• Ex.: ssh -l <user> 140.124.13.2
• You can run commands on a remote host
• Ex.2: Transferring a file to/from a remote
host (similar to FTP)
– sftp <user>@<host>
• Ex.: sftp <user>@140.124.13.2
• You can upload your homepage to the server
Some Commands in UNIX/Linux
• Displaying the files
– ls
• Change directory
– cd <directory>
• In FTP/sftp:
–
–
–
–
–
–
–
Displaying the files: ls
Displaying the local files: !dir
Change directory: cd <dir>
Change local directory: lcd <dir>
Upload files: put <filename>
Download files: get <filename>
Quit the system: bye
Summary
• Running a generic SSL/TLS server
• Connecting to a SSL/TLS server
• HTTPS
• Secure shell