Network Security Lab3 TransportLevel Security Tools J H

Network Security: Lab#3 Transport-Level Security Tools J. H. Wang May 12, 2011

Objectives • To learn to use transport-level security tools – SSL/TLS clients/servers • To learn to access secure Web services – HTTPS • To learn to use secure shell – SSH

Packages Used in this Lab • Open. SSL: an open source implementation of SSL and TLS protocols – (again!) • Pu. TTY: an implementation of SSH – Pu. TTY: for telnet and ssh – PSFTP: for secure FTP

Open. SSL • Homepage: http: //www. openssl. org/ • Current version: 1. 0. 1 e (open source) – Source: • Unix/Linux: openssl-1. 0. 1 e. tar. gz – Binary: • Win 32 Open. SSL : http: //www. slproweb. com/products/Win 32 Open. SSL. html – Win 32 Open. SSL v 1. 0. 1 e – Visual C++ 2008 Redistributables • Steps – Install (skipped) – Open. SSL command-line tool

Experiment Scenario • Running a generic SSL/TLS server • Connecting to a secure remote Web server • Remote login a host • Transferring files to/from a remote host

Open. SSL Command-Line Tools • Open. SSL command-line tool – s_server: a generic SSL/TLS server • cd Open. SSL-Win 32bin • openssl s_server -cert PEMserver. pem • Or openssl s_server -cert PEMserver. pem -accept 443 -www – For HTML output – s_client: a generic SSL/TLS client • openssl s_client • Default: localhost: 443

Another Example • Another example: – s_server: other options • cd Open. SSL-Win 32bin • openssl s_server -cert PEMserver. pem -accept 443 -www – For HTML output – Use a Web browser to connect • https: //localhost/

Yet Another Example • Still another example: – s_server: other options • cd Open. SSL-Win 32bin • openssl s_server -cert PEMserver. pem -accept 443 -WWW – For simulating a Web server – Put a file under the directory Open. SSL-Win 32bin • cp index. html Open. SSL-Win 32bin – Use a Web browser to connect and get the page • https: //localhost/index. html

HTTPS • HTTP over TLS – Implemented on most browsers • Example services – CSIE Webmail: https: //csie. ntut. edu. tw/mail/ – Gmail: https: //mail. google. com/ – Facebook: https: //www. facebook. com/ • You can also setup a secure Web server – E. g. Apache-SSL, Apache+mod_ssl

Creating a Secure Web Server • Apache-SSL: Apache-1. 3. 41+SSL-1. 60 – Homepage: http: //www. apache-ssl. org/ – Configuration files, digital certificates • Mod_ssl: 2. 8. 31 with Apache 1. 3. 41 – Homepage: http: //www. modssl. org/ – Installation: See Tab [Example]

Secure Shell • Pu. TTY beta 0. 63: a free implementation of Telnet and SSH for Windows and Unix – http: //www. chiark. greenend. org. uk/~sgtatham/ putty/download. html – For Windows: (Binaries) • putty. exe: Telnet and SSH client • psftp. exe: SFTP client – For Unix: (Source) • Putty-0. 63. tar. gz

Examples on Windows • Ex. 1: Connecting to a remote host with Pu. TTY (similar to Telnet) • Ex. 2: Transferring a file to/from a remote host with PSFTP (similar to FTP)

Connecting to a remote host

Transferring a file to/from a remote host

Examples on UNIX/Linux • Ex. 1: Connecting to a remote host (similar to Telnet) – ssh -l <user> <host> • Ex. : ssh -l <user> 140. 124. 13. 2 • You can run commands on a remote host • Ex. 2: Transferring a file to/from a remote host (similar to FTP) – sftp <user>@<host> • Ex. : sftp <user>@140. 124. 13. 2 • You can upload your homepage to the server

Some Commands in UNIX/Linux • Displaying the files – ls • Change directory – cd <directory> • In FTP/sftp: – – – – Displaying the files: ls Displaying the local files: !dir Change directory: cd <dir> Change local directory: lcd <dir> Upload files: put <filename> Download files: get <filename> Quit the system: bye

Summary • • Running a generic SSL/TLS server Connecting to a SSL/TLS server HTTPS Secure shell