SlideShare uma empresa Scribd logo

At8000 s configurando com ssh-ssl

NetPlus
NetPlus
Tecnologia
1 de 48
Baixar para ler offline
SSH & SSL AT - 8000S
Secure Management • Secure management is increasingly important in modern networks, as the ability to easily and effectively manage switches and the requirement for security are the two almost universal requirements. • Traditionally, switches are managed using either remote terminal sessions via the Telnet protocol or management via SNMP. • Both of these methods have serious security problems—they are only protected by clear text reusable passwords.
NMS Telnet Unsecured zone Firewall
Secure Management - Solutions • Methods to ensure secure management: – Access Control and Security - Defining access rules on the device. – AAA security services - using usernames and/or password to Authenticate user’s identity and access (authorization) level. – Using encryption methods, checksum and hash algorithms and/or digital signature. • Access Control & Security and AAA are explained in other presentations
Security Building Blocks • Encryption provides – confidentiality, can provide authentication and integrity protection • Checksums/hash algorithms provide – integrity protection, can provide authentication • Digital signatures provide – authentication, integrity protection, and non-repudiation • Demands for management security and control of the networking devices touch all areas of the enterprise.
Secure Management Options • The Secure Shell (SSH) protocol provides encrypted and strongly authenticated remote login sessions, similar to the Telnet protocol, between a device running a Secure Shell server and a host (PC) with a Secure Shell client. • The Secure Socket Layer (SSL) has been universally accepted on the World Wide Web for authenticated and encrypted communication between clients and servers applications. Therefore, SSL allows secure management of the networking devices via the standard WEB browser.
Secure Management NMS Telnet SSH station Unsecured zone Firewall
SSH protocol features • Secure connection between one client and one server • Client, server, user and message authentication • Uses “keys” (public and private) to authenticate user and to negotiate session (encrypt/decrypt) key – which is shared • Allows “tunneling” of insecure connections through the secure SSH channel • Secure Shell replaces Telnet for remote terminal sessions. Secure Shell is strongly authenticated and encrypted.
How does SSH Tunneling work? Insecure App 23 Telnet Telnetd Loopback I/F Loopback I/F Network I/F Network I/F Client Router This telnet connection is transmitted in the clear – data and passwords are insecure! 23 Loopback I/F Loopback I/F Network I/F Network I/F Client Router Secure SSHd 2023 SSH App 22 App Set up SSH port forwarding from the client to the server App Telnet Telnetd 23 Loopback I/F Loopback I/F Network I/F Network I/F Trnamitted! Trnamitted! Never Never Client Router Secure SSHd 2023 SSH App 22 App The result – a secure connection!
What is SSL? • Secure Sockets Layer (SSL) is a protocol designed to enable secure communications on an insecure network such as the Internet • SSL provides encryption and integrity of communications along with strong authentication using digital certificates.
Introduction to SSL • The Secure Sockets Layer – SSL, was originally developed by Netscape Communications and was based on encryption algorithms developed by RSA Security. • This is a security protocol that provides communications privacy over the Internet. • SSL has been universally accepted on the World Wide Web for authenticated and encrypted communication between clients and servers applications. • The new Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL
SSL/TLS • SSL and TLS are standards for how to secure TCP/IP communications • As of the latest revision, TLS is the official name for what used to be called SSL. However, SSL is still the word most frequently used. • TLS is a layer on top of the TCP layer
SSL/TLS Not Secure secure HTTP HTTP TLS TCP TCP IP IP
SSH System Spec AT - 8000S
SSH-1 vs SSH-2 • SSH-2 and SSH-1 are incompatible, but some servers have a compatibility mode • SSH-2 is more secure (stronger encryption and authentication) and allows more detailed configuration • SSH-1 has a wider license, and transfers files 4 times as fast • AT - 8000S implements SSH-2 only
AT - 8000S SSH Implementation • Inbound Secure Shell connections (server mode). • RSA keys (proprietary, but commonly used) and DSA keys (US government standard) are both supported. • The keys are not saved as part of the configuration file, but are saved in the flash. • When the configuration file is copied, the keys are not copied along with it • The public part of the key is up to 2048 bits.
SSH Implementation • Four types of encryption are supported: 3DES, Arcfour (RC4), AES and Blowfish. • The type of encryption is agreed upon between the client and server; it is not configured within the device • Implements direct SSH session without telnet tunneling • Up to 4 concurrent SSH (or telnet) sessions are supported • Ability to authenticate Client public key
SSH Procedure • If needed, enable SSH on the device (the default is Disabled) • If needed, define (protocol) port (default is port 22) • Create either a DSA or RSA pair of keys. Generating the key may take a short while • If desired – authenticate Client’s public key. Alternate user authentication is via the AAA • If user requests new key, every new session will get the new key. All running session will keep the old key. • PC Side: – Define keys (if needed) – Define authentication method (if needed) – Connect to the device via IP defined on device.
SSH CLI Configuration AT - 8000S
SSH CLI – Server and Port • Use the following Global Mode command to enable SSH on the device. The “no” form of this command disables this function. ip ssh server no ip ssh server Note: If encryption keys were not generated the SSH server will be in standby, until the keys are generated. • Use the following Global Mode command to specify the TCP port to be used by the SSH server. The “no” form of the command returns setting to default port (port 22): ip ssh port port-number no ip ssh port
CLI SSH – Generating Keys • Use one or both of the following Global Mode command to generate encryption key pairs (one public, one private): crypto key generate rsa crypto key generate dsa. • Generation of Keys may take some time Note: The keys are not saved in the router configuration (never displayed to the user or backed up to another device); However, the generated keys are saved in the flash, and saved across reboots
CLI SSH – Example console# con console(config)# ip ssh server console(config)# ip ssh port 22 console(config)# crypto key generate rsa Replace Existing RSA Key [y/n]? y 01-Jan-2000 01:25:45 %SSHD-I-KEYGENRSA: The SSH service is generating a private RSA key. This may take a few seconds, depending on the key size console(config)#
CLI SSH – Show SSH • Use the following EXEC Mode command to view SSH configuration on the device: show ip ssh console# sh ip ssh SSH Server enabled. Port: 22 RSA key was generated. DSA(DSS) key was generated. SSH Public Key Authentication is disabled. Active incoming sessions: IP address SSH username Version Cipher Auth Code ----------------- -------------- ----------- ----------- --------------
CLI SSH – Show Public Keys • Use the following EXEC Mode command to view this device public key(s) – created by “crypto key generate” command show crypto key mypubkey [rsa|dsa] console# show crypto key mypubkey rsa rsa key data: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAr/f0fColXgSESRC/4h5zn6t3 CohlzF3w0YCSewm1wYjenCWWyyknfQj9zyeOdgy9j1s5fK9YZncmAGbN+ …… ….. jxOAZHLIQhqka1nfsQ== Fingerprint(hex): 39:d1:66:41:2b:41:3f:aa:cb:c7:e7:37:a4:89:aa:12 Fingerprint(bubbleBabble): xefam-cybem-bozyr-culiz-kesug-kucud-vivab- folun-tuhih-nakoh-zyxyx
CLI SSH – Key Authentication • Use the following Global Mode command to enable client’s public key authentication for incoming SSH sessions. The no form of the command disables authentication: ip ssh pubkey-auth no ip ssh pubkey-auth • Use the following command to enter public key configuration mode (so you can manually specify other devices’ public keys): crypto key pubkey-chain ssh
CLI SSH – Key Authentication • Use the following Public Key-chain Mode command to specify which SSH public key you will configure manually on the device. The “no” form removes the key: user-key username {rsa| dsa} no user-key username • Follow this command with the key-string command to specify the key
CLI SSH – Key Authentication • Use one of the following Public Key-string Mode command to specify the SSH public key of another device: key-string row word key-string <sequence> • Row option – command can be used repeatedly to enter the full key string (see example). Exiting command mode indicates end of key. • <sequence> - user can enter key segment by segment – until <enter> key is pressed twice (see example)
CLI SSH – Key Authentication • Example – entering RSA user-key key-string (row): console(config)# crypto key pubkey-chain ssh console(config-pubkey-chain)# user-key David rsa console(config-pubkey-key)# key-string row AAAAB3NzaC1yc2EAAAAD <enter> console(config-pubkey-key)# key-string row AQABAAAAgQCJB1P0qq0nk/<enter> ….. console(config-pubkey-key)# exit console(config-pubkey-chain)# Note – device will inform if process was not successful
CLI SSH – Key Authentication • Example – entering RSA user-key key-string (regular sequence): console(config)# crypto key pubkey-chain ssh console(config-pubkey-chain)# user-key george rsa console(config-pubkey-key)# key-string AAAAB3NzaC1yc2EAAAAD <enter> AQABAAAAgQCJB1P0qq0nk/<enter> …. <enter> <enter> Fingerprint: 52:92:fc:94:da:1e:ba:2d:4c:00:87:b0:cb:86:12:36 console(config-pubkey-key)# Note – device will inform if process was not successful
CLI – Show Key Authentication • Use the following EXEC Mode command to view SSH public keys (of clients) stored on the device: show crypto key pubkey-chain ssh [username username] [fingerprint bubble- babble | hex] Parameters Username – of the remote SSH client Fingerprint – bubble-babble or hex, specifies the “signature shortcut” method of the key console# show crypto key pubkey-chain ssh Username Fingerprint -------------- --------------------------------------------------------------- George 4e:de:4d:1c:33:43:57:14:6b:aa:29:0d:d0:41:3f:a7
SSL Implementation AT - 8000S
SSL Spec • SSL is used to provide communication privacy over the Internet. • It is used to support security in the AT - 8000S Embedded Web Server (EWS). • SSL provides encryption and integrity of communications along with strong authentication using digital certificates. • Initially, client and device will exchange messages to synchronize on the security policy and public key/certificates, and will authenticate each other. After that, they agree on a session key, which will be used to encrypt /decrypt the data
SSL Spec • RSA generated public and private keys • SSL supported version are: TLS1, V3 • Certificate currently not registered with 3rd party certificate authority. • The same libraries used for SSH encryption are used for SSL encryption • Up to 12 SSL sessions are available (but only 4 WEB) • HTTP and HTTPS can be used concurrently
SSL Process • At the onset of the secure session, there is a “SSL handshake” between the user and the EWS. The handshake involves: – Negotiation of the cipher suite – Establishment of a shared session – Authentication of the server (Certificate – if 3rd party exists) – Authentication of the client (optional via AAA) – Authentication of data
SSL User Controls • User can: – Enable https server on the device (default is disabled) – Define HTTPS port (Default is 443) – Generate certificate to use – Create public and private key
SSL CLI Configuration AT - 8000S
CLI – Enabling HTTPS Server • Use the following Global Configuration command to enable the device to be configured from a secured browser. Use the “no” form of this command to disable this function (default is disabled): ip https server no ip https server • Use the following Global Configuration command to define the TCP port to use by a secure web browser to configure the device. Use the “no” form of this command to return to the default port (443): ip https port port-number no ip https port
CLI – Creating SSL Certificate and Keys • Use the following Global Configuration command to generate an HTTPS certificate for your device. This command also can (optionally) generate a pair of keys (public & Private): crypto certificate [ number] generate [key-generate [ length]] [passphrase string] [cn common- name] [ou organization-unit] [o organization] [l location] [st state] [c country] [duration days] number —Specifies the certificate number. (Range: 1 - 2) If number is unspecified, it defaults to 1. key-generate—Regenerate SSL RSA key. length—Specifies the SSL RSA key length. (Range: 512 - 2048) If length is unspecified, it defaults to 1024. passphrase string—Passphrase that is used for exporting the certificate in PKCS12 file format. If unspecified the certificate is not exportable.
SSL Certificate and Keys (Cont.) cn common- name—Specifies the fully qualified URL or IP address of the device. If unspecified, defaults to the lowest IP address of the device (when the certificate is generated). ou organization-unit—Specifies the organization-unit or department name. o organization —Specifies the organization name. l location — Specifies the location or city name. st state— Specifies the state or province name. c country — Specifies the country name. duration days— Specifies number of days a certification would be valid. If unspecified defaults to 365 days.
SSL Certificate and Keys (Cont.) Console(config)# crypto certificate 1 generate key-generate The command is not saved in the router configuration; however, the certificate and keys generated by this command are saved in the private configuration, which is never displayed to the user or backed up to another device.
CLI - Certificate Request • Use the following privileged EXEC mode command to export a certificate request to a Certification Authority. crypto certificate number request common- name [ou organization-unit] [o organization] [l location] [st state] [c country] number—Specifies the certificate number. (Range: 1 - 2) common- name—Specifies the fully qualified URL or IP address of the device. ou organization-unit—Specifies the organization-unit or department name. o organization—Specifies the organization name. l location—Specifies the location or city name. st state—Specifies the state or province name. c country— Specifies the country name.
Certificate Request (Cont.) • The certificate request is generated in Base64-encoded X.509 format. • Before issuing a certificate request you must first generate a self-signed certificate using the “crypto certificate generate” global configuration command. • After receiving the certificate from the Certification Authority, use the “crypto certificate import” global configuration command to import the certificate into the device. This certificate would replace the self-signed certificate.
Certificate Request (Cont.) console# crypto certificate 2 request -----BEGIN CERTIFICATE REQUEST----- MIIBHjCByAIBADBiMQswCQYDVQQGEwJpbDEPMA0GA1UECBMGbWVya2F6MRAwDgYD VQQHEwd0ZWxhdml2MQ4wDAYDVQQDEwUxMjM0NTEPMA0GA1UEChMGcmFkbGFuMQ8 w DQYDVQQLEwZyYWRsYW4wXTANBgkqhkiG9w0BAQEFAANMADBJAkIAz3VGpFd5cGUs ujfbeRZucwldBk7M4yVyeaFXXY0Z3LDGHecocuA4fAJOvLtmiFZr4lD3QjKLrwhP 0cnj/dCMlJECAwEAAaAAMA0GCSqGSIb3DQEBBAUAA0IAROVXG1phUu4bZR+bJHav nQWhy3s/nqOKuPAYdqjarFX+lv/19N6/VmR3IiM2O0a03XEGevnvnhnZY/Q/MEHE WgI= -----END CERTIFICATE REQUEST-----
CLI - Importing a Certificate • Use the following Global Configuration command to accept an external certificate (signed by Certification Authority) to the device: crypto certificate number import number—Specifies the certificate number. (Range: 1 - 2) • The imported certificate must be based on a certificate request created by the “crypto certificate request” privileged EXEC command. • If the public key found in the certificate does not match the device's SSL RSA key, the command will fail.
Importing a Certificate (Cont.) • This command is not saved in the router configuration; however, the certificate imported by this command is saved in the private configuration (which is never displayed to the user or backed up to another device). Console(config)# crypto certificate 1 import
Activate Certificate for HTTPS • Use the following Global Configuration command to specify the HTTPS certificate to use on the device: ip https certificate number number—Specifies the certificate number. (Range: 1 - 2) • To remove a certificate: no ip https certificate Console (config)# ip https certificate 1 • Before using this command, use the crypto certificate generate command in order to generate an HTTPS certificate.
CLI – HTTPS Show Commands • Use the following Privileged EXEC command to view HTTPS server configuration: show ip https • Use the following Privileged EXEC command to view the SSL certificate of your device: show crypto certificate mycertificate [number]
Thank You!!!

Recomendados

India2009 Dowling
India2009 DowlingIndia2009 Dowling
India2009 DowlingDeepak Sharma
 
TDM Profile
TDM ProfileTDM Profile
TDM ProfileDewald Pretorius
 
TETRA Networks Security
TETRA Networks SecurityTETRA Networks Security
TETRA Networks SecurityMarek Sebera
 
Tetra\Tetra
Tetra\TetraTetra\Tetra
Tetra\TetraDeepak Sharma
 
Tetra Ppt 6604 Edited
Tetra Ppt 6604 EditedTetra Ppt 6604 Edited
Tetra Ppt 6604 Editedmamach4
 
Ericsson Mini-link 6600 Nodes
Ericsson Mini-link 6600 NodesEricsson Mini-link 6600 Nodes
Ericsson Mini-link 6600 Nodesibrahimnabil17
 
Honeywell gsmvlp-install-guide
Honeywell gsmvlp-install-guideHoneywell gsmvlp-install-guide
Honeywell gsmvlp-install-guideAlarm Grid
 
Mini link tn-etsi_technical1
Mini link tn-etsi_technical1Mini link tn-etsi_technical1
Mini link tn-etsi_technical1Serge Sakr
 

Recomendados

India2009 Dowling
India2009 DowlingIndia2009 Dowling
India2009 DowlingDeepak Sharma
 
TDM Profile
TDM ProfileTDM Profile
TDM ProfileDewald Pretorius
 
TETRA Networks Security
TETRA Networks SecurityTETRA Networks Security
TETRA Networks SecurityMarek Sebera
 
Tetra\Tetra
Tetra\TetraTetra\Tetra
Tetra\TetraDeepak Sharma
 
Tetra Ppt 6604 Edited
Tetra Ppt 6604 EditedTetra Ppt 6604 Edited
Tetra Ppt 6604 Editedmamach4
 
Ericsson Mini-link 6600 Nodes
Ericsson Mini-link 6600 NodesEricsson Mini-link 6600 Nodes
Ericsson Mini-link 6600 Nodesibrahimnabil17
 
Honeywell gsmvlp-install-guide
Honeywell gsmvlp-install-guideHoneywell gsmvlp-install-guide
Honeywell gsmvlp-install-guideAlarm Grid
 
Mini link tn-etsi_technical1
Mini link tn-etsi_technical1Mini link tn-etsi_technical1
Mini link tn-etsi_technical1Serge Sakr
 
Introduction to Nokia RNC
Introduction to Nokia RNCIntroduction to Nokia RNC
Introduction to Nokia RNCAhmed Nabeeh
 
3 otf202202 opti x rtn 900 routine maintenance
3 otf202202 opti x rtn 900 routine maintenance3 otf202202 opti x rtn 900 routine maintenance
3 otf202202 opti x rtn 900 routine maintenancehoshiarsdiq
 
Mine Ax Show
Mine Ax ShowMine Ax Show
Mine Ax ShowTunnel Radio of America
 
ALU 7360 5520_gpon_basic_configuration
ALU 7360 5520_gpon_basic_configurationALU 7360 5520_gpon_basic_configuration
ALU 7360 5520_gpon_basic_configurationWahyu Nasution
 
Rtn
RtnRtn
RtnAhmed Hussien Ali Gomaa Bebars
 
Ome200301 gsm bts trouble shooting issue3.0
Ome200301 gsm bts trouble shooting issue3.0Ome200301 gsm bts trouble shooting issue3.0
Ome200301 gsm bts trouble shooting issue3.0Đinh Công Thiện Taydo University
 
Bluetooth® Serial Port Micro Module
Bluetooth® Serial Port Micro ModuleBluetooth® Serial Port Micro Module
Bluetooth® Serial Port Micro ModulePremier Farnell
 
Global System for Mobile (GSM)
Global System for Mobile (GSM)Global System for Mobile (GSM)
Global System for Mobile (GSM)Neelesh Srivastava
 
02 opti x rtn 900 v100r002 system hardware-20100223-a
02 opti x rtn 900 v100r002 system hardware-20100223-a02 opti x rtn 900 v100r002 system hardware-20100223-a
02 opti x rtn 900 v100r002 system hardware-20100223-aWaheed Ali
 
Power Industry Appl Short
Power Industry Appl ShortPower Industry Appl Short
Power Industry Appl Shortchowfei
 
Routing over ericsson mini link
Routing over ericsson mini linkRouting over ericsson mini link
Routing over ericsson mini linkAhmed Nabeeh
 
Microwave Huawei RTN Hardware Structure
Microwave Huawei RTN Hardware StructureMicrowave Huawei RTN Hardware Structure
Microwave Huawei RTN Hardware Structureibrahimnabil17
 
Nokia engineer basic_training_session_v1
Nokia engineer basic_training_session_v1Nokia engineer basic_training_session_v1
Nokia engineer basic_training_session_v1mohameddawood35
 
Zxmw nr8250 v1.00 commissioning guide ¸±±¾
Zxmw nr8250 v1.00 commissioning guide ¸±±¾Zxmw nr8250 v1.00 commissioning guide ¸±±¾
Zxmw nr8250 v1.00 commissioning guide ¸±±¾Gratien Niyitegeka
 
Ome201102 huawei bts3012 hardware structure issue2.0
Ome201102 huawei bts3012 hardware structure issue2.0Ome201102 huawei bts3012 hardware structure issue2.0
Ome201102 huawei bts3012 hardware structure issue2.0Đinh Công Thiện Taydo University
 
2014 innovaphone different protocols for different things
2014 innovaphone different protocols for different things2014 innovaphone different protocols for different things
2014 innovaphone different protocols for different thingsVOIP2DAY
 
Gsm r 5.0 bts3012 ae configuration principle v1.0(20120726)
Gsm r 5.0 bts3012 ae configuration principle v1.0(20120726)Gsm r 5.0 bts3012 ae configuration principle v1.0(20120726)
Gsm r 5.0 bts3012 ae configuration principle v1.0(20120726)Pham My
 
Chichi chacha
Chichi chachaChichi chacha
Chichi chachaguestaae87e
 
Huawei bts3012 hardware structure issue1.0
Huawei bts3012 hardware structure issue1.0Huawei bts3012 hardware structure issue1.0
Huawei bts3012 hardware structure issue1.0Đinh Công Thiện Taydo University
 
Philippe Langlois - Hacking HLR HSS and MME core network elements
Philippe Langlois - Hacking HLR HSS and MME core network elementsPhilippe Langlois - Hacking HLR HSS and MME core network elements
Philippe Langlois - Hacking HLR HSS and MME core network elementsP1Security
 
V P N
V P NV P N
V P Nbhathiji
 
IT & telecommunication
IT & telecommunicationIT & telecommunication
IT & telecommunicationPraveen Sidola
 

Mais conteúdo relacionado

Mais procurados

Introduction to Nokia RNC
Introduction to Nokia RNCIntroduction to Nokia RNC
Introduction to Nokia RNCAhmed Nabeeh
 
3 otf202202 opti x rtn 900 routine maintenance
3 otf202202 opti x rtn 900 routine maintenance3 otf202202 opti x rtn 900 routine maintenance
3 otf202202 opti x rtn 900 routine maintenancehoshiarsdiq
 
ALU 7360 5520_gpon_basic_configuration
ALU 7360 5520_gpon_basic_configurationALU 7360 5520_gpon_basic_configuration
ALU 7360 5520_gpon_basic_configurationWahyu Nasution
 
Bluetooth® Serial Port Micro Module
Bluetooth® Serial Port Micro ModuleBluetooth® Serial Port Micro Module
Bluetooth® Serial Port Micro ModulePremier Farnell
 
Global System for Mobile (GSM)
Global System for Mobile (GSM)Global System for Mobile (GSM)
Global System for Mobile (GSM)Neelesh Srivastava
 
02 opti x rtn 900 v100r002 system hardware-20100223-a
02 opti x rtn 900 v100r002 system hardware-20100223-a02 opti x rtn 900 v100r002 system hardware-20100223-a
02 opti x rtn 900 v100r002 system hardware-20100223-aWaheed Ali
 
Power Industry Appl Short
Power Industry Appl ShortPower Industry Appl Short
Power Industry Appl Shortchowfei
 
Routing over ericsson mini link
Routing over ericsson mini linkRouting over ericsson mini link
Routing over ericsson mini linkAhmed Nabeeh
 
Microwave Huawei RTN Hardware Structure
Microwave Huawei RTN Hardware StructureMicrowave Huawei RTN Hardware Structure
Microwave Huawei RTN Hardware Structureibrahimnabil17
 
Nokia engineer basic_training_session_v1
Nokia engineer basic_training_session_v1Nokia engineer basic_training_session_v1
Nokia engineer basic_training_session_v1mohameddawood35
 
Zxmw nr8250 v1.00 commissioning guide ¸±±¾
Zxmw nr8250 v1.00 commissioning guide ¸±±¾Zxmw nr8250 v1.00 commissioning guide ¸±±¾
Zxmw nr8250 v1.00 commissioning guide ¸±±¾Gratien Niyitegeka
 
2014 innovaphone different protocols for different things
2014 innovaphone different protocols for different things2014 innovaphone different protocols for different things
2014 innovaphone different protocols for different thingsVOIP2DAY
 
Gsm r 5.0 bts3012 ae configuration principle v1.0(20120726)
Gsm r 5.0 bts3012 ae configuration principle v1.0(20120726)Gsm r 5.0 bts3012 ae configuration principle v1.0(20120726)
Gsm r 5.0 bts3012 ae configuration principle v1.0(20120726)Pham My
 
Philippe Langlois - Hacking HLR HSS and MME core network elements
Philippe Langlois - Hacking HLR HSS and MME core network elementsPhilippe Langlois - Hacking HLR HSS and MME core network elements
Philippe Langlois - Hacking HLR HSS and MME core network elementsP1Security
 

Mais procurados (20)

Introduction to Nokia RNC
Introduction to Nokia RNCIntroduction to Nokia RNC
Introduction to Nokia RNC
 
3 otf202202 opti x rtn 900 routine maintenance
3 otf202202 opti x rtn 900 routine maintenance3 otf202202 opti x rtn 900 routine maintenance
3 otf202202 opti x rtn 900 routine maintenance
 
Mine Ax Show
Mine Ax ShowMine Ax Show
Mine Ax Show
 
ALU 7360 5520_gpon_basic_configuration
ALU 7360 5520_gpon_basic_configurationALU 7360 5520_gpon_basic_configuration
ALU 7360 5520_gpon_basic_configuration
 
Rtn
RtnRtn
Rtn
 
Ome200301 gsm bts trouble shooting issue3.0
Ome200301 gsm bts trouble shooting issue3.0Ome200301 gsm bts trouble shooting issue3.0
Ome200301 gsm bts trouble shooting issue3.0
 
Bluetooth® Serial Port Micro Module
Bluetooth® Serial Port Micro ModuleBluetooth® Serial Port Micro Module
Bluetooth® Serial Port Micro Module
 
Global System for Mobile (GSM)
Global System for Mobile (GSM)Global System for Mobile (GSM)
Global System for Mobile (GSM)
 
02 opti x rtn 900 v100r002 system hardware-20100223-a
02 opti x rtn 900 v100r002 system hardware-20100223-a02 opti x rtn 900 v100r002 system hardware-20100223-a
02 opti x rtn 900 v100r002 system hardware-20100223-a
 
Power Industry Appl Short
Power Industry Appl ShortPower Industry Appl Short
Power Industry Appl Short
 
Routing over ericsson mini link
Routing over ericsson mini linkRouting over ericsson mini link
Routing over ericsson mini link
 
Microwave Huawei RTN Hardware Structure
Microwave Huawei RTN Hardware StructureMicrowave Huawei RTN Hardware Structure
Microwave Huawei RTN Hardware Structure
 
Nokia engineer basic_training_session_v1
Nokia engineer basic_training_session_v1Nokia engineer basic_training_session_v1
Nokia engineer basic_training_session_v1
 
Zxmw nr8250 v1.00 commissioning guide ¸±±¾
Zxmw nr8250 v1.00 commissioning guide ¸±±¾Zxmw nr8250 v1.00 commissioning guide ¸±±¾
Zxmw nr8250 v1.00 commissioning guide ¸±±¾
 
Ome201102 huawei bts3012 hardware structure issue2.0
Ome201102 huawei bts3012 hardware structure issue2.0Ome201102 huawei bts3012 hardware structure issue2.0
Ome201102 huawei bts3012 hardware structure issue2.0
 
2014 innovaphone different protocols for different things
2014 innovaphone different protocols for different things2014 innovaphone different protocols for different things
2014 innovaphone different protocols for different things
 
Gsm r 5.0 bts3012 ae configuration principle v1.0(20120726)
Gsm r 5.0 bts3012 ae configuration principle v1.0(20120726)Gsm r 5.0 bts3012 ae configuration principle v1.0(20120726)
Gsm r 5.0 bts3012 ae configuration principle v1.0(20120726)
 
Chichi chacha
Chichi chachaChichi chacha
Chichi chacha
 
Huawei bts3012 hardware structure issue1.0
Huawei bts3012 hardware structure issue1.0Huawei bts3012 hardware structure issue1.0
Huawei bts3012 hardware structure issue1.0
 
Philippe Langlois - Hacking HLR HSS and MME core network elements
Philippe Langlois - Hacking HLR HSS and MME core network elementsPhilippe Langlois - Hacking HLR HSS and MME core network elements
Philippe Langlois - Hacking HLR HSS and MME core network elements
 

Semelhante a At8000 s configurando com ssh-ssl

IT & telecommunication
IT & telecommunicationIT & telecommunication
IT & telecommunicationPraveen Sidola
 
Network Security- Basics Knowledge in wireless Security
Network Security- Basics Knowledge in wireless SecurityNetwork Security- Basics Knowledge in wireless Security
Network Security- Basics Knowledge in wireless SecuritySUBHAK25
 
Valdir Adorni - Compwire / EMC2 Clariion Implementation Sample
Valdir Adorni - Compwire / EMC2 Clariion Implementation SampleValdir Adorni - Compwire / EMC2 Clariion Implementation Sample
Valdir Adorni - Compwire / EMC2 Clariion Implementation SampleValdir Adorni
 
IOT in 5G Training and Certification by TELCOMA Global
IOT in 5G Training and Certification by TELCOMA GlobalIOT in 5G Training and Certification by TELCOMA Global
IOT in 5G Training and Certification by TELCOMA GlobalGaganpreet Singh Walia
 
IOT in 5G Training and Certification by TELCOMA Global
IOT in 5G Training and Certification by TELCOMA GlobalIOT in 5G Training and Certification by TELCOMA Global
IOT in 5G Training and Certification by TELCOMA GlobalGaganpreet Singh Walia
 
Widyatama Lecture Applied Networking IV Week06 Mobile Security 2
Widyatama Lecture Applied Networking IV Week06 Mobile Security 2Widyatama Lecture Applied Networking IV Week06 Mobile Security 2
Widyatama Lecture Applied Networking IV Week06 Mobile Security 2Djadja Sardjana
 
MPLS-Based Metro Ethernet
MPLS-Based Metro EthernetMPLS-Based Metro Ethernet
MPLS-Based Metro EthernetAPNIC
 
Towfique 063382056
Towfique 063382056Towfique 063382056
Towfique 063382056mashiur
 
Carrier ethernet-for-power-utilities-presentation
Carrier ethernet-for-power-utilities-presentationCarrier ethernet-for-power-utilities-presentation
Carrier ethernet-for-power-utilities-presentationNir Cohen
 
Voice over internet protocol (voip)3
Voice over internet protocol (voip)3Voice over internet protocol (voip)3
Voice over internet protocol (voip)3Vishnu M Dinesan
 
Webinar Mastering 4G_5G Telecom Threat Intelligence.pdf
Webinar Mastering 4G_5G Telecom Threat Intelligence.pdfWebinar Mastering 4G_5G Telecom Threat Intelligence.pdf
Webinar Mastering 4G_5G Telecom Threat Intelligence.pdfSecurityGen
 
Maipu 3 g access solution for enterprises
Maipu 3 g access solution for enterprisesMaipu 3 g access solution for enterprises
Maipu 3 g access solution for enterprisesUttamkumar Ress
 
Huawei s5300 gigabit switches
Huawei s5300 gigabit switchesHuawei s5300 gigabit switches
Huawei s5300 gigabit switchesHuanetwork
 
Transport mode virtual private network(vpn)
Transport mode virtual private network(vpn)Transport mode virtual private network(vpn)
Transport mode virtual private network(vpn)Murniana Shazwen
 
Transport mode virtual private network(vpn)
Transport mode virtual private network(vpn)Transport mode virtual private network(vpn)
Transport mode virtual private network(vpn)Murniana Shazwen
 

Semelhante a At8000 s configurando com ssh-ssl (20)

V P N
V P NV P N
V P N
 
IT & telecommunication
IT & telecommunicationIT & telecommunication
IT & telecommunication
 
Network Security- Basics Knowledge in wireless Security
Network Security- Basics Knowledge in wireless SecurityNetwork Security- Basics Knowledge in wireless Security
Network Security- Basics Knowledge in wireless Security
 
Valdir Adorni - Compwire / EMC2 Clariion Implementation Sample
Valdir Adorni - Compwire / EMC2 Clariion Implementation SampleValdir Adorni - Compwire / EMC2 Clariion Implementation Sample
Valdir Adorni - Compwire / EMC2 Clariion Implementation Sample
 
WAP
WAPWAP
WAP
 
IOT in 5G Training and Certification by TELCOMA Global
IOT in 5G Training and Certification by TELCOMA GlobalIOT in 5G Training and Certification by TELCOMA Global
IOT in 5G Training and Certification by TELCOMA Global
 
IOT in 5G Training and Certification by TELCOMA Global
IOT in 5G Training and Certification by TELCOMA GlobalIOT in 5G Training and Certification by TELCOMA Global
IOT in 5G Training and Certification by TELCOMA Global
 
Widyatama Lecture Applied Networking IV Week06 Mobile Security 2
Widyatama Lecture Applied Networking IV Week06 Mobile Security 2Widyatama Lecture Applied Networking IV Week06 Mobile Security 2
Widyatama Lecture Applied Networking IV Week06 Mobile Security 2
 
MPLS-Based Metro Ethernet
MPLS-Based Metro EthernetMPLS-Based Metro Ethernet
MPLS-Based Metro Ethernet
 
Packets never lie: An in-depth overview of 802.11 frames
Packets never lie: An in-depth overview of 802.11 framesPackets never lie: An in-depth overview of 802.11 frames
Packets never lie: An in-depth overview of 802.11 frames
 
Towfique 063382056
Towfique 063382056Towfique 063382056
Towfique 063382056
 
Carrier ethernet-for-power-utilities-presentation
Carrier ethernet-for-power-utilities-presentationCarrier ethernet-for-power-utilities-presentation
Carrier ethernet-for-power-utilities-presentation
 
Voice over internet protocol (voip)3
Voice over internet protocol (voip)3Voice over internet protocol (voip)3
Voice over internet protocol (voip)3
 
Webinar Mastering 4G_5G Telecom Threat Intelligence.pdf
Webinar Mastering 4G_5G Telecom Threat Intelligence.pdfWebinar Mastering 4G_5G Telecom Threat Intelligence.pdf
Webinar Mastering 4G_5G Telecom Threat Intelligence.pdf
 
Company overview: Automotive + TTEthernet
Company overview: Automotive + TTEthernetCompany overview: Automotive + TTEthernet
Company overview: Automotive + TTEthernet
 
Maipu 3 g access solution for enterprises
Maipu 3 g access solution for enterprisesMaipu 3 g access solution for enterprises
Maipu 3 g access solution for enterprises
 
Ip sec
Ip secIp sec
Ip sec
 
Huawei s5300 gigabit switches
Huawei s5300 gigabit switchesHuawei s5300 gigabit switches
Huawei s5300 gigabit switches
 
Transport mode virtual private network(vpn)
Transport mode virtual private network(vpn)Transport mode virtual private network(vpn)
Transport mode virtual private network(vpn)
 
Transport mode virtual private network(vpn)
Transport mode virtual private network(vpn)Transport mode virtual private network(vpn)
Transport mode virtual private network(vpn)
 

Mais de NetPlus

Cameras sd 5500 speed domes portugues
Cameras sd 5500 speed domes portuguesCameras sd 5500 speed domes portugues
Cameras sd 5500 speed domes portuguesNetPlus
 
Camera re q359 portugues
Camera re q359 portuguesCamera re q359 portugues
Camera re q359 portuguesNetPlus
 
Camera re h2035 c portugues
Camera re h2035 c portuguesCamera re h2035 c portugues
Camera re h2035 c portuguesNetPlus
 
Camera re h2025 c portugues
Camera re h2025 c portuguesCamera re h2025 c portugues
Camera re h2025 c portuguesNetPlus
 
Camera re h2015 r portugues
Camera re h2015 r portuguesCamera re h2015 r portugues
Camera re h2015 r portuguesNetPlus
 
Camera re h1020 l -lhshi portugues
Camera re h1020 l -lhshi portuguesCamera re h1020 l -lhshi portugues
Camera re h1020 l -lhshi portuguesNetPlus
 
Camera re h1020 l -lh - lsh portugues
Camera re h1020 l -lh - lsh portuguesCamera re h1020 l -lh - lsh portugues
Camera re h1020 l -lh - lsh portuguesNetPlus
 
Camera re b9020 lc - lch portugues
Camera re b9020 lc - lch portuguesCamera re b9020 lc - lch portugues
Camera re b9020 lc - lch portuguesNetPlus
 
Camera re b9020 lai - lahi - lahdi portugues
Camera re b9020 lai - lahi - lahdi portuguesCamera re b9020 lai - lahi - lahdi portugues
Camera re b9020 lai - lahi - lahdi portuguesNetPlus
 
Camera re b9020 la - lah portugues
Camera re b9020 la - lah portuguesCamera re b9020 la - lah portugues
Camera re b9020 la - lah portuguesNetPlus
 
Camera re b9018 lr portugues
Camera re b9018 lr portuguesCamera re b9018 lr portugues
Camera re b9018 lr portuguesNetPlus
 
Camera re b9016 l portugues
Camera re b9016 l portuguesCamera re b9016 l portugues
Camera re b9016 l portuguesNetPlus
 
Camera re b6018 lr portugues
Camera re b6018 lr portuguesCamera re b6018 lr portugues
Camera re b6018 lr portuguesNetPlus
 
Camera re 8020 lnci - lnshi - lnshdi portugues
Camera re 8020 lnci - lnshi - lnshdi portuguesCamera re 8020 lnci - lnshi - lnshdi portugues
Camera re 8020 lnci - lnshi - lnshdi portuguesNetPlus
 
Camera re 8020 lnc - lnsh portugues
Camera re 8020 lnc - lnsh portuguesCamera re 8020 lnc - lnsh portugues
Camera re 8020 lnc - lnsh portuguesNetPlus
 
DVR Stand Alone DR-0162 Dotix
DVR Stand Alone DR-0162 DotixDVR Stand Alone DR-0162 Dotix
DVR Stand Alone DR-0162 DotixNetPlus
 
DVR Stand Alone DR-082 Dotix
DVR Stand Alone DR-082 DotixDVR Stand Alone DR-082 Dotix
DVR Stand Alone DR-082 DotixNetPlus
 
DVR Stand Alone DR-042 Dotix
DVR Stand Alone DR-042 DotixDVR Stand Alone DR-042 Dotix
DVR Stand Alone DR-042 DotixNetPlus
 
DVR Stand Alone DE-2416HV Dotix
DVR Stand Alone DE-2416HV DotixDVR Stand Alone DE-2416HV Dotix
DVR Stand Alone DE-2416HV DotixNetPlus
 
DVR Stand Alone DE-1816HV Dotix
DVR Stand Alone DE-1816HV DotixDVR Stand Alone DE-1816HV Dotix
DVR Stand Alone DE-1816HV DotixNetPlus
 

Mais de NetPlus (20)

Cameras sd 5500 speed domes portugues
Cameras sd 5500 speed domes portuguesCameras sd 5500 speed domes portugues
Cameras sd 5500 speed domes portugues
 
Camera re q359 portugues
Camera re q359 portuguesCamera re q359 portugues
Camera re q359 portugues
 
Camera re h2035 c portugues
Camera re h2035 c portuguesCamera re h2035 c portugues
Camera re h2035 c portugues
 
Camera re h2025 c portugues
Camera re h2025 c portuguesCamera re h2025 c portugues
Camera re h2025 c portugues
 
Camera re h2015 r portugues
Camera re h2015 r portuguesCamera re h2015 r portugues
Camera re h2015 r portugues
 
Camera re h1020 l -lhshi portugues
Camera re h1020 l -lhshi portuguesCamera re h1020 l -lhshi portugues
Camera re h1020 l -lhshi portugues
 
Camera re h1020 l -lh - lsh portugues
Camera re h1020 l -lh - lsh portuguesCamera re h1020 l -lh - lsh portugues
Camera re h1020 l -lh - lsh portugues
 
Camera re b9020 lc - lch portugues
Camera re b9020 lc - lch portuguesCamera re b9020 lc - lch portugues
Camera re b9020 lc - lch portugues
 
Camera re b9020 lai - lahi - lahdi portugues
Camera re b9020 lai - lahi - lahdi portuguesCamera re b9020 lai - lahi - lahdi portugues
Camera re b9020 lai - lahi - lahdi portugues
 
Camera re b9020 la - lah portugues
Camera re b9020 la - lah portuguesCamera re b9020 la - lah portugues
Camera re b9020 la - lah portugues
 
Camera re b9018 lr portugues
Camera re b9018 lr portuguesCamera re b9018 lr portugues
Camera re b9018 lr portugues
 
Camera re b9016 l portugues
Camera re b9016 l portuguesCamera re b9016 l portugues
Camera re b9016 l portugues
 
Camera re b6018 lr portugues
Camera re b6018 lr portuguesCamera re b6018 lr portugues
Camera re b6018 lr portugues
 
Camera re 8020 lnci - lnshi - lnshdi portugues
Camera re 8020 lnci - lnshi - lnshdi portuguesCamera re 8020 lnci - lnshi - lnshdi portugues
Camera re 8020 lnci - lnshi - lnshdi portugues
 
Camera re 8020 lnc - lnsh portugues
Camera re 8020 lnc - lnsh portuguesCamera re 8020 lnc - lnsh portugues
Camera re 8020 lnc - lnsh portugues
 
DVR Stand Alone DR-0162 Dotix
DVR Stand Alone DR-0162 DotixDVR Stand Alone DR-0162 Dotix
DVR Stand Alone DR-0162 Dotix
 
DVR Stand Alone DR-082 Dotix
DVR Stand Alone DR-082 DotixDVR Stand Alone DR-082 Dotix
DVR Stand Alone DR-082 Dotix
 
DVR Stand Alone DR-042 Dotix
DVR Stand Alone DR-042 DotixDVR Stand Alone DR-042 Dotix
DVR Stand Alone DR-042 Dotix
 
DVR Stand Alone DE-2416HV Dotix
DVR Stand Alone DE-2416HV DotixDVR Stand Alone DE-2416HV Dotix
DVR Stand Alone DE-2416HV Dotix
 
DVR Stand Alone DE-1816HV Dotix
DVR Stand Alone DE-1816HV DotixDVR Stand Alone DE-1816HV Dotix
DVR Stand Alone DE-1816HV Dotix
 

Último

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 

Último (20)

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 

At8000 s configurando com ssh-ssl

  • 1. SSH & SSL AT - 8000S
  • 2. Secure Management • Secure management is increasingly important in modern networks, as the ability to easily and effectively manage switches and the requirement for security are the two almost universal requirements. • Traditionally, switches are managed using either remote terminal sessions via the Telnet protocol or management via SNMP. • Both of these methods have serious security problems—they are only protected by clear text reusable passwords.
  • 3. NMS Telnet Unsecured zone Firewall
  • 4. Secure Management - Solutions • Methods to ensure secure management: – Access Control and Security - Defining access rules on the device. – AAA security services - using usernames and/or password to Authenticate user’s identity and access (authorization) level. – Using encryption methods, checksum and hash algorithms and/or digital signature. • Access Control & Security and AAA are explained in other presentations
  • 5. Security Building Blocks • Encryption provides – confidentiality, can provide authentication and integrity protection • Checksums/hash algorithms provide – integrity protection, can provide authentication • Digital signatures provide – authentication, integrity protection, and non-repudiation • Demands for management security and control of the networking devices touch all areas of the enterprise.
  • 6. Secure Management Options • The Secure Shell (SSH) protocol provides encrypted and strongly authenticated remote login sessions, similar to the Telnet protocol, between a device running a Secure Shell server and a host (PC) with a Secure Shell client. • The Secure Socket Layer (SSL) has been universally accepted on the World Wide Web for authenticated and encrypted communication between clients and servers applications. Therefore, SSL allows secure management of the networking devices via the standard WEB browser.
  • 7. Secure Management NMS Telnet SSH station Unsecured zone Firewall
  • 8. SSH protocol features • Secure connection between one client and one server • Client, server, user and message authentication • Uses “keys” (public and private) to authenticate user and to negotiate session (encrypt/decrypt) key – which is shared • Allows “tunneling” of insecure connections through the secure SSH channel • Secure Shell replaces Telnet for remote terminal sessions. Secure Shell is strongly authenticated and encrypted.
  • 9. How does SSH Tunneling work? Insecure App 23 Telnet Telnetd Loopback I/F Loopback I/F Network I/F Network I/F Client Router This telnet connection is transmitted in the clear – data and passwords are insecure! 23 Loopback I/F Loopback I/F Network I/F Network I/F Client Router Secure SSHd 2023 SSH App 22 App Set up SSH port forwarding from the client to the server App Telnet Telnetd 23 Loopback I/F Loopback I/F Network I/F Network I/F Trnamitted! Trnamitted! Never Never Client Router Secure SSHd 2023 SSH App 22 App The result – a secure connection!
  • 10. What is SSL? • Secure Sockets Layer (SSL) is a protocol designed to enable secure communications on an insecure network such as the Internet • SSL provides encryption and integrity of communications along with strong authentication using digital certificates.
  • 11. Introduction to SSL • The Secure Sockets Layer – SSL, was originally developed by Netscape Communications and was based on encryption algorithms developed by RSA Security. • This is a security protocol that provides communications privacy over the Internet. • SSL has been universally accepted on the World Wide Web for authenticated and encrypted communication between clients and servers applications. • The new Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL
  • 12. SSL/TLS • SSL and TLS are standards for how to secure TCP/IP communications • As of the latest revision, TLS is the official name for what used to be called SSL. However, SSL is still the word most frequently used. • TLS is a layer on top of the TCP layer
  • 13. SSL/TLS Not Secure secure HTTP HTTP TLS TCP TCP IP IP
  • 15. SSH-1 vs SSH-2 • SSH-2 and SSH-1 are incompatible, but some servers have a compatibility mode • SSH-2 is more secure (stronger encryption and authentication) and allows more detailed configuration • SSH-1 has a wider license, and transfers files 4 times as fast • AT - 8000S implements SSH-2 only
  • 16. AT - 8000S SSH Implementation • Inbound Secure Shell connections (server mode). • RSA keys (proprietary, but commonly used) and DSA keys (US government standard) are both supported. • The keys are not saved as part of the configuration file, but are saved in the flash. • When the configuration file is copied, the keys are not copied along with it • The public part of the key is up to 2048 bits.
  • 17. SSH Implementation • Four types of encryption are supported: 3DES, Arcfour (RC4), AES and Blowfish. • The type of encryption is agreed upon between the client and server; it is not configured within the device • Implements direct SSH session without telnet tunneling • Up to 4 concurrent SSH (or telnet) sessions are supported • Ability to authenticate Client public key
  • 18. SSH Procedure • If needed, enable SSH on the device (the default is Disabled) • If needed, define (protocol) port (default is port 22) • Create either a DSA or RSA pair of keys. Generating the key may take a short while • If desired – authenticate Client’s public key. Alternate user authentication is via the AAA • If user requests new key, every new session will get the new key. All running session will keep the old key. • PC Side: – Define keys (if needed) – Define authentication method (if needed) – Connect to the device via IP defined on device.
  • 19. SSH CLI Configuration AT - 8000S
  • 20. SSH CLI – Server and Port • Use the following Global Mode command to enable SSH on the device. The “no” form of this command disables this function. ip ssh server no ip ssh server Note: If encryption keys were not generated the SSH server will be in standby, until the keys are generated. • Use the following Global Mode command to specify the TCP port to be used by the SSH server. The “no” form of the command returns setting to default port (port 22): ip ssh port port-number no ip ssh port
  • 21. CLI SSH – Generating Keys • Use one or both of the following Global Mode command to generate encryption key pairs (one public, one private): crypto key generate rsa crypto key generate dsa. • Generation of Keys may take some time Note: The keys are not saved in the router configuration (never displayed to the user or backed up to another device); However, the generated keys are saved in the flash, and saved across reboots
  • 22. CLI SSH – Example console# con console(config)# ip ssh server console(config)# ip ssh port 22 console(config)# crypto key generate rsa Replace Existing RSA Key [y/n]? y 01-Jan-2000 01:25:45 %SSHD-I-KEYGENRSA: The SSH service is generating a private RSA key. This may take a few seconds, depending on the key size console(config)#
  • 23. CLI SSH – Show SSH • Use the following EXEC Mode command to view SSH configuration on the device: show ip ssh console# sh ip ssh SSH Server enabled. Port: 22 RSA key was generated. DSA(DSS) key was generated. SSH Public Key Authentication is disabled. Active incoming sessions: IP address SSH username Version Cipher Auth Code ----------------- -------------- ----------- ----------- --------------
  • 24. CLI SSH – Show Public Keys • Use the following EXEC Mode command to view this device public key(s) – created by “crypto key generate” command show crypto key mypubkey [rsa|dsa] console# show crypto key mypubkey rsa rsa key data: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAr/f0fColXgSESRC/4h5zn6t3 CohlzF3w0YCSewm1wYjenCWWyyknfQj9zyeOdgy9j1s5fK9YZncmAGbN+ …… ….. jxOAZHLIQhqka1nfsQ== Fingerprint(hex): 39:d1:66:41:2b:41:3f:aa:cb:c7:e7:37:a4:89:aa:12 Fingerprint(bubbleBabble): xefam-cybem-bozyr-culiz-kesug-kucud-vivab- folun-tuhih-nakoh-zyxyx
  • 25. CLI SSH – Key Authentication • Use the following Global Mode command to enable client’s public key authentication for incoming SSH sessions. The no form of the command disables authentication: ip ssh pubkey-auth no ip ssh pubkey-auth • Use the following command to enter public key configuration mode (so you can manually specify other devices’ public keys): crypto key pubkey-chain ssh
  • 26. CLI SSH – Key Authentication • Use the following Public Key-chain Mode command to specify which SSH public key you will configure manually on the device. The “no” form removes the key: user-key username {rsa| dsa} no user-key username • Follow this command with the key-string command to specify the key
  • 27. CLI SSH – Key Authentication • Use one of the following Public Key-string Mode command to specify the SSH public key of another device: key-string row word key-string <sequence> • Row option – command can be used repeatedly to enter the full key string (see example). Exiting command mode indicates end of key. • <sequence> - user can enter key segment by segment – until <enter> key is pressed twice (see example)
  • 28. CLI SSH – Key Authentication • Example – entering RSA user-key key-string (row): console(config)# crypto key pubkey-chain ssh console(config-pubkey-chain)# user-key David rsa console(config-pubkey-key)# key-string row AAAAB3NzaC1yc2EAAAAD <enter> console(config-pubkey-key)# key-string row AQABAAAAgQCJB1P0qq0nk/<enter> ….. console(config-pubkey-key)# exit console(config-pubkey-chain)# Note – device will inform if process was not successful
  • 29. CLI SSH – Key Authentication • Example – entering RSA user-key key-string (regular sequence): console(config)# crypto key pubkey-chain ssh console(config-pubkey-chain)# user-key george rsa console(config-pubkey-key)# key-string AAAAB3NzaC1yc2EAAAAD <enter> AQABAAAAgQCJB1P0qq0nk/<enter> …. <enter> <enter> Fingerprint: 52:92:fc:94:da:1e:ba:2d:4c:00:87:b0:cb:86:12:36 console(config-pubkey-key)# Note – device will inform if process was not successful
  • 30. CLI – Show Key Authentication • Use the following EXEC Mode command to view SSH public keys (of clients) stored on the device: show crypto key pubkey-chain ssh [username username] [fingerprint bubble- babble | hex] Parameters Username – of the remote SSH client Fingerprint – bubble-babble or hex, specifies the “signature shortcut” method of the key console# show crypto key pubkey-chain ssh Username Fingerprint -------------- --------------------------------------------------------------- George 4e:de:4d:1c:33:43:57:14:6b:aa:29:0d:d0:41:3f:a7
  • 31. SSL Implementation AT - 8000S
  • 32. SSL Spec • SSL is used to provide communication privacy over the Internet. • It is used to support security in the AT - 8000S Embedded Web Server (EWS). • SSL provides encryption and integrity of communications along with strong authentication using digital certificates. • Initially, client and device will exchange messages to synchronize on the security policy and public key/certificates, and will authenticate each other. After that, they agree on a session key, which will be used to encrypt /decrypt the data
  • 33. SSL Spec • RSA generated public and private keys • SSL supported version are: TLS1, V3 • Certificate currently not registered with 3rd party certificate authority. • The same libraries used for SSH encryption are used for SSL encryption • Up to 12 SSL sessions are available (but only 4 WEB) • HTTP and HTTPS can be used concurrently
  • 34. SSL Process • At the onset of the secure session, there is a “SSL handshake” between the user and the EWS. The handshake involves: – Negotiation of the cipher suite – Establishment of a shared session – Authentication of the server (Certificate – if 3rd party exists) – Authentication of the client (optional via AAA) – Authentication of data
  • 35. SSL User Controls • User can: – Enable https server on the device (default is disabled) – Define HTTPS port (Default is 443) – Generate certificate to use – Create public and private key
  • 36. SSL CLI Configuration AT - 8000S
  • 37. CLI – Enabling HTTPS Server • Use the following Global Configuration command to enable the device to be configured from a secured browser. Use the “no” form of this command to disable this function (default is disabled): ip https server no ip https server • Use the following Global Configuration command to define the TCP port to use by a secure web browser to configure the device. Use the “no” form of this command to return to the default port (443): ip https port port-number no ip https port
  • 38. CLI – Creating SSL Certificate and Keys • Use the following Global Configuration command to generate an HTTPS certificate for your device. This command also can (optionally) generate a pair of keys (public & Private): crypto certificate [ number] generate [key-generate [ length]] [passphrase string] [cn common- name] [ou organization-unit] [o organization] [l location] [st state] [c country] [duration days] number —Specifies the certificate number. (Range: 1 - 2) If number is unspecified, it defaults to 1. key-generate—Regenerate SSL RSA key. length—Specifies the SSL RSA key length. (Range: 512 - 2048) If length is unspecified, it defaults to 1024. passphrase string—Passphrase that is used for exporting the certificate in PKCS12 file format. If unspecified the certificate is not exportable.
  • 39. SSL Certificate and Keys (Cont.) cn common- name—Specifies the fully qualified URL or IP address of the device. If unspecified, defaults to the lowest IP address of the device (when the certificate is generated). ou organization-unit—Specifies the organization-unit or department name. o organization —Specifies the organization name. l location — Specifies the location or city name. st state— Specifies the state or province name. c country — Specifies the country name. duration days— Specifies number of days a certification would be valid. If unspecified defaults to 365 days.
  • 40. SSL Certificate and Keys (Cont.) Console(config)# crypto certificate 1 generate key-generate The command is not saved in the router configuration; however, the certificate and keys generated by this command are saved in the private configuration, which is never displayed to the user or backed up to another device.
  • 41. CLI - Certificate Request • Use the following privileged EXEC mode command to export a certificate request to a Certification Authority. crypto certificate number request common- name [ou organization-unit] [o organization] [l location] [st state] [c country] number—Specifies the certificate number. (Range: 1 - 2) common- name—Specifies the fully qualified URL or IP address of the device. ou organization-unit—Specifies the organization-unit or department name. o organization—Specifies the organization name. l location—Specifies the location or city name. st state—Specifies the state or province name. c country— Specifies the country name.
  • 42. Certificate Request (Cont.) • The certificate request is generated in Base64-encoded X.509 format. • Before issuing a certificate request you must first generate a self-signed certificate using the “crypto certificate generate” global configuration command. • After receiving the certificate from the Certification Authority, use the “crypto certificate import” global configuration command to import the certificate into the device. This certificate would replace the self-signed certificate.
  • 43. Certificate Request (Cont.) console# crypto certificate 2 request -----BEGIN CERTIFICATE REQUEST----- MIIBHjCByAIBADBiMQswCQYDVQQGEwJpbDEPMA0GA1UECBMGbWVya2F6MRAwDgYD VQQHEwd0ZWxhdml2MQ4wDAYDVQQDEwUxMjM0NTEPMA0GA1UEChMGcmFkbGFuMQ8 w DQYDVQQLEwZyYWRsYW4wXTANBgkqhkiG9w0BAQEFAANMADBJAkIAz3VGpFd5cGUs ujfbeRZucwldBk7M4yVyeaFXXY0Z3LDGHecocuA4fAJOvLtmiFZr4lD3QjKLrwhP 0cnj/dCMlJECAwEAAaAAMA0GCSqGSIb3DQEBBAUAA0IAROVXG1phUu4bZR+bJHav nQWhy3s/nqOKuPAYdqjarFX+lv/19N6/VmR3IiM2O0a03XEGevnvnhnZY/Q/MEHE WgI= -----END CERTIFICATE REQUEST-----
  • 44. CLI - Importing a Certificate • Use the following Global Configuration command to accept an external certificate (signed by Certification Authority) to the device: crypto certificate number import number—Specifies the certificate number. (Range: 1 - 2) • The imported certificate must be based on a certificate request created by the “crypto certificate request” privileged EXEC command. • If the public key found in the certificate does not match the device's SSL RSA key, the command will fail.
  • 45. Importing a Certificate (Cont.) • This command is not saved in the router configuration; however, the certificate imported by this command is saved in the private configuration (which is never displayed to the user or backed up to another device). Console(config)# crypto certificate 1 import
  • 46. Activate Certificate for HTTPS • Use the following Global Configuration command to specify the HTTPS certificate to use on the device: ip https certificate number number—Specifies the certificate number. (Range: 1 - 2) • To remove a certificate: no ip https certificate Console (config)# ip https certificate 1 • Before using this command, use the crypto certificate generate command in order to generate an HTTPS certificate.
  • 47. CLI – HTTPS Show Commands • Use the following Privileged EXEC command to view HTTPS server configuration: show ip https • Use the following Privileged EXEC command to view the SSL certificate of your device: show crypto certificate mycertificate [number]