System Security Final Project

Chafic Abou Mefleh Haidar Mtairek

Overview
Create Certificate Configuring SSL + Oracle GlassFish Configuring SSL + Tomcat

Create Certificate
Generate KeyStore

Create Certificate
Generate Server.cr

Create Certificate
add the server certificate to the truststore file

Configuring SSL + Oracle GlassFish

Configuring SSL + Oracle GlassFish

Configuring SSL + Oracle GlassFish

Internet Protocol Security -Suite of protocols for securing IP communications Provides communication between -Client to server -Server to server -Network to network Provides authentication Prevents ears dropping Replay attack

Integrated with Windows Firewall Support for IPv6

Improved load balancing and clustering support

More encryption algorithm

Logical group of security parameters - Contains algorithm used - Contains key sizes Hosts it negotiate with each other to obtain a common SA

Internet Key Exchange (IKE) - Transfers SA parameters - Handles negotiation of protocols - Generates Keys Authentication Header (AH) - Host and client authentication - Data Integrity - Anti-Replay - Does not support NAT Encapsulation Security Payload (ESP) - All of the above plus data encryption and NAT support

Main Mode -Time consuming to make sure identity of each party -Establish a secure connection to configure quick mode Quick mode - Used to communicate with each party AH often used for Main Mode ESP often used for Quick Mode

Isolation - Based on authentication criteria Authentication Exemption - Specify computers that do not need to authenticate Server to server - Can enter in your own end point or points Tunnel - Embeds IPsec packet in an IP packet

Kerberos - Computer or computer and user Certificates NTLMv2 - Computer is in a work group - Firewall is blocking Kerberos

Preshared Key - Very weak, not recommended