Archive

Posts Tagged ‘Protocols’

OpenSSL: Introduction

April 9, 2009 Leave a comment

OpenSSL is an open source implementation of the SSL and TLS protocols. The core library (written in the C programming language) implements the basic cryptographic functions and provides various utility functions. Wrappers allowing the use of the OpenSSL library in a variety of computer languages are available.
OpenSSL is based on the excellent SSLeay library developed by Eric A. Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an Apache-style licence, which basically means that you are free to get and use it for commercial and non-commercial purposes subject to some simple license conditions.

Versions are available for most Unix-like operating systems (including Solaris, Linux, Mac OS X and the four open source BSD operating systems), OpenVMS and Microsoft Windows.

FIPS 140-2 Complience:

OpenSSL is one of the few open source programs to be validated under the FIPS 140-2 computer security standard by the National Institute of Standards and Technology‘s Cryptographic Module Validation Program.
[Note: FIPS stands for Federal Information Processing Standard]

Present Version:

openssl-1.0.0-beta1 [ Works under FIPS mode as weel as NON-FIPS Mode (Beta Version) ]

openssl-0.9.8k [Works under FIPS mode as well as NON-FIPS mode (Stable Version)]

openssl-fips-1.2 [ Works Under FIPS Mode ]

The other version of the setup files, documentations and other informations can be obtained from http://www.openssl.org/

Advertisements

SSL VPN: Part2(Secured Socket Layer)


Now, we come to SSL.
SSL is a type of protocol; like other protocols: TCP protocol or UDP protocol etc. SSL stands for Secured Socket Layer.

So, what is this secured socket layer?
It is an internet protocol for secure, end to end exchange of information between a browser and a web server. It is sandwiched between the TCP/IP and the application layer. It was developed by Netscape Corporation in 1994. It is supported by all major browsers in the WWW. Conceptually, SSL is visualized as an additional layer in the TCP/IP protocol suite. It provides security in two ways, in terms of confidentiality and authenticity at an application level. TCP/IP provides reliable packet transfer but SSL provides secure packet transfer. The SSL is preceded by the TCP/IP and the data link layer, which means that applications that use SSL will automatically avail the services of TCP/IP and DLL. Since SSL resides above the TCP/IP layer, so it can ensure secure communication between numerous application level protocols on the internet.
However, SSL only secures web sessions and not the e-mail or file transfer sessions. This is one of the reasons why confidential information like credit card numbers is not exchanged via e-mail. In case of SSL, since the packet data is encrypted, so it can be viewed by the viewer while transit, but can not be deciphered. The SSL ensures secure data transfer, but it is not responsible for security of data residing in the web client or server. Thus only the application layer data is encrypted by SSL. Logically, SSL acts as a pipe between the web browser and a server.
OK. Everything fine. So, what it the connection of ‘SSL’ with ‘VPN’?
It is very easy and the answer is in the last paragraph. SSL only secures web sessions and not the e-mail or file transfer sessions. So, as we need to secure our communication, we have to use SSL.

Now, consider the example of John. He wants to connect to the NPN in his office. Here is the step by step connectivity of SSL-VPN:

1.     John opens a web-browser and enters the URL (Uniform Resource Locator).
2.    Then a login screen comes from the VPN where, John has to put his credentials (username & password).
3.    After that, the VPN will try to authenticate John as a registered user. If, successful, the user console will be opened else an error message will be showed.
4.    After successful authentication, in the user console, John will do his job. For example, file sharing service (FTP Service) with his own computer.
5.    Then John will log out from the user console. All these steps 1 to 5, the data will be sent and received in an encrypted form (thanks to SSL!).

So, today, I end here… too much of ‘Gyan’ were given…

On Next Post: Architecture details of VPN