HSC
Network Security Consulting Agency Since 1989 - Specialized in Unix, Windows, TCP/IP and Internet
Text mode: access to the page content
Hervé Schauer Consultants
You are here: Home > Resources > Articles > Détection de tunnels aux limites du périmètre
Go to: HSC Trainings
Search:  
Version française
   Services   
o Skills & Expertise
o Consulting
o ISO 27001 services
o Audit & Assessment
o Penetration tests
o Vunerability assessment (TSAR)
o Forensics
o ARJEL
o Training courses
o E-learning
   Conferences   
o Agenda
o Past events
o Tutorials
   Resources   
o Thematic index
o Tips
o Lectures
o Courses
o Articles
o Tools (download)
o Vulnerability watch
   Company   
o Hervé Schauer
o Team
o Job opportunities
o Credentials
o History
o Partnerships
o Associations
   Press and
 communication
 
 
o HSC Newsletter
o Press review
o Press releases
o Publications
   Contacts   
o How to reach us
o Specific inquiries
o Directions to our office
o Hotels near our office
|>|Détection de tunnels aux limites du périmètre  
> Access to the content HTML Beginning of the article
PDF PDF version [216KB]  
> Description Détection de tunnels aux limites du périmètre - SSTIC06, juin 2006  
> Context & Dates Publication and presentation during SSTIC06
Publication sur www.hsc.fr le 21 July 2006  
> Author Alain Thivillon and Guillaume Lehembre  
> Type  
> Abstract &
Table of content

Abstract

Les tunnels peuvent être définis comme des encapsulations de protocoles de bas niveau dans des protocoles de plus haut niveau (ou de niveau équivalent) permettant une connexion entre deux noeuds du réseau pour transporter des données arbitraires. L'utilisation de tels tunnels permet de s'affranchir des limites de la sécurité en s'appuyant sur des protocoles couramment autorisés afin d'en véhiculer des potentiellement prohibés. De tels tunnels peuvent avoir une utilisation légitime mais ils peuvent également être utilisés pour contourner (consciemment ou non) la politique de sécurité de l'entreprise. Lors de cette conférence, les consultants HSC présenteront les différents types de tunnels exploitables accompagnés d'une étude des logiciels communément utilisés. Différentes méthodes de détections de tunnels et de métriques utilisables seront présentés, ainsi qu'une suite d'outils développée par HSC pour la détection de tunnels par écoute réseau et analyse comportementale.

Introduction

Tunnel types and tools

  • HTTP tunnels
  • ICMP tunnels
  • DNS tunnels
  • Realtime detection
  • Architectures and constraints
  • Protocol analysis

Statistical detections

  • Principles
  • Metrics
  • Connection duration
  • Upload/Download Ratio
  • Packets size
  • Interval between requests

Moltunnel

  • Principle and usage
  • Detected tunnels
  • Realtime detection

Limitations and bugs, evolutions

 
> Related documents
themeSecurity Architectures
[Presentation]  DNS Finger - Sharing identity via the DNS [7 June 2012 - French]
[Presentation]  Industrial control systems security. Scadastrophe... or not. [15 May 2012 - French]
[Presentation]  Multi-layers in depth security [19 March 2011 - French]
[Article]  Évolution des attaques de type Cross Site Request Forgery [1 June 2007 - French]
[Presentation]  Tunnels detection at network border [2 June 2006 - French]
[Presentation]  How to make one's Internet security [5 January 2002 - French]
[Presentation]  Security architecture for connecting to the Internet [18 December 2001 - French]
[Article]  How to set up security systems? [29 March 2001 - French]
[Presentation]  How to insert VPNs in existing security architectures? [29 September 1999 - French]
[Article]  TAFIM - Technical Architecture Framework for Information Management [May 1997 - French]
[Article]  How to build a secure Internet access architecture? [October 1995 - French]
themeHTTP (HyperText Transfer Protocol)
[Tool]  Webef tool [Bruteforcer of web server files and directories - English]
[Presentation]  Webshells, real threat for information systems ? [1 December 2009 - French]
[Article]  Évolution des attaques de type Cross Site Request Forgery [1 June 2007 - French]
[Presentation]  Encrypting hostile Web content over HTTP [31 May 2007 - French]
[Tip]  Configuring and using modsecurity2 [24 April 2007 - French]
[Tip]  Presentation of Apache ModSecurity module [14 June 2006 - French]
[Presentation]  Tunnels detection at network border [2 June 2006 - French]
[Tip]  HTTP/HTTPS authentication methods [10 March 2003 - French]
[Tool]  Subweb tool [HTTP reverse proxy - English]
[Presentation]  Prospects and drawbacks of the new HTTP versions [24 October 1996 - French]
[Presentation]  HTTP/1.1 [6 June 1996 - French]
[Presentation]  Using HTTP/1.1 for building a security proxy [19 March 1996 - French]
themeSSL (Secure Socket Layer)
[Course]  Data Exchanges Security: IPsec, SSL, SSH
[Presentation]  Tunnels detection at network border [2 June 2006 - French]
[Presentation]  Firewalls are not dead [10 May 2005 - French]
[Presentation]  SSL VPN connection multiplexing techniques [7 April 2005 - English]
[Presentation]  SSLtunnel for Windows [22 September 2004 - French]
[Tip]  FTP over SSL [2 August 2004 - ]
[Presentation]  SSLTunnel : VPN for roadwarriors [4 February 2004 - French]
[Tool]  SSLTunnel tool [PPP VPN on SSL - English]
[Tip]  HTTP/HTTPS authentication methods [10 March 2003 - French]
[Presentation]  OpenSSL and applications of OpenSSL [6 November 2002 - French]
[Presentation]  Monkey in the Middle Attacks against SSH and HTTPS [23 January 2002 - French]
[Tip]  Apache: Virtual hosts and SSL (mod_ssl) [21 December 2001 - French]
[Tip]  Using OpenSSL for SSL/TLS applications [21 December 2001 - French]
[Tip]  Why HTTPS is not web security [7 May 2001 - English]
[Presentation]  Monkey in the middle attacks against SSH and HTTPS [6 February 2001 - French]
[Tip]  Instaling postfix with TLS (secure mail server) [30 November 2000 - French]
[Presentation]  Network encryption: IPsec, SSL, SSH [26 September 2000 - English]
[Presentation]  SMTP-TLS: Towards securing SMTP [11 September 2000 - French]
[Presentation]  Network Encryption: IPsec, SSL, SSH [26 April 2000 - French/English]
[Presentation]  Network Security with Linux: SSL, IPsec, SSH [1 February 2000 - French]
[Presentation]  Secure Socket Layer (SSL) [22 April 1997 - French]
themeVPN (Virtual Private Networks)
[Tool]  SSToPer tool [A Linux implementation for SSTP client - English]
[Presentation]  Tunnels detection at network border [2 June 2006 - French]
[Presentation]  SSL VPN connection multiplexing techniques [7 April 2005 - English]
[Presentation]  SSLtunnel for Windows [22 September 2004 - French]
[Presentation]  SSLTunnel : VPN for roadwarriors [4 February 2004 - French]
[Tool]  SSLTunnel tool [PPP VPN on SSL - English]
[Presentation]  IP VPN with IPsec tunnels [12 September 2001 - French]
[Presentation]  How to insert VPNs in existing security architectures? [29 September 1999 - French]
[Presentation]  Protocols for tunneling and network security [29 September 1999 - French]
[Presentation]  Encrypted tunnels with Linux [18 June 1999 - French]
> Copyright © 2006, Hervé Schauer Consultants, all rights reserved.

 

Last modified on 21 July 2006 at 17:16:12 CET - webmaster@hsc.fr
Information on this server - © 1989-2013 Hervé Schauer Consultants