This paper covers vulnerabilities and possible mitigations in the SSL/TLS encryption techniques. In order to do that an HTTPS web server will be implemented and will be accessed through a virtual network. The virtual network will be protected through a proprietary NGFW (Next Generation Firewall) from Palo Alto Networks, the paper will explore its Malware Detection and SSL Decryption capabilities showing their advantages and/or weaknesses. In order to verify the firewall’s effectiveness a MITM (Man In The Middle) attack will be deployed inside the virtual network. This paper will end by showing and describing the results obtained by analyzing the NGFW tools and their behaviour against the network attacks.
Questo documento affronta le vulerabilità e le possibili contromisure nell’utilizzo delle tecniche di cifratura SSL/TLS. Per farlo verrà creata una rete virtuale che accederà ad un server web HTTPS. La rete virtuale sarà protetta dal Firewall di nuova generazione (NGFW) proprietario di Palo Alto Networks, esplorando le funzionalità di Malware Detection e SSL Decryption, elencandone i vantaggi e/o svantaggi. Per dimostrare l’efficacia del firewall verrà sviluppato un attacco MITM (Man In The Middle). Si dimostrano infine i risultati dell’esperimento dati dall’analisi del comportamento degli strumenti del Firewall contro gli attacchi di rete.
Managing Security of Computer Network Applications using Encryption Techniques
MARTINI, MARCO
2021/2022
Abstract
This paper covers vulnerabilities and possible mitigations in the SSL/TLS encryption techniques. In order to do that an HTTPS web server will be implemented and will be accessed through a virtual network. The virtual network will be protected through a proprietary NGFW (Next Generation Firewall) from Palo Alto Networks, the paper will explore its Malware Detection and SSL Decryption capabilities showing their advantages and/or weaknesses. In order to verify the firewall’s effectiveness a MITM (Man In The Middle) attack will be deployed inside the virtual network. This paper will end by showing and describing the results obtained by analyzing the NGFW tools and their behaviour against the network attacks.File | Dimensione | Formato | |
---|---|---|---|
Martini_Marco.pdf
accesso aperto
Dimensione
2.62 MB
Formato
Adobe PDF
|
2.62 MB | Adobe PDF | Visualizza/Apri |
The text of this website © Università degli studi di Padova. Full Text are published under a non-exclusive license. Metadata are under a CC0 License
https://hdl.handle.net/20.500.12608/33541