| A comprehensive system of network security includes a lot of security instruments,such as firewall,IDS,anti-virus system. and with the enlargement of the size of companies,the number of security instrument increases accordingly.the top of network security becomes more complecated as well.so dynamic and centralized security management seems especially important. At the same time, in order to improve the ability to defend security,all kinds of instrument have to combine and cooperate.thus,data exchange is important between security instruments and central controllers,as well as between security intrusments.How to ensure the secrecy and integrety? SSL is a way in common use.The following article probes into the application process of SSL protocol and some security instruments involved, based on a careful analysis on TCP/IP protocol. these security techniques all make use of some security means in common use nowadays, such as RSA,MDS and so on.In the whole process of the analysis, this article gives an objective judge of the drawbacks embodied during the aplication process and brings forward another method to hijack ssl from another aspect,which makes use of the faultiness in technology and the shortcomings of human beings.The method brought forward by this article first analizes the TCP/IP network system,figures out the drawbacks existing in ARP, which lies at the bottom of Ethernet and realizes its purpose of blocking the data packets from other computers through IP deceiving.meanwhile, it realizes NAT by means of NDIS, thus it can actively capture data packets.In the blocking plan of the top customer model, it chooses OpenSSL, developed by Eric Yong to supply the public with a complete project to realize SSL.By combining the above techniques, we realize our purpose of capturing decrypted datagram.In fact, it's not our final purpose to attack or hijack SSL.it's more important to let the developers perfect the security SSL completely and systematically.
|
PDF Full Text Request