Wind River Embedded Networking Security

The Wind River® Embedded Networking Security workshop provides engineers with a fast, cost-effective way to acquire the skills necessary to deal with the challenges that are unique to network security features in an embedded environment.

After this workshop, students will be able to perform the following:

• Describe encryption, authentication, and hashing algorithms, and how these protocols affect an embedded device
• Build a secure connection between devices, and examine potential risks
• Use common techniques and industry-standard security protocols such as SSH, to secure an unsecured link with port forwarding and tunnels
• Configure, operate, and program the secure socket layer (SSL), the standard web security protocol
• Leverage the building blocks of IPSec to secure an embedded device
• Use firewalls to secure a network, control traffic, and log potential attacks
• Apply design principles for embedded networking security.

• Wind River Linux 3.0
• VxWorks 6.8

• Developers who work with embedded systems and need to know more about security threats and how to avoid them
• Engineers who have good networking knowledge and want to extend their knowledge on networking security
• Experienced Linux or VxWorks programmers who want to expand their skills in embedded networking security
• Experienced engineers who want a refresher course to update their network security skills and knowledge
• System architects who want to explore the security requirements of common embedded devices
• Testers who need to understand how to approach network security testing
• Information security engineers who need a better understanding of the challenges in the embedded world

Day 1

Introduction to Embedded Device Security

• What is security?
• Security threats
• Denial of service (DoS)
• Buffer overflow
• Port scanning
• Eavesdropping
• Unauthorized access
• Masquerading
• Session replay
• Session hijacking
• CIA (confidentiality, integrity, availability)
• Security policy
• Defining security policies
• Development process
• LAB: Performing a denial of service (DoS) attack on a device using simple tools and programming techniques

Introduction to Cryptography

• Encryption overview
• Symmetric cryptography
• DES & 3DES
• RC4
• AES
• Public key cryptography
• RSA
• Hash functions
• Hash-based message authentication code (HMAC)
• Digital signatures
• Digital certification and PKI

Secure Connectivity – Tunneling

• Introduction
• Encapsulation
• Tunnel types, IP in IP, PPPoE, IPSec
• VLAN
• LAB: Configure IPv6 in IPv4 , and GRE tunnels

Secure Connectivity - VPN

• VPN
• VPN Types and encryption
• MPLS
• MPLS routing
• MPLS VPN
• PP-VPN
• CPE-VPN
• Session based VPN

SSH

• Introduction to SSH
• SSH architecture
• SSH security features
• SSH protocol suite
• OpenSSH
• LAB: SSH port forwarding (securing insecure protocol)

The Secure Socket Layer (SSL/TLS)

• Introduction to SSL
• SSL architecture
• SSL protocol suite
• SSL security features
• Inside SSL
• The handshake process
• The session
• SSL-VPN
• LAB: SSL configuration, operation and programming (X.509 certification)

Day 2

IPsec and IKE

• Introduction to IPsec
• IPSec architecture
• IPSec operation modes
• Security association and SPD
• IPsec main protocols
• AH
• ESP
• Key management in IPSec
• IKEv1
• IKEv2
• IKEv2 packet flow
• LAB: IPsec and SA configuration

Firewall

• Understanding firewalls
• Firewall types
• Packet-filtering firewalls
• Application proxies
• Stateful packet inspection
• Common firewall implementations
• Deep packet inspection (DPI)
• Working with firewall rules
• iptables
• LAB: Building a secure network with a firewall (traffic filters, rate limiting, traffic fragmentations, TCP/UDP stateful configuration)

NAT/PAT

• Overview
• How does NAT work?
• Dynamic NAT/PAT example
• NAT traversal
• LAB: NAT and NAPT mapping

Embedded network security design consideration

• Network security design model
• Common problems
• Hardware offload

Prerequisite Courses

• None

Prerequisite Skills

• Good understanding of embedded OS concepts and some network programming experience (e.g., basic socket programming)
• Acquainted with one or more security protocols and RFC

• This two-day expert-led workshop consists of lectures and lab sessions.
• Attendees use Wind River Linux 3.0 and VxWorks 6.8 to gain experience with the topics presented. li>
• Participants receive individual guidance from an expert engineer who has extensive experience with Wind River technologies.

• Wind River Embedded Networking Essentials Workshop