For over thirty years TCP has been the most secure, robust reliable transport protocol. The IETF is rapidly approaching a new standard with the release of the Nov 2, 2020, QUIC Transport Draft Standard. There are 200 pages in the transport standard and several hundred in related QUIC standards. In this course, we will offer the newest in explanation of the narrative and advanced illustrations, and practical examples of how the protocol works. Similarities and differences from TCP, corporate, SMB, and home security implications, security pitfalls, difficulties, and potential firewall fixes to make QUIC safer.
Key concepts covered include:
Bottom Line Up Front: Security Risks
Triple web performance? True?
QUIC Transport Draft Standard Elements and Options
History of QUIC
Overcoming effects of Latency
Combining multiple protocol functions into one combined heuristic tuned protocol
QUIC Performance Benchmark Basics
Single Object load vs. Multiple Object Load
Origins of number zero and Zero RTT 0-RTT Concepts
Comparing TCP – SSL- TLS – HTTP transactions
Network Volleyball Request-Reply vs Sliding Window
OSI Model comparison step by step, packet by packet
What are Middleboxes and why are they Blinded by QUIC?
Why is QUIC not safe?
What has yet to be accomplished to make QUIC Safe?
Detailed packet analysis of QUIC vs TCP SSL TLS UDP
Detailed Packet Analysis of Performance Benchmarks
Identifying QUIC use in Enterprise environments fast.
WireShark, TCPdump capture, and display filters. to find QUIC