Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,

Similar documents
Internet Security. - IPSec, SSL/TLS, SRTP - 29th. Oct Lee, Choongho

VPN and IPsec. Network Administration Using Linux. Virtual Private Network and IPSec 04/2009

AIT 682: Network and Systems Security

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1

Network Encryption 3 4/20/17

Firewalls, Tunnels, and Network Intrusion Detection

Lehrstuhl für Netzarchitekturen und Netzdienste Fakultät für Informatik Technische Universität München. ilab. Lab 8 SSL/TLS and IPSec

HP Instant Support Enterprise Edition (ISEE) Security overview

Protocol Architecture (2) Suguru Yamaguchi Nara Institute of Science and Technology Department of Information Science

Transport Level Security

Internet security and privacy

IPSec. Overview. Overview. Levente Buttyán

Int ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28

CSC 6575: Internet Security Fall 2017

Pretty Good Privacy (PGP

Cryptography and Network Security

CONTENTS. vii. Chapter 1 TCP/IP Overview 1. Chapter 2 Symmetric-Key Cryptography 33. Acknowledgements

IP Security. Have a range of application specific security mechanisms

Cryptography and Network Security Chapter 16. Fourth Edition by William Stallings

Chapter 8 Network Security

CSE543 Computer and Network Security Module: Network Security

CSCE 715: Network Systems Security

Introduction and Overview. Why CSCI 454/554?

The IPsec protocols. Overview

PROGRAMMING Kyriacou E. Frederick University Cyprus. Network communication examples

Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2.

IP Security IK2218/EP2120

Configuration of an IPSec VPN Server on RV130 and RV130W

VPN World. MENOG 16 Istanbul-Turkey. By Ziad Zubidah Network Security Specialist

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

CIS 6930/4930 Computer and Network Security. Topic 8.1 IPsec

SFO17-406: IPsec Full Offload Support in OpenDataPlane. Bill Fischofer

IP Security. Cunsheng Ding HKUST, Kong Kong, China

Cryptography and secure channel. May 17, Networks and Security. Thibault Debatty. Outline. Cryptography. Public-key encryption

BCA III Network security and Cryptography Examination-2016 Model Paper 1

IPSec VPN Setup with IKE Preshared Key and Manual Key on WRVS4400N Router

Information Security & Privacy

VPN Overview. VPN Types

COSC 301 Network Management. Lecture 15: SSL/TLS and HTTPS

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

CSC 4900 Computer Networks: Security Protocols (2)

Virtual Private Network

14. Internet Security (J. Kurose)

Module 9. Configuring IPsec. Contents:

COMPUTER SECURITY. Computer Security Secure Communication Channels (2)

Computer Security 3e. Dieter Gollmann. Security.di.unimi.it/sicurezza1415/ Chapter 16: 1

CSE509: (Intro to) Systems Security

CS 356 Internet Security Protocols. Fall 2013

Overview. SSL Cryptography Overview CHAPTER 1

CIT 480: Securing Computer Systems

Network Security Chapter 8

Chapter 6: Security of higher layers. (network security)

Secure channel, VPN and IPsec. stole some slides from Merike Kaeo

Distributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013

COSC4377. Chapter 8 roadmap

Application Layer. Presentation Layer. Session Layer. Transport Layer. Network Layer. Data Link Layer. Physical Layer

Computer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography

Transport Layer Security

VPN, IPsec and TLS. stole slides from Merike Kaeo apricot2017 1

Lecture 9: Network Level Security IPSec

System i. Version 5 Release 4

The Internet community has developed application-specific security mechanisms in a number of application areas, including electronic mail (S/MIME,

Virtual Private Networks (VPN)

CTS2134 Introduction to Networking. Module 08: Network Security

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

MLR Institute of Technology

CSCE 715: Network Systems Security

Cryptography and Network Security. Sixth Edition by William Stallings

IPsec (AH, ESP), IKE. Guevara Noubir CSG254: Network Security

Service Managed Gateway TM. Configuring IPSec VPN

Information and Network Security UNIT-I PLANNING FOR SECURITY

Using the Terminal Services Gateway Lesson 10

SSL/TLS. How to send your credit card number securely over the internet

Network Security and Cryptography. 2 September Marking Scheme

Network Encryption Methods

Sample excerpt. Virtual Private Networks. Contents

Sankalchand Patel College of Engineering, Visnagar Department of Computer Engineering & Information Technology. Question Bank

Junos Security. Chapter 8: IPsec VPNs Juniper Networks, Inc. All rights reserved. Worldwide Education Services

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Data Communication Prof.A.Pal Dept of Computer Science & Engineering Indian Institute of Technology, Kharagpur Lecture - 40 Secured Communication - II

8. Network Layer Contents

Network Security - ISA 656 IPsec IPsec Key Management (IKE)

Configuring VPN from Proventia M Series Appliance to Proventia M Series Appliance

10EC832: NETWORK SECURITY

IPSec Transform Set Configuration Mode Commands

Computer Security 3e. Dieter Gollmann. Security.di.unimi.it/sicurezza1516/ Chapter 16: 1

Security Engineering. Lecture 16 Network Security Fabio Massacci (with the courtesy of W. Stallings)

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to

Chapter 8. Network Security. Need for Security. An Introduction to Cryptography. Transposition Ciphers One-Time Pads

Glenda Whitbeck Global Computing Security Architect Spirit AeroSystems

Chapter 10: Cipher Techniques

School of Computer Sciences Universiti Sains Malaysia Pulau Pinang

iii PPTP... 7 L2TP/IPsec... 7 Pre-shared keys (L2TP/IPsec)... 8 X.509 certificates (L2TP/IPsec)... 8 IPsec Architecture... 11

Network Security Protocols NET 412D

Principles of Information Security, Fourth Edition. Chapter 8 Cryptography

Securing Enterprise Extender

Acronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector

Index. Numerics 3DES (triple data encryption standard), 21

IBM i Version 7.2. Security Virtual Private Networking IBM

Chapter 8. Network Security. Cryptography. Need for Security. An Introduction to Cryptography 10/7/2010

Transcription:

Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls 32.1 Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

32.2 Figure 32.1 Common structure of three security protocols

32-1 IPSecurity y( (IPSec) IPSecurity (IPSec) is a collection of protocols designed by the Internet Engineering Task Force (IETF) to provide security for a packet at the network level. Topics discussed in this section: Two Modes Two Security Protocols Security Association Internet Key Exchange (IKE) Virtual Private Network 32.3

32.4 Figure 32.2 TCP/IP protocol suite and IPSec

32.5 Figure 32.3 Transport mode and tunnel modes of IPSec protocol

Note IPSec in the transport mode does not protect the IP header; it only protects the information i coming from the transport layer. 32.6

32.7 Figure 32.4 Transport mode in action

32.8 Figure 32.5 Tunnel mode in action

Note IPSec in tunnel mode protects the original i IP header. 32.9

Figure 32.6 Authentication Header (AH) Protocol in transport mode 32.10

Note The AH Protocol provides source authentication ti ti and data integrity, it but not privacy. 32.11

Figure 32.7 Encapsulating Security Payload (ESP) Protocol in transport mode 32.12

Note ESP provides source authentication, data integrity, it and privacy. 32.13

32.14 Table 32.1 IPSec services

Figure 32.8 Simple inbound and outbound security associations 32.15

Note IKE creates SAs for IPSec. 32.16

Figure 32.9 IKE components 32.17

32.18 Table 32.2 Addresses for private networks

Figure 32.10 Private network 32.19

Figure 32.11 Hybrid network 32.20

Figure 32.12 Virtual private network 32.21

Figure 32.13 Addressing in a VPN 32.22

32-2 SSL/TLS Two protocols are dominant today for providing security at the transport layer: the Secure Sockets Layer (SSL) Protocol and the Transport Layer Security (TLS) Protocol. The latter is actually an IETF version of the former. Topics discussed in this section: SSL Services Security Parameters Sessions and Connections Four Protocols Transport Layer Security 32.23

Figure 32.14 Location of SSL and TLS in the Internet model 32.24

32.25 Table 32.3 SSL cipher suite list

32.26 Tbl Table 32.33 SSL cipher suite list (continued)

Note The client and the server have six different cryptography secrets. 32.27

Figure 32.15 Creation of cryptographic secrets in SSL 32.28

Figure 32.16 Four SSL protocols 32.29

Figure 32.17 Handshake Protocol 32.30

Figure 32.18 Processing done by the Record Protocol 32.31

32-3 PGP One of the protocols to provide security at the application layer is Pretty Good Privacy (PGP). PGP is designed to create authenticated and confidential e-mails. Topics discussed in this section: Security Parameters Services A Scenario PGP Algorithms Key Rings PGP Certificates t 32.32

Figure 32.19 Position of PGP in the TCP/IP protocol suite 32.33

Note In PGP, the sender of the message needs to include the identifiers of the algorithms used in the message as well as the values of the keys. 32.34

Figure 32.20 A scenario in which an e-mail message is authenticated and encrypted 32.35

32.36 Table 32.4 PGP Algorithms

Figure 32.21 Rings 32.37

Note In PGP, there e can be multiple paths from fully or partially trusted authorities to any subject. 32.38

32-4 FIREWALLS All previous security measures cannot prevent Eve from sending a harmful message to a system. To control access to a system, we need firewalls. A firewall is adevice installed between the internal network of an organization and the rest of the Internet. It is designed to forward some packets and filter (not forward) others. Topics discussed in this section: Packet-Filter Firewall Proxy Firewall 32.39

Figure 32.22 Firewall 32.40

Figure 32.23 Packet-filter firewall 32.41

Note A packet-filter firewall filters at the network or transport t layer. 32.42

Figure 32.24 Proxy firewall 32.43

Note A proxy firewall filters at the application layer. 32.44

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback