Presentation is loading. Please wait.

Presentation is loading. Please wait.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

Published bySilas Boone Modified over 8 years ago

Similar presentations

Presentation on theme: "_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1."— Presentation transcript:

1 _______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1  Wiley and the book authors, 2001 E-Commerce: Fundamentals and Applications Chapter 8 : Internet Security

2 _______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications2  Wiley and the book authors, 2001 Outline IPSec protocol The authentication header (AH) service The encapsulating security payload (ESP) service Application of IPSec : Virtual private network Firewalls Different types of firewalls Examples of firewall systems Secure socket layer (SSL)

3 _______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications3  Wiley and the book authors, 2001 IPSec Service Protected IP packet Upper Layer Data IPSec Header IP Header SPD and SAD IPSec Processor IPSec-enabled host or gateway Non-IPSec enabled host IPSec-enabled gateway IP Header IPSec-enabled host/gateway SA Unprotected IP packet Protected IP packet through tunneling SA Upper Layer Data IP Header IPSec Header Gateway’s IP Header Upper Layer Data

4 _______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications4  Wiley and the book authors, 2001 AH Service (Transport Mode) IP Header Upper Layer Data IP Header AH Authenticated (for immutable fields in the IP Packet) Protected IP packet (AH transport mode) Unprotected IP packet Upper Layer Data

5 _______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications5  Wiley and the book authors, 2001 AH Service (Tunnel Mode) IP Header Upper Layer Data IP Header Authenticated (for immutable fields in the IP packet) Protected IP packet (AH tunnel mode) Unprotected IP packet New IP Header * * typically with gateway’s IP address Upper Layer Data IP HeaderAH

6 _______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications6  Wiley and the book authors, 2001 ESP Service (Transport Mode) Protected IP Packet (ESP transport mode) Unprotected IP packet Upper Layer Data IP Header Upper Layer Data ESP Header Authenticated Encrypted IP Header ESP Trailer ESP Auth

7 _______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications7  Wiley and the book authors, 2001 ESP Service (Tunnel Mode) * with gateway’s IP address Protected IP packet (ESP tunnel mode) Unprotected IP packet IP Header Upper Layer Data ESP Header Authenticated Encrypted New IP Header * ESP Trailer ESP Auth Upper Layer Data

8 _______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications8  Wiley and the book authors, 2001 Virtual Private Network Non- IPSec enabled host IPSec enabled gateway Internet IPSec enabled gateway Intranet IPSec enabled host Intranet Non- IPSec enabled host IPSec enabled host End-to-end SA IP Tunnel

9 _______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications9  Wiley and the book authors, 2001 Firewall Internet Firewall Insecure Secure Intranet

10 _______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications10  Wiley and the book authors, 2001 Types of Firewalls Packet Filtering Router Application Level Gateway Circuit Level Gateway

11 _______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications11  Wiley and the book authors, 2001 Firewall Example Intranet Internet Public server (e.g. web server) PR PR Private server Hosts Bastion host (application gateway) PR: Packet filtering router b a Hosts Source IP Address Source Port Destination IP address Destination Port Action (allow/ deny)Remarks * * b * Allow (inbound only) Allow internet hosts to communicate with the public server. b *** Allow (outbound only) Allow the public server to communicate with internet hosts. ** a * Allow (inbound only) Allow internet hosts to communicate with the intranet through the bastion host. a *** Allow (outbound only) Allow intranet hosts to communicate with the Internet through the bastion host. **** DenyDeny all other packets. (Note : Each small letter represents an IP address. * means any value. A specific port may also be set) Illustrative filtering rules for the packet filtering router Reference : Semeria, C., Internet Firewalls and Security, http://www.3com.com/technology/tech_net/white_papers/500619s.html, 1996http://www.3com.com/technology/tech_net/white_papers/500619s.html

12 _______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications12  Wiley and the book authors, 2001 Firewall Example Key filtering rules for the inside packet filtering router Intranet DMZ Internet Public server (e.g. web server) OP R Modem pools IP R Private server Hosts Bastion host (application gateway) IPR: Inside packet filtering router OPR: Outside packet filtering router a b Hosts Source IP Address Source PortDestination IP address Destination PortAction (allow/ deny) Remarks ** a * Allow (inbound only) Allow internet hosts to communicate with the bastion host. ** b * Allow (inbound only) Allow internet hosts to communicate with the public server directly. a *** Allow (outbound only) Allow intranet hosts to communicate with the internet through the bastion host. b *** Allow (outbound only) Allow the public server to communicate with internet hosts. **** DenyDeny all other packets. (Note : Each small letter represents an IP address. * means any value. A specific port may also be set.) Reference : Semeria, C., Internet Firewalls and Security, http://www.3com.com/technology/tech_net/white_papers/500619s.html, 1996http://www.3com.com/technology/tech_net/white_papers/500619s.html

13 _______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications13  Wiley and the book authors, 2001 Firewall Example (Cont’) Illustrative filtering rules for the inside packet filtering router (Note : Each small letter represents an IP address. * means any value. A specific port may also be set.) Source IP Address Source Port Destination IP address Destination Port Action Remarks a *** Allow Allow internet hosts to communicate with the intranet through the bastion host. (from the DMZ to the intranet only) ** a * Allow Allow intranet hosts to communicate with the internet through the bastion host. (from the intranet to the DMZ only) **** Deny Deny all other packets.

14 _______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications14  Wiley and the book authors, 2001 Secure socket layer (SSL) SSL was invented by Netscape to make use of TCP to provide an end-to-end secure data transport service e.g., for HTTP A socket connection is set up to port 443 instead of port 80 of the Web server. In the URL, “https” instead of “http” is used. Visit:  http://home.netscape.com/eng/ssl3/draft302.txt A TLS working group has been formed within the IETF to develop a common standard.

15 _______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications15  Wiley and the book authors, 2001 Functions of the SSL sub-protocols SSL handshake protocol  Allow the server and the client to agree the security parameters for subsequent data transfer SSL change cipher spec protocol  Change/update the cipher suite SSL alert protocol  Send an alert message to the other side SSL record protocol  Provide secure data transport service using the agreed security parameters

16 _______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications16  Wiley and the book authors, 2001 Handshake Protocol (a) Full version (b) Resuming a previous session (1) Send ClientHello (2) Return ServerHello (3) Send Digital Certificates(if required) (4) Send ServerKeyExchange(if required) (5) Send CertificateRequest(if required) (6) Send ServerHelloDone (7) Send Digital Certificates(if required) (8) Send ClientKeyExchange (9) Send CertificateVerify (if required) (10) Send ChangeCipherSpec (11) Send Finished (12) Send ChangeCipherSpec (13) Send Finished ClientServer (1) Send ClientHello (2) Return ServerHello (3) Send ChangeCipherSpec (4) Send Finished (5) Send ChangeCipherSpec (6) Send Finished ClientServer

17 _______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications17  Wiley and the book authors, 2001 Secure System for The VBS Private Network Internet Business partners (e.g. publishers) Branch Offices Public IP tunnel SSL Other systems Firewall VBS Intranet

Download ppt "_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1."

Similar presentations

IPSec.

IPSec.
CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
Internet Security CS457 Seminar Zhao Cheng. Security attacks interruption, interception, modification, fabrication passive attack, active attack.

Internet Security CS457 Seminar Zhao Cheng. Security attacks interruption, interception, modification, fabrication passive attack, active attack.
Network Security Professor Dr. Adeel Akram. Firewalls, SSL, VPN and IPSec.

Network Security Professor Dr. Adeel Akram. Firewalls, SSL, VPN and IPSec.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206) 217-7048

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Network Security. Reasons to attack Steal information Modify information Deny service (DoS)

Network Security. Reasons to attack Steal information Modify information Deny service (DoS)
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.

McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.

1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.

IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.

VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.
Protocol Basics. IPSec Provides two modes of protection –Tunnel Mode –Transport Mode Authentication and Integrity Confidentiality Replay Protection.

Protocol Basics. IPSec Provides two modes of protection –Tunnel Mode –Transport Mode Authentication and Integrity Confidentiality Replay Protection.

Similar presentations

Ads by Google