1. Lecture 6 (Chapter 16,17,18) Network and Internet Security Prepared by Dr. Lamiaa M. Elshenawy 1

2.  Transport-level security (Chapter 16)  Web Security Considerations  Secure Socket Layer and Transport Layer Security  Transport Layer Security (TLS)  HTTPS  Secure Shell (SSH)

3.  Internet security : is a branch of computer security browser security  Secure Socket Layer (SSL) security services between TCP (Transmission Control Protocol) and applications use TCP via Transport Layer Service  SSL/TLS confidentiality & data integrity symmetric encryption & message authentication code (MAC)  HTTPS (HTTP over SSL) combination of HTTP and SSL secure communication between Web browser & Web server  Secure Shell (SSH) secure remote logon and other secure client/server facilities involves provides by Refers to implemen t provides

4.  Internet is two-way Web is vulnerable to attacks  Business transactions Reputations damaged and money lost Web servers subverted  Web software hide many potential security flaws vulnerable to a variety of security attacks

5.  Web server launching pad attacker access data systems connected to server at local site  Untrained (in security matters) users are common clients Web-based services not have tools or knowledge to effective countermeasures

7.  SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private  TLS (Transport Layer Security) is just an updated, more secure, version of SSL  SSL was developed by Netscape is an American computer services company, best known for Netscape navigator, its web browser

8.  SSL Record Protocol provides two security services  Confidentiality: Handshake Protocol defines a shared secret key that is used for conventional encryption  Message Integrity: Handshake Protocol defines a shared secret key that is used to form a message authentication code (MAC) SSL Protocol Stack

10.  Most complex part of SSL  Used before any application data is transmitted  Allows the server and client to authenticate each other  Negotiate an encryption & MAC algorithm & cryptographic keys to protect data

11.  Type (1 byte) Indicates one of 10 messages  Length (3 bytes) length of the message in bytes  Content (≥ 0 bytes) parameters associated with this message

13.  Least complex part of SSL  Consists of a single message (single byte with the value 1)  Updates cipher suite to be used on this connection

14.  Convey SSL-related alerts to the peer entity  Alert messages are compressed and encrypted  Each message in this protocol consists of two bytes warning fatal 1 2 Unexpected _ message An appropriate message was received

15.  What is HTTPS?  HTTPS built into all modern Web browsers  URL (Uniform Resource Locator)  https:// port 443  http:// port 80 Hypertext Transfer Protocol (HTTPS): is an application protocol to exchange or transfer hypertext Hypertext: is text displayed on a computer display with hyperlinks to other text which the reader can immediately access

16. Protocol Identifier Domain Name Protocol Type Source Location  URL is a web address  ftp://www.webopedia.com/stuff.exe  http://www.webopedia.com/index.html Uniform Resource Locator (URL) was developed by Tim Berners-Lee in 1994 and the Internet Engineering Task Force (IETF) URI working group

17.  What is SSH?  SSH is a protocol for secure network communications designed to be simple and inexpensive  What are versions of SSH?  SSH1 email/file transfer  SSH2 fixes security flaws of SSH1 SSH Communications Security Corporation is a Finnish company was founded by Tatu Ylönen in 1995. It is known as the inventor and original developer of the Secure Shell protocol and it currently has about 100 employees

18.  SSH uses public-key cryptography to authenticate the remote computer and allow it to authenticate the user  There are several ways to use SSH 1. Automatically generated public-private key pair to simply encrypt a network connection and use password authentication to log on 2. Manually generated public-private key pair

20. Thank you for your attention

21. 1. https://www.symantec.com/page.jsp?id=ssl- information-center https://www.symantec.com/page.jsp?id=ssl- information-center 2. https://cryptoreport.websecurity.symantec.com/ checker/views/certCheck.jsp https://cryptoreport.websecurity.symantec.com/ checker/views/certCheck.jsp 3. http://www.studytonight.com/computer- networks/comparison-osi-tcp-model http://www.studytonight.com/computer- networks/comparison-osi-tcp-model 4. http://www.webopedia.com/TERM/S/SSL.htm http://www.webopedia.com/TERM/S/SSL.htm 5. https://www.ibm.com/support/knowledgecenter/ SSYKE2_8.0.0/com.ibm.java.security.compone nt.80.doc/security- component/jsse2Docs/ssloverview.html https://www.ibm.com/support/knowledgecenter/ SSYKE2_8.0.0/com.ibm.java.security.compone nt.80.doc/security- component/jsse2Docs/ssloverview.html

22. 6. https://sayaksarkar.wordpress.com/2012/03/ 12/from-netscape-to-firefox-the-story-of- mozilla-firefox/ https://sayaksarkar.wordpress.com/2012/03/ 12/from-netscape-to-firefox-the-story-of- mozilla-firefox/ 7. http://www.ssh.com/about http://www.ssh.com/about