Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls

Published byΟινώνη Κρεστενίτης Modified over 5 years ago

Similar presentations

Presentation on theme: "Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls"— Presentation transcript:

1 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls
Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

2 Figure 32.1 Common structure of three security protocols

3 Topics discussed in this section:
IPSecurity (IPSec) IPSecurity (IPSec) is a collection of protocols designed by the Internet Engineering Task Force (IETF) to provide security for a packet at the network level. Topics discussed in this section: Two Modes Two Security Protocols Security Association Internet Key Exchange (IKE) Virtual Private Network

4 Figure 32.2 TCP/IP protocol suite and IPSec

5 Figure 32.3 Transport mode and tunnel modes of IPSec protocol

6 Note IPSec in the transport mode does not protect the IP header; it only protects the information coming from the transport layer.

7 Figure 32.4 Transport mode in action

8 Figure 32.5 Tunnel mode in action

9 IPSec in tunnel mode protects the original IP header.
Note IPSec in tunnel mode protects the original IP header.

10 Figure 32.6 Authentication Header (AH) Protocol in transport mode

11 Note The AH Protocol provides source authentication and data integrity, but not privacy.

12 Figure 32.7 Encapsulating Security Payload (ESP) Protocol in transport mode

13 ESP provides source authentication, data integrity, and privacy.
Note ESP provides source authentication, data integrity, and privacy.

14 Table IPSec services

15 Figure 32.8 Simple inbound and outbound security associations

16 IKE creates SAs for IPSec.
Note IKE creates SAs for IPSec.

17 Figure IKE components

18 Table 32.2 Addresses for private networks

19 Figure 32.10 Private network

20 Figure Hybrid network

21 Figure 32.12 Virtual private network

22 Figure 32.13 Addressing in a VPN

23 Topics discussed in this section:
SSL/TLS Two protocols are dominant today for providing security at the transport layer: the Secure Sockets Layer (SSL) Protocol and the Transport Layer Security (TLS) Protocol. The latter is actually an IETF version of the former. Topics discussed in this section: SSL Services Security Parameters Sessions and Connections Four Protocols Transport Layer Security

24 Figure 32.14 Location of SSL and TLS in the Internet model

25 Table 32.3 SSL cipher suite list

26 Table 32.3 SSL cipher suite list (continued)

27 The client and the server have six different cryptography secrets.
Note The client and the server have six different cryptography secrets.

28 Figure 32.15 Creation of cryptographic secrets in SSL

29 Figure 32.16 Four SSL protocols

30 Figure 32.17 Handshake Protocol

31 Figure 32.18 Processing done by the Record Protocol

32 Topics discussed in this section:
PGP One of the protocols to provide security at the application layer is Pretty Good Privacy (PGP). PGP is designed to create authenticated and confidential s. Topics discussed in this section: Security Parameters Services A Scenario PGP Algorithms Key Rings PGP Certificates

33 Figure 32.19 Position of PGP in the TCP/IP protocol suite

34 algorithms used in the message as well as the values of the keys.
Note In PGP, the sender of the message needs to include the identifiers of the algorithms used in the message as well as the values of the keys.

35 Figure 32.20 A scenario in which an e-mail message is authenticated and encrypted

36 Table PGP Algorithms

37 Figure Rings

38 Note In PGP, there can be multiple paths from fully or partially trusted authorities to any subject.

39 Topics discussed in this section:
FIREWALLS All previous security measures cannot prevent Eve from sending a harmful message to a system. To control access to a system, we need firewalls. A firewall is a device installed between the internal network of an organization and the rest of the Internet. It is designed to forward some packets and filter (not forward) others. Topics discussed in this section: Packet-Filter Firewall Proxy Firewall

40 Figure Firewall

41 Figure 32.23 Packet-filter firewall

42 A packet-filter firewall filters at the network or transport layer.
Note A packet-filter firewall filters at the network or transport layer.

43 Figure Proxy firewall

44 A proxy firewall filters at the application layer.
Note A proxy firewall filters at the application layer.

Download ppt "Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls"

Similar presentations

IPSec.

IPSec.
17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.

17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Security at the Network Layer: IPSec

Security at the Network Layer: IPSec
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.

McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
K. Salah1 Security Protocols in the Internet IPSec.

K. Salah1 Security Protocols in the Internet IPSec.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Secure connections.

Secure connections.
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.

32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
16.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 16 Security at the Application Layer: PGP and.

16.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 16 Security at the Application Layer: PGP and.

Similar presentations

Ads by Google