Presentation is loading. Please wait.

Presentation is loading. Please wait.

VPNs  IETF developing IPsec security standards IP securityIP security At the internet layerAt the internet layer Protects all messages at the transport.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "VPNs  IETF developing IPsec security standards IP securityIP security At the internet layerAt the internet layer Protects all messages at the transport."— Presentation transcript:

1

2 VPNs  IETF developing IPsec security standards IP securityIP security At the internet layerAt the internet layer Protects all messages at the transport and application layersProtects all messages at the transport and application layers IPsec TCPUDP E-Mail, WWW, Database, etc.

3 VPNs  IPsec Transport Mode End-to-end security for hostsEnd-to-end security for hosts Local Network Internet Local Network Secure Communication

4 VPNs  IPsec Tunnel Mode IPsec server at each siteIPsec server at each site Secure communication between sitesSecure communication between sites Local Network Internet Local Network Secure Communication IPsec Server

5 VPNs  IPsec Modes Can be Combined End-to-end transport mode connectionEnd-to-end transport mode connection Within site-to-site tunnel connectionWithin site-to-site tunnel connection Local Network Internet Local Network Tunnel Mode Transport Mode

6 VPNs  Another Security System for VPNs is the Point-to-Point Tunneling Protocol (PPTP) For dial-up connections, based on PPPFor dial-up connections, based on PPP Connects user with securely to a remote access server at a siteConnects user with securely to a remote access server at a site Internet Local Network Remote Access Server Dial-Up Connection PPTP Connection

7 PKIs  To use public key methods, an organization must establish a comprehensive Public Key Infrastructure (PKI) A PKI automates most aspects of using public key encryption and authenticationA PKI automates most aspects of using public key encryption and authentication Uses a PKI ServerUses a PKI Server PKI Server

8 PKIs  PKI Server Creates Public Key- Private Key Pairs Distributes private keys to applicants securelyDistributes private keys to applicants securely Often, private keys are embedded in delivered softwareOften, private keys are embedded in delivered software PKI Server Private Key

9 PKIs  PKI Server Provides CRL Checks Distributes digital certificates to verifiersDistributes digital certificates to verifiers Checks certificate revocation list before sending digital certificatesChecks certificate revocation list before sending digital certificates PKI Server Digital Certificate

10 PKIs  CRL (Certificate Revocation List) Checks If applicant gives verifier a digital certificate,If applicant gives verifier a digital certificate, The verifier must check the certificate revocation listThe verifier must check the certificate revocation list PKI Server OK? OK or Revoked CRL

11 Integrated Security System  When two parties communicate … Their software usually handles the detailsTheir software usually handles the details First, negotiate security methodsFirst, negotiate security methods Then, authenticate one anotherThen, authenticate one another Then, exchange symmetric session keyThen, exchange symmetric session key Then can communicate securely using symmetric session key and message- by-message authenticationThen can communicate securely using symmetric session key and message- by-message authentication

12 SSL Integrated Security System  SSL Secure Sockets LayerSecure Sockets Layer Developed by NetscapeDeveloped by Netscape  TLS (now) Netscape gave IETF control over SSLNetscape gave IETF control over SSL IETF renamed it TLS (Transport Layer Security)IETF renamed it TLS (Transport Layer Security) Usually still called SSLUsually still called SSL

13 Location of SSL  Below the Application Layer IETF views it at the transport layerIETF views it at the transport layer Protects all application exchangesProtects all application exchanges Not limited to any single applicationNot limited to any single application  WWW transactions, e-mail, etc. SSL E-MailWWWE-MailWWW

14 SSL Operation  Browser & Webserver Software Implement SSL User can be unawareUser can be unaware

15 SSL Operation  SSL ISS Process Two sides negotiate security parametersTwo sides negotiate security parameters Webserver authenticates itselfWebserver authenticates itself Browser may authenticate itself but rarely doesBrowser may authenticate itself but rarely does Browser selects a symmetric session key, sends to webserverBrowser selects a symmetric session key, sends to webserver Adds a digital signature and encrypts all messages with the symmetric keyAdds a digital signature and encrypts all messages with the symmetric key

16 Importance of SSL  Supported by Almost All Browsers De facto standard for Internet application securityDe facto standard for Internet application security  Problems Relatively weak securityRelatively weak security Does not involve security on merchant serverDoes not involve security on merchant server Does not validate credit card numbersDoes not validate credit card numbers Viewed as an available but temporary approach to consumer securityViewed as an available but temporary approach to consumer security

17 Other ISSs  SSL is merely an example integrated security system  Many other ISSs exist IPsecIPsec PPP and PPTPPPP and PPTP Etc.Etc.

18 Other ISSs  All ISSs have the same general steps Negotiate security parametersNegotiate security parameters Authenticate the partnersAuthenticate the partners Exchange a session keyExchange a session key Communicate with message-by- message privacy, authentication, and message integrityCommunicate with message-by- message privacy, authentication, and message integrity

Download ppt "VPNs  IETF developing IPsec security standards IP securityIP security At the internet layerAt the internet layer Protects all messages at the transport."

Similar presentations

Cryptography and Network Security

Cryptography and Network Security
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.

McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.
SCSC 455 Computer Security Virtual Private Network (VPN)

SCSC 455 Computer Security Virtual Private Network (VPN)
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.
Introduction to Cryptography

Introduction to Cryptography
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
PKIs  To use public key methods, an organization must establish a comprehensive Public Key Infrastructure (PKI) A PKI automates most aspects of using.

PKIs  To use public key methods, an organization must establish a comprehensive Public Key Infrastructure (PKI) A PKI automates most aspects of using.
Electronic Transaction Security (E-Commerce)

Electronic Transaction Security (E-Commerce)
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.

VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.
Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)
Chapter 8 Web Security.

Chapter 8 Web Security.
Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)

Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)

Similar presentations

Ads by Google