Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing TCP/IP Chapter 11.

Published bySheryl Alexander Modified over 9 years ago

Similar presentations

Presentation on theme: "Securing TCP/IP Chapter 11."— Presentation transcript:

1 Securing TCP/IP Chapter 11

2 Objectives Discuss the standard methods for securing TCP/IP networks
Compare TCP/IP security standards Implement secure TCP/IP applications

3 Overview

4 TCP/IP: A Security Perspective
Original TCP/IP had no real security User names and passwords is not enough Every Internet device with IP is targeted Data movement between hosts is intercepted Chapter 11 follows TCP/IP security history Security concepts first Specific standards and protocols later in the chapter

5 Test Specific Making TCP/IP Secure

6 The Five Areas of TCP/IP Security
Encryption Scrambles data – recipient unscrambles Integrity Guarantees that the data is received Nonrepudiation Ensures a sender cannot deny a sent message

7 The Five Areas of TCP/IP Security (cont’d.)
Authentication Verifies data is only accessed by intended people Authorization Defines what an authenticated user can do

8 Encryption Plaintext Also known as cleartext
The data is in an easily read or viewed industry-wide standard format More than just text file types Also includes binary files, e.g., a photograph or an executable program

9 Figure Plaintext

10 Security Terms Cipher: a general term for a way to encrypt data
Algorithm: the mathematical formula that underlies the cipher

11 Ciphers Unicode Create a cipher to encrypt this cleartext
Numbers representing other characters Example: converts to “MIKE” Create a cipher to encrypt this cleartext Apply interesting binary math

12 Ciphers (cont’d.) A simple cipher A more complex cipher
Use binary math to add 1 to every value (ignore carry 1) Very easy to break this code A more complex cipher Use a second value (a key) of any binary numbers Example key: Use binary math and this key on each eight-bit set

13 Binary XOR (eXclusive OR) Operation

14 Keys Apply the key to plaintext using binary XOR
(result on the first 8 bits) To decrypt, you need the algorithm and the key

15 Decryption Example is easy to decrypt The math is simple
XOR is easy to use to decrypt XOR works with numbers or letters

16 Caesar Cipher Works with letters
Code: WKH TXLFN EURZA IRA MXPSV RYHU WKH ODCB GRJ Real letter: ABCDEFGHIJKLMNOPQRSTUVWXYZ Code letter: DEFGHIJKLMNOPQRSTUVWXYZABC Decrypted: THE QUICK BROWN FOX JUMPS OVER THE LAZY DOG

17 Cracking a Cipher on Letters
Word patterns WKH shows up twice Frequency analysis W and H are the most frequent Brute force Make the code harder to break with more complex algorithms and with longer keys

18 Figure 11.2 Encryption process
Ciphertext The result of running plaintext through a cipher algorithm using a key Figure Encryption process

19 Algorithms for Encrypting Binary Data
Two common features Complex algorithm underlying the cipher One or more keys to encrypt and decrypt Symmetric-key algorithm Same key for encryption and decryption Decryptor must have the algorithm and the key Asymmetric-key algorithm Uses different keys for encryption and decryption

20 Symmetric-Key Algorithm Standards
Most symmetric-key algorithms are block ciphers Encrypt data in certain length chunks Work well with data that comes in discrete chunks (e.g., IP packets)

21 Figure Block cipher

22 Data Encryption Standard (DES)
Old TCP/IP symmetric-key algorithm Block cipher developed in late 1970 by the U.S. government Used 64-bit block and 56-bit key Derivatives 3DES International Data Encryption Algorithm (IDEA) Blowfish

23 Stream Ciphers Work on a single bit at a time Encrypt on-the-fly
Popular for data in long streams Older wireless networks Cell phones

24 Figure Stream cipher

25 Rivest Cipher 4 (RC4) Stream cipher
Invented in late 1980s by Ron Rivest Weaknesses uncovered beginning in 2001 have created a move to block ciphers Many encryptions (wireless, HTTP, RDP) still support RC4

26 Advanced Encryption Standard (AES)
Block cipher created in late 1990s 128-bit block size 128-, 192-, or 256-bit key Practically uncrackable Fast Applications are switching to AES Exam Tip (p. 293): When in doubt on a question about encryption algorithms, always pick AES. You’ll be right most of the time.

27 Asymmetric-Key Algorithm Standards
Serious drawback to symmetric-key Anyone with the key can encrypt or decrypt Need to send the key to the other person Asymmetric-key avoids these problems Uses a key pair (two different keys) One to encrypt One to decrypt

28 Figure 11.5 How do we safely deliver the key?

29 Public-Key Cryptography
Allows for the secure exchange of keys Introduced in 1970s by Diffie, Hellman, & Merkle Rivest Shamir Adleman (RSA) Fully functional algorithm that enables secure digital signatures Key pair Two keys generated at the same time and designed to work together Note (p. 293): The public-key cryptography introduced by Diffie, Hellman, and Merkle became known as the Diffie-Hellman key exchange. Hellman, on the other hand, has insisted that if the scheme needs a name, it should be called the Diffie-Hellman-Merkle key exchange.

30 Figure 11.6 Mike and Melissa, wanting to send encrypted e-mail messages

31 Figure 11.7 Sending a public key

32 How Public-Key Cryptography Works
Encrypts data with a public key Decrypts data with a private key Only the private key can decrypt Mike generates a key pair Mike sends Melissa the public key Melissa encrypts the data using the public key Mike decrypts the data with the private key Exam Tip (p. 293): Public-key cryptography is the most popular form of encryption

33 Figure 11.8 Decrypting a message

34 Figure Lots of keys

35 Problem with Public-Key Cryptography
Someone pretending to be someone else might pass out a public key Need to know who is passing out a key This is solved with nonrepudiation Note (p. 295): This simple description, while accurate, doesn’t cover some big differences between Diffie-Hellman and RSA. The CompTIA Network+ exam doesn’t go into those differences.

36 Encryption and the OSI model
Encryption at different layers of the OSI model Layer 1: No common encryption at this layer Layer 2: Proprietary encryption devices Layer 3: IP Security (IPsec) protocol Layer 4: No encryption methods for TCP or UDP Layers 5, 6, and 7: Important encryption standards (e.g., SSL and TLS used in e-commerce) happen within these layers, but don’t fit cleanly into the OSI model

37 Integrity It is important to receive the same data that was sent
One tool to ensure integrity is the hash function

38 Hash Cryptographic hash function
Mathematical function run on a string of bits of any length that results in a value of fixed length The result is often called a checksum or message digest A one-way function Not able to recreate the data, even given the hashing algorithm and the checksum

39 Figure A hash at work

40 Cryptographic Hash Functions
Secure Hash Algorithm (SHA) family includes: SHA-1 SHA-2 (includes SHA-256 and SHA-512 variations; soon-to-be-finalized SHA-3) No longer recommended due to attacks Message-Digest Algorithm version 5 (MD5)

41 Try This! Is this the file I think it is? (p. 297)
Let’s download a common program—the latest version of Mozilla’s Firefox browser—and use the trustworthy hash functions that come with our operating system to confirm our copy matches the hashes Mozilla has published. We’ll use the SHA512 algorithm for this exercise. Download a copy of the latest Firefox from .org/en-US/firefox/new/, but don’t install it when the download completes. Navigate to /firefox/releases/latest/ and look for the files ending with “SUMS”. Each of these contains a long list of hashes computed using a given algorithm for all of the files in the directory. The part of the file name before “SUMS” specifies the algorithm used. Click on the SHA512SUMS file. The left-hand column contains hashes, and the right-hand column contains relative file paths. The way we actually calculate the hash varies a bit from platform to platform. Pick your platform below and type the appropriate command, replacing <filename> with the name or path of the file downloaded in step 1. a. Linux & OS/X: Open a terminal window and navigate to the directory you downloaded the file to. At the prompt, type this command: shasum -a 512 "<filename>" This command will output a single line in the same format as the SHA512SUMS file. Select and copy the hash. b. Windows 8 or newer: Open Windows PowerShell—not to be confused with the regular Windows command line—and navigate to the directory you downloaded the file to. At the PowerShell prompt, type this sequence of commands: (Get-FileHash -Algorithm SHA512 '<filename>').hash | clip This command generates and copies the hash directly to your clipboard. Switch back to your browser and use Find to search the SHA512SUMS document for the hash you copied in step 4. If your file downloaded properly, you’ll usually get a single match. Since there are unique installer files for different platforms and languages, the file path on the matched line should specify your platform, language, and the name of the file you downloaded in step 1 and hashed in step 4. Figure File and MD5

42 Hashes Are Everywhere Encryption and authentication schemes often use hashes Invisible to the user SMTP servers use Challenge-Response Authentication Mechanism-Message Digest 5 (CRAM-MD5) as a tool for server authentication Exam Tip (p. 297): Look for CRAM-MD5 to show up on the CompTIA Network+ exam as a tool for server authentication.

43 Nonrepudiation The receiver has a very high degree of confidence that the sender is who the receiver thinks Takes place all over a network User name and password entry Credit card number entry Public key sender assurance

44 Digital Signature Hash of the message encrypted by the private key
The person with the matching public key decrypts and generates own hash Compares with the decrypted hash to verify file came from the intended sender Makes public-key cryptography more secure Popular for use with

45 Figure 11.12 Digitally signed

46 Public Key Infrastructure (PKI)
Uses certificates Standardized type of digital signature Includes third-party digital signature Guarantees that the person who is passing out the certificate is who they say they are Sign on to e-commerce site redirects to a secure Web page Exam Tip (p. 298): If you see or a small lock icon, you are most likely on a secure Web site.

47 Figure Secure Web page

48 Loading a Secure Web Page
Web server sends a copy of its certificate Contains the Web server’s public key and a digital signature from a third party Click on the lock icon in the address bar to view the certificate for the current session VeriSign is one of several certificate authorities View all certificates managed by your browser Note (p. 300): Becoming a root certificate authority with enough respect to have Web browsers install your certificate is very difficult!

49 Figure 11.14 eBay sign-in certificate

50 Figure 11.15 Certificate authority certificates on a system

51 Creating a Secure Web Site
Must purchase certificate from certificate authority Certificate authority acts as root More advanced situations require tree of certificate authorization Root authorization (certificate authority) at top Intermediate certificate authority Issued certificates at bottom

52 Figure 11.16 VeriSign’s PKI tree

53 Creating Your Own Unsigned Certificates
Useful for lower-security situations among friends Personal Web page Not for use when selling products on the Internet Not for use with highly sensitive messages Tech Tip: Get in the Game (p. 301) Almost all clients support encryption—you just need to get a certificate. If you want to start playing with encryption and signing, grab a free personal certificate from any of a number of different providers. Check out Comodo at www .instantssl.com/ssl-certificate -products/free- -certificate. html. Instructions for certificate generation and installation are on the respective Web sites. Note (p. 301): Fans of software licensed under the GNU public license can try GNU Privacy Guard (GnuPG), an alternative to the PGP suite. Check it out here:

54 Well-Known Certificate Authorities
VeriSign Thawte GoDaddy

55 Link Between Digital Certificates and Asymmetric Cryptography
Digital certificates are used to verify the exchange of public keys The exchange takes place behind the scenes in: , Web pages, and even in some very secure wireless networks

56 Authentication Most users encounter this when asked to enter user name and password The network technician must understand: How different authentication methods control user names and passwords Authentication standards used in TCP/IP networks Multifactor authentication (two-factor authentication) is used for added protection

57 Authorization Assign levels of access to resources
Access control list (ACL) List of permissions Specifies what an authenticated user may do Types of ACL access models Mandatory access control (MAC) Discretionary access control (DAC) Role-based access control (RBAC) Exam Tip (p. 301): The “Network+ Acronym List” includes a term called Network Access Control (NAC). NAC defines a newer series of protection applications that combine the features of what traditionally was done by separate applications. There is no perfect single definition for NAC. There are, however, certain functions that a NAC often does. A NAC usually prevents computers lacking antimalware and patches from accessing the network. NACs also create policies (their own policies, not Windows policies) that define what individual systems can do on the network, including network access, segregation of portions of the network, etc.

58 ACL Access Models Mandatory access control
Every resource is assigned a label defining its security level Oldest and least common of the three types Discretionary access control (DAC) Resources have owners who assign access More flexible than MAC

59 ACL Access Models (cont’d.)
Role-based access control (RBAC) Most popular model used in file sharing User’s access is defined based on user roles in the network environment Usually involves named groups Every TCP/IP application and operating system has it’s own set of rules May or may not follow one of these models

60 TCP/IP Security Standards

61 User Authentication Standards
Some of the oldest standards used in TCP/IP TCP/IP authentication started with Point-to-Point Protocol (PPP) Enables two point-to-point devices to connect Authenticates with a user name and password Negotiates the network protocol to use (TCP/IP) Initiator asks for the connection Authenticator has a list of user names/passwords Exam Tip (p. 302): In the early days of dial-up, we used the Serial Line Internet Protocol (SLIP) to connect a modem to an Internet Service Provider (ISP). SLIP was a totally unsecure protocol and we went PPP as soon as we could. See below.

62 PPP Connection Phases Link dead Link establishment Authentication
No link has been established yet Link establishment Authentication Network layer protocol Termination

63 Figure 11.17 A point-to-point connection

64 PPP Authentication Methods
Password Authentication Protocol (PAP) Sends the user name and password in plaintext Challenge Handshake Authentication Protocol (CHAP): more secure than PAP Relies on hashes based on a shared password Initiator creates a challenge message/hashes password Authenticator compares value to own hash Repeats the authentication process periodically Teaching Tip: At this point, it would be a good idea to explain to the students how the keystrokes they make are sent in clear ASCII text across a LAN. Anyone using the snoop command in Unix, Netmon in Windows, or Ethereal (and a good hex interpreter) can easily read what you are typing, including usernames and passwords. Demonstrate this if you can. Exam Tip (p. 304): If you get a question on PAP, CHAP, and MS-CHAP on the CompTIA Network+ exam, remember that MS-CHAP offers the most security.

65 Figure PAP in action

66 Figure CHAP in action

67 PPP Authentication Methods (cont’d.)
Microsoft MS-CHAPv2 Improved version of CHAP Most common authentication for dial-up Offers the most security for dial-up of the three Exam Tip (p. 304): If you get a question on PAP, CHAP, and MS-CHAP on the CompTIA Network+ exam, remember that MS-CHAP offers the most security.

68 Figure 11.20 MS-CHAP is alive and well

69 Limitations of PPP Multiple points of entry may exist
Authenticator at the endpoint may not have all the authentication information PPP does not provide for modem banks needing a central database Anyone accessing the network can see passwords unless data is encrypted

70 Figure 11.21 Where do you put the user names and passwords?

71 Figure 11.22 Central servers are prone to attack

72 Authentication, Authorization, and Accounting (AAA)
AAA: port authentication Authentication The connecting computer must provide credentials Authorization Defines allowed actions after authentication Accounting Logs authentications and actions

73 AAA Standards Remote Authentication Dial-in User Service (RADIUS)
Terminal Access Controller Access Control System Plus (TACACS+)

74 RADIUS Better known than TACACS+
Created to support ISPs with large modem banks Three RADIUS devices RADIUS server has access to username/password database Network Access Servers (NASs) Groups of systems that dial into the network Exam Tip (p. 306): NAS stands for either Network Access Server or Network Attached Storage. The latter is a type of dedicated file server used in many networks. Make sure you read the question to see which NAS it’s looking for!

75 Figure RADIUS setup

76 RADIUS Server Software
Microsoft Internet Authentication Service (IAS) for Windows FreeRADIUS for UNIX/Linux or Juniper Network’s Steel-Belted RADIUS One RADIUS server supports multiple NASs (PAP, CHAP, and MS-CHAP) Hashes all passwords; performs authentication on UDP ports 1812 and 1813; or 1645 and 1646

77 TACACS+ Single server stores the ACL for all the network devices
Proprietary Cisco protocol Functions like RADIUS Uses TCP port 49 Separates authorization, authentication, and accounting Uses PAP, CHAP, and MD5 hashes, or Kerberos Exam Tip (p. 307): The original TACACS protocol was used for authentication in UNIX systems back in the mid- 1980s. The CompTIA Network+ objectives pay homage to the ancient standard by not using the “plus” symbol with the acronym, but you need to know the current TACACS+ protocol for real-world networking.

78 Kerberos Authentication protocol for TCP/IP No connection with PPP
Many clients connected to a single authenticating server Adopted by Microsoft for all Windows networks using a domain controller Note (p. 307): Kerberos uses UDP or TCP port 88 by default

79 The Kerberos Process Key Distribution Center (KDC) processes
Authentication Server (AS) Ticket-Granting Service (TGS) KDC is put on Windows domain controllers AS authenticates AS sends a Ticket-Granting Ticket (TGT) and a timestamp Client is authenticated but not yet authorized Note (p. 308): The TGT is sometimes referred to as Ticket to Get Ticket.

80 Figure 11.24 Windows Kerberos setup

81 Figure 11.25 AS sending a TGT back to client

82 The Kerberos Process (cont’d.)
The client sends TGT to TGS for authorization TGS sends back a timestamped service ticket The client uses this ticket (token) to access domain resources The token authorizes user to access resources Single sign-on The timestamp requires the client request a new token every eight hours Note (p. 308): In Windows, the security token is called a Security Identifier (SID).

83 Figure 11.26 TGS sending token to client

84 Weaknesses of Kerberos
If the KDC is down, no one has access Important to maintain a backup KDC Standard practice to have two Windows domain controllers Timestamping requires synchronized clocks Fairly easy in a wired network Difficult in dispersed networks

85 Extensible Authentication Protocol (EAP)
Not a true protocol A PPP wrapper that EAP-compliant applications use to accept one of several types of authentication Significant use in wireless networks Even though PPP pretty much owned the user name/password authentication business, proprietary forms of authentication using smartcards/tokens, certificates, and so on, began to show up on the market, threatening to drop the entire world of authentication into a huge mess of competing standards. Teaching Tip See Chapter 15 Wireless Networking, for more information on wireless access points and EAP.

86 Types of EAP EAP-PSK (EAP-Personal Shared Key)
EAP-TLS (EAP with Transport Layer Security) EAP-TTLS (EAP with Tunneled TLS) EAP-MS-CHAPv2—also called Protected Extensible Authentication Protocol (PEAP) EAP-MD5 Lightweight Extensible Authentication Protocol (LEAP)

87 Figure 11.27 EAP-PSK in action

88 Figure EAP-TLS

89 Figure EAP-TTLS

90 802.1X An EAP solution for Ethernet networks
Port-authentication network access control A full AAA process to get anywhere on a gateway system Combines RADIUS-style AAA with EAP versions Only broadly adopted for wireless networks Note (p. 310): Technically, wireless networks don’t use EAP. They use 802.1X, which, in turn, uses EAP.

91 Figure X components

92 Encryption Standards New encryption protocols enabled a client to connect to a server in a secure connection still using their older, unsecure protocols Secure Shell (SSH) More secure replacement for Telnet Uses RSA keys (PKI) Note (p. 311): SSH servers listen on TCP port 22

93 The SSH Process An SSH server sends its public key to the client
Client receives a key and creates a session ID Encrypts using the public key and sends it back to the server The server decrypts and uses it in all data transfers forward Client/server negotiate the encryption type Automatic and invisible to the user

94 Figure 11.31 PuTTY getting an RSA key

95 Figure 11.32 Users on an SSH server

96 Other Uses of SSH SSH can also use public keys to identify clients
Noninteractive logins Can turn off password login altogether First must generate a pair of RSA or DSA keys The public key is copied to the server, while the private key is kept safe on the client

97 Figure 11.33 Generated keys in PuTTYgen

98 Tunneling Tunnel: an encrypted link between two programs on two separate computers Uses an SSH link Anything can go through an SSH connection encrypted

99 Figure SSH in action

100 Figure 11.35 Encrypting a Web client

101 Figure 11.36 Turning on tunneling in freeSSHd server

102 Combining Authentication and Encryption
Secure Sockets Layer (SSL) Requires a server with a certificate Transport Layer Security (TLS) More robust and flexible than SSL and works with most TCP applications Used in Voice over IP (VoIP), virtual private networks (VPNs), and in securing Web pages Note (p. 314): SSL/TLS also supports mutual authentication, but this is relatively rare. Exam Tip (p. 314): Developers have continued to refine TLS since the release of TLS 1.0 (SSL 3.1) in Each of the TLS versions is considered an upgrade from SSL 3.0, so you’ll see both numbers listed. TLS 1.1 (SSL 3.2) was released in The most recent version is TLS 1.2 (SSL 3.3), released in 2008 and modified in 2011. I only mention the numbers because CompTIA erroneously added TLS 2.0 to the CompTIA Network+ competencies. I think they must mean TLS 1.2. You do not need to memorize release dates or any other release number.

103 Figure SSL at work

104 Internet Protocol Security (IPsec)
Works at the Internet/Network layer Encryption protocol for IPv6 Works in Transport mode and Tunnel mode Transport mode IP packet payload is encrypted Tunnel mode Encrypted IP packet is encapsulated inside another IP packet Note (p. 314): The Internet Engineering Task Force (IETF) specifies the IPsec protocol suite, managing updates and revisions. One of those specifications regards the acronym for the protocol suite, calling it IPsec with a lower-case “s” rather than IPS or IPSec, which you might imagine to be the initials or acronym. Go figure.

105 Figure 11.38 IPsec’s two modes

106 Main Protocols Functioning Within IPsec
Authentication Header (AH) Encapsulating Security Payload (ESP) Internet Security Association and Key Management Protocol (ISAKMP) Internet Key Exchange (IKE and IKEv2) Kerberized Internet Negotiation of Keys (KINK)

107 Secure TCP/IP Applications

108 HTTPS Page addresses begin with https://
Uses SSL/TLS for authentication/encryption Problems Bad certificate Computer checks the certificate expiration date Checks the Web site URL Revoked certificate Due to a compromised private key

109 Figure 11.39 Certificate problem

110 Secure Copy Protocol (SCP)
SSH-enabled program Used to transfer data securely between hosts Lacks features, e.g., a directory listing Exists with UNIX scp command-line utility Has been replaced by SFTP Cross Check: FTP and TFTP (p. 317) You saw FTP and TFTP back in Chapter 9, so check your memory now. How do they differ from SFTP? Do they use the same ports? Would you use FTP and TFTP in the same circumstances? Finally, what’s the difference between active and passive FTP?

111 Secure FTP (SFTP) Also called SSH FTP Replacement for FTP
Active FTP uses ports 20 and 21, creating two sessions FTP cannot use SSH tunnels since SSH can only handle one session per tunnel Looks like FTP but relies on an SSH tunnel Windows client options: WinSCP and FileZilla

112 Simple Network Management Protocol (SNMP)
Queries the state of SNMP-capable devices Reports on several parameters Uses agents (special client programs) to collect information from a Management Information Base (MIB) Need a tool (e.g., Cacti) to query the devices SNMPv2: good encryption; challenging to use SNMPv3: today’s standard version Note (p. 318): SNMP runs on UDP port 161.

113 Figure Cacti at work

114 Lightweight Directory Access Protocol (LDAP)
Queries and changes databases that track network activity Windows Active Directory: most popular example of a directory database Domain controllers use LDAP to replicate directory information among themselves Uses TCP port 389

115 Network Time Protocol (NTP)
Gives you the current time Old protocol By itself not a security risk Important for a timestamping protocol like Kerberos Windows Servers use Kerberos Uses UDP port 123

Download ppt "Securing TCP/IP Chapter 11."

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Network Security.

Network Security.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Cryptography and Network Security

Cryptography and Network Security
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents Security requirements Public key cryptography Key agreement/transport.

Security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents Security requirements Public key cryptography Key agreement/transport.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
SCSC 455 Computer Security Virtual Private Network (VPN)

SCSC 455 Computer Security Virtual Private Network (VPN)
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
Cryptography April 20, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

Similar presentations

Ads by Google