Total Encryption. Encryption? Encryption? Cryptography.

Slides:



Advertisements
Similar presentations
Network Security.
Advertisements

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
Advanced Web 2012 Lecture 2 Sean Costain How the Web Works - Refresh Sean Costain 2012 The web is a matrix of servers that handle client requests.
TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.
Remote Desktop Security Raghav Chawla, Jon Ussery Group 20.
Remote Networking Architectures
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Strategies in Linux Platforms and.
NetComm Wireless VPN Functionality Feature Spotlight.
Course 201 – Administration, Content Inspection and SSL VPN
Computation for Physics 計算物理概論 Introduction to Linux.
VPN: An Easy Software / Appliance Solution for Remote Access Robert Gulick, EdD DBA/Technology Trainer Parma City School District
OpenVPN OpenVPN: an open source, cross platform client/server, PKI based VPN.
Securing Data at the Application Layer Planning Authenticity and Integrity of Transmitted Data Planning Encryption of Transmitted Data.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
Linux Networking and Security Chapter 8 Making Data Secure.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Portable SSH Brian Minton EKU, Dept. of Technology, CEN/CET)‏
VNC Greg Fankhanel Jessica Nunn Jennifer Romero. What is it? Stands for Virtual Network Computing It is remote control software which allows you to view.
Chapter 1: The Internet and the WWW CIS 275—Web Application Development for Business I.
AE6382 Secure Shell Usually referred to as ssh, the name refers to both a program and a protocol. The program ssh is one of the most useful networking.
Module 9: Fundamentals of Securing Network Communication.
1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.
1 Securing Data and Communication. 2 Module - Securing Data and Communication ♦ Overview Data and communication over public networks like Internet can.
Lecture 11 Page 1 Advanced Network Security Cryptography and Networks: IPSec and SSL/TLS Advanced Network Security Peter Reiher August, 2014.
Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.
Hands-On Microsoft Windows Server Implementing Microsoft Internet Information Services Microsoft Internet Information Services (IIS) –Software included.
FTP File Transfer Protocol Graeme Strachan. Agenda  An Overview  A Demonstration  An Activity.
Protocols COM211 Communications and Networks CDA College Olga Pelekanou
Team 6 Decrypting Encryption Jeffrey Vordick, Charles Sheefel, and Shyam Rasaily.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Security SIG August 19, 2010 Justin C. Klein Keane
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
SSL: Secure Socket Layer By: Mike Weissert. Overview Definition History & Background SSL Assurances SSL Session Problems Attacks & Defenses.
Communication protocols 2. HTTP Hypertext Transfer Protocol, is the protocol of World Wide Web (www) Client web browser Web server Request files Respond.
When you cannot be there Remote access and collaboration Raul Suarez Dec 2009.
Remote access methods ● SSH ● VPNs ● VNC ● Screen - by Alex Harris.
Encryption Encryption has been around a long time. From the simple Ceaser cipher thru the Enigma wheel.
Key management issues in PGP
Chapter 7 - Secure Socket Layer (SSL)
Virtual Private Networks and IPSec
Virtual Private Network (VPN)
Hillsborough Community College
TECHNOLOGY GUIDE THREE
Remote Access Lecture 2.
Mandos Disk encryption is essential for physical computer security, but seldom used due to the trouble of remembering and.
Some bits on how it works
FTP - File Transfer Protocol
Virtual Private Networks (VPN)
Welcome To : Group 1 VC Presentation
Chapter 3: Windows7 Part 4.
Using SSL – Secure Socket Layer
Telnet/SSH Connecting to Hosts Internet Technology.
CompTIA Security+ Study Guide (SY0-501)
Goals Introduce the Windows Server 2003 family of operating systems
IS 4506 Server Configuration (HTTP Server)
Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls
Protocols 2 Key Revision Points.
Transport Layer Security (TLS)
Cengage Learning: Computer Networking from LANs to WANs
Network Security 4/21/2019 Raj Rajarajan.
Building Security into Your System
Unit 8 Network Security.
Advanced Computer Networks
Designing IIS Security (IIS – Internet Information Service)
MESSAGE ACCESS AGENT: POP AND IMAP
Presentation transcript:

Total Encryption

Encryption?

Encryption? Cryptography

single files

RAR

ZIP

Windows file encryption

holes

easy to crack

easy to crack (in the past)

why?

encryption not core feature

touchstone?

household name?

PGP

Pretty Good Privacy

Phil Zimmermann 1991

mail

Encryption/ Decryption

Signing/ Verification

proof of identity

1990’s

-----BEGIN PGP MESSAGE----- Version: foo hQIOA2US7SR8WYFzEAf+MSrImHD0Wq3HdxaPPPzj2yk50U1c0FD901HXlQROTyUv 8YGsig/y1vUFyJVtDU/cqgG0cDVAMLxpL24Mn/j/IQo9sJOeZGsEjCpu0r5T0F7E OgH6GPejjQooFZldx6hOP9cpQmQpXJqH+QhbBgZCOWC+nBLEUoxX+K0qTpNhrFd+ EGxOrjkYOyhARd9H2oMcGGKhvZlJ9MMey3+tn/NSXrQ8Ulu/MG10xGnqvsd/nXDl cqcRmRLojLJwJZ8QqgocVT+32lCMRZ/VrGPMo2SQHM5ipDHd3/X9KTf3n9C+estJ NekGEKbE5GEBvJb7jbxg6CPv8ZrQM1z+Jq0GZs4b2Af/TTf4s59zMDC+CF2UR0NX q5e+VDrKi2B1c51EhJEirqgcjbYodJIUrPE69MKkpOS2MbCBcAGkXRJHNf6XRJEW OR6M0zPltejZLCLfpYo2ixfvFkB7QDDbiQYpxHn+8hrNTFdwFNjvYNhMOpdM+dxY wOn1ZCwtLsmoG8l7QDLK6ZLAJ/ceY0lDmill3iFLATGsFl1xpauU4Jj7+5/E3Acm kMM7Me7VOEg6dpLxZ86JZml4tQsygOg2WhzSjo3eheAbd7DywzzMtTEuB0orAR1P 0EnUgJ2ELwgh2LEiB/4bQxEM5+XyshYJd6kCoIVJyuVRo7YRf5POflcqGkviRr+s nNLqAb3IMi1ya5jTCkSlPpGPF9ZC5vA2Sd0PIltdI3ueSAPWezA6iAmwXSyR/7nh DXIQzLkhqvlxP6qqYrOxWRtD63DpuR2pA+7edDluD/B7bjw6s2S0ev5TLpbUTNSH P4TSwC2G+SIjFPe/ehUw6DGHwZ4m2UMEdHv+EN7PNjjGclCvg9X0lkKm/B1L+UyQ c+QTaU82wg/t3V408iPBMybrt/PIc8cqQhNQ+F9i9WjmrSGMpssyl+IBwV5gQxKe 5Ev6K/y3hBHJ5RkKTL5j/YF/LavalHbS7+FhgqLjNnX2DyBp7bvYIluRVobFexN9... iCI/OEI4PR8CwvzAy43o0Ezys1pN9K7WBcQrHoXBTyEuMFuJRPZkyZo0z4WUCehy OJK0O2VJZiZSHPjNW6ch4Yl8YWfrMGM= =Joo END PGP MESSAGE-----

█$ pgp -d

2000

$

standardized

OpenPGP

OpenPGP RFC 4880 RFC 4880

in actual use

problem

█ $ gpg -- decrypt

Enigmail

plugin

mail reader

Enigmail

plugin

OpenPGP

mail

WWW?

HTTP

HTTPS

SSL

Secure Socket Layer

1994–1996

SSL

SSL 2.0

SSL 3.0

1999

standardized

TLS

Transport Layer Security

TLS/SSL

web browser

web server

HTTPS

404

Connection refused

problem is on server

HTTPS not implemented

HTTPS not configured

server limits your security

server operator?

certificate

certificate authority

$$

limited choice

pre-loaded

web browser

choice meaningless

least trustworthy

make your own

cheap

self-signed certificate

X.509

“Someone tried to explain public ‐ key ‐ based authentication to aliens. Their universal translators were broken and they had to gesture a lot.” — Peter Gutmann Everything you Never Wanted to Know about PKI but were Forced to Find OutPeter Gutmann Everything you Never Wanted to Know about PKI but were Forced to Find Out

X.509 Certificates? (very briefly) CA cert Cert 2 Client CA cert Server Cert 2 CA cert Internet communication key 0 key 2 Cert 1 key 1 key 2

TLS could support OpenPGP keys

not supported by browsers

not supported by browsers (yet)

self-signed certificate

web

remote file access

FTP?

FTP

SMB? (Windows “shared folders”)

SMB (Windows “shared folders”)

FTPS? (FTP with TLS/SSL)

TLS/SSL

X.509

SFTP

SSH File Transfer Protocol

server Linux/Unix?

easy! OpenSSH

server Windows?

FreeSSHd

(freeware, not open source)

Free Software

copSSH

OpenSSH

OpenSSH by hand

OpenSSH for Windows

server

client?

WinSCP

Windows only

FileZilla

Windows & Linux

remote file access

remote desktop

none are Free Software

Linux/Unix

X11 through SSH tunnel

SSH server

SSH tunnel

tunnel RDP

tunnel VNC

RDP Windows “Remote Desktop Protocol”

VNC

Virtual Network Computing

TightVNC

remote desktop

remote terminal

SSH

Windows

PuTTY

p2p file sharing

BitTorrent

Azureus

Perfect Dark

日本語!日本語!

ANts

GNUnet

RShare

p2p file sharing

VPN tunnels

must be set up in advance

both sides

IPsec

structurally cleaner

very complex

(see separate Ipsec lecture)

OpenVPN

non-standard protocol

should be avoided

security concerns

standards interoperability

however

easy to set up

endorsed by experts

standards interoperability

OpenVPN

network

stolen laptop

whole-disk encryption

TrueCrypt

non-standard

not in kernel

no other implementation

dual-platform

dm-crypt/LUKS

in kernel

FreeOTFE

can read dm-crypt/LUKS

FAT/NTFS

boot-time whole-disk encryption

dm-crypt/LUKS

/boot unencrypted

/boot on USB key

small gain

unfeasible for servers

password?

password in /boot file

vulnerable to computer seizure

password on USB key

enter password at boot

neither works for server hosts

need unattended reboots

Mandos

gives passwords to hosts

uses TLS

all hosts run Mandos queryer

host key stored in /boot

one host runs Mandos responder

host down too long?

host gets no password

unattended reboots

security from server seizure

some security

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.