Network security Presentation

AFZAAL AHMAD ABDUL RAZAQ AHMAD SHAKIR MUHAMMD ADNAN WEB SECURITY, THREADS & SSL (secure socket layer)

Types of Threats 1:Worm Worm is an Types of virus that replicates itself but don’t alter the file. 2:Logic Bomb Logic bomb is an Programming code that made by programmer. Trojan Horse Trojan Horse is an Programming code that attach to your system and monitor activates and sent to the attacker RATS Special Type of Trojan horse that remotely monitor your activates

Types of Threats Root Kits Gain access to your computer and perform illegal activates Physical Threats Unauthorized Internal user Former Employee of Organization Wrong Management

Web Traffic Security Approaches IP Security The advantage of using IPsec is that it is transparent to end users and applications and provides a general-purpose solution. Further, IPsec includes a filtering capability so that only selected traffic need incur the overhead of IPsec processing Sub Protocol 1)IKE(Internet Key exchange) it use for key Exchange and Security parameters 2)ESP(Encapsulation security payload) It use for authentication, Encryption and integrity

ABDUL RAZAQ AHMAD SHAKIR

SSL (Secure Socket Layer) transport layer security service originally developed by Netscape version 3 designed with public input subsequently became Internet standard known as TLS (Transport Layer Security) uses TCP to provide a reliable end-to-end service SSL has two layers of protocols

SSL Architecture  SSL connection a transient, peer-to-peer, communications link associated with 1 SSL session  SSL session an association between client & server created by the Handshake Protocol define a set of cryptographic parameters may be shared by multiple SSL connections

MUHAMMAD ADNAN

12 SSL Architecture

Change Cipher Spec Protocol Notify the other party to use the new cipher suite Before the finished message 13

14 SSL Architecture

Alert Layer Explain severity of the message and a description Fatal Immediate termination Other connections in session may continue Session ID invalidated to prevent failed session to open new sessions Alerts are compressed same as other data 15

SSL Architecture 16

Record Layer Compression and decompression A MAC is applied to each record using the MAC algorithm defined in the current cipher spec Encryption occurs after compression May need fragmentation 17

SSL Architecture 18

SSL Handshake Protocol Allows server & client to: authenticate each other to negotiate encryption & MAC algorithms and keys Comprises a series of messages exchanged in phases: 1.Establish Security Capabilities (to agree on encryption, MAC, and key-exchange algorithms) 2.Server Authentication and Key Exchange 3.Client Authentication and Key Exchange 4.Finish

SSL Handshake 20 Client hello Server hello Present Server Certificate *Request Client Certificate Server Key Exchange Client Finish *Present Client Certificate Client Key Exchange *Certificate Verify Change Cipher Spec Server Finish Change Cipher Spec Client Application Data

How SSL Works: the Handshake in Detail 21

How SSL Works: the Handshake in Detail 1.Client hello - The client sends the server information including the highest version of SSL it supports and a list of the cipher suites it supports. 2.Server hello - The server chooses the highest version of SSL and the best cipher suite that both the client and server support and sends this information to the client. 3.Certificate - If server authentication is required then the server sends the client a certificate or a certificate chain. 4.Certificate request - If the server needs to authenticate the client, it sends the client a certificate request. 22

How SSL Works: the Handshake in Detail 1.Server key exchange - The server sends the client a server key exchange message when the public key information sent in 3) above is not sufficient for key exchange. 2.Server hello done - The server tells the client it is finished with its initial negotiation messages. Certificate - If the server requests a certificate from the client in Message 4, the client sends its certificate chain, like the server did in Message 3. 7.Client key exchange - The client generates information used to create a key to use for symmetric encryption. For RSA, the client then encrypts this key information with the server's public key and sends it to the server. 8.Certificate verify – If the server is authenticating the client, the client sends a random number that it digitally signs. When the server decrypts number with the client's public key, the server authenticates the client. 23

How SSL Works: the Handshake in Detail 7.Change cipher spec - The client tells the server to change to encrypted mode. 8.Finished - The client sends the server a hash of the handshake messages. 9.Change cipher spec - The server tells the client to change to encrypted mode. 10.Finished - The server sends the client a hash of the handshake messages. Encrypted data - The client and the server communicate using the symmetric encryption algorithm and the cryptographic hash function negotiated in Messages 1 and 2, using the secret key that the client sent to the server in Message 8.

How SSL Works: the Handshake Shortcut If the parameters generated during an SSL handshake are saved, these parameters can be re-used for future SSL connections. 25