Part 5:Security Network Security (Access Control, Encryption, Firewalls)

Slides:



Advertisements
Similar presentations
Cryptography and Network Security
Advertisements

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication Security Security Secure Sockets Layer Secure.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
Guide to Network Defense and Countermeasures Second Edition
Electronic Transaction Security (E-Commerce)
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Chapter 29 Internet Security
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
K. Salah1 Security Protocols in the Internet IPSec.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
Chapter 13 – Network Security
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
Chapter 37 Network Security. Aspects of Security data integrity – data received should be same as data sent data availability – data should be accessible.
Krerk Piromsopa. Network Security Krerk Piromsopa. Department of Computer Engineering. Chulalongkorn University.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
Network Security David Lazăr.
Chapter 32 Internet Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Virtual Private Network. ATHENA Main Function of VPN  Privacy  Authenticating  Data Integrity  Antireplay.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Chapter 40 Network Security (Access Control, Encryption, Firewalls)
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
Computer Science Lecture 23, page 1 CS677: Distributed OS Security: Focus of Control Three approaches for protection against security threats a)Protection.
1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.
Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
1 6 Chapter 6 Implementing Security for Electronic Commerce.
K. Salah1 Security Protocols in the Internet IPSec.
Securing Access to Data Using IPsec Josh Jones Cosc352.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
Virtual Private Network (VPN) 1. A corporation with multiple geographic sites can use one of two approaches to building a corporate intranet. – Private.
Henric Johnson1 Chapter 7 WEB Security Henric Johnson Blekinge Institute of Technology, Sweden
IPSecurity.
Security Protocols in the Internet
Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls
Public-Key, Digital Signatures, Management, Security
Network Security 4/21/2019 Raj Rajarajan.
Unit 8 Network Security.
Electronic Payment Security Technologies
Presentation transcript:

Part 5:Security Network Security (Access Control, Encryption, Firewalls)

FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA – R.L.PROBERT 2 Secure Networks Secure network is not an absolute term Need to define security policy for organization Network security policy cannot be separated from security policy for attached computers Costs and benefits of security policies must be assessed

FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA – R.L.PROBERT 3 Network Security Policy Devising a network security policy can be complex because a rational policy requires an organization to assess the value of information. The policy must apply to information stored in computers as well as to information traversing a network.

FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA – R.L.PROBERT 4 Aspects of Security Data integrity Data availability Data confidentiality Privacy

FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA – R.L.PROBERT 5 Responsibility and Control Accountability: how an audit trail is kept Authorization: who is responsible for each item and how is responsibility delegated to others

FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA – R.L.PROBERT 6 Integrity Mechanisms Techniques to ensure integrity Parity bits Checksums CRCs These cannot guarantee data integrity (e.g., against intentional change) Use of message authentication code (MAC) that cannot be broken or forged

FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA – R.L.PROBERT 7 Access Control and Passwords Passwords used to control access Over a network, passwords susceptible to snooping

FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA – R.L.PROBERT 8 Encryption and Confidentiality To ensure confidentiality of a transmitted message, use encryption Secret key or public key schemes encryptiondecryption message m Secret key S

FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA – R.L.PROBERT 9 Public Key Cryptosystem Each processor has private key S and public key P S is kept secret, and cannot be deduced from P P is made available to all processors Encryption and decryption with S and P are inverse functions: P(S(m)) = m and S(P(m)) = m

FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA – R.L.PROBERT 10 Message Digest Digest function maps arbitrary length message m to fixed length digest d(m) One-way function: given d(m), can't find m Collision-free: infeasible to generate m and m' such that d(m) = d(m')

FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA – R.L.PROBERT 11 Digital Signature To sign message m, sender computes digest d(m) Sender computes S(d(m)) and sends along with m Receiver computes P(S(d(m))) = d(m) Receiver computes digest of m and compares with result above; if match, signature is verified

FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA – R.L.PROBERT 12 Digital Signature

FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA – R.L.PROBERT 13 Sender: Alice Apply Key: verify compute Receiver: Bob doc

FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA – R.L.PROBERT 14 Internet Firewall Protect an organization’s computers from internet problems (firewall between two structures to prevent spread of fire)

FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA – R.L.PROBERT 15 Internet Firewall All traffic entering the organization passes through the firewall All traffic leaving the organization passes through the firewall The firewall implements the security policy and rejects any traffic that doesn’t adhere The firewall must be immune to security attacks

FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA – R.L.PROBERT 16 Packet Filtering Packet filter is embedded in router Specify which packets can pass through and which should be blocked

FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA – R.L.PROBERT 17 Using Packet Filters to Create a Firewall Three components in a firewall Packet filter for incoming packets Packet filter for outgoing packets Secure computer system to run application- layer gateways or proxies

FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA – R.L.PROBERT 18 Virtual Private Networks Two approaches to building corporate intranet for an organization with multiple sites: Private network connections (confidential) Public internet connections (low cost) Virtual Private Network Achieve both confidentiality and low cost Implemented in software

FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA – R.L.PROBERT 19 Virtual Private Network VPN software in router at each site gives appearance of a private network

FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA – R.L.PROBERT 20 Virtual Private Network Obtain internet connection for each site Choose router at each site to run VPN software Configure VPN software in each router to know about the VPN routers at other sites VPN software acts as a packet filter; next hop for outgoing datagram is another VPN router Each outgoing datagram is encrypted

FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA – R.L.PROBERT 21 Tunneling Desire to encrypt entire datagram so source and destination addresses are not visible on Internet How can internet routers do proper forwarding? Solution: VPN software encrypts entire datagram and places inside another for transmission Called IP-in-IP tunneling (encapsulation)

FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA – R.L.PROBERT 22 Tunneling Datagram from computer x at site 1 to computer y at site 2 Router R 1 on site 1 encrypts, encapsulates in new datagram for transmission to router R 2 on site 2

Other Security Methods

FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA – R.L.PROBERT 24 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity of the sender or a message. Encryption scrambles the contents of a message so that only the intended recipients can read it. Each user of PGP has a public and a private key. They are generated in matched pairs: a public key only ever works with its twin private key. A user's public key is not a secret and can be distributed widely. A user's private key however must be kept secret, and is protected by a pass phrase (like a password but longer). PGP – Pretty Good Privacy

FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA – R.L.PROBERT 25 A public key is used in two ways: Alice can authenticate a signed message from Bob using his public key. If the message matches Bob's public key then Alice can be sure that the message came from Bob. Alice can send a secure message to Bob by encrypting the message using Bob's public key. The only person who can decrypt the message is Bob. A private key also has two uses: Bob can send an authenticated message to Alice by signing it with his private key. Since Bob is the only person who has his private key (and the pass phrase that protects it), Alice knows that if the message matches Bob's public key, then it must have been sent by Bob. Bob can read a secure message sent by Alice by decrypting it with his private key. PGP – Pretty Good Privacy

FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA – R.L.PROBERT 26 The SSL (Secure Sockets Layer) Handshake Protocol was developed to provide security and privacy over the Internet. The SSL protocol runs in a "layer" above TCP/IP and below higher-level protocols such as HTTP or IMAP. The SSL protocol is able to negotiate encryption keys as well as authenticate the server before data is exchanged by the higher-level application. The SSL protocol maintains the security and integrity of the transmission channel by using encryption, authentication and message authentication codes. SSL (Secure Sockets Layer)

FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA – R.L.PROBERT 27 HTTPS stands for Hypertext Transfer Protocol over Secure Socket Layer, or HTTP over SSL. HTTPS encrypts and decrypts the page requests and page information between the client browser and the web server using a secure Socket Layer (SSL). SSL transactions are negotiated by means of a keybased encryption algorithm between the client and the server. HTTPS

FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA – R.L.PROBERT 28 Short for IP Security, IPsec is a set of protocols developed by the IETF to support secure exchange of packets at the IP layer. IPsec supports two encryption modes: Transport and Tunnel. Transport mode encrypts only the data portion (payload) of each packet, but leaves the header untouched. The more secure Tunnel mode encrypts both the header and the payload. On the receiving side, an IPSec-compliant device decrypts each packet. IPsec

FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA – R.L.PROBERT 29 Short for Secure Electronic Transaction, a standard that will enable secure credit card transactions on the Internet. SET has been endorsed by virtually all the major players in the electronic commerce arena, including Microsoft, Netscape, Visa, and Mastercard. By employing digital signatures, SET will enable merchants to verify that buyers are who they claim to be. It will protect buyers by providing a mechanism for their credit card number to be transferred directly to the credit card issuer for verification and billing without the merchant being able to see the number. SET – Secure Electronic Transactions

FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA – R.L.PROBERT 30 Summary Security is desirable but must be defined by an organization Assess value of information and define a security policy Aspects to consider include privacy and data integrity, availability, and confidentiality

FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA – R.L.PROBERT 31 Summary (continued) Mechanisms to provide aspects of security Encryption: secret and public key cryptosystems Firewalls: packet filtering Virtual private networks Use Internet to transfer data among organization’s sites but ensure that data cannot be read by others

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.