Chapter 20: Network Security Business Data Communications, 4e.

Slides:



Advertisements
Similar presentations
IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
Advertisements

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Internet Protocol Security (IP Sec)
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
SCSC 455 Computer Security Virtual Private Network (VPN)
Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.
Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.
Guide to Network Defense and Countermeasures Second Edition
Principles of Information Security, 2nd edition1 Cryptography.
Lecture 22 Internet Security Protocols and Standards
Kapitel 7: Securing Site-to-Site Connectivity
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
Chapter 18: Network Security Business Data Communications, 5e.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
Cryptographic Technologies
Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.
Lecture 22 Internet Security Protocols and Standards modified from slides of Lawrie Brown.
Chapter 8 Network Security 4/17/2017
Internet Protocol Security (IPSec)
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
Chapter 7: Securing Site-to-Site Connectivity
Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.
Network Security Sorina Persa Group 3250 Group 3250.
1 Message Authentication and Hash Functions Authentication Requirements Authentication Functions Message Authentication Codes Hash Functions Security of.
Network Security Essentials Fifth Edition by William Stallings Fifth Edition by William Stallings.
Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Securing Site-to-Site Connectivity Connecting Networks.
Acknowledgements: William Stallings.William Stallings All rights Reserved Session 4 Public Key Cryptography (Part 2) Network Security Essentials Application.
Computer Networks NYUS FCSIT Spring 2008 Milos STOLIC, Bs.C. Teaching Assistant
Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Linux Networking and Security Chapter 8 Making Data Secure.
“it is insufficient to protect ourselves with laws; we need to protect ourselves with mathematics.” Bruce Schneier.
Computer Networks with Internet Technology William Stallings Network Security.
Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Chapter 20: Network Security Business Data Communications, 4e.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
Network Security David Lazăr.
IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.
IP Security. P R E S E N T E D B Y ::: Semester : 8 ::: Year : 2009 Naeem Riaz Maria Shakeel Aqsa Nizam.
Encryption No. 1  Seattle Pacific University Encryption: Protecting Your Data While in Transit Kevin Bolding Electrical Engineering Seattle Pacific University.
William Stallings Data and Computer Communications Chapter 18 Network Security.
Network Security Chapter 8 12/13/ Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental.
CIS 325: Data Communications1 Chapter Seventeen Network Security.
PGP & IP Security  Pretty Good Privacy – PGP Pretty Good Privacy  IP Security. IP Security.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
UNIT-VIII Syllabus Application Layer – Network Security, Domain name system, SNMP, Electronic Mail; the World WEB, Multi Media.
Invitation to Computer Science 5 th Edition Chapter 8 Information Security.
Cryptography and Network Security (CS435) Part Thirteen (IP Security)
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Securing Access to Data Using IPsec Josh Jones Cosc352.
Network Security Chapter 8 Institute of Information Science and Technology. Chengdu University YiYong 2008 年 2 月 25 日.
IP Security
CSCI 465 Data Communications and Networks Lecture 26
IPSec Detailed Description and VPN
IPSecurity.
Network Security.
Chapter 8 Network Security.
Presentation transcript:

Chapter 20: Network Security Business Data Communications, 4e

2 Security Threats 8Passive attacks 8Eavesdropping on, or monitoring, transmissions 8Electronic mail, file transfers, and client/server exchanges are examples of transmissions that can be monitored 8Active attacks 8Modification of transmitted data 8Attempts to gain unauthorized access to computer systems

Business Data Communications, 4e 3 Encryption Methods 8The essential technology underlying virtually all automated network and computer security applications is cryptography 8Two fundamental approaches are in use: 8conventional encryption, also known as symmetric encryption 8public-key encryption, also known as asymmetric encryption

Business Data Communications, 4e 4 Conventional Encryption 8The only form of encryption prior to late 1970s 8Five components to the algorithm 8Plaintext: The original message or data 8Encryption algorithm: Performs various substitutions and transformations on the plaintext. 8Secret key: Input to the encryption algorithm. Substitutions and transformations performed depend on this key 8Ciphertext: Scrambled message produced as output. depends on the plaintext and the secret key 8Decryption algorithm: Encryption algorithm run in reverse. Uses ciphertext and the secret key to produce the original plaintext.

Business Data Communications, 4e 5 Conventional Encryption Operation

Business Data Communications, 4e 6 Conventional Encryption Requirements & Weaknesses 8Requirements 8A strong encryption algorithm 8Secure process for sender & receiver to obtain secret keys 8Methods of Attack 8Cryptanalysis 8Brute force

Business Data Communications, 4e 7 Data Encryption Standard (DES) 8Adopted in 1977, reaffirmed for 5 years in 1994, by NBS/NIST 8Plaintext is 64 bits (or blocks of 64 bits), key is 56 bits 8Plaintext goes through 16 iterations, each producing an intermediate value that is used in the next iteration. 8DES is now too easy to crack to be a useful encryption method

Business Data Communications, 4e 8 Triple DEA 8Alternative to DES, uses multiple encryption with DES and multiple keys 8With three distinct keys, TDEA has an effective key length of 168 bits, so is essentially immune to brute force attacks 8Principal drawback of TDEA is that the algorithm is relatively sluggish in software

Business Data Communications, 4e 9 Public-Key Encryption 8Based on mathematical functions rather than on simple operations on bit patterns 8Asymmetric, involving the use of two separate keys 8Misconceptions about public key encryption 8it is more secure from cryptanalysis 8it is a general-purpose technique that has made conventional encryption obsolete

Business Data Communications, 4e 10 Public-Key Encryption Components 8Plaintext 8Encryption algorithm 8Public key 8Private key 8Ciphertext 8Decryption algorithm

Business Data Communications, 4e 11 Public-Key Encryption Operation

Business Data Communications, 4e 12 Public-Key Signature Operation

Business Data Communications, 4e 13 Characteristics of Public-Key 8Infeasible to determine the decryption key given knowledge of the cryptographic algorithm and the encryption key. 8Either of the two related keys can be used for encryption, with the other used for decryption. 8Slow, but provides tremendous flexibility to perform a number of security-related functions 8Most widely used algorithm is RSA

Business Data Communications, 4e 14 Location of Encryption Devices 8Link encryption 8Each vulnerable communications link is equipped on both ends with an encryption device. 8All traffic over all communications links is secured. 8Vulnerable at each switch 8End-to-end encryption 8the encryption process is carried out at the two end systems. 8Encrypted data are transmitted unaltered across the network to the destination, which shares a key with the source to decrypt the data 8Packet headers cannot be secured

Business Data Communications, 4e 15 Conventional Encryption Key Distribution 8Both parties must have the secret key 8Key is changed frequently 8Requires either manual delivery of keys, or a third- party encrypted channel 8Most effective method is a Key Distribution Center (e.g. Kerberos)

Business Data Communications, 4e 16 Public-Key Encryption Key Distribution 8Parties create a pair of keys; public key is broadly distributed, private key is not 8To reduce computational overhead, the following process is then used: 1. Prepare a message. 2. Encrypt that message using conventional encryption with a one-time conventional session key. 3. Encrypt the session key using public-key encryption with recipient’s public key. 4. Attach the encrypted session key to the message and send it.

Business Data Communications, 4e 17 Digital Signature Process

Business Data Communications, 4e 18 Public Key Certificates 1. A public key is generated by the user and submitted to Agency X for certification. 2. X determines by some procedure, such as a face-to-face meeting, that this is authentically the user’s public key. 3. X appends a timestamp to the public key, generates the hash code of the result, and encrypts that result with X’s private key forming the signature. 4. The signature is attached to the public key.

Business Data Communications, 4e 19 Web Vulnerabilities 8Unauthorized alteration of data at the Web site 8Unauthorized access to the underlying operating system at the Web server 8Eavesdropping on messages passed between a Web server and a Web browser 8Impersonation

Business Data Communications, 4e 20 Methods for Improving Web Security 8Securing the Web site itself 8install all operating system security patches 8install the Web server software with minimal system privileges 8use a more secure platform 8Securing the Web application

Business Data Communications, 4e 21 Web Application Security 8Secure HyperText Transfer Protocol (SHTTP) 8Secure Sockets Layer (SSL) 8Web server packages should incorporate both of these protocols

Business Data Communications, 4e 22 Virtual Private Networks (VPNs) 8The use of encryption and authentication in the lower protocol layers to provide a secure connection through an otherwise insecure network, typically the Internet. 8Generally cheaper than real private networks using private lines but rely on having the same encryption and authentication system at both ends. 8The encryption may be performed by firewall software or possibly by routers.

Business Data Communications, 4e 23 IPSec 8Can secure communications across a LAN, WANs, and/or the Internet 8Examples of use: 8Secure branch office connectivity over the Internet 8Secure remote access over the Internet 8Establishing extranet and intranet connectivity with partners 8Enhancing electronic commerce security

Business Data Communications, 4e 24 Benefits of IPSec 8When implemented in a firewall or router, provides strong security for all traffic crossing the perimeter 8IPSec in a firewall is resistant to bypass 8Runs below the transport layer (TCP, UDP) and so is transparent to applications 8Can be transparent to end users 8Can provide security for individual users if needed

Business Data Communications, 4e 25 IPSec Functions 8IPSec provides three main facilities 8authentication-only function referred to as Authentication Header (AH) 8combined authentication/encryption function called Encapsulating Security Payload (ESP) 8a key exchange function 8For VPNs, both authentication and encryption are generally desired

Business Data Communications, 4e 26 ESP Encryption & Authentication

Business Data Communications, 4e 27 IPSec Key Management 8Manual 8System administrator manually configures each system with its own keys and with the keys of other communicating systems 8Practical for small, relatively static environments 8Automated 8Enables the on-demand creation of keys for SAs and facilitates the use of keys in a large distributed system 8Most flexible but requires more effort to configure and requires more software

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.