Securing Insecure Networks SSL/TLS & IPSec. 4-1: Cryptographic System Copyright Pearson Prentice-Hall 2010 2.

Slides:



Advertisements
Similar presentations
Encrypting Wireless Data with VPN Techniques
Advertisements

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
VOYAGER: Yet Another Secure Web Browser to Demonstrate Secure Socket Layer Working and Implementation By : Shrinivas G. Deshpande Advisor: Dr. Chung E.
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
Final Presentation Topics 1) Firewalls 1) Firewalls 2) Virtual Private Networks 2) Virtual Private Networks 3) Secure Socket Layer 3) Secure Socket Layer.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
SCSC 455 Computer Security Virtual Private Network (VPN)
Guide to Network Defense and Countermeasures Second Edition
Virtual Private Networks and IPSec
Lecture 22 Internet Security Protocols and Standards
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Lecture 22 Internet Security Protocols and Standards modified from slides of Lawrie Brown.
Internet Protocol Security (IPSec)
1 © J. Liebeherr, All rights reserved Virtual Private Networks.
NetComm Wireless VPN Functionality Feature Spotlight.
Network Services Lesson 6. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Setting up common networking services Understanding.
Understanding VPN Concepts Virtual Private Network (VPN) enables computers to –Communicate securely over insecure channels –Exchange private encrypted.
Copyright © 2015 Pearson Education, Inc. Chapter 3 Chapter 3.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
Secure Socket Layer (SSL)
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
1 Chapter 8 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
Chapter 4. Copyright Pearson Prentice-Hall 2010  Chapter 3 introduces cryptographic elements that may be needed in a dialogue  Chapter 4 focuses on.
Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)
Chapter 4.  Chapter 3 introduces cryptographic elements that may be needed in a dialogue  Chapter 4 focuses on important cryptographic system standards,
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
1 Chapter 8 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications ◦The client requested data.
C3 confidentiality classificationIntegrated M2M Terminals Introduction Vodafone MachineLink 3G v1.0 1 Vodafone MachineLink 3G VPN functionality Feature.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Tunneling and Securing TCP Services Nathan Green.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
Cryptography Chapter 3 Copyright Pearson Prentice Hall 2013.
Chapter 32 Internet Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Cryptography Chapter 3 Copyright Pearson Prentice Hall 2013.
Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.
Chapter 14 Network Encryption
Cryptography Chapter 3 Copyright Pearson Prentice Hall 2013.
 authenticated transmission  secure tunnel over insecure public channel  host to host transmission is typical  service independent WHAT IS NEEDED?
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 27 November 23, 2004.
© 2015 Pearson Education Ltd. Chapter 3 Chapter 3.
Securing Access to Data Using IPsec Josh Jones Cosc352.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
Cryptography Chapter 3 Copyright Pearson Prentice Hall 2013.
Lecture 10 Page 1 CS 236 Online SSL and TLS SSL – Secure Socket Layer TLS – Transport Layer Security The common standards for securing network applications.
Virtual Private Networks and IPSec
Virtual Private Network (VPN)
UNIT.4 IP Security.
Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls
Unit 8 Network Security.
Presentation transcript:

Securing Insecure Networks SSL/TLS & IPSec

4-1: Cryptographic System Copyright Pearson Prentice-Hall

Cryptographic System Standards  Transmission across Un-trusted Networks  Internet, Wireless LAN’s, etc.  Companies will (should) apply Cryptographic Systems  Virtual Private Network (VPN)  SSL/TLS  Secure Socket Layer/Transport Layer Security  Non-Transparent, doesn’t automatically protect application messages.  Only messages from applications that are SSL/TSL aware  Web Browsers/Web Servers; Many  But there’s a problem But there’s a problem  IPsec  Operates on the Internet layer  Everything in IP packet data file is protected  Transparent protection – applications and transport layer are protected (see Module A) Copyright Pearson Prentice-Hall LayerHybrid TCP/IP-OSI Application InternetTransport (TCP, UDP) IP Single NetworkData Link Physical

4-2: Virtual Private Networks (VPNs) Copyright Pearson Prentice-Hall

Host-to-Host VPNs  Connect one Client to one Server Copyright Pearson Prentice-Hall

4-3: Host-to-Host SSL/TLS VPN Copyright Pearson Prentice-Hall

Remote Access VPNs  Connects a single Client to a Network  Connection is to a VPN Gateway  Used for Authentication and Access Control  Depending on Access Authorization connection can be to multiple computers on the network.  Uses SSL/TSL between Browser and Gateway  The Gateway is a WebServer to SSL/TSL  SSL/TSL protects messages between client and Gateway  Gateway authenticates with the client via Public Key Authentication Copyright Pearson Prentice-Hall

Types of Remote Access Connections  Web server  Database server  Gateway translates browser requests to Queries to database  Gateway translates database response to web pages “webifies”  Router  Connection to subnet of network Copyright Pearson Prentice-Hall

4-5: SSL/TLS and Remote Access VPN Using a Gateway Copyright Pearson Prentice-Hall

4-4: SSL/TLS Handshaking Phase Copyright Pearson Prentice-Hall StepSenderName of Message Semantics (Meaning) 1ClientClient HelloClient requests secure connection. Client lists cipher suites it supports. 2ServerServer HelloServer indicates willingness to proceed. Selects a cipher suite to use in the session. 3ServerCertificateServer sends its digital certificate containing its public key. (Client should check the certificate’s validity.) 4ServerServerHelloDoneServer indicates that its part in the initial introduction is finished. Stage 1 Stage 2 & 3 ???

4-4: SSL/TLS Handshaking Phase Copyright Pearson Prentice-Hall StepSenderName of Message Semantics (Meaning) 5ClientClientKey Exchange Client generates a random symmetric session key. Encrypts it with the server’s public key. It sends this encrypted key to the server. Only the server can decrypt the key, using the server’s own private key. The server decrypts the session key. Both sides now have the session key. 6ClientChangeCipher Spec* Client changes selected cipher suite from pending to active. 7ClientFinishClient indicates that its part in the initial introduction is finished. *Not cipher suite. Key Exchange using public key encryption for confidentiality Key Exchange using public key encryption for confidentiality Stage 2 & 3

4-4: SSL/TLS Handshaking Phase Copyright Pearson Prentice-Hall StepSenderName of MessageSemantics (Meaning) 8ServerChangeCipherSpec*Server changes selected cipher suite from pending to active. 9ServerFinishServer indicates that its role in selecting options is finished. 10Ongoing communication stage begins *Not cipher suite.

Copyright Pearson Prentice-Hall

Site-to-Site VPNs  Protects all traffic between two sites  VPN Gateway on both ends of transmission  VPN Gateway’s encrypt/decrypt messages Copyright Pearson Prentice-Hall

IPsec Modes  Transport (Host-to-Host)  Protects messages from host-to-host  Over the internet and Internet  Requires installing IPsec on each client/server (not built into browser)  Costly  Eliminates ability of Firewall to filter content as it is encrypted  Tunnel (Site-to-Site)  Protects messages between VPN Gateways over the Internet  Less Costly than Transport  Firewall can filter content Copyright Pearson Prentice-Hall

IPsec Operation: Transport Mode Copyright Pearson Prentice-Hall End-to-End Security (Good) 1. End-to-End Security (Good) 2. Security in Site Network (Good) 2. Security in Site Network (Good) 3. Setup Cost On Each Host (Costly) 3. Setup Cost On Each Host (Costly)

IPsec Operation: Tunnel Mode Copyright Pearson Prentice-Hall No Security in Site Network (Bad) 2. No Security in Site Network (Bad) 3. No Setup Cost On Each Host (Good) 3. No Setup Cost On Each Host (Good)

4-8: Comparing IPsec Transport and Tunnel Modes Copyright Pearson Prentice-Hall CharacteristicTransport ModeTunnel Mode Uses an IPsec VPN Gateway? NoYes Cryptographic Protection All the way from the source host to the destination host, including the Internet and the two site networks. Only over the Internet between the IPsec gateways. Not within the two site networks. Setup CostsHigh. Setup requires the creation of a digital certificate for each client and significant configuration work. Low. Only the IPsec gateways must implement IPsec, so only they need digital certificates and need to be configured.

4-8: Comparing IPsec Transport and Tunnel Modes Copyright Pearson Prentice-Hall CharacteristicTransport ModeTunnel Mode Firewall FriendlinessBad. A firewall at the border to a site cannot filter packets because the content is encrypted. Good. Each packet is decrypted by the IPsec gateway. A border firewall after the IPsec gateway can filter the decrypted packet. The “Bottom Line”End-to-end security at high cost. Low cost and protects the packet over the most dangerous part of its journey.

4-6: IP Security (IPsec) versus SSL/TLS Copyright Pearson Prentice-Hall SSL/TLSIPsec Cryptographic security standardYes Cryptographic security protectionsGoodGold Standard Supports central managementNoYes Complexity and expenseLowerHigher Layer of operationTransportInternet Transparently protects all higher-layer traffic NoYes Works with IPv4 and IPv6NAYes Modes of operationNATransport, Tunnel

4-9: IPsec Security Associations Copyright Pearson Prentice-Hall Kind of like a cipher suite

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.