Network/Information Security z“The terms network security and information security refer in a broad sense to confidence that information and services available.

Slides:

Advertisements

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Advertisements

Internet Protocol Security (IP Sec)

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Cryptography and Network Security

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication Security Security Secure Sockets Layer Secure.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Part 5:Security Network Security (Access Control, Encryption, Firewalls)

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.

CSCI 6962: Server-side Design and Programming

1 Chapter 8 Securing Information Systems. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.

CSE 4482, Fall 2009, D Chan Session 2 – Common Security Techniques.

Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.

32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.

Secure Socket Layer (SSL)

Chapter 13 – Network Security

Firewall and Internet Access Mechanism that control (1)Internet access, (2)Handle the problem of screening a particular network or an organization from.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

Chapter 37 Network Security. Aspects of Security data integrity – data received should be same as data sent data availability – data should be accessible.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

Cryptography, Authentication and Digital Signatures

©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.

Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.

1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.

Tunneling and Securing TCP Services Nathan Green.

1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.

1 Class 15 System Security. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized data access,

Chapter 8 – Network Security Two main topics Cryptographic algorithms and mechanisms Firewalls Chapter may be hard to understand if you don’t have some.

CS 4244: Internet Programming Security 1.0. Introduction Client identification and cookies Basic Authentication Digest Authentication Secure HTTP.

Chapter 32 Internet Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Internet Security and Firewall Design Chapter 32.

Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.

Chapter 40 Network Security (Access Control, Encryption, Firewalls)

Computer Science Lecture 23, page 1 CS677: Distributed OS Security: Focus of Control Three approaches for protection against security threats a)Protection.

Secure Socket Layer SSL and TLS. SSL Protocol Peer negotiation for algorithm support Public key encryptionPublic key encryption -based key exchange and.

Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.

1 6 Chapter 6 Implementing Security for Electronic Commerce.

Securing Access to Data Using IPsec Josh Jones Cosc352.

1 Network Security. 2 Security Services Confidentiality: protection of any information from being exposed to unintended entities. –Information content.

The Secure Sockets Layer (SSL) Protocol

Secure Sockets Layer (SSL)

Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls

The Secure Sockets Layer (SSL) Protocol

Unit 8 Network Security.

Advanced Computer Networks

Presentation transcript:

Network/Information Security z“The terms network security and information security refer in a broad sense to confidence that information and services available on a network cannot be accessed by unauthorized users.” (Comer 1995) zNeed to protect yPhysical resources (disks, computers, cables, bridges, routers, etc.) yAbstract resources (information)

Security Requirements zData integrity - protecting information from unauthorized change. zData availability - guaranteeing that outsiders cannot prevent legitimate data access. zConfidentiality/Privacy - preventing unauthorized listening.

Security Requirements (contd..) zAuthentication - ensuring that a message indeed originated from its apparent source. zNon-repudiation - ensuring that a party to a transaction cannot subsequently deny that this transaction took place.

Internet Security Mechanisms zAuthentication Mechanisms: IP source authentication, Public key encryption zPrivacy Mechanism: Encryption zAccess Control Mechanisms: Internet firewall zAuthentication and privacy mechanisms can be added to application programs. Access control requires basic changes to Internet infrastructure.

IP Source Authentication zServer maintains a list of valid IP source addresses. zWeak because it can be broken easily. zAn imposter can gain control of an intermediate router and impersonate an authorized client. zAn imposter can also impersonate a server.

Public Key Encryption System zEach end-entity has a cryptographic key pair ya private key that is kept secret at that end- entity, and ya public key which is distributed. zKeys, which are large integers, are used to encode and decode messages. zA message encoded using one key can be decoded using the other.

Public Key Encryption System (contd.) zMessage encrypted by a public key can only be decrypted by the holder of the corresponding private key. zPrivate key can be used to generate a digital signature and anyone knowing the public key can authenticate it. zGuessing or calculating the secret private key is an extremely difficult task.

Public Key Encryption System (contd.) zPublic key encryption scheme can also handle the problem of privacy. zSender uses the receiver’s public key to encode the message. Receiver uses it’s private key to decode the message. zMessages can be encoded twice to authenticate the sender and to enforce privacy. First with the sender’s private key and then with the receiver’s public key.

Certificates and Certification Authorities zTo ensure authenticity, public keys are generally distributed in the form of certificates. zA certificate contains ya public key value yidentity of the holder of the corresponding private key ydigital signature of the certification authority (CA)

Certificates and Certification Authorities (contd.) zA CA is a trusted party whose public key is known, e.g., VeriSign, Inc. zThe recipient uses the public key of the CA, to decrypt the sender's public key in the certificate. zThe most vulnerable part of this method is the CA’s private key, which is used to digitally sign the certificate.

SSL Handshake z ClientKeyExchange A random challenge, encrypted with the server’s public key Certificate Server sends its certificate ServerHello Server selects a cipher suite, usually RSA ClientHello A list of cipher suites supported CLIENTSERVER HTTP communication begins over the secure channel Messages exchanged in a typical SSL handshake Source: Abbott, S The Debate for Secure E-Commerce. Performance Computing, February 1999, p.p

Secure Sockets Layer (SSL) zThe leading security protocol on the internet. Developed by Netscape. zAt the start of an SSL session, the browser sends its public key to the server. zServer uses the browser’s public key to encrypt a secret key and sends it to the browser. zDuring the session, the server and browser exchange data via secret key encryption.

SSL (contd.) zSSL has merged with other protocols and authentication methods to create a new protocol known as Transport Layer Security (TLS). zTypically only server authentication is done. Authentication of browser’s (user’s) identity requires certificates to be issued to users.

Internet Firewalls zFirewall protects an organization’s internal networks, routers, computers, and data against unauthorized access. zSecurity perimeter involves installing a firewall at each external connection. zFor effective control all firewalls must use exactly the same access restrictions.

Internet Firewall Implementation zA firewall must handle datagrams at the same speed as the connection to the outside world. zTo operate at network speeds, routers include a high-speed filtering mechanism. zFilters form the basic building blocks of a firewall.

Packet Filters zProvides a basic level of network security at the IP level. zFiltering is based on any combination of source IP address, destination IP address, protocol, source protocol port number, and destination protocol port number. zPacket filters do not maintain context or understand the application they are dealing with.

Packet Filters zSpecifying the datagrams that should be filtered is not very effective. zInstead we specify which datagrams to admit. zSecurity concerns yIP spoofing (mimicing IP addresses of trusted machines) yIP tunneling (one datagram is temporarily encapsulated in another)

Packet Filters z“If an organization’s firewall restricts incoming datagrams except for ports that correspond to services the organization makes available externally, an arbitrary application inside the organization cannot become a client of a server outside the organization.” (Comer, 1995)

Proxy Firewalls zMost secure form of firewall zAll incoming traffic is tunneled to the appropriate proxy gateway for mail, HTTP, FTP, etc. zProxies then direct the information to the internal network. zProxies are applications that make decisions based on context, authorization, & authentication rules instead of IP addresses.

Proxy Firewalls (contd.) zProxy firewall operates at the highest level of the protocol stack. zProxies are relays between the Internet and the organization’s private network. zProxy’s firewall address is the only one available to the outside world. zSome firewalls combine router and proxy techniques to provide more security.