Internet Security - Farkas1 CSCE 813 Midterm Topics Overview.

Slides:



Advertisements
Similar presentations
Encrypting Wireless Data with VPN Techniques
Advertisements

Internet Protocol Security (IP Sec)
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
Internet Security CSCE 813 Network Access Layer Security Protocols.
Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 
October 22, 2002Serguei A. Mokhov, 1 Intro to Internet-services from Security Standpoint, Part II SOEN321-Information-Systems Security.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
Internet Protocol Security (IPSec)
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
1 © J. Liebeherr, All rights reserved Virtual Private Networks.
VPN TUNNELING PROTOCOLS PPTP, L2TP, L2TP/IPsec Ashkan Yousefpour Amirkabir University of Technology.
Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.
What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)
Protocol Basics. IPSec Provides two modes of protection –Tunnel Mode –Transport Mode Authentication and Integrity Confidentiality Replay Protection.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet.
WAN Technologies Dial-up modem connections
Secure Socket Layer (SSL)
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Advanced Higher Computing Computer Networking Topic 1: Network Protocols and Standards.
An Introduction to Encrypting Messages on the Internet Mike Kaderly INFS 750 Summer 2010.
CIT 384: Network AdministrationSlide #1 CIT 384: Network Administration VPNs.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
Internet Security - Farkas1 CSCE 813 Internet Security TCP/IP.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Web Security : Secure Socket Layer Secure Electronic Transaction.
Chapter 21 Distributed System Security Copyright © 2008.
Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
Karlstad University IP security Ge Zhang
11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 
IPSec ● IP Security ● Layer 3 security architecture ● Enables VPN ● Delivers authentication, integrity and secrecy ● Implemented in Linux, Cisco, Windows.
IP Security: Security Across the Protocol Stack. IP Security There are some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.
Chapter 32 Internet Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Virtual Private Network. ATHENA Main Function of VPN  Privacy  Authenticating  Data Integrity  Antireplay.
IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.
IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.
CSCE Farkas1 CSCE 522 Network Security. Reading Pfleeger and Pfleeger: Chapter 6 CSCE Farkas2.
V IRTUAL P RIVATE N ETWORKS K ARTHIK M OHANASUNDARAM W RIGHT S TATE U NIVERSITY.
Internet Security CSCE 813 IPsec. CSCE813 - Farkas2 TCP/IP Protocol Stack Application Layer Transport Layer Network Layer Data Link Layer.
IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
Advanced Higher Computing Computer Networking Topic 1: Network Protocols and Standards.
Securing Access to Data Using IPsec Josh Jones Cosc352.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
IPSecurity.
Virtual Private Networks
Chapter 18 IP Security  IP Security (IPSec)
IT443 – Network Security Administration Instructor: Bo Sheng
UNIT.4 IP Security.
Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls
Cengage Learning: Computer Networking from LANs to WANs
Network Security 4/21/2019 Raj Rajarajan.
Virtual Private Network zswu
Presentation transcript:

Internet Security - Farkas1 CSCE 813 Midterm Topics Overview

Network Attacks Classifications – Passive vs. Active – Against security objectives What are the security objectives? – Attacker’s activities Give some examples Internet Security - Farkas2

Forward Secrecy Compromised key: permits the disclosure of the data encrypted by the compromised key. No additional keys can be generated from the compromised key. Perfect Forward Secrecy: compromise of a single key will permit access to only data protected by a single key Internet Security - Farkas3 Why PFS is important for security protocols?

Protection Protection at storage Protection during usage Protection during transmission Give an example attack and consequences for each What are the basic security technologies? Internet Security - Farkas4

5 Communication Security Security Protocols Cryptographic protocols Services: secrecy, integrity, authentication, key exchange, non-repudiation, etc. Components: communicating parties (nodes), trusted third party, encryption algorithms, hash functions, timestamps, nonce, etc.

Internet Security - Farkas6 Security Properties – Authentication of Origin Verify – Who sent the message? – Who sent the message to whom? – Who sent the message to whom and how many times?

Internet Security - Farkas7 Security Properties What is – Non-interference – Message confidentiality – Sender authentication – Message authentication – Message integrity – Replay protection – …? How can we support – Non-interference – Message confidentiality – Sender authentication – Message authentication – Message integrity – Replay protection – …? Why do we need protocol analysis?

Internet Security - Farkas8 Attacks Known attacks – Can be picked up by careful inspection Non-intuitive attacks – Not easily apparent – May not depend on flaws or weaknesses of cryptographic algs. – Use variety of methods, e.g., statistical analysis, subtle properties of crypto algs., etc.

Internet Security - Farkas9 TCP/IP Protocol Stack Application Layer Transport Layer Internetwork Layer Network Access Layer How does the TCP/IP stack compares to the ISO-OSI model? Why is layering a good idea? How does layering impact the security capabilities? What are the main protocols for each layer? How do these protocols support security?

What are the main security capabilities supported by the security protocols? Internet Security - Farkas10

Internet Security - Farkas11 Security -- At What Layer? Where to implement security? Basic services that need to be implemented: Key management Confidentiality Nonrepudiation Integrity/authentication Authorization What are the security technologies supporting these services?

Internet Security - Farkas12 Network Access Layer Responsible for packet transmission on the physical media Protocols: Ethernet, Token Ring, Asynchronous Transfer Mode (ATM) How does Ethernet support security? Application Layer Transport Layer Network Layer Network Access L

Virtual Private Network L2TP: combines Layer 2 Forwarding (L2F) and Point-to-Point Tunneling Protocol (PPTP) What does tunneling mean? Who can create a tunnel? CSCE Farkas13

CSCE Farkas14 L2TP Protocol Tunnel components – Control channel (reliable): control sessions and tunnel – Data channel (unreliable): created for each call What is the level of protection between Client 1 & LAC? LAC & LNS? Control Session 1 (Call ID 1) Session 2 (Call ID 2) LACLNS Client 1 Client 2 Service 1 Service 2

CSCE Farkas15 L2TP and IPSec L2TP is NOT secure without the support of IPSec What are the attacks to consider?

CSCE813 - Farkas16 TCP/IP Protocol Stack Application Layer Transport Layer Network Layer Data Link Layer Packaging Addressing Routing What are the supported security protocols? What is the effect of standardization on security?

CSCE813 - Farkas17 Internet Engineering Task Force Standardization IPv6 development requirements: Strong security features 1992: IPSEC WG (IETF) – Define security architecture – Standardize IP Security Protocol and Internet Key Management Protocol 1998: revised version of IP Security Architecture – IPsec protocols (two sub-protocols AH and ESP) – Internet Key Exchange (IKE)

CSCE813 - Farkas18 IP Security Overview IPSec: method of protecting IP datagrams – Data origin authentication – Connectionless data integrity authentication – Data content confidentiality – Anti-replay protection – Limited traffic flow confidentiality

CSCE813 - Farkas19 IP Security Architecture IPsec module 1 IPsec module 2 SPD SAD SPD IKE IPsec SA

Internet Security - Farkas20 The Domain Name System Why is it needed? Is this secure? What are the security concerns? Good reading: SANS Institute: Security Issues with DNS, room/whitepapers/dns/security-issues-dns-1069http:// room/whitepapers/dns/security-issues-dns-1069

Internet Security - Farkas21 Transport Layer Host-to-host transportation of packets Services: – Connection-oriented or connectionless – Reliable or unreliable TCP, UDP Application Layer Transport Layer Network Layer Data Link Layer What are the TL security protocols?

CSCE Farkas22 Security Requirements – Key management – Confidentiality – Repudiation – Integrity/authentication – Authorization What are the advantages supporting security at this layer? Which are the most popular transport layer security protocols?

CSCE Farkas23 Transport Layer Security Protocols Connectionless and connection-oriented transport layer service: Security Protocol 4 (SP4) – NSA, NIST, Transport Layer Security Protocol (TLSP) – ISO Connection-oriented transport layer service: – Encrypted Session Manager (ESM) – AT&T Bell Labs. – Secure Socket Layer (SSL) – Netscape Communications – Transport Layer Security (TLS) – IETF TLS WG Most popular transport layer security protocols

Internet Security - Farkas24 Application Layer Provides applications that can access services at the other layers, e.g., telnet (port 23), mail (port 25), finger (port 79) New services and protocols are always being developed Application Layer Transport Layer Network Layer Data Link Layer

CSCE Farkas25 Approaches Provide security system that can be used by different applications – Develop authentication and key distribution models Enhance application protocol with security features – Need to enhance each application

CSCE Farkas26 Third Party Authentication 1.Request ticket- granting ticket 2. Ticket + session key 3. Request service- granting ticket 4. Ticket + session key Client KDC TGS Server 5. Request service 6. Provide server authentication Once per user logon session Once per service session Once per type of service Kerberos Cerberus

CSCE Farkas27 Security-Enhanced Application Protocol Applications: – Terminal access – File transfer – Electronic mail – WWW transactions – DNS – Distributed file system

CSCE Farkas28 SSH Use generic transport layer security protocol over TCP/IP Support for – Host and user authentication – Data compression – Data confidentiality – Integrity protection Server listens for TCP connection on port 22, assigned to SSH

CSCE Farkas29 PGP: Confidentiality and Authentication E D M HE K A private c K A private [H(M)] M E KsKs K B public c K B public (K s ) K s [M+H(M)] D K B private D KsKs K A public Compare H Sender A Receiver B

Summary of Advantages and Disadvantages of Supporting Security at Different Layers Internet Security - Farkas30

Internet Security - Farkas31 Network Access Layer Security Dedicated link between hosts/routers  hardware devices for encryption Advantages: – Speed Disadvantages: – Not scaleable – Works well only on dedicates links – Two hardware devices need to be physically connected

Internet Security - Farkas32 Internetwork Layer Security IP Security (IPSec) Advantages: – Overhead involved with key negotiation decreases <-- multiple protocols can share the same key management infrastructure – Ability to build VPN and intranet Disadvantages: – Difficult to handle low granularity security, e.g., nonrepudation, user-based security,

Internet Security - Farkas33 Transport Layer Security Advantages: – Does not require enhancement to each application Disadvantages: – Difficult to obtain user context – Implemented on an end system – Protocol specific  implemented for each protocol

Internet Security - Farkas34 Application Layer Security Advantages: – Executing in the context of the user --> easy access to user’s credentials – Complete access to data --> easier to ensure nonrepudation – Application can be extended to provide security (do not depend on the operating system) – Application understand data --> fine tune security Disadvantages: – Implemented in end hosts – Security mechanisms have to be implemented for each application --> –expensive –greated probability of making mistake

Internet Security - Farkas35 Next Class: Web Application Security

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.