McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 14 Network Security: Firewalls and VPNs.

Slides:



Advertisements
Similar presentations
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Advertisements

Security at the Network Layer: IPSec
McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
Part 5:Security Network Security (Access Control, Encryption, Firewalls)
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Chapter 29 Internet Security
McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
Network Security Sorina Persa Group 3250 Group 3250.
Network Security Chapter Computer Networks, Fifth Edition by Andrew Tanenbaum and David Wetherall, © Pearson Education-Prentice Hall, 2011.
13.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 13 Digital Signature.
Chapter 13 Digital Signature
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.
©Brooks/Cole, 2003 Chapter 16 Security. ©Brooks/Cole, 2003 Define four aspects of security in a network: privacy, authentication, integrity, and nonrepudiation.
Pretty Good Privacy by Philip Zimmerman presented by: Chris Ward.
Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).
Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction)
Secure connections.
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
Network Security. Information secrecy-only specified parties know the information exchanged. Provided by criptography. Information integrity-the information.
16.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 16 Security at the Application Layer: PGP and.
Linux Networking and Security Chapter 8 Making Data Secure.
Security.  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.
Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display Chapter 10 Network Security.
Chapter 37 Network Security. Aspects of Security data integrity – data received should be same as data sent data availability – data should be accessible.
Dr. L. Christofi1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security.
Krerk Piromsopa. Network Security Krerk Piromsopa. Department of Computer Engineering. Chulalongkorn University.
©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Security PART VII.
Internet Security. Four Issues of Internet Security Authenticity: Is the sender of a message who they claim to be? Privacy: Are the contents of a message.
McGraw-Hill © ©The McGraw-Hill Companies, Inc., 2004 Chapter 31 Security Protocols in the Internet.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2001 Chapter 23 Upper OSI Layers.
Chapter 16 Security Introduction to CS 1 st Semester, 2012 Sanghyun Park.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2003 Chapter 19 Data Encryption.
Network Security David Lazăr.
IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Security.
11-Basic Cryptography Dr. John P. Abraham Professor UTPA.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Chapter 30 Message Security, User Authentication, and Key Management.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 29 Internet Security.
24-Nov-15Security Cryptography Cryptography is the science and art of transforming messages to make them secure and immune to attacks. It involves plaintext,
Chapter 32 Internet Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
TCP/IP Protocol Suite 1 Chapter 30 Security Credit: most slides from Forouzan, TCP/IP protocol suit.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Security PART VII.
1 CMPT 471 Networking II Authentication and Encryption © Janice Regan,
Virtual Private Network. ATHENA Main Function of VPN  Privacy  Authenticating  Data Integrity  Antireplay.
Encryption Basics Module 7 Section 2. History of Encryption Secret - NSA National Security Agency –has powerful computers - break codes –monitors all.
PGP & IP Security  Pretty Good Privacy – PGP Pretty Good Privacy  IP Security. IP Security.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Group 9 Chapter 8.3 – 8.6. Public Key Algorithms  Symmetric Key Algorithms face an inherent problem  Keys must be distributed to all parties but kept.
Security in many layers  Application Layer –  Transport Layer - Secure Socket Layer  Network Layer – IPsec (VPN)  Link Layer – Wireless Communication.
©Brooks/Cole, 2003 Chapter 16 Security. ©Brooks/Cole, 2003 Define four aspects of security in a network: privacy, authentication, integrity, and nonrepudiation.
Privacy and Security Topics From Greenlaw/Hepp, In-line/On-line: Fundamentals of the Internet and the World Wide Web 1 Introduction Known Information Software.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter Twelve Network Security.
Security Outline Encryption Algorithms Authentication Protocols
Security Protocols in the Internet
Security in Network Communications
Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls
Unit 8 Network Security.
Presentation transcript:

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 14 Network Security: Firewalls and VPNs

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 List and distinguish between the four conditions of security. Understand how privacy can be achieved through encryption/ decryption. Understand the digital signature concept and how it can be used to provide authentication, integrity, and nonrepudiation. Understanding firewalls and their use in isolating an organization from intruders. After reading this chapter, the reader should be able to: O BJECTIVES

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 O BJECTIVES (continued) Understand the different access control methods. Be familiar with VPN technology and how it provides privacy.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 INTRODUCTIONINTRODUCTION 14.1

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Figure 14-1 Aspects of security

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 PRIVACYPRIVACY 14.2

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Figure 14-2 Secret-key encryption

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 In secret-key encryption, the same key is used by the sender (for encryption) and the receiver (for decryption). The key is shared. Note:

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Business Focus: DES One common method of secret-key encryption is the data encryption standard (DES). DES was designed by IBM and adopted by the U.S. government as the standard encryption method for nonmilitary and nonclassified use. The algorithm manipulates a 64-bit plaintext with a 56-bit key. The text is put through 19 different and very complex procedures to create a 64- bit ciphertext.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Figure 14-3 Public-key encryption

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Technical Focus: RSA One popular public-key encryption technique is called RSA. The technique uses number theory and the fact that it is easy to create two large numbers and multiply them, but difficult to find the original numbers when the product is given. The public key is made of two large numbers (n and e). The private key is made of two numbers (n and d). The encryption algorithm is C  P e mod n The receiver uses the same procedure but with the private key numbers as shown: C  P d mod n

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 DIGITALSIGNATUREDIGITALSIGNATURE 14.3

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Figure 14-4 Signing the whole document

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Digital signature cannot be achieved using secret-key encryption. Note:

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Digital signature does not provide privacy. If there is a need for privacy, another layer of encryption/decryption must be applied. Note:

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Figure 14-5 Signing the digest

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Figure 14-6 Sender site

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Figure 14-7 Receiver site

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 SECURITY IN THE INTERNETSECURITY INTERNET 14.4

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Technical Focus: Pretty Good Privacy (PGP) Pretty Good Privacy (PGP), invented by Phil Zimmermann, is an example of a security scheme designed to provide all four aspects of security (privacy, integrity, authentication, and nonrepudiation) in the sending of . PGP uses digital signature to provide integrity, authentication, and non- repudiation. It uses a combination of secret-key and public- key encryption to provide privacy. Specifically, it uses one hash function, one secret key, and two private-public key pairs.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Technical Focus: AH and ESP IPSec uses two protocols: authentication header (AH) and encapsulating security payload (ESP) to achieve security. The authentication header (AH) protocol is designed to provide integrity. The method involves a digital signature using a hashing function. The message digest created by applying the hashing function is included in a header (AH header), and inserted between the IP header and transport-layer data and header. The AH protocol does not provide privacy, only integrity and message authentication (digital signature). IPSec defines another protocol that provides privacy as well as a combination of integrity and message authentication. This protocol is called encapsulating security payload (ESP).

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 FIREWALLSFIREWALLS 14.5

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Figure 14-8 Firewall

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 A proxy firewall filters at the application layer. Note:

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 VIRTUALPRIVATENETWORKSVIRTUALPRIVATENETWORKS 14.6

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Figure 14-9 Private network

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Figure Hybrid network

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Figure Virtual private network

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 ACCESSCONTROLACCESSCONTROL 14.4

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Figure Access control methods

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.