Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network security Presentation AFZAAL AHMAD ABDUL RAZAQ AHMAD SHAKIR MUHAMMD ADNAN WEB SECURITY, THREADS & SSL.

Published byAsiya Jan Modified over 7 years ago

Similar presentations

Presentation on theme: "Network security Presentation AFZAAL AHMAD ABDUL RAZAQ AHMAD SHAKIR MUHAMMD ADNAN WEB SECURITY, THREADS & SSL."— Presentation transcript:

1

2 Network security Presentation

3 AFZAAL AHMAD 14241556-031 ABDUL RAZAQ AHMAD SHAKIR 14241556-009 MUHAMMD ADNAN 14241556-043 WEB SECURITY, THREADS & SSL (secure socket layer)

4 Types of Threats 1:Worm Worm is an Types of virus that replicates itself but don’t alter the file. 2:Logic Bomb Logic bomb is an Programming code that made by programmer. Trojan Horse Trojan Horse is an Programming code that attach to your system and monitor activates and sent to the attacker RATS Special Type of Trojan horse that remotely monitor your activates

5 Types of Threats Root Kits Gain access to your computer and perform illegal activates Physical Threats Unauthorized Internal user Former Employee of Organization Wrong Management

6 Web Traffic Security Approaches IP Security The advantage of using IPsec is that it is transparent to end users and applications and provides a general-purpose solution. Further, IPsec includes a filtering capability so that only selected traffic need incur the overhead of IPsec processing Sub Protocol 1)IKE(Internet Key exchange) it use for key Exchange and Security parameters 2)ESP(Encapsulation security payload) It use for authentication, Encryption and integrity

7 ABDUL RAZAQ AHMAD SHAKIR 14241556-009

8 SSL (Secure Socket Layer) transport layer security service originally developed by Netscape version 3 designed with public input subsequently became Internet standard known as TLS (Transport Layer Security) uses TCP to provide a reliable end-to-end service SSL has two layers of protocols

9

10 SSL Architecture  SSL connection a transient, peer-to-peer, communications link associated with 1 SSL session  SSL session an association between client & server created by the Handshake Protocol define a set of cryptographic parameters may be shared by multiple SSL connections

11 MUHAMMAD ADNAN 14241556-043

12 12 SSL Architecture

13 Change Cipher Spec Protocol Notify the other party to use the new cipher suite Before the finished message 13

14 14 SSL Architecture

15 Alert Layer Explain severity of the message and a description Fatal Immediate termination Other connections in session may continue Session ID invalidated to prevent failed session to open new sessions Alerts are compressed same as other data 15

16 SSL Architecture 16

17 Record Layer Compression and decompression A MAC is applied to each record using the MAC algorithm defined in the current cipher spec Encryption occurs after compression May need fragmentation 17

18 SSL Architecture 18

19 SSL Handshake Protocol Allows server & client to: authenticate each other to negotiate encryption & MAC algorithms and keys Comprises a series of messages exchanged in phases: 1.Establish Security Capabilities (to agree on encryption, MAC, and key-exchange algorithms) 2.Server Authentication and Key Exchange 3.Client Authentication and Key Exchange 4.Finish

20 SSL Handshake 20 Client hello Server hello Present Server Certificate *Request Client Certificate Server Key Exchange Client Finish *Present Client Certificate Client Key Exchange *Certificate Verify Change Cipher Spec Server Finish Change Cipher Spec Client Application Data

21 How SSL Works: the Handshake in Detail 21

22 How SSL Works: the Handshake in Detail 1.Client hello - The client sends the server information including the highest version of SSL it supports and a list of the cipher suites it supports. 2.Server hello - The server chooses the highest version of SSL and the best cipher suite that both the client and server support and sends this information to the client. 3.Certificate - If server authentication is required then the server sends the client a certificate or a certificate chain. 4.Certificate request - If the server needs to authenticate the client, it sends the client a certificate request. 22

23 How SSL Works: the Handshake in Detail 1.Server key exchange - The server sends the client a server key exchange message when the public key information sent in 3) above is not sufficient for key exchange. 2.Server hello done - The server tells the client it is finished with its initial negotiation messages. Certificate - If the server requests a certificate from the client in Message 4, the client sends its certificate chain, like the server did in Message 3. 7.Client key exchange - The client generates information used to create a key to use for symmetric encryption. For RSA, the client then encrypts this key information with the server's public key and sends it to the server. 8.Certificate verify – If the server is authenticating the client, the client sends a random number that it digitally signs. When the server decrypts number with the client's public key, the server authenticates the client. 23

24 How SSL Works: the Handshake in Detail 7.Change cipher spec - The client tells the server to change to encrypted mode. 8.Finished - The client sends the server a hash of the handshake messages. 9.Change cipher spec - The server tells the client to change to encrypted mode. 10.Finished - The server sends the client a hash of the handshake messages. Encrypted data - The client and the server communicate using the symmetric encryption algorithm and the cryptographic hash function negotiated in Messages 1 and 2, using the secret key that the client sent to the server in Message 8.

25 How SSL Works: the Handshake Shortcut If the parameters generated during an SSL handshake are saved, these parameters can be re-used for future SSL connections. 25

26

Download ppt "Network security Presentation AFZAAL AHMAD ABDUL RAZAQ AHMAD SHAKIR MUHAMMD ADNAN WEB SECURITY, THREADS & SSL."

Similar presentations

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.5 Transport Layer Security.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.5 Transport Layer Security.
Cryptography and Network Security Chapter 16

Cryptography and Network Security Chapter 16
Web security: SSL and TLS

Web security: SSL and TLS
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
SSL Protocol By Oana Dini. Overview Introduction to SSL SSL Architecture SSL Limitations.

SSL Protocol By Oana Dini. Overview Introduction to SSL SSL Architecture SSL Limitations.
Lecture 6: Web security: SSL

Lecture 6: Web security: SSL
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security

Cryptography and Network Security
Secure Socket Layer.

Secure Socket Layer.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Internet Security Protocols

Internet Security Protocols
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.

Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.

CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.

Similar presentations

Ads by Google