Network Security Applications

18,677 views
18,219 views

Published on

A quick presentation with a brief introduction, an example of an authentication application, Kerberos, and a web security standard, SSL/TLS.

Published in: Technology, Education
4 Comments
9 Likes
Statistics
Notes
  • Network Security Through Data Analysis: Building Situational Awareness --- http://amzn.to/1RXWuxY
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • The Network Security Test Lab: A Step-by-Step Guide --- http://amzn.to/1XEVkvp
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Network Security For Dummies --- http://amzn.to/1MvtdZO
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • how can I download the slides, as the links are disabled
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total views
18,677
On SlideShare
0
From Embeds
0
Number of Embeds
29
Actions
Shares
0
Downloads
149
Comments
4
Likes
9
Embeds 0
No embeds

No notes for slide

Network Security Applications

  1. 1. Network Security Applications Hatem Mahmoud hatem@expressionlab.com
  2. 2. Agenda ▪ Introduction ▪ An Authentication Application ▪ A Web Security Standard ▪ Summary ▪ References Network Security Applications 2
  3. 3. Introduction Network Security Applications 3
  4. 4. Introduction Network security applications: ▪ Authentication Applications (Kerberos) ▪ Web Security Standards (SSL/TLS) ▪ Email Security ▪ IP Security Network Security Applications 4
  5. 5. Kerberos An Authentication Application Network Security Applications 5
  6. 6. Kerberos Overview ▪ Kerberos is a trusted third-party authentication protocol designed for TCP/IP networks (developed at MIT) ▪ A Kerberos service on the network acts as a trusted arbitrator ▪ Kerberos allows clients to access different entities (clients/servers) on the network Network Security Applications 6
  7. 7. Kerberos The Kerberos Model ▪ Kerberos keeps a database of clients and their secret keys ▪ Services requiring authentication, as well as their clients, register their secret keys with Kerberos Network Security Applications 7
  8. 8. Kerberos The Kerberos Model ▪ Kerberos creates a shared session key and gives it to client and server (or two clients) to encrypt messages ▪ Kerberos uses DES for encryption ▪ Kerberos Version 4 provided a weak nonstandard mode for authentication ▪ Kerberos Version 5 uses CBC mode Network Security Applications 8
  9. 9. Kerberos How Kerberos Works 1. A client requests a ticket for a TGS (Ticket- Granting Service) from Kerberos 2. Kerberos sends the ticket to the client, encrypted in client’s secret key 3. To use a particular service, client requests a ticket from TGS 4. TGS issues and send a ticket to the client, encrypted with server's secret key Network Security Applications 9
  10. 10. Kerberos How Kerberos Works - The ticket is used by server to ensure that it is the same client to whom the ticket was issued - Client can use the ticket multiple times to access the server until the ticket expires 5. Client presents ticket to server with an authenticator (the authenticator contains client’s name and a timestamp, encrypted with the shared session key) Network Security Applications 10
  11. 11. Kerberos How Kerberos Works - Unlike a ticket, an authenticator can only be used once - The client can generate authenticators as needed using the shared secret key 6. If client credentials (ticket + authenticator) are correct, server provides access to service Network Security Applications 11
  12. 12. Kerberos How Kerberos Works Kerberos TGS 2 3 1 4 Client Server 5 Network Security Applications 12
  13. 13. Kerberos Security of Kerberos  It may be possible to cache and replay old authenticators. Although timestamps are supposed to prevent this, replays can be done during the lifetime of the ticket  Authenticators assume all clocks in the network are synchronized. If a host is fooled about the correct time, an old authenticator can be replayed Network Security Applications 13
  14. 14. Kerberos Security of Kerberos  Password-guessing attacks: an intruder can collect tickets and then try to decrypt them. The average user doesn’t usually choose good passwords  Malicious software: Kerberos rely on that its software is trustworthy. It is possible to replace all client Kerberos software with a version that records passwords Network Security Applications 14
  15. 15. Kerberos Security of Kerberos  New enhancements to Kerberos include an implementation of public-key cryptography and a smart-card interface for key management Network Security Applications 15
  16. 16. SSL/TLS A Web Security Standard Network Security Applications 16
  17. 17. SSL/TLS Overview Web security threats: ▪ Location ● Server or client (System Security) ● Network traffic (Web Security) ▪ Type ● Passive attacks ● Active attacks Network Security Applications 17
  18. 18. SSL/TLS Overview ▪ Passive attacks include accessing network traffic between browser and server, accessing restricted information on a website, etc. ▪ Active attacks includes impersonating another user, altering messages in traffic, altering information on a website, etc. Network Security Applications 18
  19. 19. SSL/TLS Overview ▪ Netscape originated the SSL (Secure Socket Layer) protocol to provide a reliable secure service on TCP ▪ TLS (Transport Layer Service) is the Internet standard version of SSL ▪ TLS is very similar to SSLv3 Network Security Applications 19
  20. 20. SSL/TLS Connections and Sessions ▪ A connection is a transport that provides a suitable type of service ▪ An session is an association between a client and a server ▪ Sessions define a set security parameters which can be shared among multiple connections Network Security Applications 20
  21. 21. SSL/TLS Connections and Sessions ▪ A number of states are associated with each session ▪ During the handshake, pending read and write states are created ▪ Upon successful conclusion of the handshake, the pending states become the current states Network Security Applications 21
  22. 22. SSL/TLS SSL Architecture ▪ Layer1 (provides basic security services to higher-layer protocols such as HTTP): ● Record Protocol ▪ Layer 2 (manages SSL exchanges): ● Handshake Protocol ● Change Cipher Spec Protocol ● Alert Protocol Network Security Applications 22
  23. 23. SSL/TLS SSL Architecture Network Security Applications 23
  24. 24. SSL/TLS 1. Record Protocol Provides: ▪ Confidentiality: a shared secret key is used for encryption ▪ Message Integrity: a shared secret key is used to form a MAC (message authentication code) Network Security Applications 24
  25. 25. SSL/TLS 1. Record Protocol 1)Fragments data into blocks 2)Compresses the data (optional) 3)Applies a MAC 4)Encrypts using a symmetric encryption such as AES and RC4 5)Adds a header (length, SSL version, etc.) 6)Transmits in a TCP segment Network Security Applications 25
  26. 26. SSL/TLS 1. Record Protocol Received data are: 1)Decrypted 2)Verified 3)Decompressed 4)Reassembled 5)Delivered to higher levels Network Security Applications 26
  27. 27. SSL/TLS 1. Record Protocol Network Security Applications 27
  28. 28. SSL/TLS 2. Handshake Protocol  Used before any data is transmitted  Allows the server and client to authenticate each other through a series of messages. Each message has:  Type: one of 10 types  Length: length in bytes  Content: session id, version, hash, etc. Network Security Applications 28
  29. 29. SSL/TLS 2. Handshake Protocol Network Security Applications 29
  30. 30. SSL/TLS 2. Handshake Protocol Network Security Applications 30
  31. 31. SSL/TLS 3. Change Cipher Spec  Consists of a single message which consists of a single byte with the value 1  Copies the pending state into the current state, which updates the cipher suite to be used on this connection Network Security Applications 31
  32. 32. SSL/TLS 4. Alert Protocol  Conveys SSL-related alert messages  Each message consists of two bytes: ● Severity – Warning (1): certificate_expired, etc. – Fatal (2) - terminates the connection: handshake_failure, bad_record_mac, etc. ● Code Network Security Applications 32
  33. 33. SSL/TLS SSL Protocols Network Security Applications 33
  34. 34. SSL/TLS TLS vs SSLv3 Differences include:  Version number: 3.x vs 3  MAC algorithm  Pseudorandom function for key generation and validation  Alert Codes Network Security Applications 34
  35. 35. Summary Network Security Applications 35
  36. 36. Summary ▪ Kerberos is a trusted third-party authentication protocol that enables clients and servers to establish authenticated communication ▪ SSL provides security services between TCP and applications that use TCP ▪ TLS is the Internet standard version Network Security Applications 36
  37. 37. Summary ▪ SSL/TLS provides confidentiality using symmetric encryption and message integrity using a MAC ▪ SSL/TLS enables two TCP users to determine the security mechanisms and services they will use Network Security Applications 37
  38. 38. References Network Security Applications 38
  39. 39. References ▪ Cryptography and Network Security Principles and Practices, 4th Edition, William Stallings ▪ Applied Cryptography, 2nd Edition, Bruce Schneier Network Security Applications 39
  40. 40. Thank You! Hatem Mahmoud hatem@expressionlab.com Network Security Applications 40

×