The RSA problem -> taking eth roots module a composite n: m^e=c mod n where (e,n) is the public key, and c is the ciphertext.
Factoring Large numbers -> As of 2005 the largest number factored b general-purpose methods was 663 bits long, using state-of-the-art distributed methods. No polunomail-time method is known so far!
Symmetric-Key signatures - > requires central authority that knows everything and whom everyone trusts
Public-Key signatures -> eliminates the requirement of aa central authority
One-way hash function
Simpler than signature
Given P, it is easy to compute MD(P)
Given MD(P), it is effectively impossible to find P
Given P no one can find P’ such that MD(P’)=MD(P)
A change to the input of even 1 bit produces a very different output
MD5 and SHA-1
“ IPsec (IP security) is a standard for securing Internet Protocol (IP) communications by encrypting and/or authenticating all IP packets. IPsec provides security at the network layer.” - Wikipedia 
Tunnel mode: port-to-port communications security
Transparent mode: end-to-end security
Dominant use in VPNs
Mandatory part in IPv6
Description by Andy Tanenbaum: “Firewalls are just a modern adaptation of that old medieval security standby: digging a deep moat around your castle. This design forced everyone entering or leaving the castle to passover a single drawbridge, where they could be inspected by the I/O police.” 
Network layer firewalls do not allow packets to pass through unless they match the rules. These rules are defined by the administrator, or build-in ones are used
Application layer firewalls may stop all packets coming from or to an application (browser, ftp, mail)
Proxies may act as firewall
NAT -> Network Address Translation -> multiple hosts behind a single IP
VPN - Virtual Private Network
A overlay network on top of a public network with the properties of a private network.
Based on virtual circuits
Used to connect remote sites of a company
Secure VPN protocols include:
SSL (OpenVPN, tun/tap)
WEP (Wired Equivalent Privacy) - Stream cipher based on the RC4 algorithm
64bit WEP uses 40 bit key plus 24bit initialization vector forming RC4 traffic key.
After US Gov. restrictions were lifted, 128bit web with 104bit key size was introduced
Average break time 3 min
WPA and WPA2 (Wi-Fi Protected Access)
128-bit key and 48-bit IV plus Temporal Key Integrity Protocol
Personal -> pre-shared key
Enterprise -> 802.11X authentication
Requires strong password for Personal
Authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner
Builds on symmetric-key cryptography and requires trusted third party
Uses: OpenSSH, NFS, PAM, SOKS, Apache, Devicot IMAP3 and POP3 server and others
Client and three servers(Authentication server, ticket-granting server and required service server)
client sends name to AS
AS sends session key and ticket to client encrypted with client’s secret key(ask for pwd and rm from system)
Client decrypts session and ticket and sends to TGS, encrypted with TGS’ secret key asking for ticket with SS
TGS returns two versions of the session key for client and SS, one encrypted with Client’s secret key and the other encrypted with SS’ secret key.
Now Client and SS can talk
If Client wants to talk to another SS, he sends a new ticket request directly to TGS
PGP - Pretty Good Privacy
PGP provides cryptographic privacy, compression and authentication
Uses both public-key and symmetric-key cryptography
PGP generates MD5 of the message and encrypts the result with sender’s private RSA key
Encrypted hash and message are concatenated and compressed.
An IDEA message key is generated and used to encrypt the compressed with IDEA in cipher feedback mode
Also the key is encrypted with the recipient's public key.
Both are concatenated and converted to base64 and sent.
The recipient reverses base64, decrypts the IDEA with his private key, deripts the archive, extracts, and decrypts the hash using senders public key, than generates a new hash and compares both.
PGP - Pretty Good Privacy
Supported RSA lengths:
1. Casual(384 bits): can be broken easily today.
2. Commercial(512 bits): breakable by three-letter organizations
3. Military ( 1024 bits): Not breakable by anyone on earth
4. Alien (2048 bits): Not breakable by anyone on other planets, either
SSL exchanges records; each record can be optionally compressed, encrypted and packed with message authentication code. It also contains content_type field that specifies which upper layer protocol is being used.
Peer negotiation for algorithm support
Public key encryption-based key exchange and certificate-based authentication