Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. P...
Figure 32.1  Common structure of three security protocols
32-1  IPSecurity (IPSec) IPSecurity (IPSec) is a collection of protocols designed by the Internet Engineering Task Force (...
Figure 32.2  TCP/IP protocol suite and IPSec
Figure 32.3  Transport mode and tunnel modes of IPSec protocol
IPSec in the transport mode does not protect the IP header; it only protects the information coming from the transport lay...
Figure 32.4  Transport mode in action
Figure 32.5  Tunnel mode in action
IPSec in tunnel mode protects the original IP header. Note
Figure 32.6  Authentication Header (AH) Protocol in transport mode
The AH Protocol provides source authentication and data integrity,  but not privacy. Note
Figure 32.7  Encapsulating Security Payload (ESP) Protocol in transport mode
ESP provides source authentication, data integrity, and privacy. Note
Table 32.1  IPSec services
Figure 32.8  Simple inbound and outbound security associations
IKE creates SAs for IPSec. Note
Figure 32.9  IKE components
Table 32.2  Addresses for private networks
Figure 32.10  Private network
Figure 32.11  Hybrid network
Figure 32.12  Virtual private network
Figure 32.13  Addressing in a VPN
32-2  SSL/TLS Two protocols are dominant today for providing security at the transport layer: the Secure Sockets Layer (SS...
Figure 32.14  Location of SSL and TLS in the Internet model
Table 32.3  SSL cipher suite list
Table 32.3  SSL cipher suite list ( continued )
The client and the server have six different cryptography secrets. Note
Figure 32.15  Creation of cryptographic secrets in SSL
Figure 32.16  Four SSL protocols
Figure 32.17  Handshake Protocol
Figure 32.18  Processing done by the Record Protocol
32-3  PGP One of the protocols to provide security at the application layer is Pretty Good Privacy (PGP). PGP is designed ...
Figure 32.19  Position of PGP in the TCP/IP protocol suite
In PGP, the sender of the message needs to include the identifiers of the algorithms used in the message as well as the va...
Figure 32.20  A scenario in which an e-mail message is    authenticated and encrypted
Table 32.4  PGP Algorithms
Figure 32.21  Rings
In PGP, there can be multiple paths from fully or partially trusted authorities to any subject. Note
32-4  FIREWALLS All previous security measures cannot prevent Eve from sending a harmful message to a system. To control a...
Figure 32.22  Firewall
Figure 32.23  Packet-filter firewall
A packet-filter firewall filters at the network or transport layer. Note
Figure 32.24  Proxy firewall
A proxy firewall filters at the  application layer. Note
Upcoming SlideShare
Loading in...5
×

Ch32

842

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
842
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Ch32

  1. 1. Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
  2. 2. Figure 32.1 Common structure of three security protocols
  3. 3. 32-1 IPSecurity (IPSec) IPSecurity (IPSec) is a collection of protocols designed by the Internet Engineering Task Force (IETF) to provide security for a packet at the network level. Two Modes Two Security Protocols Security Association Internet Key Exchange (IKE) Virtual Private Network Topics discussed in this section:
  4. 4. Figure 32.2 TCP/IP protocol suite and IPSec
  5. 5. Figure 32.3 Transport mode and tunnel modes of IPSec protocol
  6. 6. IPSec in the transport mode does not protect the IP header; it only protects the information coming from the transport layer. Note
  7. 7. Figure 32.4 Transport mode in action
  8. 8. Figure 32.5 Tunnel mode in action
  9. 9. IPSec in tunnel mode protects the original IP header. Note
  10. 10. Figure 32.6 Authentication Header (AH) Protocol in transport mode
  11. 11. The AH Protocol provides source authentication and data integrity, but not privacy. Note
  12. 12. Figure 32.7 Encapsulating Security Payload (ESP) Protocol in transport mode
  13. 13. ESP provides source authentication, data integrity, and privacy. Note
  14. 14. Table 32.1 IPSec services
  15. 15. Figure 32.8 Simple inbound and outbound security associations
  16. 16. IKE creates SAs for IPSec. Note
  17. 17. Figure 32.9 IKE components
  18. 18. Table 32.2 Addresses for private networks
  19. 19. Figure 32.10 Private network
  20. 20. Figure 32.11 Hybrid network
  21. 21. Figure 32.12 Virtual private network
  22. 22. Figure 32.13 Addressing in a VPN
  23. 23. 32-2 SSL/TLS Two protocols are dominant today for providing security at the transport layer: the Secure Sockets Layer (SSL) Protocol and the Transport Layer Security (TLS) Protocol. The latter is actually an IETF version of the former. SSL Services Security Parameters Sessions and Connections Four Protocols Transport Layer Security Topics discussed in this section:
  24. 24. Figure 32.14 Location of SSL and TLS in the Internet model
  25. 25. Table 32.3 SSL cipher suite list
  26. 26. Table 32.3 SSL cipher suite list ( continued )
  27. 27. The client and the server have six different cryptography secrets. Note
  28. 28. Figure 32.15 Creation of cryptographic secrets in SSL
  29. 29. Figure 32.16 Four SSL protocols
  30. 30. Figure 32.17 Handshake Protocol
  31. 31. Figure 32.18 Processing done by the Record Protocol
  32. 32. 32-3 PGP One of the protocols to provide security at the application layer is Pretty Good Privacy (PGP). PGP is designed to create authenticated and confidential e-mails. Security Parameters Services A Scenario PGP Algorithms Key Rings PGP Certificates Topics discussed in this section:
  33. 33. Figure 32.19 Position of PGP in the TCP/IP protocol suite
  34. 34. In PGP, the sender of the message needs to include the identifiers of the algorithms used in the message as well as the values of the keys. Note
  35. 35. Figure 32.20 A scenario in which an e-mail message is authenticated and encrypted
  36. 36. Table 32.4 PGP Algorithms
  37. 37. Figure 32.21 Rings
  38. 38. In PGP, there can be multiple paths from fully or partially trusted authorities to any subject. Note
  39. 39. 32-4 FIREWALLS All previous security measures cannot prevent Eve from sending a harmful message to a system. To control access to a system, we need firewalls. A firewall is a device installed between the internal network of an organization and the rest of the Internet. It is designed to forward some packets and filter (not forward) others. Packet-Filter Firewall Proxy Firewall Topics discussed in this section:
  40. 40. Figure 32.22 Firewall
  41. 41. Figure 32.23 Packet-filter firewall
  42. 42. A packet-filter firewall filters at the network or transport layer. Note
  43. 43. Figure 32.24 Proxy firewall
  44. 44. A proxy firewall filters at the application layer. Note

×