Chapter 32
       Security in the Internet:
        IPSec, SSL/TLS, PGP,
          VPN, and Firewalls

32.1   Copyright © ...
Figure 32.1 Common structure of three security protocols




32.2
32-1 IPSecurity (IPSec)

  IPSecurity (IPSec) is a collection of protocols designed
  by the Internet Engineering Task For...
Figure 32.2 TCP/IP protocol suite and IPSec




32.4
Figure 32.3 Transport mode and tunnel modes of IPSec protocol




32.5
Note

        IPSec in the transport mode does not
        protect the IP header; it only protects
          the informati...
Figure 32.4 Transport mode in action




32.7
Figure 32.5 Tunnel mode in action




32.8
Note

          IPSec in tunnel mode protects the
                  original IP header.




32.9
Figure 32.6 Authentication Header (AH) Protocol in transport mode




32.10
Note

        The AH Protocol provides source
        authentication and data integrity,
                 but not privacy....
Figure 32.7 Encapsulating Security Payload (ESP) Protocol in transport mode




32.12
Note

        ESP provides source authentication,
            data integrity, and privacy.




32.13
Table 32.1 IPSec services




32.14
Figure 32.8 Simple inbound and outbound security associations




32.15
Note

           IKE creates SAs for IPSec.




32.16
Figure 32.9 IKE components




32.17
Table 32.2 Addresses for private networks




32.18
Figure 32.10 Private network




32.19
Figure 32.11 Hybrid network




32.20
Figure 32.12 Virtual private network




32.21
Figure 32.13 Addressing in a VPN




32.22
32-2 SSL/TLS

  Two protocols are dominant today for providing
  security at the transport layer: the Secure Sockets
  Lay...
Figure 32.14 Location of SSL and TLS in the Internet model




32.24
Table 32.3 SSL cipher suite list




32.25
Table 32.3 SSL cipher suite list (continued)




32.26
Note

        The client and the server have six
         different cryptography secrets.




32.27
Figure 32.15 Creation of cryptographic secrets in SSL




32.28
Figure 32.16 Four SSL protocols




32.29
Figure 32.17 Handshake Protocol




32.30
Figure 32.18 Processing done by the Record Protocol




32.31
32-3 PGP

  One of the protocols to provide security at the
  application layer is Pretty Good Privacy (PGP). PGP is
  des...
Figure 32.19 Position of PGP in the TCP/IP protocol suite




32.33
Note

       In PGP, the sender of the message
     needs to include the identifiers of the
    algorithms used in the mes...
Figure 32.20 A scenario in which an e-mail message is
                 authenticated and encrypted




32.35
Table 32.4 PGP Algorithms




32.36
Figure 32.21 Rings




32.37
Note

    In PGP, there can be multiple paths from
      fully or partially trusted authorities to
                    any...
32-4 FIREWALLS

  All previous security measures cannot prevent Eve
  from sending a harmful message to a system. To
  con...
Figure 32.22 Firewall




32.40
Figure 32.23 Packet-filter firewall




32.41
Note

        A packet-filter firewall filters at the
           network or transport layer.




32.42
Figure 32.24 Proxy firewall




32.43
Note

           A proxy firewall filters at the
                application layer.




32.44
Upcoming SlideShare
Loading in...5
×

Ch32

438

Published on

Published in: Education, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
438
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
19
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Ch32

  1. 1. Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls 32.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
  2. 2. Figure 32.1 Common structure of three security protocols 32.2
  3. 3. 32-1 IPSecurity (IPSec) IPSecurity (IPSec) is a collection of protocols designed by the Internet Engineering Task Force (IETF) to provide security for a packet at the network level. Topics discussed in this section: Two Modes Two Security Protocols Security Association Internet Key Exchange (IKE) Virtual Private Network 32.3
  4. 4. Figure 32.2 TCP/IP protocol suite and IPSec 32.4
  5. 5. Figure 32.3 Transport mode and tunnel modes of IPSec protocol 32.5
  6. 6. Note IPSec in the transport mode does not protect the IP header; it only protects the information coming from the transport layer. 32.6
  7. 7. Figure 32.4 Transport mode in action 32.7
  8. 8. Figure 32.5 Tunnel mode in action 32.8
  9. 9. Note IPSec in tunnel mode protects the original IP header. 32.9
  10. 10. Figure 32.6 Authentication Header (AH) Protocol in transport mode 32.10
  11. 11. Note The AH Protocol provides source authentication and data integrity, but not privacy. 32.11
  12. 12. Figure 32.7 Encapsulating Security Payload (ESP) Protocol in transport mode 32.12
  13. 13. Note ESP provides source authentication, data integrity, and privacy. 32.13
  14. 14. Table 32.1 IPSec services 32.14
  15. 15. Figure 32.8 Simple inbound and outbound security associations 32.15
  16. 16. Note IKE creates SAs for IPSec. 32.16
  17. 17. Figure 32.9 IKE components 32.17
  18. 18. Table 32.2 Addresses for private networks 32.18
  19. 19. Figure 32.10 Private network 32.19
  20. 20. Figure 32.11 Hybrid network 32.20
  21. 21. Figure 32.12 Virtual private network 32.21
  22. 22. Figure 32.13 Addressing in a VPN 32.22
  23. 23. 32-2 SSL/TLS Two protocols are dominant today for providing security at the transport layer: the Secure Sockets Layer (SSL) Protocol and the Transport Layer Security (TLS) Protocol. The latter is actually an IETF version of the former. Topics discussed in this section: SSL Services Security Parameters Sessions and Connections Four Protocols Transport Layer Security 32.23
  24. 24. Figure 32.14 Location of SSL and TLS in the Internet model 32.24
  25. 25. Table 32.3 SSL cipher suite list 32.25
  26. 26. Table 32.3 SSL cipher suite list (continued) 32.26
  27. 27. Note The client and the server have six different cryptography secrets. 32.27
  28. 28. Figure 32.15 Creation of cryptographic secrets in SSL 32.28
  29. 29. Figure 32.16 Four SSL protocols 32.29
  30. 30. Figure 32.17 Handshake Protocol 32.30
  31. 31. Figure 32.18 Processing done by the Record Protocol 32.31
  32. 32. 32-3 PGP One of the protocols to provide security at the application layer is Pretty Good Privacy (PGP). PGP is designed to create authenticated and confidential e-mails. Topics discussed in this section: Security Parameters Services A Scenario PGP Algorithms Key Rings PGP Certificates 32.32
  33. 33. Figure 32.19 Position of PGP in the TCP/IP protocol suite 32.33
  34. 34. Note In PGP, the sender of the message needs to include the identifiers of the algorithms used in the message as well as the values of the keys. 32.34
  35. 35. Figure 32.20 A scenario in which an e-mail message is authenticated and encrypted 32.35
  36. 36. Table 32.4 PGP Algorithms 32.36
  37. 37. Figure 32.21 Rings 32.37
  38. 38. Note In PGP, there can be multiple paths from fully or partially trusted authorities to any subject. 32.38
  39. 39. 32-4 FIREWALLS All previous security measures cannot prevent Eve from sending a harmful message to a system. To control access to a system, we need firewalls. A firewall is a device installed between the internal network of an organization and the rest of the Internet. It is designed to forward some packets and filter (not forward) others. Topics discussed in this section: Packet-Filter Firewall Proxy Firewall 32.39
  40. 40. Figure 32.22 Firewall 32.40
  41. 41. Figure 32.23 Packet-filter firewall 32.41
  42. 42. Note A packet-filter firewall filters at the network or transport layer. 32.42
  43. 43. Figure 32.24 Proxy firewall 32.43
  44. 44. Note A proxy firewall filters at the application layer. 32.44
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×