SlideShare a Scribd company logo

[removed]Cryptography and Network Security Principles a.docx

Download as DOCX, PDF
H
hanneloremccaffery

[removed] Cryptography and Network Security: Principles and Practice Eighth Edition Chapter 20 IP Security Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Copyright © 2020 Pearson Education, Inc. All Rights Reserved. IP Security Overview • RFC 1636 – “Security in the Internet Architecture” – Issued in 1994 by the Internet Architecture Board (I A B) – Identifies key areas for security mechanisms ▪ Need to secure the network infrastructure from unauthorized monitoring and control of network traffic ▪ Need to secure end-user-to-end-user traffic using authentication and encryption mechanisms – I A B included authentication and encryption as necessary security features in the next generation I P (I P v 6) ▪ The IPsec specification now exists as a set of Internet standards Copyright © 2020 Pearson Education, Inc. All Rights Reserved. IPsec Documents (1 of 2) • IPsec Documents – Architecture ▪ Covers the general concepts, security requirements, definitions, and mechanisms defining IPsec technology ▪ The current specification is RFC4301, Security Architecture for the Internet Protocol – Authentication Header (AH) ▪ An extension header to provide message authentication ▪ The current specification is RFC 4302, IP Authentication Header – Encapsulating Security Payload (ESP) ▪ Consists of an encapsulating header and trailer used to provide encryption or combined encryption/authentication ▪ The current specification is RFC 4303, IP Encapsulating Security Payload (ESP) Copyright © 2020 Pearson Education, Inc. All Rights Reserved. IPsec Documents (2 of 2) – Internet Key Exchange (IKE) ▪ A collection of documents describing the key management schemes for use with IPsec ▪ The main specification is RFC 7296, Internet Key Exchange (IKEv2) Protocol, but there are a number of related RFCs – Cryptographic algorithms ▪ This category encompasses a large set of documents that define and describe cryptographic algorithms for encryption, message authentication, pseudorandom functions (PRFs), and cryptographic key exchange – Other ▪ There are a variety of other IPsec-related RFCs, including those dealing with security policy and management information base (MIB) content Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Applications of IPsec • IPsec provides the capability to secure communications across a L A N, private and public W A N s, and the Internet • Examples include: – Secure branch office connectivity over the Internet – Secure remote access over the Internet – Establishing extranet and intranet connectivity with partners – Enhancing electronic commerce security • Principal feature of I Psec is that it can encrypt and/or authenticate all traffic at the I P level – Thus all distributed applications (remote logon, client/server, e-mail, file transfer, Web access) can be secured Copyright © 2020 Pearson Education, Inc. All Rights Reserved. .

Education
1 of 36
[removed] Cryptography and Network Security: Principles and Practice Eighth Edition Chapter 20 IP Security Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Copyright © 2020 Pearson Education, Inc. All Rights Reserved. IP Security Overview • RFC 1636 – “Security in the Internet Architecture” – Issued in 1994 by the Internet Architecture Board (I A B) – Identifies key areas for security mechanisms ▪ Need to secure the network infrastructure from unauthorized monitoring and control of network traffic ▪ Need to secure end-user-to-end-user traffic using
authentication and encryption mechanisms – I A B included authentication and encryption as necessary security features in the next generation I P (I P v 6) ▪ The IPsec specification now exists as a set of Internet standards Copyright © 2020 Pearson Education, Inc. All Rights Reserved. IPsec Documents (1 of 2) • IPsec Documents – Architecture ▪ Covers the general concepts, security requirements, definitions, and mechanisms defining IPsec technology ▪ The current specification is RFC4301, Security Architecture for the Internet Protocol – Authentication Header (AH) ▪ An extension header to provide message authentication ▪ The current specification is RFC 4302, IP Authentication Header
– Encapsulating Security Payload (ESP) ▪ Consists of an encapsulating header and trailer used to provide encryption or combined encryption/authentication ▪ The current specification is RFC 4303, IP Encapsulating Security Payload (ESP) Copyright © 2020 Pearson Education, Inc. All Rights Reserved. IPsec Documents (2 of 2) – Internet Key Exchange (IKE) ▪ A collection of documents describing the key management schemes for use with IPsec ▪ The main specification is RFC 7296, Internet Key Exchange (IKEv2) Protocol, but there are a number of related RFCs – Cryptographic algorithms ▪ This category encompasses a large set of documents that define and describe cryptographic algorithms for encryption, message authentication, pseudorandom functions (PRFs), and cryptographic key exchange
– Other ▪ There are a variety of other IPsec-related RFCs, including those dealing with security policy and management information base (MIB) content Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Applications of IPsec • IPsec provides the capability to secure communications across a L A N, private and public W A N s, and the Internet • Examples include: – Secure branch office connectivity over the Internet – Secure remote access over the Internet – Establishing extranet and intranet connectivity with partners – Enhancing electronic commerce security • Principal feature of I Psec is that it can encrypt and/or authenticate all traffic at the I P level – Thus all distributed applications (remote logon, client/server, e-mail, file transfer, Web access) can be secured
Copyright © 2020 Pearson Education, Inc. All Rights Reserved. I Psec Services • IPsec provides security services at the IP layer by enabling a system to: – Select required security protocols – Determine the algorithm(s) to use for the service(s) – Put in place any cryptographic keys required to provide the requested services • RFC 4301 lists the following services: – Access control – Connectionless integrity – Data origin authentication – Rejection of replayed packets (a form of partial sequence integrity) – Confidentiality (encryption) – Limited traffic flow confidentiality
Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Figure 20.1 IPsec Architecture Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Security Association (S A) • A one-way logical connection between a sender and a receiver that affords security services to the traffic carried on it • In any I P packet, the S A is uniquely identified by the Destination Address in the I P v 4 or I P v 6 header and the S P I in the enclosed extension header (A H or E S P) Uniquely identified by three parameters: • Security Parameters Index (SPI) – A 32-bit unsigned integer assigned to this SA and having local significance only • IP Destination Address – Address of the destination endpoint of the SA, which may be an end-user system or a network system such as a firewall or router • Security protocol identifier
– Indicates whether the association is an AH or ESP security association Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Security Association Database (S A D) • Defines the parameters associated with each S A • Normally defined by the following parameters in a S A D entry: – Security parameter index – Sequence number counter – Sequence counter overflow – Anti-replay window – A H information – E S P information – Lifetime of this security association – I Psec protocol mode – Path M T U Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Security Policy Database (S P D)
• The means by which I P traffic is related to specific S A s – Contains entries, each of which defines a subset of I P traffic and points to an S A for that traffic • In more complex environments, there may be multiple entries that potentially relate to a single S A or multiple SAs associated with a single S P D entry – Each S P D entry is defined by a set of I P and upper- layer protocol field values called selectors – These are used to filter outgoing traffic in order to map it into a particular S A Copyright © 2020 Pearson Education, Inc. All Rights Reserved. SPD Entries (1 of 2) • The following selectors determine an SPD entry: • Remote IP address – This may be a single IP address, an enumerated list or range of addresses, or a wildcard (mask) address – The latter two are required to support more than one
destination system sharing the same SA • Local IP address – This may be a single IP address, an enumerated list or range of addresses, or a wildcard (mask) address – The latter two are required to support more than one source system sharing the same SA Copyright © 2020 Pearson Education, Inc. All Rights Reserved. SPD Entries (2 of 2) • Next layer protocol – The IP protocol header includes a field that designates the protocol operating over IP • Name – A user identifier from the operating system – Not a field in the IP or upper-layer headers but is available if IPsec is running on the same operating system as the user • Local and remote ports
– These may be individual TCP or UDP port values, an enumerated list of ports, or a wildcard port Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Table 20.1 Host S P D Example Protocol Local IP Port Remote IP Port Action Comment UDP 1.2.3.101 500 * 500 BYPASS IKE ICMP 1.2.3.101 * * * BYPASS Error messages * 1.2.3.101 * 1.2.3.0/24 * PROTECT: ESP intransport-mode Encrypt intranet traffic TCP 1.2.3.101 * 1.2.4.10 80 PROTECT: ESP intransport-mode Encrypt to server
TCP 1.2.3.101 * 1.2.4.10 443 BYPASS TLS: avoid double encryption * 1.2.3.101 * 1.2.4.0/24 * DISCARD Others in DMZ * 1.2.3.101 * * * BYPASS Internet Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Figure 20.2 Processing Model for Outbound Packets Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Figure 20.3 Processing Model for Inbound Packets Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Figure 20.4 E S P Packet Format
Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Encapsulating Security Payload (E S P) (1 of 2) • Used to encrypt the Payload Data, Padding, Pad Length, and Next Header fields – If the algorithm requires cryptographic synchronization data then these data may be carried explicitly at the beginning of the Payload Data field • An optional I C V field is present only if the integrity service is selected and is provided by either a separate integrity algorithm or a combined mode algorithm that uses an I C V – I C V is computed after the encryption is performed – This order of processing facilitates reducing the impact of DoS attacks – Because the I C V is not protected by encryption, a keyed integrity algorithm must be employed to compute the I C V Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Encapsulating Security Payload (E S P) (2 of 2) • The Padding field serves several purposes: – If an encryption algorithm requires the plaintext to be a multiple of some number of bytes, the Padding field is used to expand the plaintext to the required length – Used to assure alignment of Pad Length and Next Header fields – Additional padding may be added to provide partial traffic-flow confidentiality by concealing the actual length of the payload Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Figure 20.5 Anti-replay Mechanism Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Figure 20.6 Scope of ESP Encryption and Authentication
Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Figure 20.7 End-to-end IPsec Transport-Mode Encryption Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Transport Mode (1 of 2) • Transport mode operation may be summarized as follows: – At the source, the block of data consisting of the E S P trailer plus the entire transport-layer segment is encrypted and the plaintext of this block is replaced with its ciphertext to form the I P packet for transmission. Authentication is added if this option is selected – The packet is then routed to the destination. Each intermediate router needs to examine and process the I P header plus any plaintext I P extension headers but does not need to examine the ciphertext – The destination node examines and processes the I P header plus any plaintext I P extension headers. Then, on the basis of the S P I in the E S P header, the destination node decrypts the remainder of the packet to recover the plaintext transport-layer segment Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Transport Mode (2 of 2)
• Transport mode operation provides confidentiality for any application that uses it, thus avoiding the need to implement confidentiality in every individual application • One drawback to this mode is that it is possible to do traffic analysis on the transmitted packets Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Tunnel Mode (1 of 3) • Tunnel mode provides protection to the I P packet – To achieve this, after the A H or E S P fields are added to the I P packet, the entire packet plus security fields is treated as the payload of new outer I P packet with a new outer I P header – The entire original, inner, packet travels through a tunnel from one point of an I P network to another; no routers along the way are able to examine the inner I P header – Because the original packet is encapsulated, the new,
larger packet may have totally different source and destination addresses, adding to the security Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Tunnel Mode (2 of 3) – Tunnel mode is used when one or both ends of a security association (S A) are a security gateway, such as a firewall or router that implements I Psec – With tunnel mode, a number of hosts on networks behind firewalls may engage in secure communications without implementing IPsec – The unprotected packets generated by such hosts are tunneled through external networks by tunnel mode S As set up by the IPsec software in the firewall or secure router at the boundary of the local network Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Tunnel Mode (3 of 3)
• Tunnel mode is useful in a configuration that includes a firewall or other sort of security gateway that protects a trusted network from external networks • Encryption occurs only between an external host and the security gateway or between two security gateways – This relieves hosts on the internal network of the processing burden of encryption and simplifies the key distribution task by reducing the number of needed keys – It thwarts traffic analysis based on ultimate destination Copyright © 2020 Pearson Education, Inc. All Rights Reserved. V P N • Tunnel mode can be used to implement a secure virtual private network – A virtual private network (V P N) is a private network that is configured within a public network in order to take advantage of the economies of scale and management facilities of large networks
▪ V P N s are widely used by enterprises to create wide area networks that span large geographic areas, to provide site-to- site connections to branch offices, and to allow mobile users to dial up their company L A N s ▪ The pubic network facility is shared by many customers, with the traffic of each customer segregated from other traffic ▪ Traffic designated as V P N traffic can only go from a V P N source to a destination in the same V P N ▪ It is often the case that encryption and authentication facilities are provided for the V P N Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Figure 20.8 Example of Virtual Private Network Implemented with IPsec Tunnel Mode Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Table 20.2 Tunnel Mode and
Transport Mode Functionality Blank Transport Mode S A Tunnel Mode S A A H Authenticates I P payload and selected portions of I P header and IPv6 extension headers. Authenticates entire inner I P packet (inner header plus I P payload) plus selected portions of outer I P header and outer I P v 6 extension headers. E S P Encrypts I P payload and any IPv6 extension headers following the ESP header. Encrypts entire inner I P packet. E S P with
Authentication Encrypts I P payload and any IPv6 extension headers following the E S P header. Authenticates I P payload but not I P header. Encrypts entire inner I P packet. Authenticates inner I P packet. Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Figure 20.9 Protocol Operation for E S P Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Combining Security Associations • An individual SA can implement either the AH or ESP protocol but not both • Security association bundle – Refers to a sequence of SAs through which traffic must be processed to
provide a desired set of IPsec services – The SAs in a bundle may terminate at different endpoints or at the same endpoint • May be combined into bundles in two ways: • Transport adjacency – Refers to applying more than one security protocol to the same IP packet without invoking tunneling – This approach allows for only one level of combination • Iterated tunneling – Refers to the application of multiple layers of security protocols effected through IP tunneling – This approach allows for multiple levels of nesting Copyright © 2020 Pearson Education, Inc. All Rights Reserved. E S P with Authentication Option • In this approach, the first user applies E S P to the data to be protected and then appends the authentication data field
• Transport mode E S P – Authentication and encryption apply to the I P payload delivered to the host, but the I P header is not protected • Tunnel mode E S P – Authentication applies to the entire I P packet delivered to the outer I P destination address and authentication is performed at that destination – The entire inner I P packet is protected by the privacy mechanism for delivery to the inner I P destination • For both cases authentication applies to the ciphertext rather than the plaintext Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Transport Adjacency • Another way to apply authentication after encryption is to use two bundled transport S A s, with the inner being an E S P S A and the outer being an A H S A
– In this case E S P is used without its authentication option – Encryption is applied to the I P payload – A H is then applied in transport mode – Advantage of this approach is that the authentication covers more fields – Disadvantage is the overhead of two S A s versus one S A Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Transport-Tunnel Bundle • The use of authentication prior to encryption might be preferable for several reasons: – It is impossible for anyone to intercept the message and alter the authentication data without detection – It may be desirable to store the authentication information with the message at the destination for later reference • One approach is to use a bundle consisting of an inner A H transport S A and an outer E S P tunnel S A – Authentication is applied to the I P payload plus the I P
header – The resulting I P packet is then processed in tunnel mode by E S P ▪ The result is that the entire authenticated inner packet is encrypted and a new outer I P header is added Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Figure 20.10 Basic Combinations of Security Associations Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Internet Key Exchange • The key management portion of I Psec involves the determination and distribution of secret keys – A typical requirement is four keys for communication between two applications ▪ Transmit and receive pairs for both integrity and confidentiality
• The I Psec Architecture document mandates support for two types of key management: • Manual – A system administrator manually configures each system with its own keys and with the keys of other communicating systems – This is practical for small, relatively static environments • Automated – Enables the on-demand creation of keys for S A s and facilitates the use of keys in a large distributed system with an evolving configuration Copyright © 2020 Pearson Education, Inc. All Rights Reserved. I S A K M P/Oakley • The default automated key management protocol of IPsec • Consists of: – Oakley Key Determination Protocol ▪ A key exchange protocol based on the Diffie-Hellman algorithm but providing added security ▪ Generic in that it does not dictate specific formats
– Internet Security Association and Key Management Protocol (I S A K M P) ▪ Provides a framework for Internet key management and provides the specific protocol support, including formats, for negotiation of security attributes ▪ Consists of a set of message types that enable the use of a variety of key exchange algorithms Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Features of I K E Key Determination • Algorithm is characterized by five important features: 1. – It employs a mechanism known as cookies to thwart clogging attacks 2. – It enables the two parties to negotiate a group; this, in essence, specifies the global parameters of the Diffie-Hellman key
exchange 3. – It uses nonces to ensure against replay attacks 4. – It enables the exchange of Diffie-Hellman public key values 5. – It authenticates the Diffie-Hellman exchange to thwart man- in-the- middle-attacks Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Figure 20.11 IKEv2 Exchanges Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Figure 20.12 I K E Formats Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Table 20.3 IKE Payload Types Type Parameters
Security Association Proposals Key Exchange DH Group #, Key Exchange Data Identification ID Type, ID Data Certificate Cert Encoding, Certificate Data Certificate Request Cert Encoding, Certification Authority Authentication Auth Method, Authentication Data Nonce Nonce Data Notify Protocol-ID, SPI Size, Notify Message Type, SPI, Notification Data Delete Protocol-ID, SPI Size, # of SPIs, SPI (one or more) Vendor ID Vendor ID Traffic Selector Number of TSs, Traffic Selectors Encrypted IV, Encrypted IKE payloads, Padding, Pad Length, ICV Configuration CFG Type, Configuration Attributes Extensible Authentication Protocol EAP Message
Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Summary • Present an overview of I P security (I Psec) • Explain the difference between transport mode and tunnel mode • Understand the concept of security association • Explain the difference between the security association database and the security policy database • Present an overview of Encapsulating Security Payload • Summarize the traffic processing functions performed by I Psec for out- bound packets and for inbound packets • Discuss the alternatives for combining security associations • Present an overview of Internet Key Exchange • Summarize the alternative cryptographic suites approved for use with IPsec Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
Copyright This work is protected by United States copyright laws and is provided solely for the use of instructors in teaching their courses and assessing student learning. Dissemination or sale of any part of this work (including on the World Wide Web) will destroy the integrity of the work and is not permitted. The work and materials from it should never be made available to students except by instructors using the accompanying text in their classes. All recipients of this work are expected to abide by these restrictions and to honor the intended pedagogical purposes and the needs of other instructors who rely on these materials. 1 4
Zachary Higgs Southern New Hampshire University ACC-411-R1480 Auditing Principles October 02, 2022 Any organization or business needs to develop an audit program comprising thorough procedures for internal control of cash, including cash balances and receipts. An auditor must perform all the necessary procedures of internal controls in order to identify any shortcomings that might negatively affect RNS’ profits. Substantive data tests to detect lapping and analytical procedures must also be carried out to determine if the cash balances are correct (Allami & Jabbar, 2022). The audit program that could be used to assess RNS' internal controls for cash will mainly focus on key elements like directional risk for cash, primary cash assertions, main cash risks, and substantive cash procedures. This audit program may also focus on common cash work papers, risk of material misstatement for cash and common cash control deficiencies. During the auditing process, certain main relevant cash assertions must be looked at. They consist of accuracy, rights, completeness, existence and cut-off. Among the primary cash assertions, accuracy, existence and cut- off are considered the most important. This usually shows that there is an accurate cash balance and that only transactions in that period are incorporated. Directional risk for cash entails the probable bias that a customer has about an account balance. A customer may desire to have an overstatement of assets and an understatement of liabilities because they all make the balance sheet look
healthier. While performing the audit procedures, it is important to carry out activities like testing bank reconciliation to make sure cash is not overstated. There are various primary risks for cash which must be looked at in the audit program. These primary risks include cash being stolen, being overstated intentionally to cover up robbery and lack of cash accounts on the general ledger. Other risks for cash include misstatement of cash because of improper cut-off or mistakes in the bank reconciliation. It is also important to look at various cash control deficiencies because they are common in most organizations or businesses. These control deficiencies include a lack of timely bank reconciliations and the individuals performing the bank reconciliation not having adequate knowledge and skills to perform their duty (Hall, 2021). Control risk can be evaluated at a high level on every assertion because if it is evaluated at less than high, the control should be tested to support the lower risk evaluation. Evaluating risks at high is generally more effective compared to testing controls, and the inherent risk turns into the driver of the risk of material misstatement. Some of the standard audit tests that can be used include confirmation of cash balances, inspecting final deposits and disbursements and checking whether all bank accounts are listed in the general ledger. References Allami, F. A. J., & Jabbar, L. D. A. K. (2022). A Proposed
Audit Program to Integrate Modern and Traditional Auditing Methods. Periodica Journal of Modern Philosophy, Social Sciences and Humanities, 6, 53-60. Hall, C. (2021). Auditing Cash: The Why and How Guide. Retrieved from: https://cpahalltalk.com/auditing-cash/ ACC 411 Final Project Guidelines and Rubric Overview Professional auditors are charged with the responsibility of analyzing internal controls, conducting risk assessments using analytical procedures, and designing
and implementing audit programs. The purpose of any audit is to report, analyze, and determine whether a specific entity met the stated goals of the procedures being audited. The audit objectives drive the audit program, the analytical procedures, and the substantive fieldwork done by the audit team. Most people think of financial auditing when they discuss, read about, or are involved with audits because it is the most common type; however, there are many other types of audits. These include performance, government, compliance, and internal audits. This class focuses on financial auditing for the majority of the topics, which requires that auditors possess the skills and abilities to successfully implement auditing standards and procedures. For your final project for this course, you will assume the role of an auditor at a large accounting firm, preparing to perform an audit of financial records for Robbins Network Solution s (RNS). As with any audit, the audit team is not always going to have access to all the information and resources they want prior to starting and working on the audit. That is real-world auditing. The assignment is intended to mimic what auditors face in their career. Do the best with what you have, using auditing standards and critical thinking. Support all your responses based on the material you have.
This summative assessment focuses on the preliminary audit assessment, including the drafting of a summary of findings, preparation of an audit program, and evaluation of the relationship between audit risk, audit evidence, and financial statement assertions. The project is divided into two milestones, which will be submitted at various points throughout the course to scaffold learning and ensure quality final submissions. These milestones will be submitted in Modules Three and Five. The final product will be submitted in Module Seven. In this assignment, you will demonstrate your mastery of the following course outcomes: -411-01: Explain the use of assurance services in financial reporting -411-02: Assess the internal controls of an entity for minimizing risk -411-03: Analyze the impact of emerging technologies that could affect auditing
Prompt Assume you are an auditor at an accounting firm. Your team is getting ready to start a financial audit of Robbins Network

Recommended

Network Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. ShivashankarNetwork Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. ShivashankarDr. Shivashankar
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network SecurityKathirvel Ayyaswamy
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6limsh
 
IP Security
IP SecurityIP Security
IP SecurityDr.Florence Dayana
 
Lecture14..pdf
Lecture14..pdfLecture14..pdf
Lecture14..pdfAlaaElhaddad3
 
Ip security
Ip security Ip security
Ip security Naveen Dubey
 
IS Unit-4 .ppt
IS Unit-4 .pptIS Unit-4 .ppt
IS Unit-4 .pptNamanRockzz
 
Lec 9.pptx
Lec 9.pptxLec 9.pptx
Lec 9.pptxssuserbab2f4
 

Recommended

Network Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. ShivashankarNetwork Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. ShivashankarDr. Shivashankar
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network SecurityKathirvel Ayyaswamy
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6limsh
 
IP Security
IP SecurityIP Security
IP SecurityDr.Florence Dayana
 
Lecture14..pdf
Lecture14..pdfLecture14..pdf
Lecture14..pdfAlaaElhaddad3
 
Ip security
Ip security Ip security
Ip security Naveen Dubey
 
IS Unit-4 .ppt
IS Unit-4 .pptIS Unit-4 .ppt
IS Unit-4 .pptNamanRockzz
 
Lec 9.pptx
Lec 9.pptxLec 9.pptx
Lec 9.pptxssuserbab2f4
 
Ip security
Ip security Ip security
Ip security Dr.K.Sreenivas Rao
 
IP SEC.ptx
IP SEC.ptxIP SEC.ptx
IP SEC.ptxMamoonKhan40
 
Ip sec
Ip secIp sec
Ip secShiva Krishna Chandra Shekar
 
Unit 5
Unit 5Unit 5
Unit 5Vinod Kumar Gorrepati
 
IP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdfIP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdfsolimankellymattwe60
 
Cybersecurity Tutorial | Demo On Man In The Middle Attack | Cybersecurity Tra...
Cybersecurity Tutorial | Demo On Man In The Middle Attack | Cybersecurity Tra...Cybersecurity Tutorial | Demo On Man In The Middle Attack | Cybersecurity Tra...
Cybersecurity Tutorial | Demo On Man In The Middle Attack | Cybersecurity Tra...Edureka!
 
IP Security
IP SecurityIP Security
IP SecurityKeshab Nath
 
IP Security
IP SecurityIP Security
IP SecurityAmbo University
 
Implementation of IPSec VPN on Cisco routers and Configuring it on ISP. (1)
Implementation of IPSec VPN on Cisco routers and Configuring it on ISP. (1)Implementation of IPSec VPN on Cisco routers and Configuring it on ISP. (1)
Implementation of IPSec VPN on Cisco routers and Configuring it on ISP. (1)Vanitha Joshi
 
Network IP Security.pdf
Network IP Security.pdfNetwork IP Security.pdf
Network IP Security.pdfgeorgejustymirobi1
 
Chapter 6.ppt
Chapter 6.pptChapter 6.ppt
Chapter 6.pptssuserec53e73
 
Chapter 6 (1).ppt
Chapter 6 (1).pptChapter 6 (1).ppt
Chapter 6 (1).pptssuserec53e73
 
Chapter 6 (1).ppt
Chapter 6 (1).pptChapter 6 (1).ppt
Chapter 6 (1).pptDivyaSek
 
Ipsecurity
IpsecurityIpsecurity
IpsecurityChinmay Patel
 
Cyber forensics
Cyber forensicsCyber forensics
Cyber forensicsGopal Karthik
 
IPsec for IMS
IPsec for IMSIPsec for IMS
IPsec for IMSHossein Yavari
 
CCNA
CCNACCNA
CCNAAbhishek Parihari
 
Session 2 Tp 2
Session 2 Tp 2Session 2 Tp 2
Session 2 Tp 2githe26200
 
Unit 6
Unit 6Unit 6
Unit 6KRAMANJANEYULU1
 
I psec cisco
I psec ciscoI psec cisco
I psec ciscoDeepak296
 
 Explain how firms can benefit from forecastingexchange rates .docx
 Explain how firms can benefit from forecastingexchange rates .docx Explain how firms can benefit from forecastingexchange rates .docx
 Explain how firms can benefit from forecastingexchange rates .docxhanneloremccaffery
 
•POL201 •Discussions •Week 5 - DiscussionVoter and Voter Tu.docx
•POL201 •Discussions •Week 5 - DiscussionVoter and Voter Tu.docx•POL201 •Discussions •Week 5 - DiscussionVoter and Voter Tu.docx
•POL201 •Discussions •Week 5 - DiscussionVoter and Voter Tu.docxhanneloremccaffery
 

More Related Content

Similar to [removed]Cryptography and Network Security Principles a.docx

IP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdfIP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdfsolimankellymattwe60
 
Cybersecurity Tutorial | Demo On Man In The Middle Attack | Cybersecurity Tra...
Cybersecurity Tutorial | Demo On Man In The Middle Attack | Cybersecurity Tra...Cybersecurity Tutorial | Demo On Man In The Middle Attack | Cybersecurity Tra...
Cybersecurity Tutorial | Demo On Man In The Middle Attack | Cybersecurity Tra...Edureka!
 
Implementation of IPSec VPN on Cisco routers and Configuring it on ISP. (1)
Implementation of IPSec VPN on Cisco routers and Configuring it on ISP. (1)Implementation of IPSec VPN on Cisco routers and Configuring it on ISP. (1)
Implementation of IPSec VPN on Cisco routers and Configuring it on ISP. (1)Vanitha Joshi
 
Chapter 6 (1).ppt
Chapter 6 (1).pptChapter 6 (1).ppt
Chapter 6 (1).pptDivyaSek
 
Session 2 Tp 2
Session 2 Tp 2Session 2 Tp 2
Session 2 Tp 2githe26200
 
I psec cisco
I psec ciscoI psec cisco
I psec ciscoDeepak296
 

Similar to [removed]Cryptography and Network Security Principles a.docx (20)

Ip security
Ip security Ip security
Ip security
 
IP SEC.ptx
IP SEC.ptxIP SEC.ptx
IP SEC.ptx
 
Ip sec
Ip secIp sec
Ip sec
 
Unit 5
Unit 5Unit 5
Unit 5
 
IP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdfIP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdf
 
Cybersecurity Tutorial | Demo On Man In The Middle Attack | Cybersecurity Tra...
Cybersecurity Tutorial | Demo On Man In The Middle Attack | Cybersecurity Tra...Cybersecurity Tutorial | Demo On Man In The Middle Attack | Cybersecurity Tra...
Cybersecurity Tutorial | Demo On Man In The Middle Attack | Cybersecurity Tra...
 
IP Security
IP SecurityIP Security
IP Security
 
IP Security
IP SecurityIP Security
IP Security
 
Implementation of IPSec VPN on Cisco routers and Configuring it on ISP. (1)
Implementation of IPSec VPN on Cisco routers and Configuring it on ISP. (1)Implementation of IPSec VPN on Cisco routers and Configuring it on ISP. (1)
Implementation of IPSec VPN on Cisco routers and Configuring it on ISP. (1)
 
Network IP Security.pdf
Network IP Security.pdfNetwork IP Security.pdf
Network IP Security.pdf
 
Chapter 6.ppt
Chapter 6.pptChapter 6.ppt
Chapter 6.ppt
 
Chapter 6 (1).ppt
Chapter 6 (1).pptChapter 6 (1).ppt
Chapter 6 (1).ppt
 
Chapter 6 (1).ppt
Chapter 6 (1).pptChapter 6 (1).ppt
Chapter 6 (1).ppt
 
Ipsecurity
IpsecurityIpsecurity
Ipsecurity
 
Cyber forensics
Cyber forensicsCyber forensics
Cyber forensics
 
IPsec for IMS
IPsec for IMSIPsec for IMS
IPsec for IMS
 
CCNA
CCNACCNA
CCNA
 
Session 2 Tp 2
Session 2 Tp 2Session 2 Tp 2
Session 2 Tp 2
 
Unit 6
Unit 6Unit 6
Unit 6
 
I psec cisco
I psec ciscoI psec cisco
I psec cisco
 

More from hanneloremccaffery

 Explain how firms can benefit from forecastingexchange rates .docx
 Explain how firms can benefit from forecastingexchange rates .docx Explain how firms can benefit from forecastingexchange rates .docx
 Explain how firms can benefit from forecastingexchange rates .docxhanneloremccaffery
 
•POL201 •Discussions •Week 5 - DiscussionVoter and Voter Tu.docx
•POL201 •Discussions •Week 5 - DiscussionVoter and Voter Tu.docx•POL201 •Discussions •Week 5 - DiscussionVoter and Voter Tu.docx
•POL201 •Discussions •Week 5 - DiscussionVoter and Voter Tu.docxhanneloremccaffery
 
•No less than 4 pages causal argument researched essay •In.docx
•No less than 4 pages causal argument researched essay •In.docx•No less than 4 pages causal argument researched essay •In.docx
•No less than 4 pages causal argument researched essay •In.docxhanneloremccaffery
 
•Focus on two or three things in the Mesopotamian andor Ovids ac.docx
•Focus on two or three things in the Mesopotamian andor Ovids ac.docx•Focus on two or three things in the Mesopotamian andor Ovids ac.docx
•Focus on two or three things in the Mesopotamian andor Ovids ac.docxhanneloremccaffery
 
•Langbein, L. (2012). Public program evaluation A statistical guide.docx
•Langbein, L. (2012). Public program evaluation A statistical guide.docx•Langbein, L. (2012). Public program evaluation A statistical guide.docx
•Langbein, L. (2012). Public program evaluation A statistical guide.docxhanneloremccaffery
 
•Chapter 10 Do you think it is possible for an outsider to accura.docx
•Chapter 10 Do you think it is possible for an outsider to accura.docx•Chapter 10 Do you think it is possible for an outsider to accura.docx
•Chapter 10 Do you think it is possible for an outsider to accura.docxhanneloremccaffery
 
·         Bakit Di gaanong kaganda ang pagturo sa UST sa panahon.docx
·         Bakit Di gaanong kaganda ang pagturo sa UST sa panahon.docx·         Bakit Di gaanong kaganda ang pagturo sa UST sa panahon.docx
·         Bakit Di gaanong kaganda ang pagturo sa UST sa panahon.docxhanneloremccaffery
 
·YOUR INDIVIDUAL PAPER IS ARGUMENTATIVE OR POSITIONAL(Heal.docx
·YOUR INDIVIDUAL PAPER IS ARGUMENTATIVE OR POSITIONAL(Heal.docx·YOUR INDIVIDUAL PAPER IS ARGUMENTATIVE OR POSITIONAL(Heal.docx
·YOUR INDIVIDUAL PAPER IS ARGUMENTATIVE OR POSITIONAL(Heal.docxhanneloremccaffery
 
·Write a 750- to 1,Write a 750- to 1,200-word paper that.docx
·Write a 750- to 1,Write a 750- to 1,200-word paper that.docx·Write a 750- to 1,Write a 750- to 1,200-word paper that.docx
·Write a 750- to 1,Write a 750- to 1,200-word paper that.docxhanneloremccaffery
 
[Type here]Ok. This school makes me confused. The summary of t.docx
[Type here]Ok. This school makes me confused. The summary of t.docx[Type here]Ok. This school makes me confused. The summary of t.docx
[Type here]Ok. This school makes me confused. The summary of t.docxhanneloremccaffery
 
© 2020 Cengage Learning®. May not be scanned, copied or duplic.docx
© 2020 Cengage Learning®. May not be scanned, copied or duplic.docx© 2020 Cengage Learning®. May not be scanned, copied or duplic.docx
© 2020 Cengage Learning®. May not be scanned, copied or duplic.docxhanneloremccaffery
 
© 2016 Laureate Education, Inc. Page 1 of 3 RWRCOEL Prof.docx
© 2016 Laureate Education, Inc. Page 1 of 3 RWRCOEL Prof.docx© 2016 Laureate Education, Inc. Page 1 of 3 RWRCOEL Prof.docx
© 2016 Laureate Education, Inc. Page 1 of 3 RWRCOEL Prof.docxhanneloremccaffery
 
© 2022 Post University, ALL RIGHTS RESERVED Due Date.docx
© 2022 Post University, ALL RIGHTS RESERVED Due Date.docx© 2022 Post University, ALL RIGHTS RESERVED Due Date.docx
© 2022 Post University, ALL RIGHTS RESERVED Due Date.docxhanneloremccaffery
 
{DiscriminationGENERAL DISCRIMINATI.docx
{DiscriminationGENERAL DISCRIMINATI.docx{DiscriminationGENERAL DISCRIMINATI.docx
{DiscriminationGENERAL DISCRIMINATI.docxhanneloremccaffery
 
~UEER THEORY AND THE JEWISH QUESTI01 Daniel Boyarin, Da.docx
~UEER THEORY AND THE JEWISH QUESTI01 Daniel Boyarin, Da.docx~UEER THEORY AND THE JEWISH QUESTI01 Daniel Boyarin, Da.docx
~UEER THEORY AND THE JEWISH QUESTI01 Daniel Boyarin, Da.docxhanneloremccaffery
 
© 2017 Cengage Learning. All Rights Reserved.Chapter Twelve.docx
© 2017 Cengage Learning. All Rights Reserved.Chapter Twelve.docx© 2017 Cengage Learning. All Rights Reserved.Chapter Twelve.docx
© 2017 Cengage Learning. All Rights Reserved.Chapter Twelve.docxhanneloremccaffery
 
`HISTORY 252AEarly Modern Europe from 1500 to 1815Dr. Burton .docx
`HISTORY 252AEarly Modern Europe from 1500 to 1815Dr. Burton .docx`HISTORY 252AEarly Modern Europe from 1500 to 1815Dr. Burton .docx
`HISTORY 252AEarly Modern Europe from 1500 to 1815Dr. Burton .docxhanneloremccaffery
 
^ Acadumy of Management Journal2001. Vol. 44. No. 2. 219-237.docx
^ Acadumy of Management Journal2001. Vol. 44. No. 2. 219-237.docx^ Acadumy of Management Journal2001. Vol. 44. No. 2. 219-237.docx
^ Acadumy of Management Journal2001. Vol. 44. No. 2. 219-237.docxhanneloremccaffery
 
__MACOSXSujan Poster._CNA320 Poster Presentation rubric.pdf.docx
__MACOSXSujan Poster._CNA320 Poster Presentation rubric.pdf.docx__MACOSXSujan Poster._CNA320 Poster Presentation rubric.pdf.docx
__MACOSXSujan Poster._CNA320 Poster Presentation rubric.pdf.docxhanneloremccaffery
 

More from hanneloremccaffery (20)

 Explain how firms can benefit from forecastingexchange rates .docx
 Explain how firms can benefit from forecastingexchange rates .docx Explain how firms can benefit from forecastingexchange rates .docx
 Explain how firms can benefit from forecastingexchange rates .docx
 
•POL201 •Discussions •Week 5 - DiscussionVoter and Voter Tu.docx
•POL201 •Discussions •Week 5 - DiscussionVoter and Voter Tu.docx•POL201 •Discussions •Week 5 - DiscussionVoter and Voter Tu.docx
•POL201 •Discussions •Week 5 - DiscussionVoter and Voter Tu.docx
 
•No less than 4 pages causal argument researched essay •In.docx
•No less than 4 pages causal argument researched essay •In.docx•No less than 4 pages causal argument researched essay •In.docx
•No less than 4 pages causal argument researched essay •In.docx
 
•Focus on two or three things in the Mesopotamian andor Ovids ac.docx
•Focus on two or three things in the Mesopotamian andor Ovids ac.docx•Focus on two or three things in the Mesopotamian andor Ovids ac.docx
•Focus on two or three things in the Mesopotamian andor Ovids ac.docx
 
•Langbein, L. (2012). Public program evaluation A statistical guide.docx
•Langbein, L. (2012). Public program evaluation A statistical guide.docx•Langbein, L. (2012). Public program evaluation A statistical guide.docx
•Langbein, L. (2012). Public program evaluation A statistical guide.docx
 
•Chapter 10 Do you think it is possible for an outsider to accura.docx
•Chapter 10 Do you think it is possible for an outsider to accura.docx•Chapter 10 Do you think it is possible for an outsider to accura.docx
•Chapter 10 Do you think it is possible for an outsider to accura.docx
 
·         Bakit Di gaanong kaganda ang pagturo sa UST sa panahon.docx
·         Bakit Di gaanong kaganda ang pagturo sa UST sa panahon.docx·         Bakit Di gaanong kaganda ang pagturo sa UST sa panahon.docx
·         Bakit Di gaanong kaganda ang pagturo sa UST sa panahon.docx
 
·YOUR INDIVIDUAL PAPER IS ARGUMENTATIVE OR POSITIONAL(Heal.docx
·YOUR INDIVIDUAL PAPER IS ARGUMENTATIVE OR POSITIONAL(Heal.docx·YOUR INDIVIDUAL PAPER IS ARGUMENTATIVE OR POSITIONAL(Heal.docx
·YOUR INDIVIDUAL PAPER IS ARGUMENTATIVE OR POSITIONAL(Heal.docx
 
·Write a 750- to 1,Write a 750- to 1,200-word paper that.docx
·Write a 750- to 1,Write a 750- to 1,200-word paper that.docx·Write a 750- to 1,Write a 750- to 1,200-word paper that.docx
·Write a 750- to 1,Write a 750- to 1,200-word paper that.docx
 
[Type here]Ok. This school makes me confused. The summary of t.docx
[Type here]Ok. This school makes me confused. The summary of t.docx[Type here]Ok. This school makes me confused. The summary of t.docx
[Type here]Ok. This school makes me confused. The summary of t.docx
 
© 2020 Cengage Learning®. May not be scanned, copied or duplic.docx
© 2020 Cengage Learning®. May not be scanned, copied or duplic.docx© 2020 Cengage Learning®. May not be scanned, copied or duplic.docx
© 2020 Cengage Learning®. May not be scanned, copied or duplic.docx
 
© 2016 Laureate Education, Inc. Page 1 of 3 RWRCOEL Prof.docx
© 2016 Laureate Education, Inc. Page 1 of 3 RWRCOEL Prof.docx© 2016 Laureate Education, Inc. Page 1 of 3 RWRCOEL Prof.docx
© 2016 Laureate Education, Inc. Page 1 of 3 RWRCOEL Prof.docx
 
© 2022 Post University, ALL RIGHTS RESERVED Due Date.docx
© 2022 Post University, ALL RIGHTS RESERVED Due Date.docx© 2022 Post University, ALL RIGHTS RESERVED Due Date.docx
© 2022 Post University, ALL RIGHTS RESERVED Due Date.docx
 
{DiscriminationGENERAL DISCRIMINATI.docx
{DiscriminationGENERAL DISCRIMINATI.docx{DiscriminationGENERAL DISCRIMINATI.docx
{DiscriminationGENERAL DISCRIMINATI.docx
 
~UEER THEORY AND THE JEWISH QUESTI01 Daniel Boyarin, Da.docx
~UEER THEORY AND THE JEWISH QUESTI01 Daniel Boyarin, Da.docx~UEER THEORY AND THE JEWISH QUESTI01 Daniel Boyarin, Da.docx
~UEER THEORY AND THE JEWISH QUESTI01 Daniel Boyarin, Da.docx
 
© 2017 Cengage Learning. All Rights Reserved.Chapter Twelve.docx
© 2017 Cengage Learning. All Rights Reserved.Chapter Twelve.docx© 2017 Cengage Learning. All Rights Reserved.Chapter Twelve.docx
© 2017 Cengage Learning. All Rights Reserved.Chapter Twelve.docx
 
`HISTORY 252AEarly Modern Europe from 1500 to 1815Dr. Burton .docx
`HISTORY 252AEarly Modern Europe from 1500 to 1815Dr. Burton .docx`HISTORY 252AEarly Modern Europe from 1500 to 1815Dr. Burton .docx
`HISTORY 252AEarly Modern Europe from 1500 to 1815Dr. Burton .docx
 
^ Acadumy of Management Journal2001. Vol. 44. No. 2. 219-237.docx
^ Acadumy of Management Journal2001. Vol. 44. No. 2. 219-237.docx^ Acadumy of Management Journal2001. Vol. 44. No. 2. 219-237.docx
^ Acadumy of Management Journal2001. Vol. 44. No. 2. 219-237.docx
 
`Inclusiveness. The main.docx
`Inclusiveness. The main.docx`Inclusiveness. The main.docx
`Inclusiveness. The main.docx
 
__MACOSXSujan Poster._CNA320 Poster Presentation rubric.pdf.docx
__MACOSXSujan Poster._CNA320 Poster Presentation rubric.pdf.docx__MACOSXSujan Poster._CNA320 Poster Presentation rubric.pdf.docx
__MACOSXSujan Poster._CNA320 Poster Presentation rubric.pdf.docx
 

Recently uploaded

Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppCeline George
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfUmakantAnnand
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 

Recently uploaded (20)

Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website App
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.Compdf
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 

[removed]Cryptography and Network Security Principles a.docx

  • 1. [removed] Cryptography and Network Security: Principles and Practice Eighth Edition Chapter 20 IP Security Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Copyright © 2020 Pearson Education, Inc. All Rights Reserved. IP Security Overview • RFC 1636 – “Security in the Internet Architecture” – Issued in 1994 by the Internet Architecture Board (I A B) – Identifies key areas for security mechanisms ▪ Need to secure the network infrastructure from unauthorized monitoring and control of network traffic ▪ Need to secure end-user-to-end-user traffic using
  • 2. authentication and encryption mechanisms – I A B included authentication and encryption as necessary security features in the next generation I P (I P v 6) ▪ The IPsec specification now exists as a set of Internet standards Copyright © 2020 Pearson Education, Inc. All Rights Reserved. IPsec Documents (1 of 2) • IPsec Documents – Architecture ▪ Covers the general concepts, security requirements, definitions, and mechanisms defining IPsec technology ▪ The current specification is RFC4301, Security Architecture for the Internet Protocol – Authentication Header (AH) ▪ An extension header to provide message authentication ▪ The current specification is RFC 4302, IP Authentication Header
  • 3. – Encapsulating Security Payload (ESP) ▪ Consists of an encapsulating header and trailer used to provide encryption or combined encryption/authentication ▪ The current specification is RFC 4303, IP Encapsulating Security Payload (ESP) Copyright © 2020 Pearson Education, Inc. All Rights Reserved. IPsec Documents (2 of 2) – Internet Key Exchange (IKE) ▪ A collection of documents describing the key management schemes for use with IPsec ▪ The main specification is RFC 7296, Internet Key Exchange (IKEv2) Protocol, but there are a number of related RFCs – Cryptographic algorithms ▪ This category encompasses a large set of documents that define and describe cryptographic algorithms for encryption, message authentication, pseudorandom functions (PRFs), and cryptographic key exchange
  • 4. – Other ▪ There are a variety of other IPsec-related RFCs, including those dealing with security policy and management information base (MIB) content Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Applications of IPsec • IPsec provides the capability to secure communications across a L A N, private and public W A N s, and the Internet • Examples include: – Secure branch office connectivity over the Internet – Secure remote access over the Internet – Establishing extranet and intranet connectivity with partners – Enhancing electronic commerce security • Principal feature of I Psec is that it can encrypt and/or authenticate all traffic at the I P level – Thus all distributed applications (remote logon, client/server, e-mail, file transfer, Web access) can be secured
  • 5. Copyright © 2020 Pearson Education, Inc. All Rights Reserved. I Psec Services • IPsec provides security services at the IP layer by enabling a system to: – Select required security protocols – Determine the algorithm(s) to use for the service(s) – Put in place any cryptographic keys required to provide the requested services • RFC 4301 lists the following services: – Access control – Connectionless integrity – Data origin authentication – Rejection of replayed packets (a form of partial sequence integrity) – Confidentiality (encryption) – Limited traffic flow confidentiality
  • 6. Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Figure 20.1 IPsec Architecture Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Security Association (S A) • A one-way logical connection between a sender and a receiver that affords security services to the traffic carried on it • In any I P packet, the S A is uniquely identified by the Destination Address in the I P v 4 or I P v 6 header and the S P I in the enclosed extension header (A H or E S P) Uniquely identified by three parameters: • Security Parameters Index (SPI) – A 32-bit unsigned integer assigned to this SA and having local significance only • IP Destination Address – Address of the destination endpoint of the SA, which may be an end-user system or a network system such as a firewall or router • Security protocol identifier
  • 7. – Indicates whether the association is an AH or ESP security association Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Security Association Database (S A D) • Defines the parameters associated with each S A • Normally defined by the following parameters in a S A D entry: – Security parameter index – Sequence number counter – Sequence counter overflow – Anti-replay window – A H information – E S P information – Lifetime of this security association – I Psec protocol mode – Path M T U Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Security Policy Database (S P D)
  • 8. • The means by which I P traffic is related to specific S A s – Contains entries, each of which defines a subset of I P traffic and points to an S A for that traffic • In more complex environments, there may be multiple entries that potentially relate to a single S A or multiple SAs associated with a single S P D entry – Each S P D entry is defined by a set of I P and upper- layer protocol field values called selectors – These are used to filter outgoing traffic in order to map it into a particular S A Copyright © 2020 Pearson Education, Inc. All Rights Reserved. SPD Entries (1 of 2) • The following selectors determine an SPD entry: • Remote IP address – This may be a single IP address, an enumerated list or range of addresses, or a wildcard (mask) address – The latter two are required to support more than one
  • 9. destination system sharing the same SA • Local IP address – This may be a single IP address, an enumerated list or range of addresses, or a wildcard (mask) address – The latter two are required to support more than one source system sharing the same SA Copyright © 2020 Pearson Education, Inc. All Rights Reserved. SPD Entries (2 of 2) • Next layer protocol – The IP protocol header includes a field that designates the protocol operating over IP • Name – A user identifier from the operating system – Not a field in the IP or upper-layer headers but is available if IPsec is running on the same operating system as the user • Local and remote ports
  • 10. – These may be individual TCP or UDP port values, an enumerated list of ports, or a wildcard port Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Table 20.1 Host S P D Example Protocol Local IP Port Remote IP Port Action Comment UDP 1.2.3.101 500 * 500 BYPASS IKE ICMP 1.2.3.101 * * * BYPASS Error messages * 1.2.3.101 * 1.2.3.0/24 * PROTECT: ESP intransport-mode Encrypt intranet traffic TCP 1.2.3.101 * 1.2.4.10 80 PROTECT: ESP intransport-mode Encrypt to server
  • 11. TCP 1.2.3.101 * 1.2.4.10 443 BYPASS TLS: avoid double encryption * 1.2.3.101 * 1.2.4.0/24 * DISCARD Others in DMZ * 1.2.3.101 * * * BYPASS Internet Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Figure 20.2 Processing Model for Outbound Packets Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Figure 20.3 Processing Model for Inbound Packets Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Figure 20.4 E S P Packet Format
  • 12. Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Encapsulating Security Payload (E S P) (1 of 2) • Used to encrypt the Payload Data, Padding, Pad Length, and Next Header fields – If the algorithm requires cryptographic synchronization data then these data may be carried explicitly at the beginning of the Payload Data field • An optional I C V field is present only if the integrity service is selected and is provided by either a separate integrity algorithm or a combined mode algorithm that uses an I C V – I C V is computed after the encryption is performed – This order of processing facilitates reducing the impact of DoS attacks – Because the I C V is not protected by encryption, a keyed integrity algorithm must be employed to compute the I C V Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
  • 13. Encapsulating Security Payload (E S P) (2 of 2) • The Padding field serves several purposes: – If an encryption algorithm requires the plaintext to be a multiple of some number of bytes, the Padding field is used to expand the plaintext to the required length – Used to assure alignment of Pad Length and Next Header fields – Additional padding may be added to provide partial traffic-flow confidentiality by concealing the actual length of the payload Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Figure 20.5 Anti-replay Mechanism Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Figure 20.6 Scope of ESP Encryption and Authentication
  • 14. Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Figure 20.7 End-to-end IPsec Transport-Mode Encryption Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Transport Mode (1 of 2) • Transport mode operation may be summarized as follows: – At the source, the block of data consisting of the E S P trailer plus the entire transport-layer segment is encrypted and the plaintext of this block is replaced with its ciphertext to form the I P packet for transmission. Authentication is added if this option is selected – The packet is then routed to the destination. Each intermediate router needs to examine and process the I P header plus any plaintext I P extension headers but does not need to examine the ciphertext – The destination node examines and processes the I P header plus any plaintext I P extension headers. Then, on the basis of the S P I in the E S P header, the destination node decrypts the remainder of the packet to recover the plaintext transport-layer segment Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Transport Mode (2 of 2)
  • 15. • Transport mode operation provides confidentiality for any application that uses it, thus avoiding the need to implement confidentiality in every individual application • One drawback to this mode is that it is possible to do traffic analysis on the transmitted packets Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Tunnel Mode (1 of 3) • Tunnel mode provides protection to the I P packet – To achieve this, after the A H or E S P fields are added to the I P packet, the entire packet plus security fields is treated as the payload of new outer I P packet with a new outer I P header – The entire original, inner, packet travels through a tunnel from one point of an I P network to another; no routers along the way are able to examine the inner I P header – Because the original packet is encapsulated, the new,
  • 16. larger packet may have totally different source and destination addresses, adding to the security Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Tunnel Mode (2 of 3) – Tunnel mode is used when one or both ends of a security association (S A) are a security gateway, such as a firewall or router that implements I Psec – With tunnel mode, a number of hosts on networks behind firewalls may engage in secure communications without implementing IPsec – The unprotected packets generated by such hosts are tunneled through external networks by tunnel mode S As set up by the IPsec software in the firewall or secure router at the boundary of the local network Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Tunnel Mode (3 of 3)
  • 17. • Tunnel mode is useful in a configuration that includes a firewall or other sort of security gateway that protects a trusted network from external networks • Encryption occurs only between an external host and the security gateway or between two security gateways – This relieves hosts on the internal network of the processing burden of encryption and simplifies the key distribution task by reducing the number of needed keys – It thwarts traffic analysis based on ultimate destination Copyright © 2020 Pearson Education, Inc. All Rights Reserved. V P N • Tunnel mode can be used to implement a secure virtual private network – A virtual private network (V P N) is a private network that is configured within a public network in order to take advantage of the economies of scale and management facilities of large networks
  • 18. ▪ V P N s are widely used by enterprises to create wide area networks that span large geographic areas, to provide site-to- site connections to branch offices, and to allow mobile users to dial up their company L A N s ▪ The pubic network facility is shared by many customers, with the traffic of each customer segregated from other traffic ▪ Traffic designated as V P N traffic can only go from a V P N source to a destination in the same V P N ▪ It is often the case that encryption and authentication facilities are provided for the V P N Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Figure 20.8 Example of Virtual Private Network Implemented with IPsec Tunnel Mode Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Table 20.2 Tunnel Mode and
  • 19. Transport Mode Functionality Blank Transport Mode S A Tunnel Mode S A A H Authenticates I P payload and selected portions of I P header and IPv6 extension headers. Authenticates entire inner I P packet (inner header plus I P payload) plus selected portions of outer I P header and outer I P v 6 extension headers. E S P Encrypts I P payload and any IPv6 extension headers following the ESP header. Encrypts entire inner I P packet. E S P with
  • 20. Authentication Encrypts I P payload and any IPv6 extension headers following the E S P header. Authenticates I P payload but not I P header. Encrypts entire inner I P packet. Authenticates inner I P packet. Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Figure 20.9 Protocol Operation for E S P Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Combining Security Associations • An individual SA can implement either the AH or ESP protocol but not both • Security association bundle – Refers to a sequence of SAs through which traffic must be processed to
  • 21. provide a desired set of IPsec services – The SAs in a bundle may terminate at different endpoints or at the same endpoint • May be combined into bundles in two ways: • Transport adjacency – Refers to applying more than one security protocol to the same IP packet without invoking tunneling – This approach allows for only one level of combination • Iterated tunneling – Refers to the application of multiple layers of security protocols effected through IP tunneling – This approach allows for multiple levels of nesting Copyright © 2020 Pearson Education, Inc. All Rights Reserved. E S P with Authentication Option • In this approach, the first user applies E S P to the data to be protected and then appends the authentication data field
  • 22. • Transport mode E S P – Authentication and encryption apply to the I P payload delivered to the host, but the I P header is not protected • Tunnel mode E S P – Authentication applies to the entire I P packet delivered to the outer I P destination address and authentication is performed at that destination – The entire inner I P packet is protected by the privacy mechanism for delivery to the inner I P destination • For both cases authentication applies to the ciphertext rather than the plaintext Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Transport Adjacency • Another way to apply authentication after encryption is to use two bundled transport S A s, with the inner being an E S P S A and the outer being an A H S A
  • 23. – In this case E S P is used without its authentication option – Encryption is applied to the I P payload – A H is then applied in transport mode – Advantage of this approach is that the authentication covers more fields – Disadvantage is the overhead of two S A s versus one S A Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Transport-Tunnel Bundle • The use of authentication prior to encryption might be preferable for several reasons: – It is impossible for anyone to intercept the message and alter the authentication data without detection – It may be desirable to store the authentication information with the message at the destination for later reference • One approach is to use a bundle consisting of an inner A H transport S A and an outer E S P tunnel S A – Authentication is applied to the I P payload plus the I P
  • 24. header – The resulting I P packet is then processed in tunnel mode by E S P ▪ The result is that the entire authenticated inner packet is encrypted and a new outer I P header is added Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Figure 20.10 Basic Combinations of Security Associations Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Internet Key Exchange • The key management portion of I Psec involves the determination and distribution of secret keys – A typical requirement is four keys for communication between two applications ▪ Transmit and receive pairs for both integrity and confidentiality
  • 25. • The I Psec Architecture document mandates support for two types of key management: • Manual – A system administrator manually configures each system with its own keys and with the keys of other communicating systems – This is practical for small, relatively static environments • Automated – Enables the on-demand creation of keys for S A s and facilitates the use of keys in a large distributed system with an evolving configuration Copyright © 2020 Pearson Education, Inc. All Rights Reserved. I S A K M P/Oakley • The default automated key management protocol of IPsec • Consists of: – Oakley Key Determination Protocol ▪ A key exchange protocol based on the Diffie-Hellman algorithm but providing added security ▪ Generic in that it does not dictate specific formats
  • 26. – Internet Security Association and Key Management Protocol (I S A K M P) ▪ Provides a framework for Internet key management and provides the specific protocol support, including formats, for negotiation of security attributes ▪ Consists of a set of message types that enable the use of a variety of key exchange algorithms Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Features of I K E Key Determination • Algorithm is characterized by five important features: 1. – It employs a mechanism known as cookies to thwart clogging attacks 2. – It enables the two parties to negotiate a group; this, in essence, specifies the global parameters of the Diffie-Hellman key
  • 27. exchange 3. – It uses nonces to ensure against replay attacks 4. – It enables the exchange of Diffie-Hellman public key values 5. – It authenticates the Diffie-Hellman exchange to thwart man- in-the- middle-attacks Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Figure 20.11 IKEv2 Exchanges Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Figure 20.12 I K E Formats Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Table 20.3 IKE Payload Types Type Parameters
  • 28. Security Association Proposals Key Exchange DH Group #, Key Exchange Data Identification ID Type, ID Data Certificate Cert Encoding, Certificate Data Certificate Request Cert Encoding, Certification Authority Authentication Auth Method, Authentication Data Nonce Nonce Data Notify Protocol-ID, SPI Size, Notify Message Type, SPI, Notification Data Delete Protocol-ID, SPI Size, # of SPIs, SPI (one or more) Vendor ID Vendor ID Traffic Selector Number of TSs, Traffic Selectors Encrypted IV, Encrypted IKE payloads, Padding, Pad Length, ICV Configuration CFG Type, Configuration Attributes Extensible Authentication Protocol EAP Message
  • 29. Copyright © 2020 Pearson Education, Inc. All Rights Reserved. Summary • Present an overview of I P security (I Psec) • Explain the difference between transport mode and tunnel mode • Understand the concept of security association • Explain the difference between the security association database and the security policy database • Present an overview of Encapsulating Security Payload • Summarize the traffic processing functions performed by I Psec for out- bound packets and for inbound packets • Discuss the alternatives for combining security associations • Present an overview of Internet Key Exchange • Summarize the alternative cryptographic suites approved for use with IPsec Copyright © 2020 Pearson Education, Inc. All Rights Reserved.
  • 30. Copyright This work is protected by United States copyright laws and is provided solely for the use of instructors in teaching their courses and assessing student learning. Dissemination or sale of any part of this work (including on the World Wide Web) will destroy the integrity of the work and is not permitted. The work and materials from it should never be made available to students except by instructors using the accompanying text in their classes. All recipients of this work are expected to abide by these restrictions and to honor the intended pedagogical purposes and the needs of other instructors who rely on these materials. 1 4
  • 31. Zachary Higgs Southern New Hampshire University ACC-411-R1480 Auditing Principles October 02, 2022 Any organization or business needs to develop an audit program comprising thorough procedures for internal control of cash, including cash balances and receipts. An auditor must perform all the necessary procedures of internal controls in order to identify any shortcomings that might negatively affect RNS’ profits. Substantive data tests to detect lapping and analytical procedures must also be carried out to determine if the cash balances are correct (Allami & Jabbar, 2022). The audit program that could be used to assess RNS' internal controls for cash will mainly focus on key elements like directional risk for cash, primary cash assertions, main cash risks, and substantive cash procedures. This audit program may also focus on common cash work papers, risk of material misstatement for cash and common cash control deficiencies. During the auditing process, certain main relevant cash assertions must be looked at. They consist of accuracy, rights, completeness, existence and cut-off. Among the primary cash assertions, accuracy, existence and cut- off are considered the most important. This usually shows that there is an accurate cash balance and that only transactions in that period are incorporated. Directional risk for cash entails the probable bias that a customer has about an account balance. A customer may desire to have an overstatement of assets and an understatement of liabilities because they all make the balance sheet look
  • 32. healthier. While performing the audit procedures, it is important to carry out activities like testing bank reconciliation to make sure cash is not overstated. There are various primary risks for cash which must be looked at in the audit program. These primary risks include cash being stolen, being overstated intentionally to cover up robbery and lack of cash accounts on the general ledger. Other risks for cash include misstatement of cash because of improper cut-off or mistakes in the bank reconciliation. It is also important to look at various cash control deficiencies because they are common in most organizations or businesses. These control deficiencies include a lack of timely bank reconciliations and the individuals performing the bank reconciliation not having adequate knowledge and skills to perform their duty (Hall, 2021). Control risk can be evaluated at a high level on every assertion because if it is evaluated at less than high, the control should be tested to support the lower risk evaluation. Evaluating risks at high is generally more effective compared to testing controls, and the inherent risk turns into the driver of the risk of material misstatement. Some of the standard audit tests that can be used include confirmation of cash balances, inspecting final deposits and disbursements and checking whether all bank accounts are listed in the general ledger. References Allami, F. A. J., & Jabbar, L. D. A. K. (2022). A Proposed
  • 33. Audit Program to Integrate Modern and Traditional Auditing Methods. Periodica Journal of Modern Philosophy, Social Sciences and Humanities, 6, 53-60. Hall, C. (2021). Auditing Cash: The Why and How Guide. Retrieved from: https://cpahalltalk.com/auditing-cash/ ACC 411 Final Project Guidelines and Rubric Overview Professional auditors are charged with the responsibility of analyzing internal controls, conducting risk assessments using analytical procedures, and designing
  • 34. and implementing audit programs. The purpose of any audit is to report, analyze, and determine whether a specific entity met the stated goals of the procedures being audited. The audit objectives drive the audit program, the analytical procedures, and the substantive fieldwork done by the audit team. Most people think of financial auditing when they discuss, read about, or are involved with audits because it is the most common type; however, there are many other types of audits. These include performance, government, compliance, and internal audits. This class focuses on financial auditing for the majority of the topics, which requires that auditors possess the skills and abilities to successfully implement auditing standards and procedures. For your final project for this course, you will assume the role of an auditor at a large accounting firm, preparing to perform an audit of financial records for Robbins Network Solution s (RNS). As with any audit, the audit team is not always going to have access to all the information and resources they want prior to starting and working on the audit. That is real-world auditing. The assignment is intended to mimic what auditors face in their career. Do the best with what you have, using auditing standards and critical thinking. Support all your responses based on the material you have.
  • 35. This summative assessment focuses on the preliminary audit assessment, including the drafting of a summary of findings, preparation of an audit program, and evaluation of the relationship between audit risk, audit evidence, and financial statement assertions. The project is divided into two milestones, which will be submitted at various points throughout the course to scaffold learning and ensure quality final submissions. These milestones will be submitted in Modules Three and Five. The final product will be submitted in Module Seven. In this assignment, you will demonstrate your mastery of the following course outcomes: -411-01: Explain the use of assurance services in financial reporting -411-02: Assess the internal controls of an entity for minimizing risk -411-03: Analyze the impact of emerging technologies that could affect auditing
  • 36. Prompt Assume you are an auditor at an accounting firm. Your team is getting ready to start a financial audit of Robbins Network