SlideShare a Scribd company logo

Ch32

Wayne Jones Jnr
Wayne Jones Jnr

The document discusses several network security protocols: 1) IPSec provides security at the network layer and has two modes - transport and tunnel. It uses IKE to establish security associations. 2) SSL/TLS provides security at the transport layer for network communications. It uses cryptography to provide authentication, integrity, and privacy. 3) PGP provides security at the application layer for encrypting and authenticating emails. It uses public key cryptography and has key rings for managing keys. 4) Firewalls control access between internal and external networks. Packet-filter firewalls filter at the network/transport layer while proxy firewalls filter at the application layer.

Technology
1 of 44
Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Figure 32.1 Common structure of three security protocols
32-1 IPSecurity (IPSec) IPSecurity (IPSec) is a collection of protocols designed by the Internet Engineering Task Force (IETF) to provide security for a packet at the network level. Two Modes Two Security Protocols Security Association Internet Key Exchange (IKE) Virtual Private Network Topics discussed in this section:
Figure 32.2 TCP/IP protocol suite and IPSec
Figure 32.3 Transport mode and tunnel modes of IPSec protocol
IPSec in the transport mode does not protect the IP header; it only protects the information coming from the transport layer. Note
Figure 32.4 Transport mode in action
Figure 32.5 Tunnel mode in action
IPSec in tunnel mode protects the original IP header. Note
Figure 32.6 Authentication Header (AH) Protocol in transport mode
The AH Protocol provides source authentication and data integrity, but not privacy. Note
Figure 32.7 Encapsulating Security Payload (ESP) Protocol in transport mode
ESP provides source authentication, data integrity, and privacy. Note
Table 32.1 IPSec services
Figure 32.8 Simple inbound and outbound security associations
IKE creates SAs for IPSec. Note
Figure 32.9 IKE components
Table 32.2 Addresses for private networks
Figure 32.10 Private network
Figure 32.11 Hybrid network
Figure 32.12 Virtual private network
Figure 32.13 Addressing in a VPN
32-2 SSL/TLS Two protocols are dominant today for providing security at the transport layer: the Secure Sockets Layer (SSL) Protocol and the Transport Layer Security (TLS) Protocol. The latter is actually an IETF version of the former. SSL Services Security Parameters Sessions and Connections Four Protocols Transport Layer Security Topics discussed in this section:
Figure 32.14 Location of SSL and TLS in the Internet model
Table 32.3 SSL cipher suite list
Table 32.3 SSL cipher suite list ( continued )
The client and the server have six different cryptography secrets. Note
Figure 32.15 Creation of cryptographic secrets in SSL
Figure 32.16 Four SSL protocols
Figure 32.17 Handshake Protocol
Figure 32.18 Processing done by the Record Protocol
32-3 PGP One of the protocols to provide security at the application layer is Pretty Good Privacy (PGP). PGP is designed to create authenticated and confidential e-mails. Security Parameters Services A Scenario PGP Algorithms Key Rings PGP Certificates Topics discussed in this section:
Figure 32.19 Position of PGP in the TCP/IP protocol suite
In PGP, the sender of the message needs to include the identifiers of the algorithms used in the message as well as the values of the keys. Note
Figure 32.20 A scenario in which an e-mail message is authenticated and encrypted
Table 32.4 PGP Algorithms
Figure 32.21 Rings
In PGP, there can be multiple paths from fully or partially trusted authorities to any subject. Note
32-4 FIREWALLS All previous security measures cannot prevent Eve from sending a harmful message to a system. To control access to a system, we need firewalls. A firewall is a device installed between the internal network of an organization and the rest of the Internet. It is designed to forward some packets and filter (not forward) others. Packet-Filter Firewall Proxy Firewall Topics discussed in this section:
Figure 32.22 Firewall
Figure 32.23 Packet-filter firewall
A packet-filter firewall filters at the network or transport layer. Note
Figure 32.24 Proxy firewall
A proxy firewall filters at the application layer. Note

Recommended

Ipsec
IpsecIpsec
Ipsec
Baidyanath Dutta
 
Computer Network - Network Layer
Computer Network - Network LayerComputer Network - Network Layer
Computer Network - Network Layer
Manoj Kumar
 
Address resolution protocol (ARP)
Address resolution protocol (ARP)Address resolution protocol (ARP)
Address resolution protocol (ARP)
NetProtocol Xpert
 
Ch 20 UNICAST ROUTING SECTION 2
Ch 20 UNICAST ROUTING SECTION 2Ch 20 UNICAST ROUTING SECTION 2
Ch 20 UNICAST ROUTING SECTION 2
Hossam El-Deen Osama
 
Ip addressing classful
Ip addressing classfulIp addressing classful
Ip addressing classfulAbhishek Kesharwani
 
Code Tuning
Code TuningCode Tuning
Code Tuning
bgtraghu
 
UDP - User Datagram Protocol
UDP - User Datagram ProtocolUDP - User Datagram Protocol
UDP - User Datagram Protocol
Peter R. Egli
 
Transmission Control Protocol (TCP)
Transmission Control Protocol (TCP)Transmission Control Protocol (TCP)
Transmission Control Protocol (TCP)
k33a
 

Recommended

Ipsec
IpsecIpsec
Ipsec
Baidyanath Dutta
 
Computer Network - Network Layer
Computer Network - Network LayerComputer Network - Network Layer
Computer Network - Network Layer
Manoj Kumar
 
Address resolution protocol (ARP)
Address resolution protocol (ARP)Address resolution protocol (ARP)
Address resolution protocol (ARP)
NetProtocol Xpert
 
Ch 20 UNICAST ROUTING SECTION 2
Ch 20 UNICAST ROUTING SECTION 2Ch 20 UNICAST ROUTING SECTION 2
Ch 20 UNICAST ROUTING SECTION 2
Hossam El-Deen Osama
 
Ip addressing classful
Ip addressing classfulIp addressing classful
Ip addressing classfulAbhishek Kesharwani
 
Code Tuning
Code TuningCode Tuning
Code Tuning
bgtraghu
 
UDP - User Datagram Protocol
UDP - User Datagram ProtocolUDP - User Datagram Protocol
UDP - User Datagram Protocol
Peter R. Egli
 
Transmission Control Protocol (TCP)
Transmission Control Protocol (TCP)Transmission Control Protocol (TCP)
Transmission Control Protocol (TCP)
k33a
 
Chapter 19: Logical Addressing
Chapter 19: Logical AddressingChapter 19: Logical Addressing
Chapter 19: Logical Addressing
Shafaan Khaliq Bhatti
 
Ch04
Ch04Ch04
Ch04Joe Christensen
 
Network Layer
Network LayerNetwork Layer
Network LayerGhaffar Khan
 
COMPUTER NETWORK_OSI & TCP/IP
COMPUTER NETWORK_OSI & TCP/IPCOMPUTER NETWORK_OSI & TCP/IP
COMPUTER NETWORK_OSI & TCP/IP
Sweta Kumari Barnwal
 
Ethernet
EthernetEthernet
Ethernet
selvakumar_b1985
 
Chapter 21
Chapter 21Chapter 21
Chapter 21
Faisal Mehmood
 
Congestion control in TCP
Congestion control in TCPCongestion control in TCP
Congestion control in TCP
selvakumar_b1985
 
AI_ 3 & 4 Knowledge Representation issues
AI_ 3 & 4 Knowledge Representation issuesAI_ 3 & 4 Knowledge Representation issues
AI_ 3 & 4 Knowledge Representation issues
Khushali Kathiriya
 
transport layer
transport layertransport layer
transport layer
priyadharshini murugan
 
Internet control message protocol
Internet control message protocolInternet control message protocol
Internet control message protocolasimnawaz54
 
QOS (Quality of Services) - Computer Networks
QOS (Quality of Services) - Computer Networks QOS (Quality of Services) - Computer Networks
QOS (Quality of Services) - Computer Networks
IIIT Manipur
 
Network layer tanenbaum
Network layer tanenbaumNetwork layer tanenbaum
Network layer tanenbaum
Mahesh Kumar Chelimilla
 
TCP/IP Introduction
TCP/IP IntroductionTCP/IP Introduction
TCP/IP Introduction
Dineesha Suraweera
 
TCP IP Addressing
TCP IP AddressingTCP IP Addressing
TCP IP AddressingRitul Sonania
 
IEEE 802 standards
IEEE 802 standardsIEEE 802 standards
IEEE 802 standardsRosie Jane Enomar
 
Controlled Access Protocols
Controlled Access ProtocolsControlled Access Protocols
Controlled Access Protocols
Pruthviraj Konu
 
IP Address - IPv4 & IPv6
IP Address - IPv4 & IPv6IP Address - IPv4 & IPv6
IP Address - IPv4 & IPv6
Adeel Rasheed
 
Network Layer
Network LayerNetwork Layer
Network Layer
reshmadayma
 
Multiple access protocol
Multiple access protocolMultiple access protocol
Multiple access protocolMerlin Florrence
 
Basic Switch and End Device configuration CCNA7 Module 2
Basic Switch and End Device configuration CCNA7 Module 2Basic Switch and End Device configuration CCNA7 Module 2
Basic Switch and End Device configuration CCNA7 Module 2
Mukesh Chinta
 
WE_shouldDoBusiness
WE_shouldDoBusinessWE_shouldDoBusiness
WE_shouldDoBusinessMeylen Pang
 
Sales And Marketing
Sales And MarketingSales And Marketing
Sales And MarketingVirtual Enterprise
 

More Related Content

What's hot

Chapter 19: Logical Addressing
Chapter 19: Logical AddressingChapter 19: Logical Addressing
Chapter 19: Logical Addressing
Shafaan Khaliq Bhatti
 
COMPUTER NETWORK_OSI & TCP/IP
COMPUTER NETWORK_OSI & TCP/IPCOMPUTER NETWORK_OSI & TCP/IP
COMPUTER NETWORK_OSI & TCP/IP
Sweta Kumari Barnwal
 
Ethernet
EthernetEthernet
Ethernet
selvakumar_b1985
 
Chapter 21
Chapter 21Chapter 21
Chapter 21
Faisal Mehmood
 
Congestion control in TCP
Congestion control in TCPCongestion control in TCP
Congestion control in TCP
selvakumar_b1985
 
AI_ 3 & 4 Knowledge Representation issues
AI_ 3 & 4 Knowledge Representation issuesAI_ 3 & 4 Knowledge Representation issues
AI_ 3 & 4 Knowledge Representation issues
Khushali Kathiriya
 
transport layer
transport layertransport layer
transport layer
priyadharshini murugan
 
Internet control message protocol
Internet control message protocolInternet control message protocol
Internet control message protocolasimnawaz54
 
QOS (Quality of Services) - Computer Networks
QOS (Quality of Services) - Computer Networks QOS (Quality of Services) - Computer Networks
QOS (Quality of Services) - Computer Networks
IIIT Manipur
 
Network layer tanenbaum
Network layer tanenbaumNetwork layer tanenbaum
Network layer tanenbaum
Mahesh Kumar Chelimilla
 
TCP/IP Introduction
TCP/IP IntroductionTCP/IP Introduction
TCP/IP Introduction
Dineesha Suraweera
 
Controlled Access Protocols
Controlled Access ProtocolsControlled Access Protocols
Controlled Access Protocols
Pruthviraj Konu
 
IP Address - IPv4 & IPv6
IP Address - IPv4 & IPv6IP Address - IPv4 & IPv6
IP Address - IPv4 & IPv6
Adeel Rasheed
 
Network Layer
Network LayerNetwork Layer
Network Layer
reshmadayma
 
Basic Switch and End Device configuration CCNA7 Module 2
Basic Switch and End Device configuration CCNA7 Module 2Basic Switch and End Device configuration CCNA7 Module 2
Basic Switch and End Device configuration CCNA7 Module 2
Mukesh Chinta
 

What's hot (20)

Chapter 19: Logical Addressing
Chapter 19: Logical AddressingChapter 19: Logical Addressing
Chapter 19: Logical Addressing
 
Ch04
Ch04Ch04
Ch04
 
Network Layer
Network LayerNetwork Layer
Network Layer
 
COMPUTER NETWORK_OSI & TCP/IP
COMPUTER NETWORK_OSI & TCP/IPCOMPUTER NETWORK_OSI & TCP/IP
COMPUTER NETWORK_OSI & TCP/IP
 
Ethernet
EthernetEthernet
Ethernet
 
Chapter 21
Chapter 21Chapter 21
Chapter 21
 
Congestion control in TCP
Congestion control in TCPCongestion control in TCP
Congestion control in TCP
 
AI_ 3 & 4 Knowledge Representation issues
AI_ 3 & 4 Knowledge Representation issuesAI_ 3 & 4 Knowledge Representation issues
AI_ 3 & 4 Knowledge Representation issues
 
transport layer
transport layertransport layer
transport layer
 
Internet control message protocol
Internet control message protocolInternet control message protocol
Internet control message protocol
 
QOS (Quality of Services) - Computer Networks
QOS (Quality of Services) - Computer Networks QOS (Quality of Services) - Computer Networks
QOS (Quality of Services) - Computer Networks
 
Network layer tanenbaum
Network layer tanenbaumNetwork layer tanenbaum
Network layer tanenbaum
 
TCP/IP Introduction
TCP/IP IntroductionTCP/IP Introduction
TCP/IP Introduction
 
TCP IP Addressing
TCP IP AddressingTCP IP Addressing
TCP IP Addressing
 
IEEE 802 standards
IEEE 802 standardsIEEE 802 standards
IEEE 802 standards
 
Controlled Access Protocols
Controlled Access ProtocolsControlled Access Protocols
Controlled Access Protocols
 
IP Address - IPv4 & IPv6
IP Address - IPv4 & IPv6IP Address - IPv4 & IPv6
IP Address - IPv4 & IPv6
 
Network Layer
Network LayerNetwork Layer
Network Layer
 
Multiple access protocol
Multiple access protocolMultiple access protocol
Multiple access protocol
 
Basic Switch and End Device configuration CCNA7 Module 2
Basic Switch and End Device configuration CCNA7 Module 2Basic Switch and End Device configuration CCNA7 Module 2
Basic Switch and End Device configuration CCNA7 Module 2
 

Viewers also liked

WE_shouldDoBusiness
WE_shouldDoBusinessWE_shouldDoBusiness
WE_shouldDoBusinessMeylen Pang
 
Pepseo C Suivi N°16
Pepseo C Suivi N°16Pepseo C Suivi N°16
Pepseo C Suivi N°16guestdcf28166
 
Ibet planejamento tributa rio marcos neder 2013
Ibet planejamento tributa rio marcos neder 2013Ibet planejamento tributa rio marcos neder 2013
Ibet planejamento tributa rio marcos neder 2013Fernanda Moreira
 
Registration Of Trademark
Registration Of TrademarkRegistration Of Trademark
Registration Of Trademark
Startupwala
 
Slidesharehistory
SlidesharehistorySlidesharehistory
Slidesharehistory
jmclaugh813
 
Domoti Corporate Presentation (eng)
Domoti Corporate Presentation (eng)Domoti Corporate Presentation (eng)
Domoti Corporate Presentation (eng)
Domoti S.A.S
 
19.2 britain leads the way
19.2 britain leads the way19.2 britain leads the way
19.2 britain leads the wayMrAguiar
 
Development of criminology
Development of criminologyDevelopment of criminology
Development of criminology
Md.Rezaul Hoque Razu
 
Grande bouquet
Grande bouquetGrande bouquet
Grande bouquet
Isupova Maria
 

Viewers also liked (18)

WE_shouldDoBusiness
WE_shouldDoBusinessWE_shouldDoBusiness
WE_shouldDoBusiness
 
Sales And Marketing
Sales And MarketingSales And Marketing
Sales And Marketing
 
Swin_mag_pg14
Swin_mag_pg14Swin_mag_pg14
Swin_mag_pg14
 
Pepseo C Suivi N°16
Pepseo C Suivi N°16Pepseo C Suivi N°16
Pepseo C Suivi N°16
 
Finance
FinanceFinance
Finance
 
JP STEEL CRAFTS
JP STEEL CRAFTSJP STEEL CRAFTS
JP STEEL CRAFTS
 
Ibet planejamento tributa rio marcos neder 2013
Ibet planejamento tributa rio marcos neder 2013Ibet planejamento tributa rio marcos neder 2013
Ibet planejamento tributa rio marcos neder 2013
 
Winners 2014
Winners 2014Winners 2014
Winners 2014
 
Fashion Designer
Fashion DesignerFashion Designer
Fashion Designer
 
White+Collar+Crime
White+Collar+CrimeWhite+Collar+Crime
White+Collar+Crime
 
Registration Of Trademark
Registration Of TrademarkRegistration Of Trademark
Registration Of Trademark
 
Slidesharehistory
SlidesharehistorySlidesharehistory
Slidesharehistory
 
Domoti Corporate Presentation (eng)
Domoti Corporate Presentation (eng)Domoti Corporate Presentation (eng)
Domoti Corporate Presentation (eng)
 
19.2 britain leads the way
19.2 britain leads the way19.2 britain leads the way
19.2 britain leads the way
 
Development of criminology
Development of criminologyDevelopment of criminology
Development of criminology
 
Ch07
Ch07Ch07
Ch07
 
Grande bouquet
Grande bouquetGrande bouquet
Grande bouquet
 
Trabajo segundo ep
Trabajo segundo epTrabajo segundo ep
Trabajo segundo ep
 

Similar to Ch32

32 Security in_Internet_IP_SEC_SSL/TLS_PGN_VPN_and_Firewalls
32 Security in_Internet_IP_SEC_SSL/TLS_PGN_VPN_and_Firewalls32 Security in_Internet_IP_SEC_SSL/TLS_PGN_VPN_and_Firewalls
32 Security in_Internet_IP_SEC_SSL/TLS_PGN_VPN_and_Firewalls
Ahmar Hashmi
 
1643129870-internet-security.pptx
1643129870-internet-security.pptx1643129870-internet-security.pptx
1643129870-internet-security.pptx
MARIA401634
 
IS - SSL
IS - SSLIS - SSL
IS - SSL
FumikageTokoyami4
 
Chap 02 osi model
Chap 02 osi modelChap 02 osi model
Chap 02 osi model
Noctorous Jamal
 
Network security on Cisco routers and switches
Network security on Cisco routers and switchesNetwork security on Cisco routers and switches
Network security on Cisco routers and switches
Alexandros Britzolakis
 
CCNA 1 Routing and Switching v5.0 Chapter 7
CCNA 1 Routing and Switching v5.0 Chapter 7CCNA 1 Routing and Switching v5.0 Chapter 7
CCNA 1 Routing and Switching v5.0 Chapter 7
Nil Menon
 
CCNAv5 - S1: Chapter 7 - Transport Layer
CCNAv5 - S1: Chapter 7 - Transport LayerCCNAv5 - S1: Chapter 7 - Transport Layer
CCNAv5 - S1: Chapter 7 - Transport Layer
Vuz Dở Hơi
 
محمد مشاري
محمد مشاريمحمد مشاري
محمد مشاري
maherrrrz
 
Chapter 7 : Transport layer
Chapter 7 : Transport layerChapter 7 : Transport layer
Chapter 7 : Transport layer
teknetir
 
Chapter 07 - Transport Layer
Chapter 07 - Transport LayerChapter 07 - Transport Layer
Chapter 07 - Transport Layer
Yaser Rahmati
 
Internet Protocol Security as the Network Cryptography System
Internet Protocol Security as the Network Cryptography SystemInternet Protocol Security as the Network Cryptography System
Internet Protocol Security as the Network Cryptography System
Universitas Pembangunan Panca Budi
 
Ccna v5-S1-Chapter 7
Ccna v5-S1-Chapter 7Ccna v5-S1-Chapter 7
Ccna v5-S1-Chapter 7
Hamza Malik
 
I psecurity
I psecurityI psecurity
I psecurity
ZainabNoorGul
 
CCNA RS_NB - Chapter 5
CCNA RS_NB - Chapter 5CCNA RS_NB - Chapter 5
CCNA RS_NB - Chapter 5
Irsandi Hasan
 
CCNA 1 Routing and Switching v5.0 Chapter 3
CCNA 1 Routing and Switching v5.0 Chapter 3CCNA 1 Routing and Switching v5.0 Chapter 3
CCNA 1 Routing and Switching v5.0 Chapter 3
Nil Menon
 
Network IP Security.pdf
Network IP Security.pdfNetwork IP Security.pdf
Network IP Security.pdf
georgejustymirobi1
 
Ip security
Ip security Ip security
Ip security
Dr.K.Sreenivas Rao
 
IS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email SecurityIS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email SecuritySarthak Patel
 
CCNA RS_ITN - Chapter 3
CCNA RS_ITN - Chapter 3CCNA RS_ITN - Chapter 3
CCNA RS_ITN - Chapter 3
Irsandi Hasan
 

Similar to Ch32 (20)

32 Security in_Internet_IP_SEC_SSL/TLS_PGN_VPN_and_Firewalls
32 Security in_Internet_IP_SEC_SSL/TLS_PGN_VPN_and_Firewalls32 Security in_Internet_IP_SEC_SSL/TLS_PGN_VPN_and_Firewalls
32 Security in_Internet_IP_SEC_SSL/TLS_PGN_VPN_and_Firewalls
 
Ch 31
Ch 31Ch 31
Ch 31
 
1643129870-internet-security.pptx
1643129870-internet-security.pptx1643129870-internet-security.pptx
1643129870-internet-security.pptx
 
IS - SSL
IS - SSLIS - SSL
IS - SSL
 
Chap 02 osi model
Chap 02 osi modelChap 02 osi model
Chap 02 osi model
 
Network security on Cisco routers and switches
Network security on Cisco routers and switchesNetwork security on Cisco routers and switches
Network security on Cisco routers and switches
 
CCNA 1 Routing and Switching v5.0 Chapter 7
CCNA 1 Routing and Switching v5.0 Chapter 7CCNA 1 Routing and Switching v5.0 Chapter 7
CCNA 1 Routing and Switching v5.0 Chapter 7
 
CCNAv5 - S1: Chapter 7 - Transport Layer
CCNAv5 - S1: Chapter 7 - Transport LayerCCNAv5 - S1: Chapter 7 - Transport Layer
CCNAv5 - S1: Chapter 7 - Transport Layer
 
محمد مشاري
محمد مشاريمحمد مشاري
محمد مشاري
 
Chapter 7 : Transport layer
Chapter 7 : Transport layerChapter 7 : Transport layer
Chapter 7 : Transport layer
 
Chapter 07 - Transport Layer
Chapter 07 - Transport LayerChapter 07 - Transport Layer
Chapter 07 - Transport Layer
 
Internet Protocol Security as the Network Cryptography System
Internet Protocol Security as the Network Cryptography SystemInternet Protocol Security as the Network Cryptography System
Internet Protocol Security as the Network Cryptography System
 
Ccna v5-S1-Chapter 7
Ccna v5-S1-Chapter 7Ccna v5-S1-Chapter 7
Ccna v5-S1-Chapter 7
 
I psecurity
I psecurityI psecurity
I psecurity
 
CCNA RS_NB - Chapter 5
CCNA RS_NB - Chapter 5CCNA RS_NB - Chapter 5
CCNA RS_NB - Chapter 5
 
CCNA 1 Routing and Switching v5.0 Chapter 3
CCNA 1 Routing and Switching v5.0 Chapter 3CCNA 1 Routing and Switching v5.0 Chapter 3
CCNA 1 Routing and Switching v5.0 Chapter 3
 
Network IP Security.pdf
Network IP Security.pdfNetwork IP Security.pdf
Network IP Security.pdf
 
Ip security
Ip security Ip security
Ip security
 
IS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email SecurityIS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email Security
 
CCNA RS_ITN - Chapter 3
CCNA RS_ITN - Chapter 3CCNA RS_ITN - Chapter 3
CCNA RS_ITN - Chapter 3
 

More from Wayne Jones Jnr

Chapter 26 - Remote Logging, Electronic Mail & File Transfer
Chapter 26 - Remote Logging, Electronic Mail & File TransferChapter 26 - Remote Logging, Electronic Mail & File Transfer
Chapter 26 - Remote Logging, Electronic Mail & File TransferWayne Jones Jnr
 
Operating System Concepts - Ch05
Operating System Concepts - Ch05Operating System Concepts - Ch05
Operating System Concepts - Ch05Wayne Jones Jnr
 

More from Wayne Jones Jnr (20)

Chapter 26 - Remote Logging, Electronic Mail & File Transfer
Chapter 26 - Remote Logging, Electronic Mail & File TransferChapter 26 - Remote Logging, Electronic Mail & File Transfer
Chapter 26 - Remote Logging, Electronic Mail & File Transfer
 
Ch25
Ch25Ch25
Ch25
 
Ch24
Ch24Ch24
Ch24
 
Ch23
Ch23Ch23
Ch23
 
Ch22
Ch22Ch22
Ch22
 
Ch21
Ch21Ch21
Ch21
 
Ch20
Ch20Ch20
Ch20
 
Ch19
Ch19Ch19
Ch19
 
Ch18
Ch18Ch18
Ch18
 
Ch17
Ch17Ch17
Ch17
 
Ch16
Ch16Ch16
Ch16
 
Ch15
Ch15Ch15
Ch15
 
Ch14
Ch14Ch14
Ch14
 
Ch13
Ch13Ch13
Ch13
 
Ch12
Ch12Ch12
Ch12
 
Ch10
Ch10Ch10
Ch10
 
Ch09
Ch09Ch09
Ch09
 
Ch08
Ch08Ch08
Ch08
 
Ch06
Ch06Ch06
Ch06
 
Operating System Concepts - Ch05
Operating System Concepts - Ch05Operating System Concepts - Ch05
Operating System Concepts - Ch05
 

Recently uploaded

Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Peter Spielvogel
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 

Recently uploaded (20)

Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 

Ch32

  • 1. Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
  • 2. Figure 32.1 Common structure of three security protocols
  • 3. 32-1 IPSecurity (IPSec) IPSecurity (IPSec) is a collection of protocols designed by the Internet Engineering Task Force (IETF) to provide security for a packet at the network level. Two Modes Two Security Protocols Security Association Internet Key Exchange (IKE) Virtual Private Network Topics discussed in this section:
  • 4. Figure 32.2 TCP/IP protocol suite and IPSec
  • 5. Figure 32.3 Transport mode and tunnel modes of IPSec protocol
  • 6. IPSec in the transport mode does not protect the IP header; it only protects the information coming from the transport layer. Note
  • 7. Figure 32.4 Transport mode in action
  • 8. Figure 32.5 Tunnel mode in action
  • 9. IPSec in tunnel mode protects the original IP header. Note
  • 10. Figure 32.6 Authentication Header (AH) Protocol in transport mode
  • 11. The AH Protocol provides source authentication and data integrity, but not privacy. Note
  • 12. Figure 32.7 Encapsulating Security Payload (ESP) Protocol in transport mode
  • 13. ESP provides source authentication, data integrity, and privacy. Note
  • 14. Table 32.1 IPSec services
  • 15. Figure 32.8 Simple inbound and outbound security associations
  • 16. IKE creates SAs for IPSec. Note
  • 17. Figure 32.9 IKE components
  • 18. Table 32.2 Addresses for private networks
  • 19. Figure 32.10 Private network
  • 20. Figure 32.11 Hybrid network
  • 21. Figure 32.12 Virtual private network
  • 22. Figure 32.13 Addressing in a VPN
  • 23. 32-2 SSL/TLS Two protocols are dominant today for providing security at the transport layer: the Secure Sockets Layer (SSL) Protocol and the Transport Layer Security (TLS) Protocol. The latter is actually an IETF version of the former. SSL Services Security Parameters Sessions and Connections Four Protocols Transport Layer Security Topics discussed in this section:
  • 24. Figure 32.14 Location of SSL and TLS in the Internet model
  • 25. Table 32.3 SSL cipher suite list
  • 26. Table 32.3 SSL cipher suite list ( continued )
  • 27. The client and the server have six different cryptography secrets. Note
  • 28. Figure 32.15 Creation of cryptographic secrets in SSL
  • 29. Figure 32.16 Four SSL protocols
  • 30. Figure 32.17 Handshake Protocol
  • 31. Figure 32.18 Processing done by the Record Protocol
  • 32. 32-3 PGP One of the protocols to provide security at the application layer is Pretty Good Privacy (PGP). PGP is designed to create authenticated and confidential e-mails. Security Parameters Services A Scenario PGP Algorithms Key Rings PGP Certificates Topics discussed in this section:
  • 33. Figure 32.19 Position of PGP in the TCP/IP protocol suite
  • 34. In PGP, the sender of the message needs to include the identifiers of the algorithms used in the message as well as the values of the keys. Note
  • 35. Figure 32.20 A scenario in which an e-mail message is authenticated and encrypted
  • 36. Table 32.4 PGP Algorithms
  • 37. Figure 32.21 Rings
  • 38. In PGP, there can be multiple paths from fully or partially trusted authorities to any subject. Note
  • 39. 32-4 FIREWALLS All previous security measures cannot prevent Eve from sending a harmful message to a system. To control access to a system, we need firewalls. A firewall is a device installed between the internal network of an organization and the rest of the Internet. It is designed to forward some packets and filter (not forward) others. Packet-Filter Firewall Proxy Firewall Topics discussed in this section:
  • 40. Figure 32.22 Firewall
  • 41. Figure 32.23 Packet-filter firewall
  • 42. A packet-filter firewall filters at the network or transport layer. Note
  • 43. Figure 32.24 Proxy firewall
  • 44. A proxy firewall filters at the application layer. Note