SlideShare a Scribd company logo

Chapter 13Network EncryptionChapter 13 OverviewRole of.docx

Download as DOCX, PDF
B
bartholomeocoombs

Chapter 13 Network Encryption Chapter 13 Overview Role of crypto in communications security Impact of using crypto at different protocol layers Network key distribution techniques Application, network, and link layer crypto Policy guidance for crypto applications Network Encryption Role of crypto in communications security Impact of using crypto at different protocol layers Network key distribution techniques Application, network, and link layer crypto Policy guidance for crypto applications Communications Security Physical protection works for local networks Impractical for long-distance communications Types of attacks Passive – eavesdropping or sniffing Active – maliciously create or modify data Crypto techniques protect data when outside our physical control Confidentiality, integrity Authenticity, nonrepudiation Crypto by Layers Applying Crypto Layers We get different results when we apply crypto at different layers Different key distribution requirements Data protected in different places and ways Transparency – does crypto interfere? Network transparency: Can the network still carry our traffic with the crypto applied? Application transparency: Is crypto applied without affecting the application? Layer 2: Link Encryption Layer 3: Network Encryption Layer 4: Transport Encryption Layer 7: Application Encryption Administrative and Policy Issues Scope of sniffing protection Traffic filtering – does the crypto interfere? Automatic encryption – must we rely on the end user to enable crypto for sensitive data? Access to Internet sites – full, automatic encryption makes Internet access impossible End-to-end crypto – do we need to associate crypto operations with end users? Keying – do end users need to manage keys? We will review all of these at the end Crypto Keys on the Network The key management problem Ensure that the right people have keys Prevent attackers from uncovering keys Key distribution objectives Ensure that keys are changed periodically Change keys when access rights change The default keying risk: Keys installed by vendor Default keys work “out of the box” Attackers also have copies of the default keys Key Distribution Strategies One big cryptonet – share the same secret key with everyone who must communicate safely Groups of cryptonets – share the same key among smaller communities of users Pairwise key sharing – one per endpoint pair Key distribution center – a shared server that distributes working keys to approved users Public key distribution – use public key techniques to distribute keys Key Distribution Techniques Manual keying Distribute all keys “by hand” in person or via trustworthy couriers – often a starting point Simple rekeying Unreliable tricks to replace an existing key Secret-key techniques Wrapping, KDCs, hashing Public-key techniques Diffie-Hellman, RSA Simple Rekeying: Weak Self-rekeying Use a PRNG to transform the current key into a new one Separate endpoints can apply .

Education
1 of 23
Chapter 13 Network Encryption Chapter 13 Overview Role of crypto in communications security Impact of using crypto at different protocol layers Network key distribution techniques Application, network, and link layer crypto Policy guidance for crypto applications Network Encryption Role of crypto in communications security Impact of using crypto at different protocol layers Network key distribution techniques Application, network, and link layer crypto Policy guidance for crypto applications Communications Security Physical protection works for local networks Impractical for long-distance communications Types of attacks Passive – eavesdropping or sniffing Active – maliciously create or modify data Crypto techniques protect data when outside our physical control Confidentiality, integrity Authenticity, nonrepudiation
Crypto by Layers Applying Crypto Layers We get different results when we apply crypto at different layers Different key distribution requirements Data protected in different places and ways Transparency – does crypto interfere? Network transparency: Can the network still carry our traffic with the crypto applied? Application transparency: Is crypto applied without affecting the application? Layer 2: Link Encryption Layer 3: Network Encryption Layer 4: Transport Encryption Layer 7: Application Encryption Administrative and Policy Issues Scope of sniffing protection Traffic filtering – does the crypto interfere? Automatic encryption – must we rely on the end user to enable
crypto for sensitive data? Access to Internet sites – full, automatic encryption makes Internet access impossible End-to-end crypto – do we need to associate crypto operations with end users? Keying – do end users need to manage keys? We will review all of these at the end Crypto Keys on the Network The key management problem Ensure that the right people have keys Prevent attackers from uncovering keys Key distribution objectives Ensure that keys are changed periodically Change keys when access rights change The default keying risk: Keys installed by vendor Default keys work “out of the box” Attackers also have copies of the default keys Key Distribution Strategies One big cryptonet – share the same secret key with everyone who must communicate safely Groups of cryptonets – share the same key among smaller communities of users Pairwise key sharing – one per endpoint pair Key distribution center – a shared server that distributes working keys to approved users Public key distribution – use public key techniques to distribute keys Key Distribution Techniques Manual keying Distribute all keys “by hand” in person or via trustworthy
couriers – often a starting point Simple rekeying Unreliable tricks to replace an existing key Secret-key techniques Wrapping, KDCs, hashing Public-key techniques Diffie-Hellman, RSA Simple Rekeying: Weak Self-rekeying Use a PRNG to transform the current key into a new one Separate endpoints can apply the same PRNG to yield the same key New keys encrypted with old Generate a new, random key Use previous key to encrypt it for distribution Both techniques may leak all traffic if old keys are disclosed Stronger Secret Key Building Blocks Key wrapping Use wrapping technique from Chapter 8 to protect keys carried in network messages Traffic encrypting key (TEK) wrapped by KEK Key distribution center (KDC) The center distributes wrapped keys Authorized users share a secret with the KDC Shared secret hashing Generate a new key using a one-way hash Key Wrapping
Key Distribution Center Shared Secret Hashing Public Key Building Blocks Anonymous Diffie-Hellman secret sharing D-H inherently constructs a shared secret We can use it to construct a temporary shared secret for any two endpoints RSA key wrapping (encapsulation) One endpoint (the client) creates a secret key shared with the other endpoint (the server) Only the server needs a public key pair Client needs a copy of the server's public key Anonymous Diffie-Hellman RSA Key Wrapping Trade-Off: Public and Secret Keys Secret Key Limited resources Clearly defined user community Revocation must be timely and reliable Small user community Trustworthy servers are available Public Key
User community can't be identified ahead of time Large community, and untrustworthy server computer Inefficient revocation is an acceptable risk Application Layer Encryption Email Key Wrapping and Encryption 25 Transport Layer Security: SSL/TLS Secure Sockets Layer (SSL) Developed by Netscape in 1994 Part of commercial client/server Web package First really successful public-key application Inherited by the IETF Now called Transport Layer Security (TLS) Three-part protocol Handshake protocol – key exchange Record protocol – data exchange Alert protocol – errors and session shutdown SSL Handshake Protocol SSL Key Construction
SSL Record Transmission Network Layer Encryption Provides both application transparency and network transparency Primary use: Virtual Private Networks (VPNs) Network carries plaintext inside a site VPN gateway encrypts data between sites “Proxy encryption” Remote users use VPN crypto to access site IPsec – IP Security Protocol Used for Internet VPNs Example VPN Encryption by an IPsec Gateway IPsec Encrypted Packet Internet Key Exchange (IKE) Protocol Wireless LAN Encryption Wireless Equivalent Privacy (WEP) Introduced with early Wi-Fi products
Used RC4 and 40-bit keys Later increased to 128-bit keys (WEP 2) Successful attacks in early 2000s Wireless Protected Access (WPA, WPA2) First WPA designed to work with existing Wi-Fi hardware (still used RC4) WPA2 uses AES, improved integrity protection, and improved key exchange WPA2 Crypto Format Crypto Policy: Sniffing Crypto Policy: Automatic Encryption Crypto Policy: Others image2.jpg image3.jpg image4.jpg image5.jpg image6.jpg image7.jpg image8.jpg image9.jpg image10.jpg image11.jpg image12.jpg
image13.jpg image14.jpg image15.jpg image16.jpg image17.jpg image18.jpg image19.jpg image20.jpg image21.jpg image22.jpg image23.jpg image24.jpg image1.jpg Overview History is much more than a list of dates, names, and places. Examining our histories helps us understand how the past connects to our present and what it means to be human. It allows us to make better decisions about our futures. History also provides us with very practical skills that are useful in any profession, such as determining the credibility of information, conducting research, and asking critical questions. In each module, you will complete assignments that will prepare you for an aspect of your final project. In this assignment, you will choose your project topic. Before completing this activity, review the Project Guidelines and Rubric and the Library Research Guide to know exactly what you will be working on. Make certain to review the historical topic in the library guide, which provides an overview of the topic as well as primary and secondary sources to support your research. While it is a good idea to choose your topic early, you may change it until the next module. Prompt Use the provided
Module One Activity Template: Project Topic Exploration and the Research Topic Lists in the HIS 100 Library Guide to complete this assignment. In the Library Guide, you will see the following pages: · Research Topic List: Human Rights and Inequality · Tulsa Massacre · Wounded Knee Occupation · Stonewall Rebellion · Research Topic List: Political Revolutions · Haitian Independence · Philippine Revolution · Iranian Revolution · Research Topic List: Climate Change and Environmental Issues · Great London Smog · Creation of Earth Day · Chernobyl · Research Topic List: Globalization · Creation of the UN · Act Prohibition the Importation of Slaves · Founding of NATO Make certain to review the lists of more specific topics within each theme to choose your research topic. Then, describe your prior knowledge, beliefs, assumptions, and values related to your chosen topic. Finally, you will explain why you think this historical topic is relevant to contemporary society. Specifically, you must address the following rubric criteria: · Explain what you already know about the chosen topic based on your personal history or experiences. · If you do not have prior knowledge about your topic, explain what you would like to learn more about. · Describe the
beliefs, assumptions, and values you have related to the topic you chose. · What opinions or perspectives do you have about your topic? What conclusions have you already drawn about it? · Explain why this topic is relevant to current events or to modern society. · Why might this topic matter to us now? Guidelines for Submission Use the provided Module One Activity Template: Project Topic Exploration to address the steps above. While references are not required, any sources used should be cited according to APA style if you reference them in your responses. Consult the Shapiro Library APA Style Guide for more information on citations. Module One Activity Rubric Criteria Proficient (100%) Needs Improvement (75%) Not Evident (0%) Value Existing Knowledge Explains what is already known about the chosen topic based on personal history or experiences Shows progress toward proficiency, but with errors or omissions; areas for improvement may include connecting topic to existing knowledge or providing more detailed explanations of knowledge Does not attempt criterion 30 Beliefs, Assumptions, and Values Describes the beliefs, assumptions, and values concerning a chosen topic
Shows progress toward proficiency, but with errors or omissions; areas for improvement may include connecting topic to beliefs, assumptions, and values or providing more support of that connection Does not attempt criterion 30 Why Topic Is Relevant Explains why the topic is relevant to current events or to modern society Shows progress toward proficiency, but with errors or omissions; areas for improvement may include connecting the topic to current events or modern society or making a more persuasive argument about the topic’s relevance to contemporary society Does not attempt criterion 30 Articulation of Response Clearly conveys meaning with correct grammar, sentence structure, and spelling, demonstrating an understanding of audience and purpose Shows progress toward proficiency, but with errors in grammar, sentence structure, and spelling, negatively impacting readability The submission has critical errors in grammar, sentence structure, and spelling, preventing understanding of ideas 10 Total: 100% Chapter 12 End-to-End Networking Chapter 12 Overview
The end-to-end principle in internet architecture Internet packet and transport protocols Host naming with the Domain Name System Firewalls and network address translation Authentication on networks “Smart” vs. “Dumb” Networks The 20th century telephone network A “smart” network with “dumb” endpoints Telephones (endpoints) only had a dial or touchpad, a speaker, and a microphone The original Internet A “dumb” network with “smart” endpoints Routing was as simple as possible Hosts handled the hard work Error detection and correction Reordering and reassembling messages The End-to-End Principle Reliable packet networks must rely on smart endpoints – the network can't ensure reliable packet delivery by itself Network-based reliability may reduce unreliability, but it doesn't ensure reliability End-to-end in practice Networks become more complex to address more complex routing challenges Network-based reliability in wireless LANs reduces unreliability to acceptable levels Internet Transport Protocols Two separate protocols User Datagram Protocol (UDP) – for highly efficient
transmission without retransmission Transmission Control Protocol (TCP) – for reliable, sequential data transmission UDP packets Contain source and destination port numbers Contain a checksum and a data field Applications must detect and handle any missing or damaged packets themselves UDP Packet Format Wireshark: UDP Packet Format © Wireshark Foundation Transmission Control Protocol – TCP TCP Reliability Uses Sequence (SEQ) and Acknowledgement (ACK) numbers to track the delivered data Every byte of data sent via TCP is numbered consecutively A packet's SEQ number reports the number of the first byte it contains Recipient sends ACK number to indicate the highest consecutive byte number received If packets arrive out of order, the ACK number never increases until missing packets arrive Flow Control and Window Size
Flow control prevents a sender from sending data faster than the recipient can handle it If we send data too fast, the recipient or the network will have to discard it Each TCP packet contains a window size Indicates the number of bytes the recipient can handle from upcoming packets Grows smaller if traffic arrives too quickly Establishing a TCP Connection Two hosts must agree to establish a connection Process uses a three-way handshake Client sends a SYN packet Server responds with SYN-ACK packet Client completes the handshake with ACK The three-way handshake establishes the starting SEQ numbers used in each direction If one host fails to finish the handshake, the other host discards the connection Close the connection with FIN or RST Wireshark: TCP Connection © Wireshark Foundation Attacks on Internet Protocols General types of protocol-oriented attacks Exploit one host to attack another host Use up the victim host's resources Masquerade as a different host to a user Attack mechanisms Exploit ICMP – the Internet Control Message Protocol Exploit IP header settings
Exploit TCP settings ICMP Exploits Ping floods – DOS attack that transmits numerous “ping” packets Smurf attack – DOS attack that sends a forged “ping” using a broadcast address to amplify the number of replies produced Ping of death – exploited a now-fixed flaw in protocol stacks: A buffer overflow in ping handling Redirection attacks – rerouted data for one host to traverse a different (masquerading) host TCP and IP Attacks SYN flood – attacker sends lots of SYN packets to produce “half-open connections” and use up the protocol stack's resources. IP spoofing – forge the sender's IP address in a TCP connection; success requires correct guessing of SEQ numbers. Source routing attack – similar to redirection attack, but uses an IP header option to route traffic to a masquerading host. Domain Names on the Internet Domain names provide memorable names for hosts on the Internet Domain Name System (DNS) converts names into IP addresses, and vice versa The “Internet telephone book” A distributed database managed by domain name owners and registrars Domain names constructed hierarchically From right to left
Domain Name Construction Domain Name Hierarchy Domain Names in Practice Individuals and companies buy names from registrars Registrar places the name under the chosen Top-Level Domain (TLD) Tying the name to a host Owners may provide their own domain name servers, and service hosts for Web or email Some registrars will tie the domain name to specific host-based services for customers Looking up Domain Names A resolver uses the DNS to look up a name The resolver keeps a cache of recent answers If a name isn't in the cache, the resolver contacts a domain name server If the server can't answer, it identifies a server that can provide the answer, or it may contact that server itself Resolver saves the answer in its cache Resolving may be redirected or recursive Wireshark: A DNS response © Wireshark Foundation DNS Lookup
Investigating Domain Names dnslookup – interactive DNS resolver Returns basic information stored about a domain IP address for the generic host IP address, possibly different, to handle email directed at that domain whois – returns details about domain ownership Identifies the domain's owner Provides technical and administrative contact information Attacks on DNS Cache poisoning – resolver receives a bogus response to a DNS request Difficult: Can only affect an existing query DOS – attacker floods an important server, like a root server, so it can't respond to queries Botnets are often used in such attacks DOS attack using a shared resolver – attacker sends numerous bogus queries that produce lots of traffic to a targeted server An amplification attack, like the smurf attack DNS Security Improvements Randomized requests – clients choose unpredictable port numbers and request numbers to resist cache poisoning Limited access to resolvers – ISPs only allow their customers to use their resolvers, to reduce risks of amplification attacks Replicated DNS servers – major servers are replicated so that DOS against one won't shut down an entire TLD or subdomain. DNSSEC – authentication for DNS responses
Internet Gateways and Firewalls Network Address Translation All IP packets travel between two hosts with unique addresses There are not enough IPv4 addresses to assign one to every IP host on the planet Sites use private addresses and NAT to provide separate addresses to all hosts Private addresses fall into one of 3 ranges: 10.x.x.x 192.168.x.x 172.16.0.0 through 172.31.255.255 Mapping Private to Public Addresses Configuring Host Computers Gateways and firewalls typically assign private addresses Use Dynamic Host Configuration Protocol (DHCP) A client sends a broadcast DHCP query The gateway responds with information IP address assigned to the host IP addresses to use for routing and DNS Gateway must be configured to use a particular private address range Traffic Filtering and Connectivity Packet filtering – discards packets by checking: MAC address – source or destination Broadcast transmissions ICMP messages
IP address – source or destination IP application protocol – based on port number Inbound connections usually rejected by NAT Gateway may configure a server to receive inbound connections Enterprise Network Authentication Enterprise authentication issues Eavesdropping risks Management of multiple servers Keeping credentials up to date Authentication design patterns Local authentication Direct authentication Indirect authentication Off-line authentication Local Authentication Direct Authentication Indirect Authentication Off-Line Authentication image2.jpg image3.jpg image4.jpg
image5.jpg image6.jpg image7.jpg image8.jpg image9.jpg image10.jpg image11.jpg image12.jpg image13.jpg image14.jpg image15.jpg image16.jpg image1.jpg The discussion assignment requires an Original Posting (main post) from you of 2-3 paragraphs answering the module's question. Compare Internet transport protocols. Specifically, discuss TCP and UDP. How are they different? How are they similar? RESPOND TO PEER POST Verret - DNS Vulnerabilities The Domain name system, or DNS, is one of the most important factors in the successful operation of your web browser accessing websites on the internet. DNS locates and stores IP addresses so that you can navigate to the website you enter into your browser. Because of its importance in the process, it is a prime target for attackers to use for infiltration. There are several ways that malicious actors but some methods
are more common than others. Some of the attack types that one should be familiar with include: DNS Tunneling – attackers can manipulate the DNS queries and responses to deliver payloads that allow a take over. This requires controlling a server and domain which will receive pings from outside sources. DNS Amplification – this attack involves performing a DDoS attack on a publicly available server to overwhelm a target with traffic from the DNS. DNS Flood Attack – a user datagram protocol (UDP) flood. DNS request packets are deployed at a very high packet rate to create a large group of source IP addresses. The packets are recognized as valid requests so the DNS server attempts to respond to them all. Like the DDoS attack, this leaves the target offline. DNS Spoofing – also known as DNS cache poisoning, uses altered DNS records to send traffic to an imposter destination. At the fake address, users are directed to login to their account. This of course provides the information to the threat actor. NXDOMAIN Attack – using a DNS proxy server to launch a DDoS attack, rendering a system unable to handle legitimate requests. It is imperative to take proper precautions against DNS attacks. One must ensure that only specific users have access to the DNS resolver. A DNS server can be configured to protect against Cache Poisoning and make it more difficult for a threat actor to successfully send bogus requests. A large enough operation should consider self managing their DNS server so that its security is not in the hands of a third party. Finally, regular scanning and testing for vulnerabilities will help to prevent attackers from taking advantage of said vulnerabilities.
Chapter 13Network EncryptionChapter 13 OverviewRole of.docx

Recommended

MSc CS - I - 19PCSC203 - Cryptography and Network Security.pdf
MSc CS - I - 19PCSC203 - Cryptography and Network Security.pdfMSc CS - I - 19PCSC203 - Cryptography and Network Security.pdf
MSc CS - I - 19PCSC203 - Cryptography and Network Security.pdf
Selvakanmani S
 
Cyber security workshop talk.pptx
Cyber security workshop talk.pptxCyber security workshop talk.pptx
Cyber security workshop talk.pptx
kamalakantas
 
Host-based Security
Host-based SecurityHost-based Security
Host-based Security
secdevmel
 
Host-based Security, by Dmitry Khlebnikov @ Secure Development Melbourne
Host-based Security, by Dmitry Khlebnikov @ Secure Development MelbourneHost-based Security, by Dmitry Khlebnikov @ Secure Development Melbourne
Host-based Security, by Dmitry Khlebnikov @ Secure Development Melbourne
Alec Sloman
 
1.Architecture
1.Architecture1.Architecture
1.Architecture
phanleson
 
DevOps Support for an Ethical Software Development Life Cycle (SDLC)
DevOps Support for an Ethical Software Development Life Cycle (SDLC)DevOps Support for an Ethical Software Development Life Cycle (SDLC)
DevOps Support for an Ethical Software Development Life Cycle (SDLC)
Mark Underwood
 
H0362052056
H0362052056H0362052056
H0362052056
inventionjournals
 
RA21 Charleston Library Conference Presentation
RA21 Charleston Library Conference Presentation RA21 Charleston Library Conference Presentation
RA21 Charleston Library Conference Presentation
National Information Standards Organization (NISO)
 

Recommended

MSc CS - I - 19PCSC203 - Cryptography and Network Security.pdf
MSc CS - I - 19PCSC203 - Cryptography and Network Security.pdfMSc CS - I - 19PCSC203 - Cryptography and Network Security.pdf
MSc CS - I - 19PCSC203 - Cryptography and Network Security.pdf
Selvakanmani S
 
Cyber security workshop talk.pptx
Cyber security workshop talk.pptxCyber security workshop talk.pptx
Cyber security workshop talk.pptx
kamalakantas
 
Host-based Security
Host-based SecurityHost-based Security
Host-based Security
secdevmel
 
Host-based Security, by Dmitry Khlebnikov @ Secure Development Melbourne
Host-based Security, by Dmitry Khlebnikov @ Secure Development MelbourneHost-based Security, by Dmitry Khlebnikov @ Secure Development Melbourne
Host-based Security, by Dmitry Khlebnikov @ Secure Development Melbourne
Alec Sloman
 
1.Architecture
1.Architecture1.Architecture
1.Architecture
phanleson
 
DevOps Support for an Ethical Software Development Life Cycle (SDLC)
DevOps Support for an Ethical Software Development Life Cycle (SDLC)DevOps Support for an Ethical Software Development Life Cycle (SDLC)
DevOps Support for an Ethical Software Development Life Cycle (SDLC)
Mark Underwood
 
H0362052056
H0362052056H0362052056
H0362052056
inventionjournals
 
RA21 Charleston Library Conference Presentation
RA21 Charleston Library Conference Presentation RA21 Charleston Library Conference Presentation
RA21 Charleston Library Conference Presentation
National Information Standards Organization (NISO)
 
Hacking - CEH Cheat Sheet Exercises.pdf
Hacking - CEH Cheat Sheet Exercises.pdfHacking - CEH Cheat Sheet Exercises.pdf
Hacking - CEH Cheat Sheet Exercises.pdf
john485745
 
Hacking CEH cheat sheet
Hacking CEH cheat sheetHacking CEH cheat sheet
Hacking CEH cheat sheet
International College of Security Studies
 
In responding to your peers’ posts, assess your peers’ recommendatio.docx
In responding to your peers’ posts, assess your peers’ recommendatio.docxIn responding to your peers’ posts, assess your peers’ recommendatio.docx
In responding to your peers’ posts, assess your peers’ recommendatio.docx
mecklenburgstrelitzh
 
Study and implementation of DES on FPGA
Study and implementation of DES on FPGAStudy and implementation of DES on FPGA
Study and implementation of DES on FPGA
Venkata Kishore
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Fat-Thing Gabriel-Culley
 
Privacy Preserving Ranked Multi-Keyword Search for Multiple Data Owners in Cl...
Privacy Preserving Ranked Multi-Keyword Search for Multiple Data Owners in Cl...Privacy Preserving Ranked Multi-Keyword Search for Multiple Data Owners in Cl...
Privacy Preserving Ranked Multi-Keyword Search for Multiple Data Owners in Cl...
1crore projects
 
Cryptographic Protocol is and isn't like LEGO.
Cryptographic Protocol is and isn't like LEGO.Cryptographic Protocol is and isn't like LEGO.
Cryptographic Protocol is and isn't like LEGO.
Shin'ichiro Matsuo
 
To cloud or not to cloud
To cloud or not to cloudTo cloud or not to cloud
To cloud or not to cloud
Alejandro De La Borbolla Ruiz
 
To Cloud or Not To Cloud
To Cloud or Not To CloudTo Cloud or Not To Cloud
To Cloud or Not To Cloud
Michael Yung
 
DATA COMMUNICATION PPT
DATA COMMUNICATION PPTDATA COMMUNICATION PPT
DATA COMMUNICATION PPT
Majane Padua
 
University of maryland infa 620 homework help
University of maryland infa 620 homework helpUniversity of maryland infa 620 homework help
University of maryland infa 620 homework help
Olivia Fournier
 
Network Security 1st Lecture
Network Security 1st LectureNetwork Security 1st Lecture
Network Security 1st Lecture
babak danyal
 
WEEK 3 ESSAY QUESTIONS Instructions Answer all questions .docx
WEEK 3 ESSAY QUESTIONS Instructions Answer all questions .docxWEEK 3 ESSAY QUESTIONS Instructions Answer all questions .docx
WEEK 3 ESSAY QUESTIONS Instructions Answer all questions .docx
cockekeshia
 
SEC 572 Entire Course NEW
SEC 572 Entire Course NEWSEC 572 Entire Course NEW
SEC 572 Entire Course NEW
shyamuopiv
 
Nectar cloud workshop ndj 20110331.2
Nectar cloud workshop ndj 20110331.2Nectar cloud workshop ndj 20110331.2
Nectar cloud workshop ndj 20110331.2
Nick Jones
 
Nt1330 Unit 4 Dthm Paper
Nt1330 Unit 4 Dthm PaperNt1330 Unit 4 Dthm Paper
Nt1330 Unit 4 Dthm Paper
Jennifer Reither
 
Design patterns
Design patternsDesign patterns
Design patterns
ACCESS Health Digital
 
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
EC-Council
 
Csci e46-syllabus-spring19-v1-2
Csci e46-syllabus-spring19-v1-2Csci e46-syllabus-spring19-v1-2
Csci e46-syllabus-spring19-v1-2
BSD Certification Group
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distribution
Riya Choudhary
 
CompetencyAnalyze how human resource standards and practices.docx
CompetencyAnalyze how human resource standards and practices.docxCompetencyAnalyze how human resource standards and practices.docx
CompetencyAnalyze how human resource standards and practices.docx
bartholomeocoombs
 
CompetencyAnalyze financial statements to assess performance.docx
CompetencyAnalyze financial statements to assess performance.docxCompetencyAnalyze financial statements to assess performance.docx
CompetencyAnalyze financial statements to assess performance.docx
bartholomeocoombs
 

More Related Content

Similar to Chapter 13Network EncryptionChapter 13 OverviewRole of.docx

In responding to your peers’ posts, assess your peers’ recommendatio.docx
In responding to your peers’ posts, assess your peers’ recommendatio.docxIn responding to your peers’ posts, assess your peers’ recommendatio.docx
In responding to your peers’ posts, assess your peers’ recommendatio.docx
mecklenburgstrelitzh
 
Study and implementation of DES on FPGA
Study and implementation of DES on FPGAStudy and implementation of DES on FPGA
Study and implementation of DES on FPGA
Venkata Kishore
 
Privacy Preserving Ranked Multi-Keyword Search for Multiple Data Owners in Cl...
Privacy Preserving Ranked Multi-Keyword Search for Multiple Data Owners in Cl...Privacy Preserving Ranked Multi-Keyword Search for Multiple Data Owners in Cl...
Privacy Preserving Ranked Multi-Keyword Search for Multiple Data Owners in Cl...
1crore projects
 
WEEK 3 ESSAY QUESTIONS Instructions Answer all questions .docx
WEEK 3 ESSAY QUESTIONS Instructions Answer all questions .docxWEEK 3 ESSAY QUESTIONS Instructions Answer all questions .docx
WEEK 3 ESSAY QUESTIONS Instructions Answer all questions .docx
cockekeshia
 
Nectar cloud workshop ndj 20110331.2
Nectar cloud workshop ndj 20110331.2Nectar cloud workshop ndj 20110331.2
Nectar cloud workshop ndj 20110331.2
Nick Jones
 

Similar to Chapter 13Network EncryptionChapter 13 OverviewRole of.docx (20)

Hacking - CEH Cheat Sheet Exercises.pdf
Hacking - CEH Cheat Sheet Exercises.pdfHacking - CEH Cheat Sheet Exercises.pdf
Hacking - CEH Cheat Sheet Exercises.pdf
 
Hacking CEH cheat sheet
Hacking CEH cheat sheetHacking CEH cheat sheet
Hacking CEH cheat sheet
 
In responding to your peers’ posts, assess your peers’ recommendatio.docx
In responding to your peers’ posts, assess your peers’ recommendatio.docxIn responding to your peers’ posts, assess your peers’ recommendatio.docx
In responding to your peers’ posts, assess your peers’ recommendatio.docx
 
Study and implementation of DES on FPGA
Study and implementation of DES on FPGAStudy and implementation of DES on FPGA
Study and implementation of DES on FPGA
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
 
Privacy Preserving Ranked Multi-Keyword Search for Multiple Data Owners in Cl...
Privacy Preserving Ranked Multi-Keyword Search for Multiple Data Owners in Cl...Privacy Preserving Ranked Multi-Keyword Search for Multiple Data Owners in Cl...
Privacy Preserving Ranked Multi-Keyword Search for Multiple Data Owners in Cl...
 
Cryptographic Protocol is and isn't like LEGO.
Cryptographic Protocol is and isn't like LEGO.Cryptographic Protocol is and isn't like LEGO.
Cryptographic Protocol is and isn't like LEGO.
 
To cloud or not to cloud
To cloud or not to cloudTo cloud or not to cloud
To cloud or not to cloud
 
To Cloud or Not To Cloud
To Cloud or Not To CloudTo Cloud or Not To Cloud
To Cloud or Not To Cloud
 
DATA COMMUNICATION PPT
DATA COMMUNICATION PPTDATA COMMUNICATION PPT
DATA COMMUNICATION PPT
 
University of maryland infa 620 homework help
University of maryland infa 620 homework helpUniversity of maryland infa 620 homework help
University of maryland infa 620 homework help
 
Network Security 1st Lecture
Network Security 1st LectureNetwork Security 1st Lecture
Network Security 1st Lecture
 
WEEK 3 ESSAY QUESTIONS Instructions Answer all questions .docx
WEEK 3 ESSAY QUESTIONS Instructions Answer all questions .docxWEEK 3 ESSAY QUESTIONS Instructions Answer all questions .docx
WEEK 3 ESSAY QUESTIONS Instructions Answer all questions .docx
 
SEC 572 Entire Course NEW
SEC 572 Entire Course NEWSEC 572 Entire Course NEW
SEC 572 Entire Course NEW
 
Nectar cloud workshop ndj 20110331.2
Nectar cloud workshop ndj 20110331.2Nectar cloud workshop ndj 20110331.2
Nectar cloud workshop ndj 20110331.2
 
Nt1330 Unit 4 Dthm Paper
Nt1330 Unit 4 Dthm PaperNt1330 Unit 4 Dthm Paper
Nt1330 Unit 4 Dthm Paper
 
Design patterns
Design patternsDesign patterns
Design patterns
 
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
 
Csci e46-syllabus-spring19-v1-2
Csci e46-syllabus-spring19-v1-2Csci e46-syllabus-spring19-v1-2
Csci e46-syllabus-spring19-v1-2
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distribution
 

More from bartholomeocoombs

CompetencyAnalyze how human resource standards and practices.docx
CompetencyAnalyze how human resource standards and practices.docxCompetencyAnalyze how human resource standards and practices.docx
CompetencyAnalyze how human resource standards and practices.docx
bartholomeocoombs
 
CompetencyAnalyze financial statements to assess performance.docx
CompetencyAnalyze financial statements to assess performance.docxCompetencyAnalyze financial statements to assess performance.docx
CompetencyAnalyze financial statements to assess performance.docx
bartholomeocoombs
 
CompetencyAnalyze ethical and legal dilemmas that healthcare.docx
CompetencyAnalyze ethical and legal dilemmas that healthcare.docxCompetencyAnalyze ethical and legal dilemmas that healthcare.docx
CompetencyAnalyze ethical and legal dilemmas that healthcare.docx
bartholomeocoombs
 
CompetencyAnalyze ethical and legal dilemmas that healthcare wor.docx
CompetencyAnalyze ethical and legal dilemmas that healthcare wor.docxCompetencyAnalyze ethical and legal dilemmas that healthcare wor.docx
CompetencyAnalyze ethical and legal dilemmas that healthcare wor.docx
bartholomeocoombs
 
CompetencyAnalyze collaboration tools to support organizatio.docx
CompetencyAnalyze collaboration tools to support organizatio.docxCompetencyAnalyze collaboration tools to support organizatio.docx
CompetencyAnalyze collaboration tools to support organizatio.docx
bartholomeocoombs
 
Competency Checklist and Professional Development Resources .docx
Competency Checklist and Professional Development Resources .docxCompetency Checklist and Professional Development Resources .docx
Competency Checklist and Professional Development Resources .docx
bartholomeocoombs
 
Competency 2 Examine the organizational behavior within busines.docx
Competency 2 Examine the organizational behavior within busines.docxCompetency 2 Examine the organizational behavior within busines.docx
Competency 2 Examine the organizational behavior within busines.docx
bartholomeocoombs
 
CompetenciesEvaluate the challenges and benefits of employ.docx
CompetenciesEvaluate the challenges and benefits of employ.docxCompetenciesEvaluate the challenges and benefits of employ.docx
CompetenciesEvaluate the challenges and benefits of employ.docx
bartholomeocoombs
 
CompetenciesDescribe the supply chain management principle.docx
CompetenciesDescribe the supply chain management principle.docxCompetenciesDescribe the supply chain management principle.docx
CompetenciesDescribe the supply chain management principle.docx
bartholomeocoombs
 
CompetenciesABCDF1.1 Create oral, written, or visual .docx
CompetenciesABCDF1.1 Create oral, written, or visual .docxCompetenciesABCDF1.1 Create oral, written, or visual .docx
CompetenciesABCDF1.1 Create oral, written, or visual .docx
bartholomeocoombs
 
COMPETENCIES734.3.4 Healthcare Utilization and Finance.docx
COMPETENCIES734.3.4 Healthcare Utilization and Finance.docxCOMPETENCIES734.3.4 Healthcare Utilization and Finance.docx
COMPETENCIES734.3.4 Healthcare Utilization and Finance.docx
bartholomeocoombs
 
Competences, Learning Theories and MOOCsRecent Developments.docx
Competences, Learning Theories and MOOCsRecent Developments.docxCompetences, Learning Theories and MOOCsRecent Developments.docx
Competences, Learning Theories and MOOCsRecent Developments.docx
bartholomeocoombs
 
Compensation  & Benefits Class 700 words with referencesA stra.docx
Compensation  & Benefits Class 700 words with referencesA stra.docxCompensation  & Benefits Class 700 words with referencesA stra.docx
Compensation  & Benefits Class 700 words with referencesA stra.docx
bartholomeocoombs
 
Compensation, Benefits, Reward & Recognition Plan for V..docx
Compensation, Benefits, Reward & Recognition Plan for V..docxCompensation, Benefits, Reward & Recognition Plan for V..docx
Compensation, Benefits, Reward & Recognition Plan for V..docx
bartholomeocoombs
 
Compensation Strategy for Knowledge WorkersTo prepare for this a.docx
Compensation Strategy for Knowledge WorkersTo prepare for this a.docxCompensation Strategy for Knowledge WorkersTo prepare for this a.docx
Compensation Strategy for Knowledge WorkersTo prepare for this a.docx
bartholomeocoombs
 

More from bartholomeocoombs (20)

CompetencyAnalyze how human resource standards and practices.docx
CompetencyAnalyze how human resource standards and practices.docxCompetencyAnalyze how human resource standards and practices.docx
CompetencyAnalyze how human resource standards and practices.docx
 
CompetencyAnalyze financial statements to assess performance.docx
CompetencyAnalyze financial statements to assess performance.docxCompetencyAnalyze financial statements to assess performance.docx
CompetencyAnalyze financial statements to assess performance.docx
 
CompetencyAnalyze ethical and legal dilemmas that healthcare.docx
CompetencyAnalyze ethical and legal dilemmas that healthcare.docxCompetencyAnalyze ethical and legal dilemmas that healthcare.docx
CompetencyAnalyze ethical and legal dilemmas that healthcare.docx
 
CompetencyAnalyze ethical and legal dilemmas that healthcare wor.docx
CompetencyAnalyze ethical and legal dilemmas that healthcare wor.docxCompetencyAnalyze ethical and legal dilemmas that healthcare wor.docx
CompetencyAnalyze ethical and legal dilemmas that healthcare wor.docx
 
CompetencyAnalyze collaboration tools to support organizatio.docx
CompetencyAnalyze collaboration tools to support organizatio.docxCompetencyAnalyze collaboration tools to support organizatio.docx
CompetencyAnalyze collaboration tools to support organizatio.docx
 
Competency Checklist and Professional Development Resources .docx
Competency Checklist and Professional Development Resources .docxCompetency Checklist and Professional Development Resources .docx
Competency Checklist and Professional Development Resources .docx
 
Competency 6 Enagage with Communities and Organizations (3 hrs) (1 .docx
Competency 6 Enagage with Communities and Organizations (3 hrs) (1 .docxCompetency 6 Enagage with Communities and Organizations (3 hrs) (1 .docx
Competency 6 Enagage with Communities and Organizations (3 hrs) (1 .docx
 
Competency 2 Examine the organizational behavior within busines.docx
Competency 2 Examine the organizational behavior within busines.docxCompetency 2 Examine the organizational behavior within busines.docx
Competency 2 Examine the organizational behavior within busines.docx
 
CompetenciesEvaluate the challenges and benefits of employ.docx
CompetenciesEvaluate the challenges and benefits of employ.docxCompetenciesEvaluate the challenges and benefits of employ.docx
CompetenciesEvaluate the challenges and benefits of employ.docx
 
CompetenciesDescribe the supply chain management principle.docx
CompetenciesDescribe the supply chain management principle.docxCompetenciesDescribe the supply chain management principle.docx
CompetenciesDescribe the supply chain management principle.docx
 
CompetenciesABCDF1.1 Create oral, written, or visual .docx
CompetenciesABCDF1.1 Create oral, written, or visual .docxCompetenciesABCDF1.1 Create oral, written, or visual .docx
CompetenciesABCDF1.1 Create oral, written, or visual .docx
 
COMPETENCIES734.3.4 Healthcare Utilization and Finance.docx
COMPETENCIES734.3.4 Healthcare Utilization and Finance.docxCOMPETENCIES734.3.4 Healthcare Utilization and Finance.docx
COMPETENCIES734.3.4 Healthcare Utilization and Finance.docx
 
Competencies and KnowledgeWhat competencies were you able to dev.docx
Competencies and KnowledgeWhat competencies were you able to dev.docxCompetencies and KnowledgeWhat competencies were you able to dev.docx
Competencies and KnowledgeWhat competencies were you able to dev.docx
 
Competencies and KnowledgeThis assignment has 2 parts.docx
Competencies and KnowledgeThis assignment has 2 parts.docxCompetencies and KnowledgeThis assignment has 2 parts.docx
Competencies and KnowledgeThis assignment has 2 parts.docx
 
Competencies and KnowledgeThis assignment has 2 partsWhat.docx
Competencies and KnowledgeThis assignment has 2 partsWhat.docxCompetencies and KnowledgeThis assignment has 2 partsWhat.docx
Competencies and KnowledgeThis assignment has 2 partsWhat.docx
 
Competences, Learning Theories and MOOCsRecent Developments.docx
Competences, Learning Theories and MOOCsRecent Developments.docxCompetences, Learning Theories and MOOCsRecent Developments.docx
Competences, Learning Theories and MOOCsRecent Developments.docx
 
Compensation  & Benefits Class 700 words with referencesA stra.docx
Compensation  & Benefits Class 700 words with referencesA stra.docxCompensation  & Benefits Class 700 words with referencesA stra.docx
Compensation  & Benefits Class 700 words with referencesA stra.docx
 
Compensation, Benefits, Reward & Recognition Plan for V..docx
Compensation, Benefits, Reward & Recognition Plan for V..docxCompensation, Benefits, Reward & Recognition Plan for V..docx
Compensation, Benefits, Reward & Recognition Plan for V..docx
 
Compete the following tablesTheoryKey figuresKey concepts o.docx
Compete the following tablesTheoryKey figuresKey concepts o.docxCompete the following tablesTheoryKey figuresKey concepts o.docx
Compete the following tablesTheoryKey figuresKey concepts o.docx
 
Compensation Strategy for Knowledge WorkersTo prepare for this a.docx
Compensation Strategy for Knowledge WorkersTo prepare for this a.docxCompensation Strategy for Knowledge WorkersTo prepare for this a.docx
Compensation Strategy for Knowledge WorkersTo prepare for this a.docx
 

Recently uploaded

Including Mental Health Support in Project Delivery, 14 May.pdf
Including Mental Health Support in Project Delivery, 14 May.pdfIncluding Mental Health Support in Project Delivery, 14 May.pdf
Including Mental Health Support in Project Delivery, 14 May.pdf
Association for Project Management
 
Spellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPSSpellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPS
AnaAcapella
 
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
EADTU
 
MuleSoft Integration with AWS Textract | Calling AWS Textract API |AWS - Clou...
MuleSoft Integration with AWS Textract | Calling AWS Textract API |AWS - Clou...MuleSoft Integration with AWS Textract | Calling AWS Textract API |AWS - Clou...
MuleSoft Integration with AWS Textract | Calling AWS Textract API |AWS - Clou...
MysoreMuleSoftMeetup
 
SPLICE Working Group: Reusable Code Examples
SPLICE Working Group: Reusable Code ExamplesSPLICE Working Group: Reusable Code Examples
SPLICE Working Group: Reusable Code Examples
Peter Brusilovsky
 

Recently uploaded (20)

Observing-Correct-Grammar-in-Making-Definitions.pptx
Observing-Correct-Grammar-in-Making-Definitions.pptxObserving-Correct-Grammar-in-Making-Definitions.pptx
Observing-Correct-Grammar-in-Making-Definitions.pptx
 
FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdf
FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdfFICTIONAL SALESMAN/SALESMAN SNSW 2024.pdf
FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdf
 
DEMONSTRATION LESSON IN ENGLISH 4 MATATAG CURRICULUM
DEMONSTRATION LESSON IN ENGLISH 4 MATATAG CURRICULUMDEMONSTRATION LESSON IN ENGLISH 4 MATATAG CURRICULUM
DEMONSTRATION LESSON IN ENGLISH 4 MATATAG CURRICULUM
 
Including Mental Health Support in Project Delivery, 14 May.pdf
Including Mental Health Support in Project Delivery, 14 May.pdfIncluding Mental Health Support in Project Delivery, 14 May.pdf
Including Mental Health Support in Project Delivery, 14 May.pdf
 
Stl Algorithms in C++ jjjjjjjjjjjjjjjjjj
Stl Algorithms in C++ jjjjjjjjjjjjjjjjjjStl Algorithms in C++ jjjjjjjjjjjjjjjjjj
Stl Algorithms in C++ jjjjjjjjjjjjjjjjjj
 
24 ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH SỞ GIÁO DỤC HẢI DƯ...
24 ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH SỞ GIÁO DỤC HẢI DƯ...24 ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH SỞ GIÁO DỤC HẢI DƯ...
24 ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH SỞ GIÁO DỤC HẢI DƯ...
 
Details on CBSE Compartment Exam.pptx1111
Details on CBSE Compartment Exam.pptx1111Details on CBSE Compartment Exam.pptx1111
Details on CBSE Compartment Exam.pptx1111
 
UGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdf
UGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdfUGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdf
UGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdf
 
Spellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPSSpellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPS
 
Graduate Outcomes Presentation Slides - English (v3).pptx
Graduate Outcomes Presentation Slides - English (v3).pptxGraduate Outcomes Presentation Slides - English (v3).pptx
Graduate Outcomes Presentation Slides - English (v3).pptx
 
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
 
OSCM Unit 2_Operations Processes & Systems
OSCM Unit 2_Operations Processes & SystemsOSCM Unit 2_Operations Processes & Systems
OSCM Unit 2_Operations Processes & Systems
 
VAMOS CUIDAR DO NOSSO PLANETA! .
VAMOS CUIDAR DO NOSSO PLANETA! .VAMOS CUIDAR DO NOSSO PLANETA! .
VAMOS CUIDAR DO NOSSO PLANETA! .
 
AIM of Education-Teachers Training-2024.ppt
AIM of Education-Teachers Training-2024.pptAIM of Education-Teachers Training-2024.ppt
AIM of Education-Teachers Training-2024.ppt
 
male presentation...pdf.................
male presentation...pdf.................male presentation...pdf.................
male presentation...pdf.................
 
Rich Dad Poor Dad ( PDFDrive.com )--.pdf
Rich Dad Poor Dad ( PDFDrive.com )--.pdfRich Dad Poor Dad ( PDFDrive.com )--.pdf
Rich Dad Poor Dad ( PDFDrive.com )--.pdf
 
Trauma-Informed Leadership - Five Practical Principles
Trauma-Informed Leadership - Five Practical PrinciplesTrauma-Informed Leadership - Five Practical Principles
Trauma-Informed Leadership - Five Practical Principles
 
MuleSoft Integration with AWS Textract | Calling AWS Textract API |AWS - Clou...
MuleSoft Integration with AWS Textract | Calling AWS Textract API |AWS - Clou...MuleSoft Integration with AWS Textract | Calling AWS Textract API |AWS - Clou...
MuleSoft Integration with AWS Textract | Calling AWS Textract API |AWS - Clou...
 
What is 3 Way Matching Process in Odoo 17.pptx
What is 3 Way Matching Process in Odoo 17.pptxWhat is 3 Way Matching Process in Odoo 17.pptx
What is 3 Way Matching Process in Odoo 17.pptx
 
SPLICE Working Group: Reusable Code Examples
SPLICE Working Group: Reusable Code ExamplesSPLICE Working Group: Reusable Code Examples
SPLICE Working Group: Reusable Code Examples
 

Chapter 13Network EncryptionChapter 13 OverviewRole of.docx

  • 1. Chapter 13 Network Encryption Chapter 13 Overview Role of crypto in communications security Impact of using crypto at different protocol layers Network key distribution techniques Application, network, and link layer crypto Policy guidance for crypto applications Network Encryption Role of crypto in communications security Impact of using crypto at different protocol layers Network key distribution techniques Application, network, and link layer crypto Policy guidance for crypto applications Communications Security Physical protection works for local networks Impractical for long-distance communications Types of attacks Passive – eavesdropping or sniffing Active – maliciously create or modify data Crypto techniques protect data when outside our physical control Confidentiality, integrity Authenticity, nonrepudiation
  • 2. Crypto by Layers Applying Crypto Layers We get different results when we apply crypto at different layers Different key distribution requirements Data protected in different places and ways Transparency – does crypto interfere? Network transparency: Can the network still carry our traffic with the crypto applied? Application transparency: Is crypto applied without affecting the application? Layer 2: Link Encryption Layer 3: Network Encryption Layer 4: Transport Encryption Layer 7: Application Encryption Administrative and Policy Issues Scope of sniffing protection Traffic filtering – does the crypto interfere? Automatic encryption – must we rely on the end user to enable
  • 3. crypto for sensitive data? Access to Internet sites – full, automatic encryption makes Internet access impossible End-to-end crypto – do we need to associate crypto operations with end users? Keying – do end users need to manage keys? We will review all of these at the end Crypto Keys on the Network The key management problem Ensure that the right people have keys Prevent attackers from uncovering keys Key distribution objectives Ensure that keys are changed periodically Change keys when access rights change The default keying risk: Keys installed by vendor Default keys work “out of the box” Attackers also have copies of the default keys Key Distribution Strategies One big cryptonet – share the same secret key with everyone who must communicate safely Groups of cryptonets – share the same key among smaller communities of users Pairwise key sharing – one per endpoint pair Key distribution center – a shared server that distributes working keys to approved users Public key distribution – use public key techniques to distribute keys Key Distribution Techniques Manual keying Distribute all keys “by hand” in person or via trustworthy
  • 4. couriers – often a starting point Simple rekeying Unreliable tricks to replace an existing key Secret-key techniques Wrapping, KDCs, hashing Public-key techniques Diffie-Hellman, RSA Simple Rekeying: Weak Self-rekeying Use a PRNG to transform the current key into a new one Separate endpoints can apply the same PRNG to yield the same key New keys encrypted with old Generate a new, random key Use previous key to encrypt it for distribution Both techniques may leak all traffic if old keys are disclosed Stronger Secret Key Building Blocks Key wrapping Use wrapping technique from Chapter 8 to protect keys carried in network messages Traffic encrypting key (TEK) wrapped by KEK Key distribution center (KDC) The center distributes wrapped keys Authorized users share a secret with the KDC Shared secret hashing Generate a new key using a one-way hash Key Wrapping
  • 5. Key Distribution Center Shared Secret Hashing Public Key Building Blocks Anonymous Diffie-Hellman secret sharing D-H inherently constructs a shared secret We can use it to construct a temporary shared secret for any two endpoints RSA key wrapping (encapsulation) One endpoint (the client) creates a secret key shared with the other endpoint (the server) Only the server needs a public key pair Client needs a copy of the server's public key Anonymous Diffie-Hellman RSA Key Wrapping Trade-Off: Public and Secret Keys Secret Key Limited resources Clearly defined user community Revocation must be timely and reliable Small user community Trustworthy servers are available Public Key
  • 6. User community can't be identified ahead of time Large community, and untrustworthy server computer Inefficient revocation is an acceptable risk Application Layer Encryption Email Key Wrapping and Encryption 25 Transport Layer Security: SSL/TLS Secure Sockets Layer (SSL) Developed by Netscape in 1994 Part of commercial client/server Web package First really successful public-key application Inherited by the IETF Now called Transport Layer Security (TLS) Three-part protocol Handshake protocol – key exchange Record protocol – data exchange Alert protocol – errors and session shutdown SSL Handshake Protocol SSL Key Construction
  • 7. SSL Record Transmission Network Layer Encryption Provides both application transparency and network transparency Primary use: Virtual Private Networks (VPNs) Network carries plaintext inside a site VPN gateway encrypts data between sites “Proxy encryption” Remote users use VPN crypto to access site IPsec – IP Security Protocol Used for Internet VPNs Example VPN Encryption by an IPsec Gateway IPsec Encrypted Packet Internet Key Exchange (IKE) Protocol Wireless LAN Encryption Wireless Equivalent Privacy (WEP) Introduced with early Wi-Fi products
  • 8. Used RC4 and 40-bit keys Later increased to 128-bit keys (WEP 2) Successful attacks in early 2000s Wireless Protected Access (WPA, WPA2) First WPA designed to work with existing Wi-Fi hardware (still used RC4) WPA2 uses AES, improved integrity protection, and improved key exchange WPA2 Crypto Format Crypto Policy: Sniffing Crypto Policy: Automatic Encryption Crypto Policy: Others image2.jpg image3.jpg image4.jpg image5.jpg image6.jpg image7.jpg image8.jpg image9.jpg image10.jpg image11.jpg image12.jpg
  • 9. image13.jpg image14.jpg image15.jpg image16.jpg image17.jpg image18.jpg image19.jpg image20.jpg image21.jpg image22.jpg image23.jpg image24.jpg image1.jpg Overview History is much more than a list of dates, names, and places. Examining our histories helps us understand how the past connects to our present and what it means to be human. It allows us to make better decisions about our futures. History also provides us with very practical skills that are useful in any profession, such as determining the credibility of information, conducting research, and asking critical questions. In each module, you will complete assignments that will prepare you for an aspect of your final project. In this assignment, you will choose your project topic. Before completing this activity, review the Project Guidelines and Rubric and the Library Research Guide to know exactly what you will be working on. Make certain to review the historical topic in the library guide, which provides an overview of the topic as well as primary and secondary sources to support your research. While it is a good idea to choose your topic early, you may change it until the next module. Prompt Use the provided
  • 10. Module One Activity Template: Project Topic Exploration and the Research Topic Lists in the HIS 100 Library Guide to complete this assignment. In the Library Guide, you will see the following pages: · Research Topic List: Human Rights and Inequality · Tulsa Massacre · Wounded Knee Occupation · Stonewall Rebellion · Research Topic List: Political Revolutions · Haitian Independence · Philippine Revolution · Iranian Revolution · Research Topic List: Climate Change and Environmental Issues · Great London Smog · Creation of Earth Day · Chernobyl · Research Topic List: Globalization · Creation of the UN · Act Prohibition the Importation of Slaves · Founding of NATO Make certain to review the lists of more specific topics within each theme to choose your research topic. Then, describe your prior knowledge, beliefs, assumptions, and values related to your chosen topic. Finally, you will explain why you think this historical topic is relevant to contemporary society. Specifically, you must address the following rubric criteria: · Explain what you already know about the chosen topic based on your personal history or experiences. · If you do not have prior knowledge about your topic, explain what you would like to learn more about. · Describe the
  • 11. beliefs, assumptions, and values you have related to the topic you chose. · What opinions or perspectives do you have about your topic? What conclusions have you already drawn about it? · Explain why this topic is relevant to current events or to modern society. · Why might this topic matter to us now? Guidelines for Submission Use the provided Module One Activity Template: Project Topic Exploration to address the steps above. While references are not required, any sources used should be cited according to APA style if you reference them in your responses. Consult the Shapiro Library APA Style Guide for more information on citations. Module One Activity Rubric Criteria Proficient (100%) Needs Improvement (75%) Not Evident (0%) Value Existing Knowledge Explains what is already known about the chosen topic based on personal history or experiences Shows progress toward proficiency, but with errors or omissions; areas for improvement may include connecting topic to existing knowledge or providing more detailed explanations of knowledge Does not attempt criterion 30 Beliefs, Assumptions, and Values Describes the beliefs, assumptions, and values concerning a chosen topic
  • 12. Shows progress toward proficiency, but with errors or omissions; areas for improvement may include connecting topic to beliefs, assumptions, and values or providing more support of that connection Does not attempt criterion 30 Why Topic Is Relevant Explains why the topic is relevant to current events or to modern society Shows progress toward proficiency, but with errors or omissions; areas for improvement may include connecting the topic to current events or modern society or making a more persuasive argument about the topic’s relevance to contemporary society Does not attempt criterion 30 Articulation of Response Clearly conveys meaning with correct grammar, sentence structure, and spelling, demonstrating an understanding of audience and purpose Shows progress toward proficiency, but with errors in grammar, sentence structure, and spelling, negatively impacting readability The submission has critical errors in grammar, sentence structure, and spelling, preventing understanding of ideas 10 Total: 100% Chapter 12 End-to-End Networking Chapter 12 Overview
  • 13. The end-to-end principle in internet architecture Internet packet and transport protocols Host naming with the Domain Name System Firewalls and network address translation Authentication on networks “Smart” vs. “Dumb” Networks The 20th century telephone network A “smart” network with “dumb” endpoints Telephones (endpoints) only had a dial or touchpad, a speaker, and a microphone The original Internet A “dumb” network with “smart” endpoints Routing was as simple as possible Hosts handled the hard work Error detection and correction Reordering and reassembling messages The End-to-End Principle Reliable packet networks must rely on smart endpoints – the network can't ensure reliable packet delivery by itself Network-based reliability may reduce unreliability, but it doesn't ensure reliability End-to-end in practice Networks become more complex to address more complex routing challenges Network-based reliability in wireless LANs reduces unreliability to acceptable levels Internet Transport Protocols Two separate protocols User Datagram Protocol (UDP) – for highly efficient
  • 14. transmission without retransmission Transmission Control Protocol (TCP) – for reliable, sequential data transmission UDP packets Contain source and destination port numbers Contain a checksum and a data field Applications must detect and handle any missing or damaged packets themselves UDP Packet Format Wireshark: UDP Packet Format © Wireshark Foundation Transmission Control Protocol – TCP TCP Reliability Uses Sequence (SEQ) and Acknowledgement (ACK) numbers to track the delivered data Every byte of data sent via TCP is numbered consecutively A packet's SEQ number reports the number of the first byte it contains Recipient sends ACK number to indicate the highest consecutive byte number received If packets arrive out of order, the ACK number never increases until missing packets arrive Flow Control and Window Size
  • 15. Flow control prevents a sender from sending data faster than the recipient can handle it If we send data too fast, the recipient or the network will have to discard it Each TCP packet contains a window size Indicates the number of bytes the recipient can handle from upcoming packets Grows smaller if traffic arrives too quickly Establishing a TCP Connection Two hosts must agree to establish a connection Process uses a three-way handshake Client sends a SYN packet Server responds with SYN-ACK packet Client completes the handshake with ACK The three-way handshake establishes the starting SEQ numbers used in each direction If one host fails to finish the handshake, the other host discards the connection Close the connection with FIN or RST Wireshark: TCP Connection © Wireshark Foundation Attacks on Internet Protocols General types of protocol-oriented attacks Exploit one host to attack another host Use up the victim host's resources Masquerade as a different host to a user Attack mechanisms Exploit ICMP – the Internet Control Message Protocol Exploit IP header settings
  • 16. Exploit TCP settings ICMP Exploits Ping floods – DOS attack that transmits numerous “ping” packets Smurf attack – DOS attack that sends a forged “ping” using a broadcast address to amplify the number of replies produced Ping of death – exploited a now-fixed flaw in protocol stacks: A buffer overflow in ping handling Redirection attacks – rerouted data for one host to traverse a different (masquerading) host TCP and IP Attacks SYN flood – attacker sends lots of SYN packets to produce “half-open connections” and use up the protocol stack's resources. IP spoofing – forge the sender's IP address in a TCP connection; success requires correct guessing of SEQ numbers. Source routing attack – similar to redirection attack, but uses an IP header option to route traffic to a masquerading host. Domain Names on the Internet Domain names provide memorable names for hosts on the Internet Domain Name System (DNS) converts names into IP addresses, and vice versa The “Internet telephone book” A distributed database managed by domain name owners and registrars Domain names constructed hierarchically From right to left
  • 17. Domain Name Construction Domain Name Hierarchy Domain Names in Practice Individuals and companies buy names from registrars Registrar places the name under the chosen Top-Level Domain (TLD) Tying the name to a host Owners may provide their own domain name servers, and service hosts for Web or email Some registrars will tie the domain name to specific host-based services for customers Looking up Domain Names A resolver uses the DNS to look up a name The resolver keeps a cache of recent answers If a name isn't in the cache, the resolver contacts a domain name server If the server can't answer, it identifies a server that can provide the answer, or it may contact that server itself Resolver saves the answer in its cache Resolving may be redirected or recursive Wireshark: A DNS response © Wireshark Foundation DNS Lookup
  • 18. Investigating Domain Names dnslookup – interactive DNS resolver Returns basic information stored about a domain IP address for the generic host IP address, possibly different, to handle email directed at that domain whois – returns details about domain ownership Identifies the domain's owner Provides technical and administrative contact information Attacks on DNS Cache poisoning – resolver receives a bogus response to a DNS request Difficult: Can only affect an existing query DOS – attacker floods an important server, like a root server, so it can't respond to queries Botnets are often used in such attacks DOS attack using a shared resolver – attacker sends numerous bogus queries that produce lots of traffic to a targeted server An amplification attack, like the smurf attack DNS Security Improvements Randomized requests – clients choose unpredictable port numbers and request numbers to resist cache poisoning Limited access to resolvers – ISPs only allow their customers to use their resolvers, to reduce risks of amplification attacks Replicated DNS servers – major servers are replicated so that DOS against one won't shut down an entire TLD or subdomain. DNSSEC – authentication for DNS responses
  • 19. Internet Gateways and Firewalls Network Address Translation All IP packets travel between two hosts with unique addresses There are not enough IPv4 addresses to assign one to every IP host on the planet Sites use private addresses and NAT to provide separate addresses to all hosts Private addresses fall into one of 3 ranges: 10.x.x.x 192.168.x.x 172.16.0.0 through 172.31.255.255 Mapping Private to Public Addresses Configuring Host Computers Gateways and firewalls typically assign private addresses Use Dynamic Host Configuration Protocol (DHCP) A client sends a broadcast DHCP query The gateway responds with information IP address assigned to the host IP addresses to use for routing and DNS Gateway must be configured to use a particular private address range Traffic Filtering and Connectivity Packet filtering – discards packets by checking: MAC address – source or destination Broadcast transmissions ICMP messages
  • 20. IP address – source or destination IP application protocol – based on port number Inbound connections usually rejected by NAT Gateway may configure a server to receive inbound connections Enterprise Network Authentication Enterprise authentication issues Eavesdropping risks Management of multiple servers Keeping credentials up to date Authentication design patterns Local authentication Direct authentication Indirect authentication Off-line authentication Local Authentication Direct Authentication Indirect Authentication Off-Line Authentication image2.jpg image3.jpg image4.jpg
  • 21. image5.jpg image6.jpg image7.jpg image8.jpg image9.jpg image10.jpg image11.jpg image12.jpg image13.jpg image14.jpg image15.jpg image16.jpg image1.jpg The discussion assignment requires an Original Posting (main post) from you of 2-3 paragraphs answering the module's question. Compare Internet transport protocols. Specifically, discuss TCP and UDP. How are they different? How are they similar? RESPOND TO PEER POST Verret - DNS Vulnerabilities The Domain name system, or DNS, is one of the most important factors in the successful operation of your web browser accessing websites on the internet. DNS locates and stores IP addresses so that you can navigate to the website you enter into your browser. Because of its importance in the process, it is a prime target for attackers to use for infiltration. There are several ways that malicious actors but some methods
  • 22. are more common than others. Some of the attack types that one should be familiar with include: DNS Tunneling – attackers can manipulate the DNS queries and responses to deliver payloads that allow a take over. This requires controlling a server and domain which will receive pings from outside sources. DNS Amplification – this attack involves performing a DDoS attack on a publicly available server to overwhelm a target with traffic from the DNS. DNS Flood Attack – a user datagram protocol (UDP) flood. DNS request packets are deployed at a very high packet rate to create a large group of source IP addresses. The packets are recognized as valid requests so the DNS server attempts to respond to them all. Like the DDoS attack, this leaves the target offline. DNS Spoofing – also known as DNS cache poisoning, uses altered DNS records to send traffic to an imposter destination. At the fake address, users are directed to login to their account. This of course provides the information to the threat actor. NXDOMAIN Attack – using a DNS proxy server to launch a DDoS attack, rendering a system unable to handle legitimate requests. It is imperative to take proper precautions against DNS attacks. One must ensure that only specific users have access to the DNS resolver. A DNS server can be configured to protect against Cache Poisoning and make it more difficult for a threat actor to successfully send bogus requests. A large enough operation should consider self managing their DNS server so that its security is not in the hands of a third party. Finally, regular scanning and testing for vulnerabilities will help to prevent attackers from taking advantage of said vulnerabilities.