anoop negi, profile picture
Uploaded byanoop negi
PPT, PDF172 views

Network security

This document provides an overview of network security concepts including cryptography, digital signatures, security at various layers, and firewalls. It discusses cryptography principles like plaintext, ciphertext, and keys. Symmetric and asymmetric key cryptography algorithms are explained along with digital signatures and hashing. Network layer security standards like IPsec and its authentication header and encapsulating security payload are described. Transport layer security including TLS handshake, alert, and cipher protocols is also summarized. The roles and types of firewalls in providing access control between networks are defined.

Embed presentation

Downloaded 11 times
NETWORK SECURITY name- anoop negi roll no- 27 Date: 4-04-2016
CONTENTS  understand principles of network security:  cryptography  Digital Signatures  Security at Various Layers  Firewalls
INTRODUCTION Cryptography is the study of creating and using encryption and decryption techniques. Plaintext is the the data that before any encryption has been performed. Ciphertext is the data after encryption has been performed. The key is the unique piece of information that is used to create ciphertext and decrypt the ciphertext back into plaintext.
KEY TERMS  Confidentiality: only sender, intended receiver should “ understand” message contents  sender encrypts message  receiver decrypts message  Authentication: sender, receiver want to confirm identity of each other  Message Integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) .  Access and Availability: services must be accessible and available to users
CONTINUE……….. ❍ eavesdrop: intercept messages ❍ impersonation: can fake (spoof) source address in packet (or any field in packet) ❍ hijacking: “take over” ongoing connection by removing sender or receiver, inserting himself in place
SYMMETRIC KEY CRYPTOGRAPHY  The same key is used by the sender (for encryption) and the receiver (for decryption).  The key is shared.  Encryption and Decryption Algorithms are public.
Continue……….  substitution cipher: substituting one thing for another.  monoalphabetic cipher: substitute one letter for another . plaintext: abcdefghijklmnopqrstuvwxyz ciphertext: mnbvcxzasdfghjklpoiuytrewq Plaintext: bob. i love you. alice ciphertext: nkn. s gktc wky. mgsbc
Data Encryption Standard  Created in 1977 and in operation into the 1990s, the data encryption standard took a 64- bit block of data and subjected it to 16 levels of encryption.  The choice of encryption performed at each of the 16 levels depends on the 56-bit key applied.  Even though 56 bits provides over 72 quadrillion combinations, a system using this standard has been cracked (in 1998 by Electronic Frontier Foundation in 3 days).
Continue……….
Public Key Cryptography  Very powerful encryption technique in which two keys are used: the first key (the public key) encrypts the message while the second key (the private key) decrypts the message.  Not possible to deduce one key from the other.  Not possible to break the code given the public key.  If you want someone to send you secure data, give them your public key, you keep the private key.  Secure sockets layer on the Internet is a common example of public key cryptography.
RSA  The most common public key algorithm .  Private key is a pair of numbers (n,d).  Public key is a pair of numbers (n,e).  The sender uses the following algorithm to encrypt the message:  C=p*pow(e) mod n  P=plaintext ,C=cyphertext and e,n are components of public key.  Receiver : p=C*pow(d) mod n
RSA
Digital Signature Digital signature can provide: Authentication Integrity Nonrepudiation The sender uses her private key to encrypt(sign) the message . The receiver on the other hand uses the public key of sender to decrypt the msg. No need to sign the entire document(digest). Digital signature does not provide privacy.
Message Digests  Computationally expensive to public-key-encrypt long messages.  Goal: fixed-length, easy to-compute digital “fingerprint”.  apply hash function H to m, get fixed size message digest, H(m).  Hash function properties:  Hashing is one way: digest can only be created from the msg , not vice versa.  Hashing is one to one function: there is little probability that two msg produce same digest.
SECURITY AT IP LEVEL  IP Security (ipsec) is a collection of protocols to provide security for a packet at the IP level.  Ipsec requires a logical connection between two hosts using a signalling protocol called Security Association.  An SA connection can be simplex or duplex.  SA is uniquely defined by three elements:  A 32 bit security parameter index (spi),which acts as virtual circuit identifier in connection oriented protocols.  The source ip address.  The type of protocol used- AH,ESP.
AUTHENTICATION HEADER (AH)  AH provides authentication , integrity and anti-replay for the entire packet(ip header & data payload).  It does not provide confidentiality , which means it does not encrypt the data.  The data is readable but protected from modification.  Integrity and authentication are provided by placement of AH header between the Ip header and transport layer protocol .  AH uses an ip protocol id of 51 to identify itself in the IP header.
AH FIELDS  Next Header: Identifies the next header that uses IP protocol id, ex- value might be 6 to indicate tcp.  Length: indicate length of AH header.  SPI: used in combination with the destination address and security protocol(AH OR ESP) to identify correct security association for the communication.  Sequence no. : provides anti-relay protection. It is a 32 bit number that is never allowed to cycle . The receiver checks this field to verify that a packet with this number has not been received yet. If one is received ,the packet is rejected.  Authentication data: contains integrity check value to verify the integrity of the msg.
ENCAPSULATING SECURITY PAYLOAD Provides confidentiality in addition to authentication , integrity and anti-replay. ESP indicates itself in the IP header using IP protocol id of 50. Ex- alice on computer A sends data to bob on computer B. The data payload is encrypted and signed for integrity. Upon receipt the data payload packet is decrypted . Bob can be certain it was really alice who send the data. Also the data is unmodified and no other was able to read it.
ESP HEADER AND TRAILER FIELD  SECURITY PARAMETER INDEX (SPI): same as in AH.  Sequence no : same as in AH.  Padding : the variable length field of 0’s serves as padding.  Padding length: indicates the length of the padding field in bytes.  This field is used by the receiver to discard the padding field.  Next header: identifies the type of payload tcp or udp.  Authentication data: contains the integrity check value(icv) and a msg authentication code that is used to verify the sender’s identity and msg integrity.
Continue….
Transport layer security  TLS was designed to provide security at transport layer.  TLS allows two parties to exchange messages in a secure environment. To accomplish this TLS require that  Two parties must agree on 3 protocols : an entity authentication protocol, a message authentication protocol and encrypt/decrypt protocol.  TLS has two layers.  The top layer includes three protocols ,one for session setup(handshaking),one for alerting the other party of unusual situation, and one informing the establishment of security parameters.  The lower layer ,the record protocol ,is used to encapsulate msg from the upper layer.
Handshake protocol
Alert protocol  The alert protocol is used to signal an error or a potential error to other party.  The packet exchanged defines the severity level of the condition.
Change cipher spee protocol  This protocol is designed to activate the security services (message authentication and encryption/decryption) after all the agreements are confirmed in the handshake protocol.  After exchanging the one message defined in this protocol ,the two parties can use the services.
FIREWALLS  A system or combination of systems that supports an access control policy between two networks.  A firewall can limit the types of transactions that enter a system, as well as the types of transactions that leave a system.  Firewalls can be programmed to stop certain types or ranges of IP addresses, as well as certain types of TCP port numbers (applications).  A packet filter firewall is essentially a router that has been programmed to filter out or allow to pass certain IP addresses or TCP port numbers.  A proxy server is a more advanced firewall that acts as a doorman into a corporate network. Any external transaction that request something from the corporate network must enter through the proxy server.  Proxy servers are more advanced but make external accesses slower.
THANK YOU

More Related Content

PPT
Data security in data communication
byMohd Arif
 
PPTX
Security in Data Communication and Networking
byZahidul Hossain
 
PPTX
Cryptography and network security
byshraddha mane
 
PPTX
Cryptography and network security
bypatisa
 
PPTX
Network security and cryptography
byPavithra renu
 
PDF
computer-security-and-cryptography-a-simple-presentation
byAlex Punnen
 
PPTX
Introduction to Cryptography
byBharat Kumar Katur
 
PPTX
Information and network security 31 public key cryptography
byVaibhav Khanna
 
Data security in data communication
byMohd Arif
 
Security in Data Communication and Networking
byZahidul Hossain
 
Cryptography and network security
byshraddha mane
 
Cryptography and network security
bypatisa
 
Network security and cryptography
byPavithra renu
 
computer-security-and-cryptography-a-simple-presentation
byAlex Punnen
 
Introduction to Cryptography
byBharat Kumar Katur
 
Information and network security 31 public key cryptography
byVaibhav Khanna
 

What's hot

DOC
Cryptography full report
byharpoo123143
 
PPTX
Cryptography
byokolo chukwudumebi prince
 
PPT
Information Security & Cryptography
byArun ACE
 
PPT
Cryptography and Network Security
byRamki M
 
PPTX
Encryption
byNitin Parbhakar
 
PDF
Introduction to Cryptography
bySeema Goel
 
PPT
Network Security and Cryptography
byAdam Reagan
 
PPTX
Cryptography and network security Nit701
byAmit Pathak
 
PPTX
PROJECT REPORT ON CRYPTOGRAPHIC ALGORITHM
bysaniacorreya
 
PPT
Encryption
byNaiyan Noor
 
PDF
Computer Security (Cryptography) Ch01
bySaif Kassim
 
PDF
Cryptanalysis and Attacks
byShahbaz Anjam
 
PPTX
Seminar on Encryption and Authenticity
byHardik Manocha
 
PPT
6. cryptography
by7wounders
 
PPTX
Data encryption
byDeepam Goyal
 
PPTX
Cryptography.ppt
bykusum sharma
 
PPTX
Cryptographic tools
byCAS
 
PDF
A New Design of Algorithm for Enhancing Security in Bluetooth Communication w...
byInternational Journal of Science and Research (IJSR)
 
PPTX
Cryptography and applications
bythai
 
PPTX
Cryptography
bySagar Janagonda
 
Cryptography full report
byharpoo123143
 
Cryptography
byokolo chukwudumebi prince
 
Information Security & Cryptography
byArun ACE
 
Cryptography and Network Security
byRamki M
 
Encryption
byNitin Parbhakar
 
Introduction to Cryptography
bySeema Goel
 
Network Security and Cryptography
byAdam Reagan
 
Cryptography and network security Nit701
byAmit Pathak
 
PROJECT REPORT ON CRYPTOGRAPHIC ALGORITHM
bysaniacorreya
 
Encryption
byNaiyan Noor
 
Computer Security (Cryptography) Ch01
bySaif Kassim
 
Cryptanalysis and Attacks
byShahbaz Anjam
 
Seminar on Encryption and Authenticity
byHardik Manocha
 
6. cryptography
by7wounders
 
Data encryption
byDeepam Goyal
 
Cryptography.ppt
bykusum sharma
 
Cryptographic tools
byCAS
 
A New Design of Algorithm for Enhancing Security in Bluetooth Communication w...
byInternational Journal of Science and Research (IJSR)
 
Cryptography and applications
bythai
 
Cryptography
bySagar Janagonda
 

Viewers also liked

PPT
Ch16
byJoe Christensen
 
PPT
Ip sec
byshifanabasheer
 
PPTX
Network security
bySidiq Dwi Laksana
 
DOCX
Unit 5
byVinod Kumar Gorrepati
 
PDF
BAIT1103 Chapter 8
bylimsh
 
PPT
Data Security
bybackdoor
 
PPT
D.Silpa
byst anns PG College,Mallapur,Hyderabad, India
 
PPT
Digital Signature
bynayakslideshare
 
PPTX
L4 internet security
bylistergc
 
PPT
Network security
byDhaval Kaneria
 
PPTX
IP Security
byKeshab Nath
 
PPTX
Seminar (network security)
byGaurav Dalvi
 
PPTX
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
byGopal Sakarkar
 
PPTX
PPT on Family Palnning
byGULZAR HUSSAIN
 
PPT
Firewall
byApo
 
PDF
Digital signatures
byIshwar Dayal
 
PPT
Firewall
byAmuthavalli Nachiyar
 
PPT
FireWall
byrubal_9
 
PPT
Introduction to Digital signatures
byRohit Bhat
 
PPTX
Family planning....ppt
byMonika Sharma
 
Ch16
byJoe Christensen
 
Ip sec
byshifanabasheer
 
Network security
bySidiq Dwi Laksana
 
Unit 5
byVinod Kumar Gorrepati
 
BAIT1103 Chapter 8
bylimsh
 
Data Security
bybackdoor
 
D.Silpa
byst anns PG College,Mallapur,Hyderabad, India
 
Digital Signature
bynayakslideshare
 
L4 internet security
bylistergc
 
Network security
byDhaval Kaneria
 
IP Security
byKeshab Nath
 
Seminar (network security)
byGaurav Dalvi
 
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
byGopal Sakarkar
 
PPT on Family Palnning
byGULZAR HUSSAIN
 
Firewall
byApo
 
Digital signatures
byIshwar Dayal
 
Firewall
byAmuthavalli Nachiyar
 
FireWall
byrubal_9
 
Introduction to Digital signatures
byRohit Bhat
 
Family planning....ppt
byMonika Sharma
 

Similar to Network security

PDF
CS6004 CYBER FORENSICS
byKathirvel Ayyaswamy
 
PPT
2800967 for internet and networkings.ppt
byallfather027
 
PPT
Seminar on ECommerce
bySTS
 
PPTX
Parallel and distributed computing .pptx
byAmnaNadeem27
 
PDF
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
byKathirvel Ayyaswamy
 
PPT
Ip sec and ssl
byMohd Arif
 
PPT
Ip security
byDr.K.Sreenivas Rao
 
PPTX
chAPTER 19 INTERNET PROTOCOL SECURITY PRESENTATION
byPragyanshuParadkar1
 
PPTX
Chaaaaaaaaaaaaaaaaapter IV.pptx(mod).pptx
byAbdiwakGirma1
 
PPT
ch22.ppt
byImXaib
 
PPT
Moein
byitrraincity
 
PPTX
Chapter 22-Computer Security 4th ed.pptx
byKofiBoateng28
 
PPTX
Chapter 22 Internet Security Protocols and Standards
byGoldenMIT
 
PPT
Chapter No 19 - Network and Security-by-MIT
byKamranHussainAwan
 
PPT
Network Security Presentation Stallings.
byAratiKothari2
 
PPT
CS553 ST7 Ch21 Network Security chapter 21
byKhaledMohammadSoradi
 
PPT
CS553_ST7_Ch21-NetworkSecurityhhhhggg.ppt
byBinyamBekeleMoges
 
PDF
CNS ppt.pdf
byChaitanyaK65
 
PDF
Module 2.Cryptography and Cryptanalysis
bySitamarhi Institute of Technology
 
PDF
Module 2.pdf
bySitamarhi Institute of Technology
 
CS6004 CYBER FORENSICS
byKathirvel Ayyaswamy
 
2800967 for internet and networkings.ppt
byallfather027
 
Seminar on ECommerce
bySTS
 
Parallel and distributed computing .pptx
byAmnaNadeem27
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
byKathirvel Ayyaswamy
 
Ip sec and ssl
byMohd Arif
 
Ip security
byDr.K.Sreenivas Rao
 
chAPTER 19 INTERNET PROTOCOL SECURITY PRESENTATION
byPragyanshuParadkar1
 
Chaaaaaaaaaaaaaaaaapter IV.pptx(mod).pptx
byAbdiwakGirma1
 
ch22.ppt
byImXaib
 
Moein
byitrraincity
 
Chapter 22-Computer Security 4th ed.pptx
byKofiBoateng28
 
Chapter 22 Internet Security Protocols and Standards
byGoldenMIT
 
Chapter No 19 - Network and Security-by-MIT
byKamranHussainAwan
 
Network Security Presentation Stallings.
byAratiKothari2
 
CS553 ST7 Ch21 Network Security chapter 21
byKhaledMohammadSoradi
 
CS553_ST7_Ch21-NetworkSecurityhhhhggg.ppt
byBinyamBekeleMoges
 
CNS ppt.pdf
byChaitanyaK65
 
Module 2.Cryptography and Cryptanalysis
bySitamarhi Institute of Technology
 
Module 2.pdf
bySitamarhi Institute of Technology
 

Recently uploaded

PPTX
This Bearing Didn’t Fail Suddenly — How Vibration Data Predicts Failure Month...
byMaintWiz Technologies Private Limited
 
PDF
Chemical Hazards at Workplace – Types, Properties & Exposure Routes, CORE-EHS
byCORE EHS
 
PDF
Plasticity and Structure of Soil/Atterberg Limits.pdf
byMahmoodKhalid11
 
PDF
Basics of Electronics Task by Vivaan Jo Varghese.pdf
byVivaan Jo Varghese
 
PPTX
Why TPM Succeeds in Some Plants and Struggles in Others | MaintWiz
byMaintWiz Technologies Private Limited
 
PDF
Ericsson 6230 Training Module Document.pdf
byMd Bellal Hossain
 
PDF
CME397 SURFACE ENGINEERING UNIT 2 FULL NOTES
bykarthi keyan
 
PPTX
Presentation-WPS Office.pptx afgouvhyhgfccf
byEndaleTimerga
 
PPT
Oracle Advanced subquery and types of subquery
bytejaswinikulkarni549
 
PPTX
Theory to Practice of Unsaturated Soil Mechanics-1.pptx
byMahmoodKhalid11
 
PPTX
Fitting Infiltration Models to Infiltration using Excel (1).pptx
byTomNickoRivera1
 
PDF
Computer Graphics Fundamentals (v0p1) - DannyJiang
byDanny Jiang
 
PPTX
GET 211- Computing and Software Engineering (1).pptx
byfestusdaniel142
 
PDF
Chad Ayach - An Accomplished Mechanical Engineer
byChad Ayach
 
PDF
Shear Strength of Soil (Direct shear test).pdf
byMahmoodKhalid11
 
PPTX
Unit 1_Importance of modelling(Object oriented concepts).pptx
byVidyaranichougule
 
PDF
Computer Network Lab Manual ssit -kavya r.pdf or Computer Network Lab Manual ...
bykavya R
 
PPTX
How Does LNG Regasification Work | INOXCVA
byINOXCVA
 
PPTX
operating_systems.pptx m,nm,nm,n,nm,n,nm,nikl
bykirthigaaiml
 
PPTX
Value engineering and cost analysis with case study
byhp9879098082
 
This Bearing Didn’t Fail Suddenly — How Vibration Data Predicts Failure Month...
byMaintWiz Technologies Private Limited
 
Chemical Hazards at Workplace – Types, Properties & Exposure Routes, CORE-EHS
byCORE EHS
 
Plasticity and Structure of Soil/Atterberg Limits.pdf
byMahmoodKhalid11
 
Basics of Electronics Task by Vivaan Jo Varghese.pdf
byVivaan Jo Varghese
 
Why TPM Succeeds in Some Plants and Struggles in Others | MaintWiz
byMaintWiz Technologies Private Limited
 
Ericsson 6230 Training Module Document.pdf
byMd Bellal Hossain
 
CME397 SURFACE ENGINEERING UNIT 2 FULL NOTES
bykarthi keyan
 
Presentation-WPS Office.pptx afgouvhyhgfccf
byEndaleTimerga
 
Oracle Advanced subquery and types of subquery
bytejaswinikulkarni549
 
Theory to Practice of Unsaturated Soil Mechanics-1.pptx
byMahmoodKhalid11
 
Fitting Infiltration Models to Infiltration using Excel (1).pptx
byTomNickoRivera1
 
Computer Graphics Fundamentals (v0p1) - DannyJiang
byDanny Jiang
 
GET 211- Computing and Software Engineering (1).pptx
byfestusdaniel142
 
Chad Ayach - An Accomplished Mechanical Engineer
byChad Ayach
 
Shear Strength of Soil (Direct shear test).pdf
byMahmoodKhalid11
 
Unit 1_Importance of modelling(Object oriented concepts).pptx
byVidyaranichougule
 
Computer Network Lab Manual ssit -kavya r.pdf or Computer Network Lab Manual ...
bykavya R
 
How Does LNG Regasification Work | INOXCVA
byINOXCVA
 
operating_systems.pptx m,nm,nm,n,nm,n,nm,nikl
bykirthigaaiml
 
Value engineering and cost analysis with case study
byhp9879098082
 

Network security

  • 1.
    NETWORK SECURITY name- anoopnegi roll no- 27 Date: 4-04-2016
  • 2.
    CONTENTS  understand principlesof network security:  cryptography  Digital Signatures  Security at Various Layers  Firewalls
  • 3.
    INTRODUCTION Cryptography is thestudy of creating and using encryption and decryption techniques. Plaintext is the the data that before any encryption has been performed. Ciphertext is the data after encryption has been performed. The key is the unique piece of information that is used to create ciphertext and decrypt the ciphertext back into plaintext.
  • 4.
    KEY TERMS  Confidentiality:only sender, intended receiver should “ understand” message contents  sender encrypts message  receiver decrypts message  Authentication: sender, receiver want to confirm identity of each other  Message Integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) .  Access and Availability: services must be accessible and available to users
  • 5.
    CONTINUE……….. ❍ eavesdrop: interceptmessages ❍ impersonation: can fake (spoof) source address in packet (or any field in packet) ❍ hijacking: “take over” ongoing connection by removing sender or receiver, inserting himself in place
  • 6.
    SYMMETRIC KEY CRYPTOGRAPHY  Thesame key is used by the sender (for encryption) and the receiver (for decryption).  The key is shared.  Encryption and Decryption Algorithms are public.
  • 7.
    Continue……….  substitution cipher:substituting one thing for another.  monoalphabetic cipher: substitute one letter for another . plaintext: abcdefghijklmnopqrstuvwxyz ciphertext: mnbvcxzasdfghjklpoiuytrewq Plaintext: bob. i love you. alice ciphertext: nkn. s gktc wky. mgsbc
  • 8.
    Data Encryption Standard Created in 1977 and in operation into the 1990s, the data encryption standard took a 64- bit block of data and subjected it to 16 levels of encryption.  The choice of encryption performed at each of the 16 levels depends on the 56-bit key applied.  Even though 56 bits provides over 72 quadrillion combinations, a system using this standard has been cracked (in 1998 by Electronic Frontier Foundation in 3 days).
  • 9.
  • 10.
    Public Key Cryptography Very powerful encryption technique in which two keys are used: the first key (the public key) encrypts the message while the second key (the private key) decrypts the message.  Not possible to deduce one key from the other.  Not possible to break the code given the public key.  If you want someone to send you secure data, give them your public key, you keep the private key.  Secure sockets layer on the Internet is a common example of public key cryptography.
  • 11.
    RSA  The mostcommon public key algorithm .  Private key is a pair of numbers (n,d).  Public key is a pair of numbers (n,e).  The sender uses the following algorithm to encrypt the message:  C=p*pow(e) mod n  P=plaintext ,C=cyphertext and e,n are components of public key.  Receiver : p=C*pow(d) mod n
  • 12.
  • 13.
    Digital Signature Digital signaturecan provide: Authentication Integrity Nonrepudiation The sender uses her private key to encrypt(sign) the message . The receiver on the other hand uses the public key of sender to decrypt the msg. No need to sign the entire document(digest). Digital signature does not provide privacy.
  • 14.
    Message Digests  Computationallyexpensive to public-key-encrypt long messages.  Goal: fixed-length, easy to-compute digital “fingerprint”.  apply hash function H to m, get fixed size message digest, H(m).  Hash function properties:  Hashing is one way: digest can only be created from the msg , not vice versa.  Hashing is one to one function: there is little probability that two msg produce same digest.
  • 15.
    SECURITY AT IPLEVEL  IP Security (ipsec) is a collection of protocols to provide security for a packet at the IP level.  Ipsec requires a logical connection between two hosts using a signalling protocol called Security Association.  An SA connection can be simplex or duplex.  SA is uniquely defined by three elements:  A 32 bit security parameter index (spi),which acts as virtual circuit identifier in connection oriented protocols.  The source ip address.  The type of protocol used- AH,ESP.
  • 16.
    AUTHENTICATION HEADER (AH) AH provides authentication , integrity and anti-replay for the entire packet(ip header & data payload).  It does not provide confidentiality , which means it does not encrypt the data.  The data is readable but protected from modification.  Integrity and authentication are provided by placement of AH header between the Ip header and transport layer protocol .  AH uses an ip protocol id of 51 to identify itself in the IP header.
  • 17.
    AH FIELDS  NextHeader: Identifies the next header that uses IP protocol id, ex- value might be 6 to indicate tcp.  Length: indicate length of AH header.  SPI: used in combination with the destination address and security protocol(AH OR ESP) to identify correct security association for the communication.  Sequence no. : provides anti-relay protection. It is a 32 bit number that is never allowed to cycle . The receiver checks this field to verify that a packet with this number has not been received yet. If one is received ,the packet is rejected.  Authentication data: contains integrity check value to verify the integrity of the msg.
  • 18.
    ENCAPSULATING SECURITY PAYLOAD Providesconfidentiality in addition to authentication , integrity and anti-replay. ESP indicates itself in the IP header using IP protocol id of 50. Ex- alice on computer A sends data to bob on computer B. The data payload is encrypted and signed for integrity. Upon receipt the data payload packet is decrypted . Bob can be certain it was really alice who send the data. Also the data is unmodified and no other was able to read it.
  • 19.
    ESP HEADER ANDTRAILER FIELD  SECURITY PARAMETER INDEX (SPI): same as in AH.  Sequence no : same as in AH.  Padding : the variable length field of 0’s serves as padding.  Padding length: indicates the length of the padding field in bytes.  This field is used by the receiver to discard the padding field.  Next header: identifies the type of payload tcp or udp.  Authentication data: contains the integrity check value(icv) and a msg authentication code that is used to verify the sender’s identity and msg integrity.
  • 20.
  • 21.
    Transport layer security TLS was designed to provide security at transport layer.  TLS allows two parties to exchange messages in a secure environment. To accomplish this TLS require that  Two parties must agree on 3 protocols : an entity authentication protocol, a message authentication protocol and encrypt/decrypt protocol.  TLS has two layers.  The top layer includes three protocols ,one for session setup(handshaking),one for alerting the other party of unusual situation, and one informing the establishment of security parameters.  The lower layer ,the record protocol ,is used to encapsulate msg from the upper layer.
  • 22.
  • 23.
    Alert protocol  Thealert protocol is used to signal an error or a potential error to other party.  The packet exchanged defines the severity level of the condition.
  • 24.
    Change cipher speeprotocol  This protocol is designed to activate the security services (message authentication and encryption/decryption) after all the agreements are confirmed in the handshake protocol.  After exchanging the one message defined in this protocol ,the two parties can use the services.
  • 25.
    FIREWALLS  A systemor combination of systems that supports an access control policy between two networks.  A firewall can limit the types of transactions that enter a system, as well as the types of transactions that leave a system.  Firewalls can be programmed to stop certain types or ranges of IP addresses, as well as certain types of TCP port numbers (applications).  A packet filter firewall is essentially a router that has been programmed to filter out or allow to pass certain IP addresses or TCP port numbers.  A proxy server is a more advanced firewall that acts as a doorman into a corporate network. Any external transaction that request something from the corporate network must enter through the proxy server.  Proxy servers are more advanced but make external accesses slower.
  • 26.