SlideShare a Scribd company logo

Network Security CS2

Infinity Tech Solutions
Infinity Tech Solutions

E-Mail System Architecture, PGP, MIME and MIME Headers, Review of SSL protocol, Secure Shell (SSH) Protocol for Secure Remote Login

Engineering
1 of 30
Network Security CS:2 (Security at the Application Layer & Transport Layer ) By: Mr. Ganesh Ingle
Session-2 objective CS-2 Revision Previous Session revision CS-2 E-Mail System Architecture CS-2 CS-2 PGP, MIME and MIME Headers CS -2 Review of SSL protocol CS-2 Secure Shell (SSH) Protocol for Secure Remote Login SUMMARY
3 E-Mail System Architecture A message transfer agent (MTA) is a software application used within an Internet message handling system (MHS). It is responsible for transferring and routing an electronic mail message from the sender's computer to the recipient's computer.
4 PGP There are two main schemes which are especially designed to provide confidentiality and authentication for electronic mail systems. These are: 1. PGP :Pretty Good Privacy 2. S/MIME :Secure/Multipurpose Internet Mail Extension
5 PGP Pretty Good Privacy (PGP) : PGP is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. Phil Zimmermann developed PGP in 1991. 1. PGP fingerprint :A public key fingerprint is a shorter version of a public key. From a fingerprint, someone can get the right corresponding public key. A fingerprint like C3A6 5E46 7B54 77DF 3C4C 9790 4D22 B3CA 5B32 FF66 can be printed on a business card 2. Compatibility: As PGP evolves, versions that support newer features and algorithms are able to create encrypted messages that older PGP systems cannot decrypt, even with a valid private key. Therefore, it is essential that partners in PGP communication understand each other's capabilities or at least agree on PGP settings. 3. Digital signatures: PGP can be used to send messages confidentially. For this, PGP uses hybrid cryptosystem by combining symmetric-key encryption and public-key encryption. The message is encrypted using a symmetric encryption algorithm, which requires a symmetric key generated by the sender. The symmetric key is used only once and is also called a session key. The message and its session key are sent to the receiver. The session key must be sent to the receiver so they know how to decrypt the message, but to protect it during transmission it is encrypted with the receiver's public key. Only the private key belonging to the receiver can decrypt the session key, and use it to symmetrically decrypt the message.
6 PGP 3. Web of trust :PGP has always included provisions for distributing users' public keys in an 'identity certification', which is also constructed cryptographically so that any tampering (or accidental garble) is readily detectable. However, merely making a certificate which is impossible to modify without being detected is insufficient; this can prevent corruption only after the certificate has been created, not before. Users must also ensure by some means that the public key in a certificate actually does belong to the person or entity claimin 4. Certificates :In the (more recent) OpenPGP specification, trust signatures can be used to support creation of certificate authorities. A trust signature indicates both that the key belongs to its claimed owner and that the owner of the key is trustworthy to sign other keys at one level below their own. PGP offers 5 services: 1. Authentication 2. Confidentiality 3. Compression 4. E-mail compatibility 5. Segmentation
7 PGP Encryption Decryption
8 Multipurpose Internet Mail Extension(MIME) 1. Multipurpose Internet Mail Extension (MIME) is a standard which was proposed by Bell Communications in 1991 in order to expand limited capabilities of email. 2. MIME is a kind of add on or a supplementary protocol which allows non-ASCII data to be sent through SMTP. It allows the users to exchange different kinds of data files on the Internet: audio, video, images, application programs as well. Why do we need MIME?:Limitations of Simple Mail Transfer Protocol (SMTP): 1. SMTP has a very simple structure 2. It’s simplicity however comes with a price as it only send messages in NVT 7- bit ASCII format. 3. It cannot be used for languages that do not support 7-bit ASCII format such as- French, German, Russian, Chinese and Japanese, etc. so it cannot be transmitted using SMTP. So, in order to make SMTP more broad we use MIME. 4. It cannot be used to send binary files or video or audio data.
9 MIME Header MIME with SMTP and POP – 1. SMTP transfers the mail being a message transfer agent from senders side to the mailbox of receiver side and stores it and MIME header is added to the original header and provides additional information. while POP being the message access agent organizes the mails from the mail server to the receivers computer. POP allows user agent to connect with the message transfer agent. It is added to the original e-mail header section to define transformation. There are five headers which we add to the original header: 1. MIME Version – Defines version of MIME protocol. It must have the parameter Value 1.0, which indicates that message is formatted using MIME. 2. Content Type – Type of data used in the body of message. They are of different types like text data (plain, HTML), audio content or video content. 3. Content Type/Transfer Encoding – It defines the method used for encoding the message. Like 7-bit encoding, 8-bit encoding, etc. 4. Content Id – It is used for uniquely identifying the message. 5. Content description – It defines whether the body is actually image, video or audio.
10 Secure Multipurpose Internet Mail Extension(S/MIME) 1. S/MIME uses public key certificates conforming to standard X.509 and signed by a certification agency. In other respects, S/MIME is quite similar to PGP.
11 Secure Multipurpose Internet Mail Extension(S/MIME) S/MIME incorporates three public-key algorithms: 1. DSS for digital signatures, 2. Diffie-Hellman for encrypting session keys, or RSA. 3. It uses SHA1 or MD5 for calculating digests, and 4. Three-key triple DES for message encryption. In an ideal situation, Certification : The crux of any secure email system is the distribution of public / private key pairs and certification. S/MIME is very liberal about certification. There are public certifiers, such as Verisign and VISA that distribute certificates at various levels of security. There are mail products that include certification authorities to be used within an organization. These products can be configured to accept these certificates. Finally, S/MIME is most frequently used without a directory for storing certificates and without a need for trusted certifiers. If Alice wants to sent an encrypted message to Bob, he first has to send her a signed message. The signed message contains his certificate that she accepts into her address book.
12 Web Security - Threats, Challenges and Solutions. 1. Scenario of Security Attacks Let us consider a web application hosted on a server and no HTTPS ( HTTP over SSL ) enabled for the application. And a end user e.g. Bob is surfing the Web and arrives at the shopping cart application, web site, which is selling goods. For simplicity, I take a single form, let us consider a single form, shopping site displays a form in which Bob is supposed to enter the type of item and quantity, his address, and his payment card number. Bob enters this information, clicks on submit, and expects to receive the goods. Once Bob submitted, form information flow from client to server via HTTP protocol, assuming no SSL enable. What happened? 2. Security Attack Possibilities There could be a chances of any of the possible security attacks. These are the common day-to-day scenarios. The question is, how can we over come these scenarios. The different security Attack are: 1. Attack on Confidentiality: 2. Attack on Integrity: 3. Attack on Availability: 4. Attack on Authenticity: Solution : Use of SSL
13 Introduction to SSL 1. SSL was first developed by Netscape in 1994 and became an internet standard in 1996 ( RFC 2246 – TLS V1.0) 2. SSL is a cryptographic protocol to secure network across a connection-oriented layer 3. Any program using TCP can be modified to use SSL connection 4. SSL connection uses a dedicated TCP/IP socket(e.g. port 443 for https) 5. SSL is flexible in choice of which symmetric encryption, message digest, and authentication can be used 6. SSL provides built in data compression 7. Authenticate the server to the client 8. Allow the client and server to select cryptographic algorithms, or ciphers, that they both support 9. Optionally authenticate the client to the server 10.Use public key encryption techniques to generate shared secret 11.Establish an encrypted SSL connection
14 SSL 1. SSL is a secure protocol which runs above TCP/IP and allows users to encrypt data and authenticate servers/vendors identity securely Application layer Transport layerTCP/IP layer SMTPSFTPSHTTPS SECURE SOCKET LAYER
15 SSL Protocol Stack
16 SSL Record Protocol Operation
17 SSL Record Format
18 SSL Handshake SSL handshake verifies the server and allows client and server to agree on an encryption set before any data is sent out.
19 SSL Handshake
20 SSL Handshake
21 SSL Session Key
22 SSL Not-recognizable Certificate
23 SSL 2.0 vs SSL 3.0 1. SSL 2.0 uses a weak MAC construction 2. In SSL 3.0, the Message Authentication Hash uses a full 128 bits of key material for Export cipher, while SSL 2.0 uses only 40 bits 3. SSL 2.0 only allows a handshake at the beginning of the connection. 4. In SSL 3.0, the client can initiate a handshake routine any time 5. SSL 3.0 allows server and client to send chains of certificate 6. SSL 3.0 has a generalized key exchange protocol.It allows Diffie- Hellman and Fortezza key exchange 7. SSL 3.0 allows for record compression and decompression
24 SSH 1. One of the primary goals of the ARPANET was remote access 2. Several different connections allowed • rlogin • rcp • Rsh 3. SSH is a UNIX-based command interface and protocol for securely accessing a remote computer 4. Suite of four utilities—slogin, ssh, sftp, and scp 5. Can protect against: • IP spoofing • DNS spoofing • Intercepting information 6. Protect data sent over the network 7. Negotiate an encryption algorithm between sender and receiver 8. Use that algorithm and a session key to encrypt / decrypt data sent 9. Provide site authentication 10. Use public key / fingerprint to ensure identity of remote host. 11. Relies on locally generated keys, so no certifying authority is generally available.
25 SSH
26 SSH
27 SSH Wire shark Trace
28 sFTP in Linux
29 SSH Tunneling 1. Use SSH to create an encrypted channel between remote host and server 2. Use that encrypted channel to carry other traffic.
Thank you Image Source searchenterpriseai.techtarget.com wikipedia

Recommended

Ntewrok secuirty cs1
Ntewrok secuirty cs1Ntewrok secuirty cs1
Ntewrok secuirty cs1
Infinity Tech Solutions
 
Email security
Email securityEmail security
Email security
Indrajit Sreemany
 
Pgp
PgpPgp
Pgp
Reham Maher El-Safarini
 
Email Security : PGP & SMIME
Email Security : PGP & SMIMEEmail Security : PGP & SMIME
Email Security : PGP & SMIME
Rohit Soni
 
Electronic mail security
Electronic mail securityElectronic mail security
Electronic mail security
Dr.Florence Dayana
 
E-mail Security in Network Security NS5
E-mail Security in Network Security NS5E-mail Security in Network Security NS5
E-mail Security in Network Security NS5
koolkampus
 
S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)
Prafull Johri
 
Network security unit 4,5,6
Network security unit 4,5,6 Network security unit 4,5,6
Network security unit 4,5,6
WE-IT TUTORIALS
 

Recommended

Ntewrok secuirty cs1
Ntewrok secuirty cs1Ntewrok secuirty cs1
Ntewrok secuirty cs1
Infinity Tech Solutions
 
Email security
Email securityEmail security
Email security
Indrajit Sreemany
 
Pgp
PgpPgp
Pgp
Reham Maher El-Safarini
 
Email Security : PGP & SMIME
Email Security : PGP & SMIMEEmail Security : PGP & SMIME
Email Security : PGP & SMIME
Rohit Soni
 
Electronic mail security
Electronic mail securityElectronic mail security
Electronic mail security
Dr.Florence Dayana
 
E-mail Security in Network Security NS5
E-mail Security in Network Security NS5E-mail Security in Network Security NS5
E-mail Security in Network Security NS5
koolkampus
 
S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)
Prafull Johri
 
Network security unit 4,5,6
Network security unit 4,5,6 Network security unit 4,5,6
Network security unit 4,5,6
WE-IT TUTORIALS
 
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
Vishal Kumar
 
E-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) Protocol
E-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) ProtocolE-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) Protocol
E-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) Protocol
Vishal Kumar
 
Celebrity Cricket League 2016 - http://ccl5.com/
Celebrity Cricket League 2016 - http://ccl5.com/ Celebrity Cricket League 2016 - http://ccl5.com/
Celebrity Cricket League 2016 - http://ccl5.com/
Tania Agni
 
Email security & threads
Email security & threadsEmail security & threads
Email security & threads
Inocentshuja Ahmad
 
IRJET- A Secure File Storage & Retrieval using Blockchain Technology
IRJET- A Secure File Storage & Retrieval using Blockchain TechnologyIRJET- A Secure File Storage & Retrieval using Blockchain Technology
IRJET- A Secure File Storage & Retrieval using Blockchain Technology
IRJET Journal
 
Email Security Presentation
Email Security PresentationEmail Security Presentation
Email Security Presentation
Yosef Gamble
 
Ch15
Ch15Ch15
Ch15
Joe Christensen
 
network security
network securitynetwork security
network security
BishalWosti1
 
Network security unit 1,2,3
Network security unit 1,2,3 Network security unit 1,2,3
Network security unit 1,2,3
WE-IT TUTORIALS
 
Cryptography and Encryptions,Network Security,Caesar Cipher
Cryptography and Encryptions,Network Security,Caesar CipherCryptography and Encryptions,Network Security,Caesar Cipher
Cryptography and Encryptions,Network Security,Caesar Cipher
Gopal Sakarkar
 
E mail security
E mail securityE mail security
E mail security
Soumya Vijoy
 
Lecture 6 web security
Lecture 6 web securityLecture 6 web security
Lecture 6 web security
rajakhurram
 
E mail security using Certified Electronic Mail (CEM)
E mail security using Certified Electronic Mail (CEM)E mail security using Certified Electronic Mail (CEM)
E mail security using Certified Electronic Mail (CEM)
Pankaj Bhambhani
 
Defeating spyware and forensics on the black berry draft
Defeating spyware and forensics on the black berry draftDefeating spyware and forensics on the black berry draft
Defeating spyware and forensics on the black berry draft
idsecconf
 
Communication Security
Communication SecurityCommunication Security
Communication Security
Axis Communications
 
2 IJAERS-JUN-2015-6-RSA and Modified RSA algorithm using C Programming
2 IJAERS-JUN-2015-6-RSA and Modified RSA algorithm using C Programming2 IJAERS-JUN-2015-6-RSA and Modified RSA algorithm using C Programming
2 IJAERS-JUN-2015-6-RSA and Modified RSA algorithm using C Programming
Puneeth Puni
 
message passing interface
message passing interfacemessage passing interface
message passing interface
ZTech Proje
 
Using PGP for securing the email
Using PGP for securing the emailUsing PGP for securing the email
Using PGP for securing the email
Gianni Fiore
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacy
Pushkar Dutt
 
Securing Messages from Brute Force Attack by Combined Approach of Honey Encry...
Securing Messages from Brute Force Attack by Combined Approach of Honey Encry...Securing Messages from Brute Force Attack by Combined Approach of Honey Encry...
Securing Messages from Brute Force Attack by Combined Approach of Honey Encry...
IRJET Journal
 
CNS - Unit v
CNS - Unit vCNS - Unit v
CNS - Unit v
ArthyR3
 
S/MIME
S/MIMES/MIME
S/MIME
maria azam
 

More Related Content

What's hot

Email Security Presentation
Email Security PresentationEmail Security Presentation
Email Security Presentation
Yosef Gamble
 
Network security unit 1,2,3
Network security unit 1,2,3 Network security unit 1,2,3
Network security unit 1,2,3
WE-IT TUTORIALS
 
2 IJAERS-JUN-2015-6-RSA and Modified RSA algorithm using C Programming
2 IJAERS-JUN-2015-6-RSA and Modified RSA algorithm using C Programming2 IJAERS-JUN-2015-6-RSA and Modified RSA algorithm using C Programming
2 IJAERS-JUN-2015-6-RSA and Modified RSA algorithm using C Programming
Puneeth Puni
 

What's hot (20)

E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
 
E-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) Protocol
E-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) ProtocolE-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) Protocol
E-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) Protocol
 
Celebrity Cricket League 2016 - http://ccl5.com/
Celebrity Cricket League 2016 - http://ccl5.com/ Celebrity Cricket League 2016 - http://ccl5.com/
Celebrity Cricket League 2016 - http://ccl5.com/
 
Email security & threads
Email security & threadsEmail security & threads
Email security & threads
 
IRJET- A Secure File Storage & Retrieval using Blockchain Technology
IRJET- A Secure File Storage & Retrieval using Blockchain TechnologyIRJET- A Secure File Storage & Retrieval using Blockchain Technology
IRJET- A Secure File Storage & Retrieval using Blockchain Technology
 
Email Security Presentation
Email Security PresentationEmail Security Presentation
Email Security Presentation
 
Ch15
Ch15Ch15
Ch15
 
network security
network securitynetwork security
network security
 
Network security unit 1,2,3
Network security unit 1,2,3 Network security unit 1,2,3
Network security unit 1,2,3
 
Cryptography and Encryptions,Network Security,Caesar Cipher
Cryptography and Encryptions,Network Security,Caesar CipherCryptography and Encryptions,Network Security,Caesar Cipher
Cryptography and Encryptions,Network Security,Caesar Cipher
 
E mail security
E mail securityE mail security
E mail security
 
Lecture 6 web security
Lecture 6 web securityLecture 6 web security
Lecture 6 web security
 
E mail security using Certified Electronic Mail (CEM)
E mail security using Certified Electronic Mail (CEM)E mail security using Certified Electronic Mail (CEM)
E mail security using Certified Electronic Mail (CEM)
 
Defeating spyware and forensics on the black berry draft
Defeating spyware and forensics on the black berry draftDefeating spyware and forensics on the black berry draft
Defeating spyware and forensics on the black berry draft
 
Communication Security
Communication SecurityCommunication Security
Communication Security
 
2 IJAERS-JUN-2015-6-RSA and Modified RSA algorithm using C Programming
2 IJAERS-JUN-2015-6-RSA and Modified RSA algorithm using C Programming2 IJAERS-JUN-2015-6-RSA and Modified RSA algorithm using C Programming
2 IJAERS-JUN-2015-6-RSA and Modified RSA algorithm using C Programming
 
message passing interface
message passing interfacemessage passing interface
message passing interface
 
Using PGP for securing the email
Using PGP for securing the emailUsing PGP for securing the email
Using PGP for securing the email
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacy
 
Securing Messages from Brute Force Attack by Combined Approach of Honey Encry...
Securing Messages from Brute Force Attack by Combined Approach of Honey Encry...Securing Messages from Brute Force Attack by Combined Approach of Honey Encry...
Securing Messages from Brute Force Attack by Combined Approach of Honey Encry...
 

Similar to Network Security CS2

computer netwok security Pretty Good Privacy PGP.ppt
computer netwok security Pretty Good Privacy PGP.pptcomputer netwok security Pretty Good Privacy PGP.ppt
computer netwok security Pretty Good Privacy PGP.ppt
jayaprasanna10
 
Vulnerabilities of the SSL/TLS Protocol
Vulnerabilities of the SSL/TLS ProtocolVulnerabilities of the SSL/TLS Protocol
Vulnerabilities of the SSL/TLS Protocol
csandit
 
VULNERABILITIES OF THE SSL/TLS PROTOCOL
VULNERABILITIES OF THE SSL/TLS PROTOCOLVULNERABILITIES OF THE SSL/TLS PROTOCOL
VULNERABILITIES OF THE SSL/TLS PROTOCOL
cscpconf
 
Network Security Essentials Applications and StandardsSixth E.docx
Network Security Essentials Applications and StandardsSixth E.docxNetwork Security Essentials Applications and StandardsSixth E.docx
Network Security Essentials Applications and StandardsSixth E.docx
hallettfaustina
 
Network Security Essentials Applications and StandardsSixth E.docx
Network Security Essentials Applications and StandardsSixth E.docxNetwork Security Essentials Applications and StandardsSixth E.docx
Network Security Essentials Applications and StandardsSixth E.docx
dohertyjoetta
 
Network Security Essentials Applications and StandardsSixth E.docx
Network Security Essentials Applications and StandardsSixth E.docxNetwork Security Essentials Applications and StandardsSixth E.docx
Network Security Essentials Applications and StandardsSixth E.docx
vannagoforth
 
Lecture 10Chapter 10ImplementingE-commerce Securit.docx
Lecture 10Chapter 10ImplementingE-commerce Securit.docxLecture 10Chapter 10ImplementingE-commerce Securit.docx
Lecture 10Chapter 10ImplementingE-commerce Securit.docx
smile790243
 

Similar to Network Security CS2 (20)

CNS - Unit v
CNS - Unit vCNS - Unit v
CNS - Unit v
 
S/MIME
S/MIMES/MIME
S/MIME
 
Email security
Email securityEmail security
Email security
 
computer netwok security Pretty Good Privacy PGP.ppt
computer netwok security Pretty Good Privacy PGP.pptcomputer netwok security Pretty Good Privacy PGP.ppt
computer netwok security Pretty Good Privacy PGP.ppt
 
Digital Certified Mail
Digital Certified MailDigital Certified Mail
Digital Certified Mail
 
Vulnerabilities of the SSL/TLS Protocol
Vulnerabilities of the SSL/TLS ProtocolVulnerabilities of the SSL/TLS Protocol
Vulnerabilities of the SSL/TLS Protocol
 
VULNERABILITIES OF THE SSL/TLS PROTOCOL
VULNERABILITIES OF THE SSL/TLS PROTOCOLVULNERABILITIES OF THE SSL/TLS PROTOCOL
VULNERABILITIES OF THE SSL/TLS PROTOCOL
 
Pgp
PgpPgp
Pgp
 
E-mail Security.ppt
E-mail Security.pptE-mail Security.ppt
E-mail Security.ppt
 
Pgp
PgpPgp
Pgp
 
Lec 8.pptx.pdf
Lec 8.pptx.pdfLec 8.pptx.pdf
Lec 8.pptx.pdf
 
module 4_7th sem_ Electronic Mail Security.pptx
module 4_7th sem_ Electronic Mail Security.pptxmodule 4_7th sem_ Electronic Mail Security.pptx
module 4_7th sem_ Electronic Mail Security.pptx
 
Chapter 2 System Security.pptx
Chapter 2 System Security.pptxChapter 2 System Security.pptx
Chapter 2 System Security.pptx
 
Network Security Essentials Applications and StandardsSixth E.docx
Network Security Essentials Applications and StandardsSixth E.docxNetwork Security Essentials Applications and StandardsSixth E.docx
Network Security Essentials Applications and StandardsSixth E.docx
 
Network Security Essentials Applications and StandardsSixth E.docx
Network Security Essentials Applications and StandardsSixth E.docxNetwork Security Essentials Applications and StandardsSixth E.docx
Network Security Essentials Applications and StandardsSixth E.docx
 
Network Security Essentials Applications and StandardsSixth E.docx
Network Security Essentials Applications and StandardsSixth E.docxNetwork Security Essentials Applications and StandardsSixth E.docx
Network Security Essentials Applications and StandardsSixth E.docx
 
unit6.ppt
unit6.pptunit6.ppt
unit6.ppt
 
Unit 4
Unit 4Unit 4
Unit 4
 
Secrity project keyvan
Secrity project keyvanSecrity project keyvan
Secrity project keyvan
 
Lecture 10Chapter 10ImplementingE-commerce Securit.docx
Lecture 10Chapter 10ImplementingE-commerce Securit.docxLecture 10Chapter 10ImplementingE-commerce Securit.docx
Lecture 10Chapter 10ImplementingE-commerce Securit.docx
 

More from Infinity Tech Solutions

Basic hardware familiarization
Basic hardware familiarizationBasic hardware familiarization
Basic hardware familiarization
Infinity Tech Solutions
 

More from Infinity Tech Solutions (20)

Database management system session 6
Database management system session 6Database management system session 6
Database management system session 6
 
Database management system session 5
Database management system session 5Database management system session 5
Database management system session 5
 
Database Management System-session 3-4-5
Database Management System-session 3-4-5Database Management System-session 3-4-5
Database Management System-session 3-4-5
 
Database Management System-session1-2
Database Management System-session1-2Database Management System-session1-2
Database Management System-session1-2
 
Main topic 3 problem solving and office automation
Main topic 3 problem solving and office automationMain topic 3 problem solving and office automation
Main topic 3 problem solving and office automation
 
Introduction to c programming
Introduction to c programmingIntroduction to c programming
Introduction to c programming
 
E commerce
E commerce E commerce
E commerce
 
E commerce
E commerceE commerce
E commerce
 
Bds session 13 14
Bds session 13 14Bds session 13 14
Bds session 13 14
 
Computer memory, Types of programming languages
Computer memory, Types of programming languagesComputer memory, Types of programming languages
Computer memory, Types of programming languages
 
Basic hardware familiarization
Basic hardware familiarizationBasic hardware familiarization
Basic hardware familiarization
 
User defined functions in matlab
User defined functions in matlabUser defined functions in matlab
User defined functions in matlab
 
Programming with matlab session 6
Programming with matlab session 6Programming with matlab session 6
Programming with matlab session 6
 
Programming with matlab session 3 notes
Programming with matlab session 3 notesProgramming with matlab session 3 notes
Programming with matlab session 3 notes
 
AI/ML/DL/BCT A Revolution in Maritime Sector
AI/ML/DL/BCT A Revolution in Maritime SectorAI/ML/DL/BCT A Revolution in Maritime Sector
AI/ML/DL/BCT A Revolution in Maritime Sector
 
Programming with matlab session 5 looping
Programming with matlab session 5 loopingProgramming with matlab session 5 looping
Programming with matlab session 5 looping
 
BIG DATA Session 7 8
BIG DATA Session 7 8BIG DATA Session 7 8
BIG DATA Session 7 8
 
BIG DATA Session 6
BIG DATA Session 6BIG DATA Session 6
BIG DATA Session 6
 
MS word
MS word MS word
MS word
 
DBMS CS 4-5
DBMS CS 4-5DBMS CS 4-5
DBMS CS 4-5
 

Recently uploaded

Courier management system project report.pdf
Courier management system project report.pdfCourier management system project report.pdf
Courier management system project report.pdf
Kamal Acharya
 
Standard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - NeometrixStandard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - Neometrix
Neometrix_Engineering_Pvt_Ltd
 
Online resume builder management system project report.pdf
Online resume builder management system project report.pdfOnline resume builder management system project report.pdf
Online resume builder management system project report.pdf
Kamal Acharya
 
RS Khurmi Machine Design Clutch and Brake Exercise Numerical Solutions
RS Khurmi Machine Design Clutch and Brake Exercise Numerical SolutionsRS Khurmi Machine Design Clutch and Brake Exercise Numerical Solutions
RS Khurmi Machine Design Clutch and Brake Exercise Numerical Solutions
Atif Razi
 
Hall booking system project report .pdf
Hall booking system project report .pdfHall booking system project report .pdf
Hall booking system project report .pdf
Kamal Acharya
 
Final project report on grocery store management system..pdf
Final project report on grocery store management system..pdfFinal project report on grocery store management system..pdf
Final project report on grocery store management system..pdf
Kamal Acharya
 

Recently uploaded (20)

Halogenation process of chemical process industries
Halogenation process of chemical process industriesHalogenation process of chemical process industries
Halogenation process of chemical process industries
 
Top 13 Famous Civil Engineering Scientist
Top 13 Famous Civil Engineering ScientistTop 13 Famous Civil Engineering Scientist
Top 13 Famous Civil Engineering Scientist
 
CME397 Surface Engineering- Professional Elective
CME397 Surface Engineering- Professional ElectiveCME397 Surface Engineering- Professional Elective
CME397 Surface Engineering- Professional Elective
 
Courier management system project report.pdf
Courier management system project report.pdfCourier management system project report.pdf
Courier management system project report.pdf
 
Quality defects in TMT Bars, Possible causes and Potential Solutions.
Quality defects in TMT Bars, Possible causes and Potential Solutions.Quality defects in TMT Bars, Possible causes and Potential Solutions.
Quality defects in TMT Bars, Possible causes and Potential Solutions.
 
Standard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - NeometrixStandard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - Neometrix
 
Online resume builder management system project report.pdf
Online resume builder management system project report.pdfOnline resume builder management system project report.pdf
Online resume builder management system project report.pdf
 
Introduction to Casting Processes in Manufacturing
Introduction to Casting Processes in ManufacturingIntroduction to Casting Processes in Manufacturing
Introduction to Casting Processes in Manufacturing
 
2024 DevOps Pro Europe - Growing at the edge
2024 DevOps Pro Europe - Growing at the edge2024 DevOps Pro Europe - Growing at the edge
2024 DevOps Pro Europe - Growing at the edge
 
RS Khurmi Machine Design Clutch and Brake Exercise Numerical Solutions
RS Khurmi Machine Design Clutch and Brake Exercise Numerical SolutionsRS Khurmi Machine Design Clutch and Brake Exercise Numerical Solutions
RS Khurmi Machine Design Clutch and Brake Exercise Numerical Solutions
 
Cloud-Computing_CSE311_Computer-Networking CSE GUB BD - Shahidul.pptx
Cloud-Computing_CSE311_Computer-Networking CSE GUB BD - Shahidul.pptxCloud-Computing_CSE311_Computer-Networking CSE GUB BD - Shahidul.pptx
Cloud-Computing_CSE311_Computer-Networking CSE GUB BD - Shahidul.pptx
 
Hall booking system project report .pdf
Hall booking system project report .pdfHall booking system project report .pdf
Hall booking system project report .pdf
 
Architectural Portfolio Sean Lockwood
Architectural Portfolio Sean LockwoodArchitectural Portfolio Sean Lockwood
Architectural Portfolio Sean Lockwood
 
Water Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdfWater Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdf
 
Final project report on grocery store management system..pdf
Final project report on grocery store management system..pdfFinal project report on grocery store management system..pdf
Final project report on grocery store management system..pdf
 
fundamentals of drawing and isometric and orthographic projection
fundamentals of drawing and isometric and orthographic projectionfundamentals of drawing and isometric and orthographic projection
fundamentals of drawing and isometric and orthographic projection
 
A CASE STUDY ON ONLINE TICKET BOOKING SYSTEM PROJECT.pdf
A CASE STUDY ON ONLINE TICKET BOOKING SYSTEM PROJECT.pdfA CASE STUDY ON ONLINE TICKET BOOKING SYSTEM PROJECT.pdf
A CASE STUDY ON ONLINE TICKET BOOKING SYSTEM PROJECT.pdf
 
The Ultimate Guide to External Floating Roofs for Oil Storage Tanks.docx
The Ultimate Guide to External Floating Roofs for Oil Storage Tanks.docxThe Ultimate Guide to External Floating Roofs for Oil Storage Tanks.docx
The Ultimate Guide to External Floating Roofs for Oil Storage Tanks.docx
 
Introduction to Machine Learning Unit-5 Notes for II-II Mechanical Engineering
Introduction to Machine Learning Unit-5 Notes for II-II Mechanical EngineeringIntroduction to Machine Learning Unit-5 Notes for II-II Mechanical Engineering
Introduction to Machine Learning Unit-5 Notes for II-II Mechanical Engineering
 
ASME IX(9) 2007 Full Version .pdf
ASME IX(9) 2007 Full Version .pdfASME IX(9) 2007 Full Version .pdf
ASME IX(9) 2007 Full Version .pdf
 

Network Security CS2

  • 1. Network Security CS:2 (Security at the Application Layer & Transport Layer ) By: Mr. Ganesh Ingle
  • 2. Session-2 objective CS-2 Revision Previous Session revision CS-2 E-Mail System Architecture CS-2 CS-2 PGP, MIME and MIME Headers CS -2 Review of SSL protocol CS-2 Secure Shell (SSH) Protocol for Secure Remote Login SUMMARY
  • 3. 3 E-Mail System Architecture A message transfer agent (MTA) is a software application used within an Internet message handling system (MHS). It is responsible for transferring and routing an electronic mail message from the sender's computer to the recipient's computer.
  • 4. 4 PGP There are two main schemes which are especially designed to provide confidentiality and authentication for electronic mail systems. These are: 1. PGP :Pretty Good Privacy 2. S/MIME :Secure/Multipurpose Internet Mail Extension
  • 5. 5 PGP Pretty Good Privacy (PGP) : PGP is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. Phil Zimmermann developed PGP in 1991. 1. PGP fingerprint :A public key fingerprint is a shorter version of a public key. From a fingerprint, someone can get the right corresponding public key. A fingerprint like C3A6 5E46 7B54 77DF 3C4C 9790 4D22 B3CA 5B32 FF66 can be printed on a business card 2. Compatibility: As PGP evolves, versions that support newer features and algorithms are able to create encrypted messages that older PGP systems cannot decrypt, even with a valid private key. Therefore, it is essential that partners in PGP communication understand each other's capabilities or at least agree on PGP settings. 3. Digital signatures: PGP can be used to send messages confidentially. For this, PGP uses hybrid cryptosystem by combining symmetric-key encryption and public-key encryption. The message is encrypted using a symmetric encryption algorithm, which requires a symmetric key generated by the sender. The symmetric key is used only once and is also called a session key. The message and its session key are sent to the receiver. The session key must be sent to the receiver so they know how to decrypt the message, but to protect it during transmission it is encrypted with the receiver's public key. Only the private key belonging to the receiver can decrypt the session key, and use it to symmetrically decrypt the message.
  • 6. 6 PGP 3. Web of trust :PGP has always included provisions for distributing users' public keys in an 'identity certification', which is also constructed cryptographically so that any tampering (or accidental garble) is readily detectable. However, merely making a certificate which is impossible to modify without being detected is insufficient; this can prevent corruption only after the certificate has been created, not before. Users must also ensure by some means that the public key in a certificate actually does belong to the person or entity claimin 4. Certificates :In the (more recent) OpenPGP specification, trust signatures can be used to support creation of certificate authorities. A trust signature indicates both that the key belongs to its claimed owner and that the owner of the key is trustworthy to sign other keys at one level below their own. PGP offers 5 services: 1. Authentication 2. Confidentiality 3. Compression 4. E-mail compatibility 5. Segmentation
  • 8. 8 Multipurpose Internet Mail Extension(MIME) 1. Multipurpose Internet Mail Extension (MIME) is a standard which was proposed by Bell Communications in 1991 in order to expand limited capabilities of email. 2. MIME is a kind of add on or a supplementary protocol which allows non-ASCII data to be sent through SMTP. It allows the users to exchange different kinds of data files on the Internet: audio, video, images, application programs as well. Why do we need MIME?:Limitations of Simple Mail Transfer Protocol (SMTP): 1. SMTP has a very simple structure 2. It’s simplicity however comes with a price as it only send messages in NVT 7- bit ASCII format. 3. It cannot be used for languages that do not support 7-bit ASCII format such as- French, German, Russian, Chinese and Japanese, etc. so it cannot be transmitted using SMTP. So, in order to make SMTP more broad we use MIME. 4. It cannot be used to send binary files or video or audio data.
  • 9. 9 MIME Header MIME with SMTP and POP – 1. SMTP transfers the mail being a message transfer agent from senders side to the mailbox of receiver side and stores it and MIME header is added to the original header and provides additional information. while POP being the message access agent organizes the mails from the mail server to the receivers computer. POP allows user agent to connect with the message transfer agent. It is added to the original e-mail header section to define transformation. There are five headers which we add to the original header: 1. MIME Version – Defines version of MIME protocol. It must have the parameter Value 1.0, which indicates that message is formatted using MIME. 2. Content Type – Type of data used in the body of message. They are of different types like text data (plain, HTML), audio content or video content. 3. Content Type/Transfer Encoding – It defines the method used for encoding the message. Like 7-bit encoding, 8-bit encoding, etc. 4. Content Id – It is used for uniquely identifying the message. 5. Content description – It defines whether the body is actually image, video or audio.
  • 10. 10 Secure Multipurpose Internet Mail Extension(S/MIME) 1. S/MIME uses public key certificates conforming to standard X.509 and signed by a certification agency. In other respects, S/MIME is quite similar to PGP.
  • 11. 11 Secure Multipurpose Internet Mail Extension(S/MIME) S/MIME incorporates three public-key algorithms: 1. DSS for digital signatures, 2. Diffie-Hellman for encrypting session keys, or RSA. 3. It uses SHA1 or MD5 for calculating digests, and 4. Three-key triple DES for message encryption. In an ideal situation, Certification : The crux of any secure email system is the distribution of public / private key pairs and certification. S/MIME is very liberal about certification. There are public certifiers, such as Verisign and VISA that distribute certificates at various levels of security. There are mail products that include certification authorities to be used within an organization. These products can be configured to accept these certificates. Finally, S/MIME is most frequently used without a directory for storing certificates and without a need for trusted certifiers. If Alice wants to sent an encrypted message to Bob, he first has to send her a signed message. The signed message contains his certificate that she accepts into her address book.
  • 12. 12 Web Security - Threats, Challenges and Solutions. 1. Scenario of Security Attacks Let us consider a web application hosted on a server and no HTTPS ( HTTP over SSL ) enabled for the application. And a end user e.g. Bob is surfing the Web and arrives at the shopping cart application, web site, which is selling goods. For simplicity, I take a single form, let us consider a single form, shopping site displays a form in which Bob is supposed to enter the type of item and quantity, his address, and his payment card number. Bob enters this information, clicks on submit, and expects to receive the goods. Once Bob submitted, form information flow from client to server via HTTP protocol, assuming no SSL enable. What happened? 2. Security Attack Possibilities There could be a chances of any of the possible security attacks. These are the common day-to-day scenarios. The question is, how can we over come these scenarios. The different security Attack are: 1. Attack on Confidentiality: 2. Attack on Integrity: 3. Attack on Availability: 4. Attack on Authenticity: Solution : Use of SSL
  • 13. 13 Introduction to SSL 1. SSL was first developed by Netscape in 1994 and became an internet standard in 1996 ( RFC 2246 – TLS V1.0) 2. SSL is a cryptographic protocol to secure network across a connection-oriented layer 3. Any program using TCP can be modified to use SSL connection 4. SSL connection uses a dedicated TCP/IP socket(e.g. port 443 for https) 5. SSL is flexible in choice of which symmetric encryption, message digest, and authentication can be used 6. SSL provides built in data compression 7. Authenticate the server to the client 8. Allow the client and server to select cryptographic algorithms, or ciphers, that they both support 9. Optionally authenticate the client to the server 10.Use public key encryption techniques to generate shared secret 11.Establish an encrypted SSL connection
  • 14. 14 SSL 1. SSL is a secure protocol which runs above TCP/IP and allows users to encrypt data and authenticate servers/vendors identity securely Application layer Transport layerTCP/IP layer SMTPSFTPSHTTPS SECURE SOCKET LAYER
  • 18. 18 SSL Handshake SSL handshake verifies the server and allows client and server to agree on an encryption set before any data is sent out.
  • 23. 23 SSL 2.0 vs SSL 3.0 1. SSL 2.0 uses a weak MAC construction 2. In SSL 3.0, the Message Authentication Hash uses a full 128 bits of key material for Export cipher, while SSL 2.0 uses only 40 bits 3. SSL 2.0 only allows a handshake at the beginning of the connection. 4. In SSL 3.0, the client can initiate a handshake routine any time 5. SSL 3.0 allows server and client to send chains of certificate 6. SSL 3.0 has a generalized key exchange protocol.It allows Diffie- Hellman and Fortezza key exchange 7. SSL 3.0 allows for record compression and decompression
  • 24. 24 SSH 1. One of the primary goals of the ARPANET was remote access 2. Several different connections allowed • rlogin • rcp • Rsh 3. SSH is a UNIX-based command interface and protocol for securely accessing a remote computer 4. Suite of four utilities—slogin, ssh, sftp, and scp 5. Can protect against: • IP spoofing • DNS spoofing • Intercepting information 6. Protect data sent over the network 7. Negotiate an encryption algorithm between sender and receiver 8. Use that algorithm and a session key to encrypt / decrypt data sent 9. Provide site authentication 10. Use public key / fingerprint to ensure identity of remote host. 11. Relies on locally generated keys, so no certifying authority is generally available.
  • 29. 29 SSH Tunneling 1. Use SSH to create an encrypted channel between remote host and server 2. Use that encrypted channel to carry other traffic.