SlideShare a Scribd company logo

Network Security Practices-IP Security

Download as PPTX, PDF
G
Gayathridevi120

The architecture Encapsulating security payload Authentication header(AH) HTTP authentication: web security Client response WWW-authenticate Back to SSl

Technology
1 of 12
NETWORK SECURITY NAME OF THE STAFF : Mrs. M. FLORANCE DYANA NAME OF THE STUDENT : S.MAREESWARI, J.GAYATHRI DEVI, R.KAVITHA. REGISTER NUMBER : CB17S 250393 CB17S 250370 CB17S 250383 SUBJECT CODE : P8MCA27 CLASS : III BCA-A BATCH : 2017-2020 YEAR : 2019-2020
 Introduction  The architecture  Encapsulating security payload  Authentication header(AH)  HTTP authentication: web security  Client response  WWW-authenticate  Back to SSl
Introduction  IP Packets have no inherent security. It is relatively easy to forge the addresses of IP packets, modify the contents of IP packets, replay old packets, and inspect the contents of IP packets in transit. Therefore, there is no guarantee that IP datagrams received are  (1) from the claimed sender (the source address in the IP header);  (2) that they contain the original data that the sender placed in them; or  (3) that the original data was not inspected by a third party while the packet was being sent from source to destination. IP Sec is a method of protecting IP datagrams.  This protection takes the form of data origin authentication, connectionless data integrity authentication, data content confidentiality, antireplay protection, and limited traffic flow confidentiality
The architecture  The Architecture Document for IP Sec, RFC2401, defines the base architecture upon which all implementations are built.  It defines the security services provided by IP Sec, how and where they can be used, how packets are constructed and processed, and the interaction of IP Sec processing with policy.  The IP Sec protocols—AH and ESP—can be used to protect either an entire IP payload or the upper-layer protocols of an IP payload. This distinction is handled by considering two different “modes” of IP Sec transport mode is used to protect upper-layer protocols; tunnel mode is used to protect entire IP datagrams. .
 ESP is the IP Sec protocol that provides confidentiality, data integrity, and data source authentication of IP packets, and also provides protection against replay attacks.  It does so by inserting a new header—an ESP header—after an IP header (and any IP options) and before the data to be protected, either an upper- layer protocol or an entire IP datagram, and appending an ESP trailer.  ESP is a new IP protocol and an ESP packet is identified by the protocol field of an IP header. If its value is 50 it’s an ESP packet and immediately following the IP header is an ESP header.  Since ESP provides both confidentiality and authentication, it has multiple algorithms defined in its SA—one for confidentiality called a cipher Encapsulating security payload
Authentication header(AH)  Like ESP, AH provides data integrity, data source authentication, and protection against replay attacks.  It does not provide confidentiality. Because of this the AH header is much simpler than ESP; it is merely a header and not a header plus trailer. In addition, all of the fields in the AH header are in the clear.  RFC2402 defines the current incarnation of AH while RFC1826 described an older, deprecated version of AH. The important features of AH specified in that RFC remain in the new document—providing data integrity and data source authentication of IP packets—but new features and clarification of some issues raised with RFC1826 were added. For example, antireplay protection is now an integral part of the specification and a definition of using AH in tunnel mode was added.
HTTP authentication: web security  Protect web content from those who don’t have a “need to know”  Require users to authenticate using a user id/password before they are allowed access to certain URLs  HTTP/1.1 requires that when a user makes a request for a protected resource the server responds with a authentication request header  WWW-Authenticate contains enough pertinent information to carry out a “challenge-response” session between the user and the server
Client response  Well established clients like Firefox, Internet Explorer …. will respond to the challenge request (WWW-Authenticate) by presenting the user with a small pop-up window with data entry fields for  User id  password  a Submit button and a Cancel button  entering a valid user id and password will post the data to the server, the server will attempt authentication and if authenticated will serve the originally requested resource.
www-authenticate  The authentication request received by the browser will look something like:  WWW-Authenticate = Basic realm=“default tRealm”  Basic indicates the HTTP Basic authentication is requested  realm indicates the context of the login  realms hold all of the parts of security puzzle  Users  Groups  ACLs (Access Control Lists)  Basic Authentication  userid and password are sent base 64 encoded (might as well be plain text)  hacker doesn’t even need to unencode all he has to do is “replay” the blob of information he stole over and over ( this is called a “replay attack”)
www-authenticate  Secure Sockets Layer (SSL)  Invented by Netscape and made public domain for everyone’s user.  Public Key Cryptography  owner of a private key sends a public key to all who want to communicate with him (keys are both prime factors of a large (1024 bit) number). Owner keeps the private key secret and uses it to decrypt information sent to him that has been encrypted with the public-key  RSA algorithm is most notable public-key cipher algorithm  Digital Certificates  issued by a disinterested third party (ex. Verisign)  the Certificate contains the public-key for the specific Web Server and a digital signature of the certifying authority
Back to SSL  Once a secure session is established the source requests the destinations certificate ( sent in the http header (uncncrypted))  once the source accepts the authenticity of the certificate it uses the public-key from the certificate to encrypt the generated session key for protecting the conversation between the source and destination.  Session is encrypted using a symmetric cipher (slow)  conversation is encrypted using an asymmetric cipher (fast)

Recommended

S/MIME
S/MIMES/MIME
S/MIMEmaria azam
 
IPSec VPN Tutorial Part1
IPSec VPN Tutorial Part1IPSec VPN Tutorial Part1
IPSec VPN Tutorial Part1Abdallah Abuouf
 
IP Security
IP SecurityIP Security
IP SecurityKeshab Nath
 
IP Security
IP SecurityIP Security
IP SecurityAmbo University
 
IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols NetProtocol Xpert
 
IPSec Overview
IPSec OverviewIPSec Overview
IPSec Overviewdavisli
 
IP Security in Network Security NS6
IP Security in Network Security NS6IP Security in Network Security NS6
IP Security in Network Security NS6koolkampus
 
Ip security
Ip security Ip security
Ip security Naveen Dubey
 

Recommended

S/MIME
S/MIMES/MIME
S/MIMEmaria azam
 
IPSec VPN Tutorial Part1
IPSec VPN Tutorial Part1IPSec VPN Tutorial Part1
IPSec VPN Tutorial Part1Abdallah Abuouf
 
IP Security
IP SecurityIP Security
IP SecurityKeshab Nath
 
IP Security
IP SecurityIP Security
IP SecurityAmbo University
 
IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols NetProtocol Xpert
 
IPSec Overview
IPSec OverviewIPSec Overview
IPSec Overviewdavisli
 
IP Security in Network Security NS6
IP Security in Network Security NS6IP Security in Network Security NS6
IP Security in Network Security NS6koolkampus
 
Ip security
Ip security Ip security
Ip security Naveen Dubey
 
Internet protocol security
Internet protocol securityInternet protocol security
Internet protocol securityfarhan516
 
Internet security protocol
Internet security protocolInternet security protocol
Internet security protocolMousmi Pawar
 
IP Sec - Basic Concepts
IP Sec - Basic ConceptsIP Sec - Basic Concepts
IP Sec - Basic ConceptsAvadhesh Agrawal
 
IPSec VPN tunnel
IPSec VPN tunnelIPSec VPN tunnel
IPSec VPN tunnelArunKumar Subbiah
 
Ipsec
IpsecIpsec
IpsecRupesh Mishra
 
Ipsecurity
IpsecurityIpsecurity
IpsecurityChinmay Patel
 
X 509 Certificates How And Why In Vb.Net
X 509 Certificates How And Why In Vb.NetX 509 Certificates How And Why In Vb.Net
X 509 Certificates How And Why In Vb.NetPuneet Arora
 
Chapter 08
Chapter 08Chapter 08
Chapter 08cclay3
 
Email security
Email securityEmail security
Email securityIndrajit Sreemany
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerNaveen Kumar
 
Ip sec and ssl
Ip sec and sslIp sec and ssl
Ip sec and sslMohd Arif
 
Keymanagement of ipsec
Keymanagement of ipsecKeymanagement of ipsec
Keymanagement of ipsecPACHIYAPPAN PACHIYAPPAS
 
IS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email SecurityIS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email SecuritySarthak Patel
 
Master thesis 14023164
Master thesis 14023164Master thesis 14023164
Master thesis 14023164Thivya Devaraj
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distributionRiya Choudhary
 
IPsec
IPsecIPsec
IPsecabdullah roomi
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network SecurityKathirvel Ayyaswamy
 
Ipsec (network security)
Ipsec (network security)Ipsec (network security)
Ipsec (network security)AhmadRahmanian1
 
Ipsec vpn v0.1
Ipsec vpn v0.1Ipsec vpn v0.1
Ipsec vpn v0.1Sankaranarayanan Subramanian
 
Ipsec
IpsecIpsec
IpsecBaidyanath Dutta
 
IS - SSL
IS - SSLIS - SSL
IS - SSLFumikageTokoyami4
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPNAbdullaziz Tagawy
 

More Related Content

What's hot

Internet protocol security
Internet protocol securityInternet protocol security
Internet protocol securityfarhan516
 
Internet security protocol
Internet security protocolInternet security protocol
Internet security protocolMousmi Pawar
 
X 509 Certificates How And Why In Vb.Net
X 509 Certificates How And Why In Vb.NetX 509 Certificates How And Why In Vb.Net
X 509 Certificates How And Why In Vb.NetPuneet Arora
 
Chapter 08
Chapter 08Chapter 08
Chapter 08cclay3
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerNaveen Kumar
 
Ip sec and ssl
Ip sec and sslIp sec and ssl
Ip sec and sslMohd Arif
 
IS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email SecurityIS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email SecuritySarthak Patel
 
Master thesis 14023164
Master thesis 14023164Master thesis 14023164
Master thesis 14023164Thivya Devaraj
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distributionRiya Choudhary
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network SecurityKathirvel Ayyaswamy
 
Ipsec (network security)
Ipsec (network security)Ipsec (network security)
Ipsec (network security)AhmadRahmanian1
 

What's hot (20)

Internet protocol security
Internet protocol securityInternet protocol security
Internet protocol security
 
Internet security protocol
Internet security protocolInternet security protocol
Internet security protocol
 
IP Sec - Basic Concepts
IP Sec - Basic ConceptsIP Sec - Basic Concepts
IP Sec - Basic Concepts
 
IPSec VPN tunnel
IPSec VPN tunnelIPSec VPN tunnel
IPSec VPN tunnel
 
Ipsec
IpsecIpsec
Ipsec
 
Ipsecurity
IpsecurityIpsecurity
Ipsecurity
 
X 509 Certificates How And Why In Vb.Net
X 509 Certificates How And Why In Vb.NetX 509 Certificates How And Why In Vb.Net
X 509 Certificates How And Why In Vb.Net
 
Chapter 08
Chapter 08Chapter 08
Chapter 08
 
Email security
Email securityEmail security
Email security
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
Ip sec and ssl
Ip sec and sslIp sec and ssl
Ip sec and ssl
 
Keymanagement of ipsec
Keymanagement of ipsecKeymanagement of ipsec
Keymanagement of ipsec
 
IS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email SecurityIS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email Security
 
Master thesis 14023164
Master thesis 14023164Master thesis 14023164
Master thesis 14023164
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distribution
 
IPsec
IPsecIPsec
IPsec
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security
 
Ipsec (network security)
Ipsec (network security)Ipsec (network security)
Ipsec (network security)
 
Ipsec vpn v0.1
Ipsec vpn v0.1Ipsec vpn v0.1
Ipsec vpn v0.1
 
Ipsec
IpsecIpsec
Ipsec
 

Similar to Network Security Practices-IP Security

8.X Sec & I Pv6
8.X Sec & I Pv68.X Sec & I Pv6
8.X Sec & I Pv6phanleson
 
1643129870-internet-security.pptx
1643129870-internet-security.pptx1643129870-internet-security.pptx
1643129870-internet-security.pptxMARIA401634
 
Network security
Network securityNetwork security
Network securityanoop negi
 
Secure Gate / Reverse Proxy - WAF 1ere génération / Datelec
Secure Gate / Reverse Proxy - WAF 1ere génération / DatelecSecure Gate / Reverse Proxy - WAF 1ere génération / Datelec
Secure Gate / Reverse Proxy - WAF 1ere génération / DatelecSylvain Maret
 
Computer network (4)
Computer network (4)Computer network (4)
Computer network (4)NYversity
 
Skyriver Communications – Fixed Wireless Security
Skyriver Communications – Fixed Wireless SecuritySkyriver Communications – Fixed Wireless Security
Skyriver Communications – Fixed Wireless SecuritySkyriver04
 
Client Server Security with Flask and iOS
Client Server Security with Flask and iOSClient Server Security with Flask and iOS
Client Server Security with Flask and iOSMake School
 

Similar to Network Security Practices-IP Security (20)

IS - SSL
IS - SSLIS - SSL
IS - SSL
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPN
 
Security
SecuritySecurity
Security
 
WLAN and IP security
WLAN and IP securityWLAN and IP security
WLAN and IP security
 
8.X Sec & I Pv6
8.X Sec & I Pv68.X Sec & I Pv6
8.X Sec & I Pv6
 
Ip security
Ip security Ip security
Ip security
 
1643129870-internet-security.pptx
1643129870-internet-security.pptx1643129870-internet-security.pptx
1643129870-internet-security.pptx
 
Network security
Network securityNetwork security
Network security
 
Ip Sec
Ip SecIp Sec
Ip Sec
 
Ipsecurity
IpsecurityIpsecurity
Ipsecurity
 
Websecurity
Websecurity Websecurity
Websecurity
 
Ip Sec
Ip SecIp Sec
Ip Sec
 
Ip Sec Rev1
Ip Sec Rev1Ip Sec Rev1
Ip Sec Rev1
 
Web Security
Web SecurityWeb Security
Web Security
 
Secure Gate / Reverse Proxy - WAF 1ere génération / Datelec
Secure Gate / Reverse Proxy - WAF 1ere génération / DatelecSecure Gate / Reverse Proxy - WAF 1ere génération / Datelec
Secure Gate / Reverse Proxy - WAF 1ere génération / Datelec
 
Ipsec 2
Ipsec 2Ipsec 2
Ipsec 2
 
Computer network (4)
Computer network (4)Computer network (4)
Computer network (4)
 
Skyriver Communications – Fixed Wireless Security
Skyriver Communications – Fixed Wireless SecuritySkyriver Communications – Fixed Wireless Security
Skyriver Communications – Fixed Wireless Security
 
Comprehensive Guide On Network Security
Comprehensive Guide On Network SecurityComprehensive Guide On Network Security
Comprehensive Guide On Network Security
 
Client Server Security with Flask and iOS
Client Server Security with Flask and iOSClient Server Security with Flask and iOS
Client Server Security with Flask and iOS
 

Recently uploaded

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 

Recently uploaded (20)

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 

Network Security Practices-IP Security

  • 1. NETWORK SECURITY NAME OF THE STAFF : Mrs. M. FLORANCE DYANA NAME OF THE STUDENT : S.MAREESWARI, J.GAYATHRI DEVI, R.KAVITHA. REGISTER NUMBER : CB17S 250393 CB17S 250370 CB17S 250383 SUBJECT CODE : P8MCA27 CLASS : III BCA-A BATCH : 2017-2020 YEAR : 2019-2020
  • 2.
  • 3.  Introduction  The architecture  Encapsulating security payload  Authentication header(AH)  HTTP authentication: web security  Client response  WWW-authenticate  Back to SSl
  • 4. Introduction  IP Packets have no inherent security. It is relatively easy to forge the addresses of IP packets, modify the contents of IP packets, replay old packets, and inspect the contents of IP packets in transit. Therefore, there is no guarantee that IP datagrams received are  (1) from the claimed sender (the source address in the IP header);  (2) that they contain the original data that the sender placed in them; or  (3) that the original data was not inspected by a third party while the packet was being sent from source to destination. IP Sec is a method of protecting IP datagrams.  This protection takes the form of data origin authentication, connectionless data integrity authentication, data content confidentiality, antireplay protection, and limited traffic flow confidentiality
  • 5. The architecture  The Architecture Document for IP Sec, RFC2401, defines the base architecture upon which all implementations are built.  It defines the security services provided by IP Sec, how and where they can be used, how packets are constructed and processed, and the interaction of IP Sec processing with policy.  The IP Sec protocols—AH and ESP—can be used to protect either an entire IP payload or the upper-layer protocols of an IP payload. This distinction is handled by considering two different “modes” of IP Sec transport mode is used to protect upper-layer protocols; tunnel mode is used to protect entire IP datagrams. .
  • 6.  ESP is the IP Sec protocol that provides confidentiality, data integrity, and data source authentication of IP packets, and also provides protection against replay attacks.  It does so by inserting a new header—an ESP header—after an IP header (and any IP options) and before the data to be protected, either an upper- layer protocol or an entire IP datagram, and appending an ESP trailer.  ESP is a new IP protocol and an ESP packet is identified by the protocol field of an IP header. If its value is 50 it’s an ESP packet and immediately following the IP header is an ESP header.  Since ESP provides both confidentiality and authentication, it has multiple algorithms defined in its SA—one for confidentiality called a cipher Encapsulating security payload
  • 7. Authentication header(AH)  Like ESP, AH provides data integrity, data source authentication, and protection against replay attacks.  It does not provide confidentiality. Because of this the AH header is much simpler than ESP; it is merely a header and not a header plus trailer. In addition, all of the fields in the AH header are in the clear.  RFC2402 defines the current incarnation of AH while RFC1826 described an older, deprecated version of AH. The important features of AH specified in that RFC remain in the new document—providing data integrity and data source authentication of IP packets—but new features and clarification of some issues raised with RFC1826 were added. For example, antireplay protection is now an integral part of the specification and a definition of using AH in tunnel mode was added.
  • 8. HTTP authentication: web security  Protect web content from those who don’t have a “need to know”  Require users to authenticate using a user id/password before they are allowed access to certain URLs  HTTP/1.1 requires that when a user makes a request for a protected resource the server responds with a authentication request header  WWW-Authenticate contains enough pertinent information to carry out a “challenge-response” session between the user and the server
  • 9. Client response  Well established clients like Firefox, Internet Explorer …. will respond to the challenge request (WWW-Authenticate) by presenting the user with a small pop-up window with data entry fields for  User id  password  a Submit button and a Cancel button  entering a valid user id and password will post the data to the server, the server will attempt authentication and if authenticated will serve the originally requested resource.
  • 10. www-authenticate  The authentication request received by the browser will look something like:  WWW-Authenticate = Basic realm=“default tRealm”  Basic indicates the HTTP Basic authentication is requested  realm indicates the context of the login  realms hold all of the parts of security puzzle  Users  Groups  ACLs (Access Control Lists)  Basic Authentication  userid and password are sent base 64 encoded (might as well be plain text)  hacker doesn’t even need to unencode all he has to do is “replay” the blob of information he stole over and over ( this is called a “replay attack”)
  • 11. www-authenticate  Secure Sockets Layer (SSL)  Invented by Netscape and made public domain for everyone’s user.  Public Key Cryptography  owner of a private key sends a public key to all who want to communicate with him (keys are both prime factors of a large (1024 bit) number). Owner keeps the private key secret and uses it to decrypt information sent to him that has been encrypted with the public-key  RSA algorithm is most notable public-key cipher algorithm  Digital Certificates  issued by a disinterested third party (ex. Verisign)  the Certificate contains the public-key for the specific Web Server and a digital signature of the certifying authority
  • 12. Back to SSL  Once a secure session is established the source requests the destinations certificate ( sent in the http header (uncncrypted))  once the source accepts the authenticity of the certificate it uses the public-key from the certificate to encrypt the generated session key for protecting the conversation between the source and destination.  Session is encrypted using a symmetric cipher (slow)  conversation is encrypted using an asymmetric cipher (fast)