SlideShare une entreprise Scribd logo

Network Security Applications Guide

Hatem Mahmoud
Hatem Mahmoud

A quick presentation with a brief introduction, an example of an authentication application, Kerberos, and a web security standard, SSL/TLS.

TechnologieFormation
1  sur  40
Télécharger pour lire hors ligne
Network Security Applications Hatem Mahmoud hatem@expressionlab.com
Agenda ▪ Introduction ▪ An Authentication Application ▪ A Web Security Standard ▪ Summary ▪ References Network Security Applications 2
Introduction Network Security Applications 3
Introduction Network security applications: ▪ Authentication Applications (Kerberos) ▪ Web Security Standards (SSL/TLS) ▪ Email Security ▪ IP Security Network Security Applications 4
Kerberos An Authentication Application Network Security Applications 5
Kerberos Overview ▪ Kerberos is a trusted third-party authentication protocol designed for TCP/IP networks (developed at MIT) ▪ A Kerberos service on the network acts as a trusted arbitrator ▪ Kerberos allows clients to access different entities (clients/servers) on the network Network Security Applications 6
Kerberos The Kerberos Model ▪ Kerberos keeps a database of clients and their secret keys ▪ Services requiring authentication, as well as their clients, register their secret keys with Kerberos Network Security Applications 7
Kerberos The Kerberos Model ▪ Kerberos creates a shared session key and gives it to client and server (or two clients) to encrypt messages ▪ Kerberos uses DES for encryption ▪ Kerberos Version 4 provided a weak nonstandard mode for authentication ▪ Kerberos Version 5 uses CBC mode Network Security Applications 8
Kerberos How Kerberos Works 1. A client requests a ticket for a TGS (Ticket- Granting Service) from Kerberos 2. Kerberos sends the ticket to the client, encrypted in client’s secret key 3. To use a particular service, client requests a ticket from TGS 4. TGS issues and send a ticket to the client, encrypted with server's secret key Network Security Applications 9
Kerberos How Kerberos Works - The ticket is used by server to ensure that it is the same client to whom the ticket was issued - Client can use the ticket multiple times to access the server until the ticket expires 5. Client presents ticket to server with an authenticator (the authenticator contains client’s name and a timestamp, encrypted with the shared session key) Network Security Applications 10
Kerberos How Kerberos Works - Unlike a ticket, an authenticator can only be used once - The client can generate authenticators as needed using the shared secret key 6. If client credentials (ticket + authenticator) are correct, server provides access to service Network Security Applications 11
Kerberos How Kerberos Works Kerberos TGS 2 3 1 4 Client Server 5 Network Security Applications 12
Kerberos Security of Kerberos  It may be possible to cache and replay old authenticators. Although timestamps are supposed to prevent this, replays can be done during the lifetime of the ticket  Authenticators assume all clocks in the network are synchronized. If a host is fooled about the correct time, an old authenticator can be replayed Network Security Applications 13
Kerberos Security of Kerberos  Password-guessing attacks: an intruder can collect tickets and then try to decrypt them. The average user doesn’t usually choose good passwords  Malicious software: Kerberos rely on that its software is trustworthy. It is possible to replace all client Kerberos software with a version that records passwords Network Security Applications 14
Kerberos Security of Kerberos  New enhancements to Kerberos include an implementation of public-key cryptography and a smart-card interface for key management Network Security Applications 15
SSL/TLS A Web Security Standard Network Security Applications 16
SSL/TLS Overview Web security threats: ▪ Location ● Server or client (System Security) ● Network traffic (Web Security) ▪ Type ● Passive attacks ● Active attacks Network Security Applications 17
SSL/TLS Overview ▪ Passive attacks include accessing network traffic between browser and server, accessing restricted information on a website, etc. ▪ Active attacks includes impersonating another user, altering messages in traffic, altering information on a website, etc. Network Security Applications 18
SSL/TLS Overview ▪ Netscape originated the SSL (Secure Socket Layer) protocol to provide a reliable secure service on TCP ▪ TLS (Transport Layer Service) is the Internet standard version of SSL ▪ TLS is very similar to SSLv3 Network Security Applications 19
SSL/TLS Connections and Sessions ▪ A connection is a transport that provides a suitable type of service ▪ An session is an association between a client and a server ▪ Sessions define a set security parameters which can be shared among multiple connections Network Security Applications 20
SSL/TLS Connections and Sessions ▪ A number of states are associated with each session ▪ During the handshake, pending read and write states are created ▪ Upon successful conclusion of the handshake, the pending states become the current states Network Security Applications 21
SSL/TLS SSL Architecture ▪ Layer1 (provides basic security services to higher-layer protocols such as HTTP): ● Record Protocol ▪ Layer 2 (manages SSL exchanges): ● Handshake Protocol ● Change Cipher Spec Protocol ● Alert Protocol Network Security Applications 22
SSL/TLS SSL Architecture Network Security Applications 23
SSL/TLS 1. Record Protocol Provides: ▪ Confidentiality: a shared secret key is used for encryption ▪ Message Integrity: a shared secret key is used to form a MAC (message authentication code) Network Security Applications 24
SSL/TLS 1. Record Protocol 1)Fragments data into blocks 2)Compresses the data (optional) 3)Applies a MAC 4)Encrypts using a symmetric encryption such as AES and RC4 5)Adds a header (length, SSL version, etc.) 6)Transmits in a TCP segment Network Security Applications 25
SSL/TLS 1. Record Protocol Received data are: 1)Decrypted 2)Verified 3)Decompressed 4)Reassembled 5)Delivered to higher levels Network Security Applications 26
SSL/TLS 1. Record Protocol Network Security Applications 27
SSL/TLS 2. Handshake Protocol  Used before any data is transmitted  Allows the server and client to authenticate each other through a series of messages. Each message has:  Type: one of 10 types  Length: length in bytes  Content: session id, version, hash, etc. Network Security Applications 28
SSL/TLS 2. Handshake Protocol Network Security Applications 29
SSL/TLS 2. Handshake Protocol Network Security Applications 30
SSL/TLS 3. Change Cipher Spec  Consists of a single message which consists of a single byte with the value 1  Copies the pending state into the current state, which updates the cipher suite to be used on this connection Network Security Applications 31
SSL/TLS 4. Alert Protocol  Conveys SSL-related alert messages  Each message consists of two bytes: ● Severity – Warning (1): certificate_expired, etc. – Fatal (2) - terminates the connection: handshake_failure, bad_record_mac, etc. ● Code Network Security Applications 32
SSL/TLS SSL Protocols Network Security Applications 33
SSL/TLS TLS vs SSLv3 Differences include:  Version number: 3.x vs 3  MAC algorithm  Pseudorandom function for key generation and validation  Alert Codes Network Security Applications 34
Summary Network Security Applications 35
Summary ▪ Kerberos is a trusted third-party authentication protocol that enables clients and servers to establish authenticated communication ▪ SSL provides security services between TCP and applications that use TCP ▪ TLS is the Internet standard version Network Security Applications 36
Summary ▪ SSL/TLS provides confidentiality using symmetric encryption and message integrity using a MAC ▪ SSL/TLS enables two TCP users to determine the security mechanisms and services they will use Network Security Applications 37
References Network Security Applications 38
References ▪ Cryptography and Network Security Principles and Practices, 4th Edition, William Stallings ▪ Applied Cryptography, 2nd Edition, Bruce Schneier Network Security Applications 39
Thank You! Hatem Mahmoud hatem@expressionlab.com Network Security Applications 40

Recommandé

Digital signature
Digital signatureDigital signature
Digital signatureHossain Md Shakhawat
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Samip jain
 
Steganography
SteganographySteganography
SteganographyMayank Saxena
 
IP Spoofing
IP SpoofingIP Spoofing
IP SpoofingAkmal Hussain
 
Firewall Architecture
Firewall Architecture Firewall Architecture
Firewall Architecture Yovan Chandel
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)Kalpesh Kalekar
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6limsh
 
PPT steganography
PPT steganographyPPT steganography
PPT steganographyparvez Sharaf
 

Recommandé

Digital signature
Digital signatureDigital signature
Digital signatureHossain Md Shakhawat
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Samip jain
 
Steganography
SteganographySteganography
SteganographyMayank Saxena
 
IP Spoofing
IP SpoofingIP Spoofing
IP SpoofingAkmal Hussain
 
Firewall Architecture
Firewall Architecture Firewall Architecture
Firewall Architecture Yovan Chandel
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)Kalpesh Kalekar
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6limsh
 
PPT steganography
PPT steganographyPPT steganography
PPT steganographyparvez Sharaf
 
Public key Infrastructure (PKI)
Public key Infrastructure (PKI)Public key Infrastructure (PKI)
Public key Infrastructure (PKI)Venkatesh Jambulingam
 
Email Security : PGP & SMIME
Email Security : PGP & SMIMEEmail Security : PGP & SMIME
Email Security : PGP & SMIMERohit Soni
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerNaveen Kumar
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacyPawan Arya
 
Secure Hash Algorithm
Secure Hash AlgorithmSecure Hash Algorithm
Secure Hash AlgorithmVishakha Agarwal
 
Email security
Email securityEmail security
Email securityIndrajit Sreemany
 
Message digest 5
Message digest 5Message digest 5
Message digest 5Tirthika Bandi
 
Firewall and its types and function
Firewall and its types and functionFirewall and its types and function
Firewall and its types and functionNisarg Amin
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)Arun Shukla
 
Network security and cryptography
Network security and cryptographyNetwork security and cryptography
Network security and cryptographyPavithra renu
 
Encryption ppt
Encryption pptEncryption ppt
Encryption pptAnil Neupane
 
MD-5 : Algorithm
MD-5 : AlgorithmMD-5 : Algorithm
MD-5 : AlgorithmSahil Kureel
 
Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell pptsravya raju
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructurevimal kumar
 
Firewall ppt
Firewall pptFirewall ppt
Firewall pptOECLIB Odisha Electronics Control Library
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securitypatisa
 
Presentation On Steganography
Presentation On SteganographyPresentation On Steganography
Presentation On SteganographyTeachMission
 
Intruders
IntrudersIntruders
IntrudersDr.Florence Dayana
 
Packet sniffers
Packet sniffersPacket sniffers
Packet sniffersKunal Thakur
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )Monodip Singha Roy
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYMonodip Singha Roy
 

Contenu connexe

Tendances

Email Security : PGP & SMIME
Email Security : PGP & SMIMEEmail Security : PGP & SMIME
Email Security : PGP & SMIMERohit Soni
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerNaveen Kumar
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacyPawan Arya
 
Firewall and its types and function
Firewall and its types and functionFirewall and its types and function
Firewall and its types and functionNisarg Amin
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)Arun Shukla
 
Network security and cryptography
Network security and cryptographyNetwork security and cryptography
Network security and cryptographyPavithra renu
 
Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell pptsravya raju
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructurevimal kumar
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securitypatisa
 
Presentation On Steganography
Presentation On SteganographyPresentation On Steganography
Presentation On SteganographyTeachMission
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 

Tendances (20)

Public key Infrastructure (PKI)
Public key Infrastructure (PKI)Public key Infrastructure (PKI)
Public key Infrastructure (PKI)
 
Email Security : PGP & SMIME
Email Security : PGP & SMIMEEmail Security : PGP & SMIME
Email Security : PGP & SMIME
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacy
 
Secure Hash Algorithm
Secure Hash AlgorithmSecure Hash Algorithm
Secure Hash Algorithm
 
Email security
Email securityEmail security
Email security
 
Message digest 5
Message digest 5Message digest 5
Message digest 5
 
Firewall and its types and function
Firewall and its types and functionFirewall and its types and function
Firewall and its types and function
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)
 
Network security and cryptography
Network security and cryptographyNetwork security and cryptography
Network security and cryptography
 
Encryption ppt
Encryption pptEncryption ppt
Encryption ppt
 
MD-5 : Algorithm
MD-5 : AlgorithmMD-5 : Algorithm
MD-5 : Algorithm
 
Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell ppt
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructure
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
 
Presentation On Steganography
Presentation On SteganographyPresentation On Steganography
Presentation On Steganography
 
Intruders
IntrudersIntruders
Intruders
 
Packet sniffers
Packet sniffersPacket sniffers
Packet sniffers
 
Network security
Network securityNetwork security
Network security
 

Similaire à Network Security Applications Guide

SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )Monodip Singha Roy
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYMonodip Singha Roy
 
Network Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr ShivashankarNetwork Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr ShivashankarDr. Shivashankar
 
Network Security_Module_2.pdf
Network Security_Module_2.pdfNetwork Security_Module_2.pdf
Network Security_Module_2.pdfDr. Shivashankar
 
Lecture 6 web security
Lecture 6 web securityLecture 6 web security
Lecture 6 web securityrajakhurram
 
ssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptxssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptxjithu26327
 
SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layerAhmed Elnaggar
 
BSET_Lecture_Crypto and SSL_Overview_FINAL
BSET_Lecture_Crypto and SSL_Overview_FINALBSET_Lecture_Crypto and SSL_Overview_FINAL
BSET_Lecture_Crypto and SSL_Overview_FINALGlenn Haley
 
SecureSocketLayer.ppt
SecureSocketLayer.pptSecureSocketLayer.ppt
SecureSocketLayer.pptPranavUndre1
 
VULNERABILITIES OF THE SSL/TLS PROTOCOL
VULNERABILITIES OF THE SSL/TLS PROTOCOLVULNERABILITIES OF THE SSL/TLS PROTOCOL
VULNERABILITIES OF THE SSL/TLS PROTOCOLcscpconf
 
Vulnerabilities of the SSL/TLS Protocol
Vulnerabilities of the SSL/TLS ProtocolVulnerabilities of the SSL/TLS Protocol
Vulnerabilities of the SSL/TLS Protocolcsandit
 
ch22.ppt
ch22.pptch22.ppt
ch22.pptImXaib
 
BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4limsh
 

Similaire à Network Security Applications Guide (20)

SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
 
Network Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr ShivashankarNetwork Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr Shivashankar
 
Network Security_Module_2.pdf
Network Security_Module_2.pdfNetwork Security_Module_2.pdf
Network Security_Module_2.pdf
 
Lecture 6 web security
Lecture 6 web securityLecture 6 web security
Lecture 6 web security
 
Web Security
Web SecurityWeb Security
Web Security
 
Secure socket later
Secure socket laterSecure socket later
Secure socket later
 
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level SecurityCRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
 
ssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptxssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptx
 
SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layer
 
BSET_Lecture_Crypto and SSL_Overview_FINAL
BSET_Lecture_Crypto and SSL_Overview_FINALBSET_Lecture_Crypto and SSL_Overview_FINAL
BSET_Lecture_Crypto and SSL_Overview_FINAL
 
SecureSocketLayer.ppt
SecureSocketLayer.pptSecureSocketLayer.ppt
SecureSocketLayer.ppt
 
VULNERABILITIES OF THE SSL/TLS PROTOCOL
VULNERABILITIES OF THE SSL/TLS PROTOCOLVULNERABILITIES OF THE SSL/TLS PROTOCOL
VULNERABILITIES OF THE SSL/TLS PROTOCOL
 
Vulnerabilities of the SSL/TLS Protocol
Vulnerabilities of the SSL/TLS ProtocolVulnerabilities of the SSL/TLS Protocol
Vulnerabilities of the SSL/TLS Protocol
 
Unit 6
Unit 6Unit 6
Unit 6
 
ssl
sslssl
ssl
 
Secure Socket Layer.pptx
Secure Socket Layer.pptxSecure Socket Layer.pptx
Secure Socket Layer.pptx
 
ch22.ppt
ch22.pptch22.ppt
ch22.ppt
 
BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4
 
What is TLS/SSL?
What is TLS/SSL? What is TLS/SSL?
What is TLS/SSL?
 

Dernier

Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 

Dernier (20)

Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 

Network Security Applications Guide

  • 1. Network Security Applications Hatem Mahmoud hatem@expressionlab.com
  • 2. Agenda ▪ Introduction ▪ An Authentication Application ▪ A Web Security Standard ▪ Summary ▪ References Network Security Applications 2
  • 4. Introduction Network security applications: ▪ Authentication Applications (Kerberos) ▪ Web Security Standards (SSL/TLS) ▪ Email Security ▪ IP Security Network Security Applications 4
  • 5. Kerberos An Authentication Application Network Security Applications 5
  • 6. Kerberos Overview ▪ Kerberos is a trusted third-party authentication protocol designed for TCP/IP networks (developed at MIT) ▪ A Kerberos service on the network acts as a trusted arbitrator ▪ Kerberos allows clients to access different entities (clients/servers) on the network Network Security Applications 6
  • 7. Kerberos The Kerberos Model ▪ Kerberos keeps a database of clients and their secret keys ▪ Services requiring authentication, as well as their clients, register their secret keys with Kerberos Network Security Applications 7
  • 8. Kerberos The Kerberos Model ▪ Kerberos creates a shared session key and gives it to client and server (or two clients) to encrypt messages ▪ Kerberos uses DES for encryption ▪ Kerberos Version 4 provided a weak nonstandard mode for authentication ▪ Kerberos Version 5 uses CBC mode Network Security Applications 8
  • 9. Kerberos How Kerberos Works 1. A client requests a ticket for a TGS (Ticket- Granting Service) from Kerberos 2. Kerberos sends the ticket to the client, encrypted in client’s secret key 3. To use a particular service, client requests a ticket from TGS 4. TGS issues and send a ticket to the client, encrypted with server's secret key Network Security Applications 9
  • 10. Kerberos How Kerberos Works - The ticket is used by server to ensure that it is the same client to whom the ticket was issued - Client can use the ticket multiple times to access the server until the ticket expires 5. Client presents ticket to server with an authenticator (the authenticator contains client’s name and a timestamp, encrypted with the shared session key) Network Security Applications 10
  • 11. Kerberos How Kerberos Works - Unlike a ticket, an authenticator can only be used once - The client can generate authenticators as needed using the shared secret key 6. If client credentials (ticket + authenticator) are correct, server provides access to service Network Security Applications 11
  • 12. Kerberos How Kerberos Works Kerberos TGS 2 3 1 4 Client Server 5 Network Security Applications 12
  • 13. Kerberos Security of Kerberos  It may be possible to cache and replay old authenticators. Although timestamps are supposed to prevent this, replays can be done during the lifetime of the ticket  Authenticators assume all clocks in the network are synchronized. If a host is fooled about the correct time, an old authenticator can be replayed Network Security Applications 13
  • 14. Kerberos Security of Kerberos  Password-guessing attacks: an intruder can collect tickets and then try to decrypt them. The average user doesn’t usually choose good passwords  Malicious software: Kerberos rely on that its software is trustworthy. It is possible to replace all client Kerberos software with a version that records passwords Network Security Applications 14
  • 15. Kerberos Security of Kerberos  New enhancements to Kerberos include an implementation of public-key cryptography and a smart-card interface for key management Network Security Applications 15
  • 16. SSL/TLS A Web Security Standard Network Security Applications 16
  • 17. SSL/TLS Overview Web security threats: ▪ Location ● Server or client (System Security) ● Network traffic (Web Security) ▪ Type ● Passive attacks ● Active attacks Network Security Applications 17
  • 18. SSL/TLS Overview ▪ Passive attacks include accessing network traffic between browser and server, accessing restricted information on a website, etc. ▪ Active attacks includes impersonating another user, altering messages in traffic, altering information on a website, etc. Network Security Applications 18
  • 19. SSL/TLS Overview ▪ Netscape originated the SSL (Secure Socket Layer) protocol to provide a reliable secure service on TCP ▪ TLS (Transport Layer Service) is the Internet standard version of SSL ▪ TLS is very similar to SSLv3 Network Security Applications 19
  • 20. SSL/TLS Connections and Sessions ▪ A connection is a transport that provides a suitable type of service ▪ An session is an association between a client and a server ▪ Sessions define a set security parameters which can be shared among multiple connections Network Security Applications 20
  • 21. SSL/TLS Connections and Sessions ▪ A number of states are associated with each session ▪ During the handshake, pending read and write states are created ▪ Upon successful conclusion of the handshake, the pending states become the current states Network Security Applications 21
  • 22. SSL/TLS SSL Architecture ▪ Layer1 (provides basic security services to higher-layer protocols such as HTTP): ● Record Protocol ▪ Layer 2 (manages SSL exchanges): ● Handshake Protocol ● Change Cipher Spec Protocol ● Alert Protocol Network Security Applications 22
  • 23. SSL/TLS SSL Architecture Network Security Applications 23
  • 24. SSL/TLS 1. Record Protocol Provides: ▪ Confidentiality: a shared secret key is used for encryption ▪ Message Integrity: a shared secret key is used to form a MAC (message authentication code) Network Security Applications 24
  • 25. SSL/TLS 1. Record Protocol 1)Fragments data into blocks 2)Compresses the data (optional) 3)Applies a MAC 4)Encrypts using a symmetric encryption such as AES and RC4 5)Adds a header (length, SSL version, etc.) 6)Transmits in a TCP segment Network Security Applications 25
  • 26. SSL/TLS 1. Record Protocol Received data are: 1)Decrypted 2)Verified 3)Decompressed 4)Reassembled 5)Delivered to higher levels Network Security Applications 26
  • 27. SSL/TLS 1. Record Protocol Network Security Applications 27
  • 28. SSL/TLS 2. Handshake Protocol  Used before any data is transmitted  Allows the server and client to authenticate each other through a series of messages. Each message has:  Type: one of 10 types  Length: length in bytes  Content: session id, version, hash, etc. Network Security Applications 28
  • 29. SSL/TLS 2. Handshake Protocol Network Security Applications 29
  • 30. SSL/TLS 2. Handshake Protocol Network Security Applications 30
  • 31. SSL/TLS 3. Change Cipher Spec  Consists of a single message which consists of a single byte with the value 1  Copies the pending state into the current state, which updates the cipher suite to be used on this connection Network Security Applications 31
  • 32. SSL/TLS 4. Alert Protocol  Conveys SSL-related alert messages  Each message consists of two bytes: ● Severity – Warning (1): certificate_expired, etc. – Fatal (2) - terminates the connection: handshake_failure, bad_record_mac, etc. ● Code Network Security Applications 32
  • 33. SSL/TLS SSL Protocols Network Security Applications 33
  • 34. SSL/TLS TLS vs SSLv3 Differences include:  Version number: 3.x vs 3  MAC algorithm  Pseudorandom function for key generation and validation  Alert Codes Network Security Applications 34
  • 36. Summary ▪ Kerberos is a trusted third-party authentication protocol that enables clients and servers to establish authenticated communication ▪ SSL provides security services between TCP and applications that use TCP ▪ TLS is the Internet standard version Network Security Applications 36
  • 37. Summary ▪ SSL/TLS provides confidentiality using symmetric encryption and message integrity using a MAC ▪ SSL/TLS enables two TCP users to determine the security mechanisms and services they will use Network Security Applications 37
  • 39. References ▪ Cryptography and Network Security Principles and Practices, 4th Edition, William Stallings ▪ Applied Cryptography, 2nd Edition, Bruce Schneier Network Security Applications 39
  • 40. Thank You! Hatem Mahmoud hatem@expressionlab.com Network Security Applications 40