SlideShare une entreprise Scribd logo

Ch32

Wayne Jones Jnr
Wayne Jones Jnr
Technologie
1  sur  44
Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Figure 32.1 Common structure of three security protocols
32-1 IPSecurity (IPSec) IPSecurity (IPSec) is a collection of protocols designed by the Internet Engineering Task Force (IETF) to provide security for a packet at the network level. Two Modes Two Security Protocols Security Association Internet Key Exchange (IKE) Virtual Private Network Topics discussed in this section:
Figure 32.2 TCP/IP protocol suite and IPSec
Figure 32.3 Transport mode and tunnel modes of IPSec protocol
IPSec in the transport mode does not protect the IP header; it only protects the information coming from the transport layer. Note
Figure 32.4 Transport mode in action
Figure 32.5 Tunnel mode in action
IPSec in tunnel mode protects the original IP header. Note
Figure 32.6 Authentication Header (AH) Protocol in transport mode
The AH Protocol provides source authentication and data integrity, but not privacy. Note
Figure 32.7 Encapsulating Security Payload (ESP) Protocol in transport mode
ESP provides source authentication, data integrity, and privacy. Note
Table 32.1 IPSec services
Figure 32.8 Simple inbound and outbound security associations
IKE creates SAs for IPSec. Note
Figure 32.9 IKE components
Table 32.2 Addresses for private networks
Figure 32.10 Private network
Figure 32.11 Hybrid network
Figure 32.12 Virtual private network
Figure 32.13 Addressing in a VPN
32-2 SSL/TLS Two protocols are dominant today for providing security at the transport layer: the Secure Sockets Layer (SSL) Protocol and the Transport Layer Security (TLS) Protocol. The latter is actually an IETF version of the former. SSL Services Security Parameters Sessions and Connections Four Protocols Transport Layer Security Topics discussed in this section:
Figure 32.14 Location of SSL and TLS in the Internet model
Table 32.3 SSL cipher suite list
Table 32.3 SSL cipher suite list ( continued )
The client and the server have six different cryptography secrets. Note
Figure 32.15 Creation of cryptographic secrets in SSL
Figure 32.16 Four SSL protocols
Figure 32.17 Handshake Protocol
Figure 32.18 Processing done by the Record Protocol
32-3 PGP One of the protocols to provide security at the application layer is Pretty Good Privacy (PGP). PGP is designed to create authenticated and confidential e-mails. Security Parameters Services A Scenario PGP Algorithms Key Rings PGP Certificates Topics discussed in this section:
Figure 32.19 Position of PGP in the TCP/IP protocol suite
In PGP, the sender of the message needs to include the identifiers of the algorithms used in the message as well as the values of the keys. Note
Figure 32.20 A scenario in which an e-mail message is authenticated and encrypted
Table 32.4 PGP Algorithms
Figure 32.21 Rings
In PGP, there can be multiple paths from fully or partially trusted authorities to any subject. Note
32-4 FIREWALLS All previous security measures cannot prevent Eve from sending a harmful message to a system. To control access to a system, we need firewalls. A firewall is a device installed between the internal network of an organization and the rest of the Internet. It is designed to forward some packets and filter (not forward) others. Packet-Filter Firewall Proxy Firewall Topics discussed in this section:
Figure 32.22 Firewall
Figure 32.23 Packet-filter firewall
A packet-filter firewall filters at the network or transport layer. Note
Figure 32.24 Proxy firewall
A proxy firewall filters at the application layer. Note

Recommandé

Visualization and Matplotlib using Python.pptx
Visualization and Matplotlib using Python.pptxVisualization and Matplotlib using Python.pptx
Visualization and Matplotlib using Python.pptxSharmilaMore5
 
Datastructures in python
Datastructures in pythonDatastructures in python
Datastructures in pythonhydpy
 
Computer Networking Lab File
Computer Networking Lab FileComputer Networking Lab File
Computer Networking Lab FileNitin Bhasin
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT SecurityCAS
 
Ipsec
IpsecIpsec
IpsecBaidyanath Dutta
 
Packet tracer practical guide
Packet tracer practical guidePacket tracer practical guide
Packet tracer practical guideNishant Gandhi
 
Star Topology Design with Cisco Packet Tracer
Star Topology Design with Cisco Packet TracerStar Topology Design with Cisco Packet Tracer
Star Topology Design with Cisco Packet TracerMaksudujjaman
 
Trace route
Trace route Trace route
Trace route NetProtocol Xpert
 

Recommandé

Visualization and Matplotlib using Python.pptx
Visualization and Matplotlib using Python.pptxVisualization and Matplotlib using Python.pptx
Visualization and Matplotlib using Python.pptxSharmilaMore5
 
Datastructures in python
Datastructures in pythonDatastructures in python
Datastructures in pythonhydpy
 
Computer Networking Lab File
Computer Networking Lab FileComputer Networking Lab File
Computer Networking Lab FileNitin Bhasin
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT SecurityCAS
 
Ipsec
IpsecIpsec
IpsecBaidyanath Dutta
 
Packet tracer practical guide
Packet tracer practical guidePacket tracer practical guide
Packet tracer practical guideNishant Gandhi
 
Star Topology Design with Cisco Packet Tracer
Star Topology Design with Cisco Packet TracerStar Topology Design with Cisco Packet Tracer
Star Topology Design with Cisco Packet TracerMaksudujjaman
 
Trace route
Trace route Trace route
Trace route NetProtocol Xpert
 
RFID with INTERNET OF THINGS
RFID with INTERNET OF THINGSRFID with INTERNET OF THINGS
RFID with INTERNET OF THINGSBino Mathew Varghese
 
Maps
MapsMaps
MapsJoyjit Choudhury
 
Attendance System using RFID
Attendance System using RFIDAttendance System using RFID
Attendance System using RFIDnazuranajmi916
 
IoT Networking Part 2
IoT Networking Part 2IoT Networking Part 2
IoT Networking Part 2Hitesh Mohapatra
 
Ipso smart objects for iot
Ipso smart objects for iotIpso smart objects for iot
Ipso smart objects for iotMichael Koster
 
Introduction to python programming
Introduction to python programmingIntroduction to python programming
Introduction to python programmingSrinivas Narasegouda
 
RFID Technology and Internet of Things
RFID Technology and Internet of ThingsRFID Technology and Internet of Things
RFID Technology and Internet of ThingsDmitri Shiryaev
 
Wireshark
WiresharkWireshark
WiresharkKasun Madusanke
 
Internet of things (IoT)
Internet of things (IoT)Internet of things (IoT)
Internet of things (IoT)Prakash Honnur
 
Cisco Internet of Things
Cisco Internet of ThingsCisco Internet of Things
Cisco Internet of ThingsPanduit
 
Data base management system LAB MANUAL KCS 551.pdf
Data base management system LAB MANUAL KCS 551.pdfData base management system LAB MANUAL KCS 551.pdf
Data base management system LAB MANUAL KCS 551.pdfVandanaTripathi32
 
Ip address
Ip addressIp address
Ip addressAmandeep Kaur
 
Wireshark Traffic Analysis
Wireshark Traffic AnalysisWireshark Traffic Analysis
Wireshark Traffic AnalysisDavid Sweigert
 
Data Structures in Python
Data Structures in PythonData Structures in Python
Data Structures in PythonDevashish Kumar
 
Python functional programming
Python functional programmingPython functional programming
Python functional programmingGeison Goes
 
Elements of IoT connectivity technologies
Elements of IoT connectivity technologiesElements of IoT connectivity technologies
Elements of IoT connectivity technologiesusman sarwar
 
Java API: java.net.InetAddress
Java API: java.net.InetAddressJava API: java.net.InetAddress
Java API: java.net.InetAddressSayak Sarkar
 
Security challenges in IoT
Security challenges in IoTSecurity challenges in IoT
Security challenges in IoTVishnupriya T H
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6limsh
 
Creator IoT Framework
Creator IoT FrameworkCreator IoT Framework
Creator IoT FrameworkPaul Evans
 
WE_shouldDoBusiness
WE_shouldDoBusinessWE_shouldDoBusiness
WE_shouldDoBusinessMeylen Pang
 
Sales And Marketing
Sales And MarketingSales And Marketing
Sales And MarketingVirtual Enterprise
 

Contenu connexe

Tendances

Attendance System using RFID
Attendance System using RFIDAttendance System using RFID
Attendance System using RFIDnazuranajmi916
 
Ipso smart objects for iot
Ipso smart objects for iotIpso smart objects for iot
Ipso smart objects for iotMichael Koster
 
Introduction to python programming
Introduction to python programmingIntroduction to python programming
Introduction to python programmingSrinivas Narasegouda
 
RFID Technology and Internet of Things
RFID Technology and Internet of ThingsRFID Technology and Internet of Things
RFID Technology and Internet of ThingsDmitri Shiryaev
 
Internet of things (IoT)
Internet of things (IoT)Internet of things (IoT)
Internet of things (IoT)Prakash Honnur
 
Cisco Internet of Things
Cisco Internet of ThingsCisco Internet of Things
Cisco Internet of ThingsPanduit
 
Data base management system LAB MANUAL KCS 551.pdf
Data base management system LAB MANUAL KCS 551.pdfData base management system LAB MANUAL KCS 551.pdf
Data base management system LAB MANUAL KCS 551.pdfVandanaTripathi32
 
Wireshark Traffic Analysis
Wireshark Traffic AnalysisWireshark Traffic Analysis
Wireshark Traffic AnalysisDavid Sweigert
 
Data Structures in Python
Data Structures in PythonData Structures in Python
Data Structures in PythonDevashish Kumar
 
Python functional programming
Python functional programmingPython functional programming
Python functional programmingGeison Goes
 
Elements of IoT connectivity technologies
Elements of IoT connectivity technologiesElements of IoT connectivity technologies
Elements of IoT connectivity technologiesusman sarwar
 
Java API: java.net.InetAddress
Java API: java.net.InetAddressJava API: java.net.InetAddress
Java API: java.net.InetAddressSayak Sarkar
 
Security challenges in IoT
Security challenges in IoTSecurity challenges in IoT
Security challenges in IoTVishnupriya T H
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6limsh
 
Creator IoT Framework
Creator IoT FrameworkCreator IoT Framework
Creator IoT FrameworkPaul Evans
 

Tendances (20)

RFID with INTERNET OF THINGS
RFID with INTERNET OF THINGSRFID with INTERNET OF THINGS
RFID with INTERNET OF THINGS
 
Maps
MapsMaps
Maps
 
Attendance System using RFID
Attendance System using RFIDAttendance System using RFID
Attendance System using RFID
 
IoT Networking Part 2
IoT Networking Part 2IoT Networking Part 2
IoT Networking Part 2
 
Ipso smart objects for iot
Ipso smart objects for iotIpso smart objects for iot
Ipso smart objects for iot
 
Introduction to python programming
Introduction to python programmingIntroduction to python programming
Introduction to python programming
 
RFID Technology and Internet of Things
RFID Technology and Internet of ThingsRFID Technology and Internet of Things
RFID Technology and Internet of Things
 
Wireshark
WiresharkWireshark
Wireshark
 
Internet of things (IoT)
Internet of things (IoT)Internet of things (IoT)
Internet of things (IoT)
 
Cisco Internet of Things
Cisco Internet of ThingsCisco Internet of Things
Cisco Internet of Things
 
Data base management system LAB MANUAL KCS 551.pdf
Data base management system LAB MANUAL KCS 551.pdfData base management system LAB MANUAL KCS 551.pdf
Data base management system LAB MANUAL KCS 551.pdf
 
Ip address
Ip addressIp address
Ip address
 
Wireshark Traffic Analysis
Wireshark Traffic AnalysisWireshark Traffic Analysis
Wireshark Traffic Analysis
 
Data Structures in Python
Data Structures in PythonData Structures in Python
Data Structures in Python
 
Python functional programming
Python functional programmingPython functional programming
Python functional programming
 
Elements of IoT connectivity technologies
Elements of IoT connectivity technologiesElements of IoT connectivity technologies
Elements of IoT connectivity technologies
 
Java API: java.net.InetAddress
Java API: java.net.InetAddressJava API: java.net.InetAddress
Java API: java.net.InetAddress
 
Security challenges in IoT
Security challenges in IoTSecurity challenges in IoT
Security challenges in IoT
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6
 
Creator IoT Framework
Creator IoT FrameworkCreator IoT Framework
Creator IoT Framework
 

En vedette

WE_shouldDoBusiness
WE_shouldDoBusinessWE_shouldDoBusiness
WE_shouldDoBusinessMeylen Pang
 
Pepseo C Suivi N°16
Pepseo C Suivi N°16Pepseo C Suivi N°16
Pepseo C Suivi N°16guestdcf28166
 
Ibet planejamento tributa rio marcos neder 2013
Ibet planejamento tributa rio marcos neder 2013Ibet planejamento tributa rio marcos neder 2013
Ibet planejamento tributa rio marcos neder 2013Fernanda Moreira
 
Registration Of Trademark
Registration Of TrademarkRegistration Of Trademark
Registration Of TrademarkStartupwala
 
Slidesharehistory
SlidesharehistorySlidesharehistory
Slidesharehistoryjmclaugh813
 
Domoti Corporate Presentation (eng)
Domoti Corporate Presentation (eng)Domoti Corporate Presentation (eng)
Domoti Corporate Presentation (eng)Domoti S.A.S
 
19.2 britain leads the way
19.2 britain leads the way19.2 britain leads the way
19.2 britain leads the wayMrAguiar
 

En vedette (18)

WE_shouldDoBusiness
WE_shouldDoBusinessWE_shouldDoBusiness
WE_shouldDoBusiness
 
Sales And Marketing
Sales And MarketingSales And Marketing
Sales And Marketing
 
Swin_mag_pg14
Swin_mag_pg14Swin_mag_pg14
Swin_mag_pg14
 
Pepseo C Suivi N°16
Pepseo C Suivi N°16Pepseo C Suivi N°16
Pepseo C Suivi N°16
 
Finance
FinanceFinance
Finance
 
JP STEEL CRAFTS
JP STEEL CRAFTSJP STEEL CRAFTS
JP STEEL CRAFTS
 
Ibet planejamento tributa rio marcos neder 2013
Ibet planejamento tributa rio marcos neder 2013Ibet planejamento tributa rio marcos neder 2013
Ibet planejamento tributa rio marcos neder 2013
 
Winners 2014
Winners 2014Winners 2014
Winners 2014
 
Fashion Designer
Fashion DesignerFashion Designer
Fashion Designer
 
White+Collar+Crime
White+Collar+CrimeWhite+Collar+Crime
White+Collar+Crime
 
Registration Of Trademark
Registration Of TrademarkRegistration Of Trademark
Registration Of Trademark
 
Slidesharehistory
SlidesharehistorySlidesharehistory
Slidesharehistory
 
Domoti Corporate Presentation (eng)
Domoti Corporate Presentation (eng)Domoti Corporate Presentation (eng)
Domoti Corporate Presentation (eng)
 
19.2 britain leads the way
19.2 britain leads the way19.2 britain leads the way
19.2 britain leads the way
 
Development of criminology
Development of criminologyDevelopment of criminology
Development of criminology
 
Ch07
Ch07Ch07
Ch07
 
Grande bouquet
Grande bouquetGrande bouquet
Grande bouquet
 
Trabajo segundo ep
Trabajo segundo epTrabajo segundo ep
Trabajo segundo ep
 

Similaire à Ch32

32 Security in_Internet_IP_SEC_SSL/TLS_PGN_VPN_and_Firewalls
32 Security in_Internet_IP_SEC_SSL/TLS_PGN_VPN_and_Firewalls32 Security in_Internet_IP_SEC_SSL/TLS_PGN_VPN_and_Firewalls
32 Security in_Internet_IP_SEC_SSL/TLS_PGN_VPN_and_FirewallsAhmar Hashmi
 
1643129870-internet-security.pptx
1643129870-internet-security.pptx1643129870-internet-security.pptx
1643129870-internet-security.pptxMARIA401634
 
Network security on Cisco routers and switches
Network security on Cisco routers and switchesNetwork security on Cisco routers and switches
Network security on Cisco routers and switchesAlexandros Britzolakis
 
CCNA 1 Routing and Switching v5.0 Chapter 7
CCNA 1 Routing and Switching v5.0 Chapter 7CCNA 1 Routing and Switching v5.0 Chapter 7
CCNA 1 Routing and Switching v5.0 Chapter 7Nil Menon
 
Chapter 07 - Transport Layer
Chapter 07 - Transport LayerChapter 07 - Transport Layer
Chapter 07 - Transport LayerYaser Rahmati
 
Chapter 7 : Transport layer
Chapter 7 : Transport layerChapter 7 : Transport layer
Chapter 7 : Transport layerteknetir
 
CCNAv5 - S1: Chapter 7 - Transport Layer
CCNAv5 - S1: Chapter 7 - Transport LayerCCNAv5 - S1: Chapter 7 - Transport Layer
CCNAv5 - S1: Chapter 7 - Transport LayerVuz Dở Hơi
 
محمد مشاري
محمد مشاريمحمد مشاري
محمد مشاريmaherrrrz
 
Ccna v5-S1-Chapter 7
Ccna v5-S1-Chapter 7Ccna v5-S1-Chapter 7
Ccna v5-S1-Chapter 7Hamza Malik
 
CCNA RS_NB - Chapter 5
CCNA RS_NB - Chapter 5CCNA RS_NB - Chapter 5
CCNA RS_NB - Chapter 5Irsandi Hasan
 
CCNA 1 Routing and Switching v5.0 Chapter 3
CCNA 1 Routing and Switching v5.0 Chapter 3CCNA 1 Routing and Switching v5.0 Chapter 3
CCNA 1 Routing and Switching v5.0 Chapter 3Nil Menon
 
IS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email SecurityIS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email SecuritySarthak Patel
 
CCNA RS_ITN - Chapter 3
CCNA RS_ITN - Chapter 3CCNA RS_ITN - Chapter 3
CCNA RS_ITN - Chapter 3Irsandi Hasan
 

Similaire à Ch32 (20)

32 Security in_Internet_IP_SEC_SSL/TLS_PGN_VPN_and_Firewalls
32 Security in_Internet_IP_SEC_SSL/TLS_PGN_VPN_and_Firewalls32 Security in_Internet_IP_SEC_SSL/TLS_PGN_VPN_and_Firewalls
32 Security in_Internet_IP_SEC_SSL/TLS_PGN_VPN_and_Firewalls
 
Ch 31
Ch 31Ch 31
Ch 31
 
1643129870-internet-security.pptx
1643129870-internet-security.pptx1643129870-internet-security.pptx
1643129870-internet-security.pptx
 
IS - SSL
IS - SSLIS - SSL
IS - SSL
 
Chap 02 osi model
Chap 02 osi modelChap 02 osi model
Chap 02 osi model
 
Network security on Cisco routers and switches
Network security on Cisco routers and switchesNetwork security on Cisco routers and switches
Network security on Cisco routers and switches
 
CCNA 1 Routing and Switching v5.0 Chapter 7
CCNA 1 Routing and Switching v5.0 Chapter 7CCNA 1 Routing and Switching v5.0 Chapter 7
CCNA 1 Routing and Switching v5.0 Chapter 7
 
Chapter 07 - Transport Layer
Chapter 07 - Transport LayerChapter 07 - Transport Layer
Chapter 07 - Transport Layer
 
Chapter 7 : Transport layer
Chapter 7 : Transport layerChapter 7 : Transport layer
Chapter 7 : Transport layer
 
CCNAv5 - S1: Chapter 7 - Transport Layer
CCNAv5 - S1: Chapter 7 - Transport LayerCCNAv5 - S1: Chapter 7 - Transport Layer
CCNAv5 - S1: Chapter 7 - Transport Layer
 
محمد مشاري
محمد مشاريمحمد مشاري
محمد مشاري
 
Internet Protocol Security as the Network Cryptography System
Internet Protocol Security as the Network Cryptography SystemInternet Protocol Security as the Network Cryptography System
Internet Protocol Security as the Network Cryptography System
 
Ccna v5-S1-Chapter 7
Ccna v5-S1-Chapter 7Ccna v5-S1-Chapter 7
Ccna v5-S1-Chapter 7
 
I psecurity
I psecurityI psecurity
I psecurity
 
CCNA RS_NB - Chapter 5
CCNA RS_NB - Chapter 5CCNA RS_NB - Chapter 5
CCNA RS_NB - Chapter 5
 
CCNA 1 Routing and Switching v5.0 Chapter 3
CCNA 1 Routing and Switching v5.0 Chapter 3CCNA 1 Routing and Switching v5.0 Chapter 3
CCNA 1 Routing and Switching v5.0 Chapter 3
 
Network IP Security.pdf
Network IP Security.pdfNetwork IP Security.pdf
Network IP Security.pdf
 
Ip security
Ip security Ip security
Ip security
 
IS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email SecurityIS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email Security
 
CCNA RS_ITN - Chapter 3
CCNA RS_ITN - Chapter 3CCNA RS_ITN - Chapter 3
CCNA RS_ITN - Chapter 3
 

Plus de Wayne Jones Jnr

Chapter 26 - Remote Logging, Electronic Mail & File Transfer
Chapter 26 - Remote Logging, Electronic Mail & File TransferChapter 26 - Remote Logging, Electronic Mail & File Transfer
Chapter 26 - Remote Logging, Electronic Mail & File TransferWayne Jones Jnr
 
Operating System Concepts - Ch05
Operating System Concepts - Ch05Operating System Concepts - Ch05
Operating System Concepts - Ch05Wayne Jones Jnr
 

Plus de Wayne Jones Jnr (20)

Chapter 26 - Remote Logging, Electronic Mail & File Transfer
Chapter 26 - Remote Logging, Electronic Mail & File TransferChapter 26 - Remote Logging, Electronic Mail & File Transfer
Chapter 26 - Remote Logging, Electronic Mail & File Transfer
 
Ch25
Ch25Ch25
Ch25
 
Ch24
Ch24Ch24
Ch24
 
Ch23
Ch23Ch23
Ch23
 
Ch22
Ch22Ch22
Ch22
 
Ch21
Ch21Ch21
Ch21
 
Ch20
Ch20Ch20
Ch20
 
Ch19
Ch19Ch19
Ch19
 
Ch18
Ch18Ch18
Ch18
 
Ch17
Ch17Ch17
Ch17
 
Ch16
Ch16Ch16
Ch16
 
Ch15
Ch15Ch15
Ch15
 
Ch14
Ch14Ch14
Ch14
 
Ch13
Ch13Ch13
Ch13
 
Ch12
Ch12Ch12
Ch12
 
Ch10
Ch10Ch10
Ch10
 
Ch09
Ch09Ch09
Ch09
 
Ch08
Ch08Ch08
Ch08
 
Ch06
Ch06Ch06
Ch06
 
Operating System Concepts - Ch05
Operating System Concepts - Ch05Operating System Concepts - Ch05
Operating System Concepts - Ch05
 

Dernier

WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 

Dernier (20)

WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 

Ch32

  • 1. Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
  • 2. Figure 32.1 Common structure of three security protocols
  • 3. 32-1 IPSecurity (IPSec) IPSecurity (IPSec) is a collection of protocols designed by the Internet Engineering Task Force (IETF) to provide security for a packet at the network level. Two Modes Two Security Protocols Security Association Internet Key Exchange (IKE) Virtual Private Network Topics discussed in this section:
  • 4. Figure 32.2 TCP/IP protocol suite and IPSec
  • 5. Figure 32.3 Transport mode and tunnel modes of IPSec protocol
  • 6. IPSec in the transport mode does not protect the IP header; it only protects the information coming from the transport layer. Note
  • 7. Figure 32.4 Transport mode in action
  • 8. Figure 32.5 Tunnel mode in action
  • 9. IPSec in tunnel mode protects the original IP header. Note
  • 10. Figure 32.6 Authentication Header (AH) Protocol in transport mode
  • 11. The AH Protocol provides source authentication and data integrity, but not privacy. Note
  • 12. Figure 32.7 Encapsulating Security Payload (ESP) Protocol in transport mode
  • 13. ESP provides source authentication, data integrity, and privacy. Note
  • 14. Table 32.1 IPSec services
  • 15. Figure 32.8 Simple inbound and outbound security associations
  • 16. IKE creates SAs for IPSec. Note
  • 17. Figure 32.9 IKE components
  • 18. Table 32.2 Addresses for private networks
  • 19. Figure 32.10 Private network
  • 20. Figure 32.11 Hybrid network
  • 21. Figure 32.12 Virtual private network
  • 22. Figure 32.13 Addressing in a VPN
  • 23. 32-2 SSL/TLS Two protocols are dominant today for providing security at the transport layer: the Secure Sockets Layer (SSL) Protocol and the Transport Layer Security (TLS) Protocol. The latter is actually an IETF version of the former. SSL Services Security Parameters Sessions and Connections Four Protocols Transport Layer Security Topics discussed in this section:
  • 24. Figure 32.14 Location of SSL and TLS in the Internet model
  • 25. Table 32.3 SSL cipher suite list
  • 26. Table 32.3 SSL cipher suite list ( continued )
  • 27. The client and the server have six different cryptography secrets. Note
  • 28. Figure 32.15 Creation of cryptographic secrets in SSL
  • 29. Figure 32.16 Four SSL protocols
  • 30. Figure 32.17 Handshake Protocol
  • 31. Figure 32.18 Processing done by the Record Protocol
  • 32. 32-3 PGP One of the protocols to provide security at the application layer is Pretty Good Privacy (PGP). PGP is designed to create authenticated and confidential e-mails. Security Parameters Services A Scenario PGP Algorithms Key Rings PGP Certificates Topics discussed in this section:
  • 33. Figure 32.19 Position of PGP in the TCP/IP protocol suite
  • 34. In PGP, the sender of the message needs to include the identifiers of the algorithms used in the message as well as the values of the keys. Note
  • 35. Figure 32.20 A scenario in which an e-mail message is authenticated and encrypted
  • 36. Table 32.4 PGP Algorithms
  • 37. Figure 32.21 Rings
  • 38. In PGP, there can be multiple paths from fully or partially trusted authorities to any subject. Note
  • 39. 32-4 FIREWALLS All previous security measures cannot prevent Eve from sending a harmful message to a system. To control access to a system, we need firewalls. A firewall is a device installed between the internal network of an organization and the rest of the Internet. It is designed to forward some packets and filter (not forward) others. Packet-Filter Firewall Proxy Firewall Topics discussed in this section:
  • 40. Figure 32.22 Firewall
  • 41. Figure 32.23 Packet-filter firewall
  • 42. A packet-filter firewall filters at the network or transport layer. Note
  • 43. Figure 32.24 Proxy firewall
  • 44. A proxy firewall filters at the application layer. Note