SlideShare une entreprise Scribd logo

Ch32

Wayne Jones Jnr
Wayne Jones Jnr
Technologie
1  sur  44
Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Figure 32.1 Common structure of three security protocols
32-1 IPSecurity (IPSec) IPSecurity (IPSec) is a collection of protocols designed by the Internet Engineering Task Force (IETF) to provide security for a packet at the network level. Two Modes Two Security Protocols Security Association Internet Key Exchange (IKE) Virtual Private Network Topics discussed in this section:
Figure 32.2 TCP/IP protocol suite and IPSec
Figure 32.3 Transport mode and tunnel modes of IPSec protocol
IPSec in the transport mode does not protect the IP header; it only protects the information coming from the transport layer. Note
Figure 32.4 Transport mode in action
Figure 32.5 Tunnel mode in action
IPSec in tunnel mode protects the original IP header. Note
Figure 32.6 Authentication Header (AH) Protocol in transport mode
The AH Protocol provides source authentication and data integrity, but not privacy. Note
Figure 32.7 Encapsulating Security Payload (ESP) Protocol in transport mode
ESP provides source authentication, data integrity, and privacy. Note
Table 32.1 IPSec services
Figure 32.8 Simple inbound and outbound security associations
IKE creates SAs for IPSec. Note
Figure 32.9 IKE components
Table 32.2 Addresses for private networks
Figure 32.10 Private network
Figure 32.11 Hybrid network
Figure 32.12 Virtual private network
Figure 32.13 Addressing in a VPN
32-2 SSL/TLS Two protocols are dominant today for providing security at the transport layer: the Secure Sockets Layer (SSL) Protocol and the Transport Layer Security (TLS) Protocol. The latter is actually an IETF version of the former. SSL Services Security Parameters Sessions and Connections Four Protocols Transport Layer Security Topics discussed in this section:
Figure 32.14 Location of SSL and TLS in the Internet model
Table 32.3 SSL cipher suite list
Table 32.3 SSL cipher suite list ( continued )
The client and the server have six different cryptography secrets. Note
Figure 32.15 Creation of cryptographic secrets in SSL
Figure 32.16 Four SSL protocols
Figure 32.17 Handshake Protocol
Figure 32.18 Processing done by the Record Protocol
32-3 PGP One of the protocols to provide security at the application layer is Pretty Good Privacy (PGP). PGP is designed to create authenticated and confidential e-mails. Security Parameters Services A Scenario PGP Algorithms Key Rings PGP Certificates Topics discussed in this section:
Figure 32.19 Position of PGP in the TCP/IP protocol suite
In PGP, the sender of the message needs to include the identifiers of the algorithms used in the message as well as the values of the keys. Note
Figure 32.20 A scenario in which an e-mail message is authenticated and encrypted
Table 32.4 PGP Algorithms
Figure 32.21 Rings
In PGP, there can be multiple paths from fully or partially trusted authorities to any subject. Note
32-4 FIREWALLS All previous security measures cannot prevent Eve from sending a harmful message to a system. To control access to a system, we need firewalls. A firewall is a device installed between the internal network of an organization and the rest of the Internet. It is designed to forward some packets and filter (not forward) others. Packet-Filter Firewall Proxy Firewall Topics discussed in this section:
Figure 32.22 Firewall
Figure 32.23 Packet-filter firewall
A packet-filter firewall filters at the network or transport layer. Note
Figure 32.24 Proxy firewall
A proxy firewall filters at the application layer. Note

Recommandé

Ipsec
IpsecIpsec
IpsecBaidyanath Dutta
 
Covert channels: A Window of Data Exfiltration Opportunities
Covert channels: A Window of Data Exfiltration Opportunities Covert channels: A Window of Data Exfiltration Opportunities
Covert channels: A Window of Data Exfiltration Opportunities Joel Aleburu
 
Wireshark Basics
Wireshark BasicsWireshark Basics
Wireshark BasicsYoram Orzach
 
Chapter 11 laws and ethic information security
Chapter 11 laws and ethic information securityChapter 11 laws and ethic information security
Chapter 11 laws and ethic information securitySyaiful Ahdan
 
SHA
SHASHA
SHASubashiniRathinavel
 
Security in Cyber-Physical Systems
Security in Cyber-Physical SystemsSecurity in Cyber-Physical Systems
Security in Cyber-Physical SystemsBob Marcus
 
Wireshark
WiresharkWireshark
WiresharkSourav Roy
 
MD-5 : Algorithm
MD-5 : AlgorithmMD-5 : Algorithm
MD-5 : AlgorithmSahil Kureel
 

Recommandé

Ipsec
IpsecIpsec
IpsecBaidyanath Dutta
 
Covert channels: A Window of Data Exfiltration Opportunities
Covert channels: A Window of Data Exfiltration Opportunities Covert channels: A Window of Data Exfiltration Opportunities
Covert channels: A Window of Data Exfiltration Opportunities Joel Aleburu
 
Wireshark Basics
Wireshark BasicsWireshark Basics
Wireshark BasicsYoram Orzach
 
Chapter 11 laws and ethic information security
Chapter 11 laws and ethic information securityChapter 11 laws and ethic information security
Chapter 11 laws and ethic information securitySyaiful Ahdan
 
SHA
SHASHA
SHASubashiniRathinavel
 
Security in Cyber-Physical Systems
Security in Cyber-Physical SystemsSecurity in Cyber-Physical Systems
Security in Cyber-Physical SystemsBob Marcus
 
Wireshark
WiresharkWireshark
WiresharkSourav Roy
 
MD-5 : Algorithm
MD-5 : AlgorithmMD-5 : Algorithm
MD-5 : AlgorithmSahil Kureel
 
EC-Council Computer Hacking Forensic Investigator v9
EC-Council Computer Hacking Forensic Investigator v9EC-Council Computer Hacking Forensic Investigator v9
EC-Council Computer Hacking Forensic Investigator v9ITpreneurs
 
Computer Security
Computer SecurityComputer Security
Computer SecurityKlynveld Peat Marwick Goerdeler Global Services
 
Message digest 5
Message digest 5Message digest 5
Message digest 5Tirthika Bandi
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsOldsun
 
Icmp
IcmpIcmp
IcmpAbhishek Kesharwani
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system pptSheetal Verma
 
Packet sniffers
Packet sniffersPacket sniffers
Packet sniffersKunal Thakur
 
Wireshark Tutorial
Wireshark TutorialWireshark Tutorial
Wireshark TutorialCoursenvy.com
 
Ppt.1
Ppt.1Ppt.1
Ppt.1veeresh35
 
Bettercap
BettercapBettercap
BettercapShritesh Bhattarai
 
Data Compression - Text Compression - Run Length Encoding
Data Compression - Text Compression - Run Length EncodingData Compression - Text Compression - Run Length Encoding
Data Compression - Text Compression - Run Length EncodingMANISH T I
 
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An AnalysisSecurity Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysisdadkhah077
 
ip security
ip securityip security
ip securityChirag Patel
 
IP Security
IP SecurityIP Security
IP Securitysahilshah200
 
Steganography
SteganographySteganography
SteganographyPREMKUMAR
 
Information theory
Information theoryInformation theory
Information theoryJanani S
 
Email Forensics
Email ForensicsEmail Forensics
Email ForensicsGol D Roger
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPNAbdullaziz Tagawy
 
Packet sniffer repot
Packet sniffer repotPacket sniffer repot
Packet sniffer repotKunal Thakur
 
Lightweight cryptography
Lightweight cryptographyLightweight cryptography
Lightweight cryptographyShivam Singh
 
WE_shouldDoBusiness
WE_shouldDoBusinessWE_shouldDoBusiness
WE_shouldDoBusinessMeylen Pang
 
Sales And Marketing
Sales And MarketingSales And Marketing
Sales And MarketingVirtual Enterprise
 

Contenu connexe

Tendances

EC-Council Computer Hacking Forensic Investigator v9
EC-Council Computer Hacking Forensic Investigator v9EC-Council Computer Hacking Forensic Investigator v9
EC-Council Computer Hacking Forensic Investigator v9ITpreneurs
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsOldsun
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system pptSheetal Verma
 
Data Compression - Text Compression - Run Length Encoding
Data Compression - Text Compression - Run Length EncodingData Compression - Text Compression - Run Length Encoding
Data Compression - Text Compression - Run Length EncodingMANISH T I
 
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An AnalysisSecurity Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysisdadkhah077
 
Steganography
SteganographySteganography
SteganographyPREMKUMAR
 
Information theory
Information theoryInformation theory
Information theoryJanani S
 
Packet sniffer repot
Packet sniffer repotPacket sniffer repot
Packet sniffer repotKunal Thakur
 
Lightweight cryptography
Lightweight cryptographyLightweight cryptography
Lightweight cryptographyShivam Singh
 

Tendances (20)

EC-Council Computer Hacking Forensic Investigator v9
EC-Council Computer Hacking Forensic Investigator v9EC-Council Computer Hacking Forensic Investigator v9
EC-Council Computer Hacking Forensic Investigator v9
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Message digest 5
Message digest 5Message digest 5
Message digest 5
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Icmp
IcmpIcmp
Icmp
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
 
Packet sniffers
Packet sniffersPacket sniffers
Packet sniffers
 
Wireshark Tutorial
Wireshark TutorialWireshark Tutorial
Wireshark Tutorial
 
Ppt.1
Ppt.1Ppt.1
Ppt.1
 
Bettercap
BettercapBettercap
Bettercap
 
Data Compression - Text Compression - Run Length Encoding
Data Compression - Text Compression - Run Length EncodingData Compression - Text Compression - Run Length Encoding
Data Compression - Text Compression - Run Length Encoding
 
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An AnalysisSecurity Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
 
ip security
ip securityip security
ip security
 
IP Security
IP SecurityIP Security
IP Security
 
Steganography
SteganographySteganography
Steganography
 
Information theory
Information theoryInformation theory
Information theory
 
Email Forensics
Email ForensicsEmail Forensics
Email Forensics
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPN
 
Packet sniffer repot
Packet sniffer repotPacket sniffer repot
Packet sniffer repot
 
Lightweight cryptography
Lightweight cryptographyLightweight cryptography
Lightweight cryptography
 

En vedette

WE_shouldDoBusiness
WE_shouldDoBusinessWE_shouldDoBusiness
WE_shouldDoBusinessMeylen Pang
 
Pepseo C Suivi N°16
Pepseo C Suivi N°16Pepseo C Suivi N°16
Pepseo C Suivi N°16guestdcf28166
 
Ibet planejamento tributa rio marcos neder 2013
Ibet planejamento tributa rio marcos neder 2013Ibet planejamento tributa rio marcos neder 2013
Ibet planejamento tributa rio marcos neder 2013Fernanda Moreira
 
Registration Of Trademark
Registration Of TrademarkRegistration Of Trademark
Registration Of TrademarkStartupwala
 
Slidesharehistory
SlidesharehistorySlidesharehistory
Slidesharehistoryjmclaugh813
 
Domoti Corporate Presentation (eng)
Domoti Corporate Presentation (eng)Domoti Corporate Presentation (eng)
Domoti Corporate Presentation (eng)Domoti S.A.S
 
19.2 britain leads the way
19.2 britain leads the way19.2 britain leads the way
19.2 britain leads the wayMrAguiar
 

En vedette (18)

WE_shouldDoBusiness
WE_shouldDoBusinessWE_shouldDoBusiness
WE_shouldDoBusiness
 
Sales And Marketing
Sales And MarketingSales And Marketing
Sales And Marketing
 
Swin_mag_pg14
Swin_mag_pg14Swin_mag_pg14
Swin_mag_pg14
 
Pepseo C Suivi N°16
Pepseo C Suivi N°16Pepseo C Suivi N°16
Pepseo C Suivi N°16
 
Finance
FinanceFinance
Finance
 
JP STEEL CRAFTS
JP STEEL CRAFTSJP STEEL CRAFTS
JP STEEL CRAFTS
 
Ibet planejamento tributa rio marcos neder 2013
Ibet planejamento tributa rio marcos neder 2013Ibet planejamento tributa rio marcos neder 2013
Ibet planejamento tributa rio marcos neder 2013
 
Winners 2014
Winners 2014Winners 2014
Winners 2014
 
Fashion Designer
Fashion DesignerFashion Designer
Fashion Designer
 
White+Collar+Crime
White+Collar+CrimeWhite+Collar+Crime
White+Collar+Crime
 
Registration Of Trademark
Registration Of TrademarkRegistration Of Trademark
Registration Of Trademark
 
Slidesharehistory
SlidesharehistorySlidesharehistory
Slidesharehistory
 
Domoti Corporate Presentation (eng)
Domoti Corporate Presentation (eng)Domoti Corporate Presentation (eng)
Domoti Corporate Presentation (eng)
 
19.2 britain leads the way
19.2 britain leads the way19.2 britain leads the way
19.2 britain leads the way
 
Development of criminology
Development of criminologyDevelopment of criminology
Development of criminology
 
Ch07
Ch07Ch07
Ch07
 
Grande bouquet
Grande bouquetGrande bouquet
Grande bouquet
 
Trabajo segundo ep
Trabajo segundo epTrabajo segundo ep
Trabajo segundo ep
 

Similaire à Ch32

32 Security in_Internet_IP_SEC_SSL/TLS_PGN_VPN_and_Firewalls
32 Security in_Internet_IP_SEC_SSL/TLS_PGN_VPN_and_Firewalls32 Security in_Internet_IP_SEC_SSL/TLS_PGN_VPN_and_Firewalls
32 Security in_Internet_IP_SEC_SSL/TLS_PGN_VPN_and_FirewallsAhmar Hashmi
 
1643129870-internet-security.pptx
1643129870-internet-security.pptx1643129870-internet-security.pptx
1643129870-internet-security.pptxMARIA401634
 
Network security on Cisco routers and switches
Network security on Cisco routers and switchesNetwork security on Cisco routers and switches
Network security on Cisco routers and switchesAlexandros Britzolakis
 
CCNA 1 Routing and Switching v5.0 Chapter 7
CCNA 1 Routing and Switching v5.0 Chapter 7CCNA 1 Routing and Switching v5.0 Chapter 7
CCNA 1 Routing and Switching v5.0 Chapter 7Nil Menon
 
Chapter 07 - Transport Layer
Chapter 07 - Transport LayerChapter 07 - Transport Layer
Chapter 07 - Transport LayerYaser Rahmati
 
Chapter 7 : Transport layer
Chapter 7 : Transport layerChapter 7 : Transport layer
Chapter 7 : Transport layerteknetir
 
CCNAv5 - S1: Chapter 7 - Transport Layer
CCNAv5 - S1: Chapter 7 - Transport LayerCCNAv5 - S1: Chapter 7 - Transport Layer
CCNAv5 - S1: Chapter 7 - Transport LayerVuz Dở Hơi
 
محمد مشاري
محمد مشاريمحمد مشاري
محمد مشاريmaherrrrz
 
Ccna v5-S1-Chapter 7
Ccna v5-S1-Chapter 7Ccna v5-S1-Chapter 7
Ccna v5-S1-Chapter 7Hamza Malik
 
CCNA RS_NB - Chapter 5
CCNA RS_NB - Chapter 5CCNA RS_NB - Chapter 5
CCNA RS_NB - Chapter 5Irsandi Hasan
 
CCNA 1 Routing and Switching v5.0 Chapter 3
CCNA 1 Routing and Switching v5.0 Chapter 3CCNA 1 Routing and Switching v5.0 Chapter 3
CCNA 1 Routing and Switching v5.0 Chapter 3Nil Menon
 
IS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email SecurityIS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email SecuritySarthak Patel
 
CCNA RS_ITN - Chapter 3
CCNA RS_ITN - Chapter 3CCNA RS_ITN - Chapter 3
CCNA RS_ITN - Chapter 3Irsandi Hasan
 

Similaire à Ch32 (20)

32 Security in_Internet_IP_SEC_SSL/TLS_PGN_VPN_and_Firewalls
32 Security in_Internet_IP_SEC_SSL/TLS_PGN_VPN_and_Firewalls32 Security in_Internet_IP_SEC_SSL/TLS_PGN_VPN_and_Firewalls
32 Security in_Internet_IP_SEC_SSL/TLS_PGN_VPN_and_Firewalls
 
Ch 31
Ch 31Ch 31
Ch 31
 
1643129870-internet-security.pptx
1643129870-internet-security.pptx1643129870-internet-security.pptx
1643129870-internet-security.pptx
 
IS - SSL
IS - SSLIS - SSL
IS - SSL
 
Chap 02 osi model
Chap 02 osi modelChap 02 osi model
Chap 02 osi model
 
Network security on Cisco routers and switches
Network security on Cisco routers and switchesNetwork security on Cisco routers and switches
Network security on Cisco routers and switches
 
CCNA 1 Routing and Switching v5.0 Chapter 7
CCNA 1 Routing and Switching v5.0 Chapter 7CCNA 1 Routing and Switching v5.0 Chapter 7
CCNA 1 Routing and Switching v5.0 Chapter 7
 
Chapter 07 - Transport Layer
Chapter 07 - Transport LayerChapter 07 - Transport Layer
Chapter 07 - Transport Layer
 
Chapter 7 : Transport layer
Chapter 7 : Transport layerChapter 7 : Transport layer
Chapter 7 : Transport layer
 
CCNAv5 - S1: Chapter 7 - Transport Layer
CCNAv5 - S1: Chapter 7 - Transport LayerCCNAv5 - S1: Chapter 7 - Transport Layer
CCNAv5 - S1: Chapter 7 - Transport Layer
 
محمد مشاري
محمد مشاريمحمد مشاري
محمد مشاري
 
Internet Protocol Security as the Network Cryptography System
Internet Protocol Security as the Network Cryptography SystemInternet Protocol Security as the Network Cryptography System
Internet Protocol Security as the Network Cryptography System
 
Ccna v5-S1-Chapter 7
Ccna v5-S1-Chapter 7Ccna v5-S1-Chapter 7
Ccna v5-S1-Chapter 7
 
I psecurity
I psecurityI psecurity
I psecurity
 
CCNA RS_NB - Chapter 5
CCNA RS_NB - Chapter 5CCNA RS_NB - Chapter 5
CCNA RS_NB - Chapter 5
 
CCNA 1 Routing and Switching v5.0 Chapter 3
CCNA 1 Routing and Switching v5.0 Chapter 3CCNA 1 Routing and Switching v5.0 Chapter 3
CCNA 1 Routing and Switching v5.0 Chapter 3
 
Network IP Security.pdf
Network IP Security.pdfNetwork IP Security.pdf
Network IP Security.pdf
 
Ip security
Ip security Ip security
Ip security
 
IS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email SecurityIS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email Security
 
CCNA RS_ITN - Chapter 3
CCNA RS_ITN - Chapter 3CCNA RS_ITN - Chapter 3
CCNA RS_ITN - Chapter 3
 

Plus de Wayne Jones Jnr

Chapter 26 - Remote Logging, Electronic Mail & File Transfer
Chapter 26 - Remote Logging, Electronic Mail & File TransferChapter 26 - Remote Logging, Electronic Mail & File Transfer
Chapter 26 - Remote Logging, Electronic Mail & File TransferWayne Jones Jnr
 
Operating System Concepts - Ch05
Operating System Concepts - Ch05Operating System Concepts - Ch05
Operating System Concepts - Ch05Wayne Jones Jnr
 

Plus de Wayne Jones Jnr (20)

Chapter 26 - Remote Logging, Electronic Mail & File Transfer
Chapter 26 - Remote Logging, Electronic Mail & File TransferChapter 26 - Remote Logging, Electronic Mail & File Transfer
Chapter 26 - Remote Logging, Electronic Mail & File Transfer
 
Ch25
Ch25Ch25
Ch25
 
Ch24
Ch24Ch24
Ch24
 
Ch23
Ch23Ch23
Ch23
 
Ch22
Ch22Ch22
Ch22
 
Ch21
Ch21Ch21
Ch21
 
Ch20
Ch20Ch20
Ch20
 
Ch19
Ch19Ch19
Ch19
 
Ch18
Ch18Ch18
Ch18
 
Ch17
Ch17Ch17
Ch17
 
Ch16
Ch16Ch16
Ch16
 
Ch15
Ch15Ch15
Ch15
 
Ch14
Ch14Ch14
Ch14
 
Ch13
Ch13Ch13
Ch13
 
Ch12
Ch12Ch12
Ch12
 
Ch10
Ch10Ch10
Ch10
 
Ch09
Ch09Ch09
Ch09
 
Ch08
Ch08Ch08
Ch08
 
Ch06
Ch06Ch06
Ch06
 
Operating System Concepts - Ch05
Operating System Concepts - Ch05Operating System Concepts - Ch05
Operating System Concepts - Ch05
 

Dernier

GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024SynarionITSolutions
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 

Dernier (20)

GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 

Ch32

  • 1. Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
  • 2. Figure 32.1 Common structure of three security protocols
  • 3. 32-1 IPSecurity (IPSec) IPSecurity (IPSec) is a collection of protocols designed by the Internet Engineering Task Force (IETF) to provide security for a packet at the network level. Two Modes Two Security Protocols Security Association Internet Key Exchange (IKE) Virtual Private Network Topics discussed in this section:
  • 4. Figure 32.2 TCP/IP protocol suite and IPSec
  • 5. Figure 32.3 Transport mode and tunnel modes of IPSec protocol
  • 6. IPSec in the transport mode does not protect the IP header; it only protects the information coming from the transport layer. Note
  • 7. Figure 32.4 Transport mode in action
  • 8. Figure 32.5 Tunnel mode in action
  • 9. IPSec in tunnel mode protects the original IP header. Note
  • 10. Figure 32.6 Authentication Header (AH) Protocol in transport mode
  • 11. The AH Protocol provides source authentication and data integrity, but not privacy. Note
  • 12. Figure 32.7 Encapsulating Security Payload (ESP) Protocol in transport mode
  • 13. ESP provides source authentication, data integrity, and privacy. Note
  • 14. Table 32.1 IPSec services
  • 15. Figure 32.8 Simple inbound and outbound security associations
  • 16. IKE creates SAs for IPSec. Note
  • 17. Figure 32.9 IKE components
  • 18. Table 32.2 Addresses for private networks
  • 19. Figure 32.10 Private network
  • 20. Figure 32.11 Hybrid network
  • 21. Figure 32.12 Virtual private network
  • 22. Figure 32.13 Addressing in a VPN
  • 23. 32-2 SSL/TLS Two protocols are dominant today for providing security at the transport layer: the Secure Sockets Layer (SSL) Protocol and the Transport Layer Security (TLS) Protocol. The latter is actually an IETF version of the former. SSL Services Security Parameters Sessions and Connections Four Protocols Transport Layer Security Topics discussed in this section:
  • 24. Figure 32.14 Location of SSL and TLS in the Internet model
  • 25. Table 32.3 SSL cipher suite list
  • 26. Table 32.3 SSL cipher suite list ( continued )
  • 27. The client and the server have six different cryptography secrets. Note
  • 28. Figure 32.15 Creation of cryptographic secrets in SSL
  • 29. Figure 32.16 Four SSL protocols
  • 30. Figure 32.17 Handshake Protocol
  • 31. Figure 32.18 Processing done by the Record Protocol
  • 32. 32-3 PGP One of the protocols to provide security at the application layer is Pretty Good Privacy (PGP). PGP is designed to create authenticated and confidential e-mails. Security Parameters Services A Scenario PGP Algorithms Key Rings PGP Certificates Topics discussed in this section:
  • 33. Figure 32.19 Position of PGP in the TCP/IP protocol suite
  • 34. In PGP, the sender of the message needs to include the identifiers of the algorithms used in the message as well as the values of the keys. Note
  • 35. Figure 32.20 A scenario in which an e-mail message is authenticated and encrypted
  • 36. Table 32.4 PGP Algorithms
  • 37. Figure 32.21 Rings
  • 38. In PGP, there can be multiple paths from fully or partially trusted authorities to any subject. Note
  • 39. 32-4 FIREWALLS All previous security measures cannot prevent Eve from sending a harmful message to a system. To control access to a system, we need firewalls. A firewall is a device installed between the internal network of an organization and the rest of the Internet. It is designed to forward some packets and filter (not forward) others. Packet-Filter Firewall Proxy Firewall Topics discussed in this section:
  • 40. Figure 32.22 Firewall
  • 41. Figure 32.23 Packet-filter firewall
  • 42. A packet-filter firewall filters at the network or transport layer. Note
  • 43. Figure 32.24 Proxy firewall
  • 44. A proxy firewall filters at the application layer. Note