SlideShare uma empresa Scribd logo

Ch32

Wayne Jones Jnr
Wayne Jones Jnr
Tecnologia
1 de 44
Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Figure 32.1 Common structure of three security protocols
32-1 IPSecurity (IPSec) IPSecurity (IPSec) is a collection of protocols designed by the Internet Engineering Task Force (IETF) to provide security for a packet at the network level. Two Modes Two Security Protocols Security Association Internet Key Exchange (IKE) Virtual Private Network Topics discussed in this section:
Figure 32.2 TCP/IP protocol suite and IPSec
Figure 32.3 Transport mode and tunnel modes of IPSec protocol
IPSec in the transport mode does not protect the IP header; it only protects the information coming from the transport layer. Note
Figure 32.4 Transport mode in action
Figure 32.5 Tunnel mode in action
IPSec in tunnel mode protects the original IP header. Note
Figure 32.6 Authentication Header (AH) Protocol in transport mode
The AH Protocol provides source authentication and data integrity, but not privacy. Note
Figure 32.7 Encapsulating Security Payload (ESP) Protocol in transport mode
ESP provides source authentication, data integrity, and privacy. Note
Table 32.1 IPSec services
Figure 32.8 Simple inbound and outbound security associations
IKE creates SAs for IPSec. Note
Figure 32.9 IKE components
Table 32.2 Addresses for private networks
Figure 32.10 Private network
Figure 32.11 Hybrid network
Figure 32.12 Virtual private network
Figure 32.13 Addressing in a VPN
32-2 SSL/TLS Two protocols are dominant today for providing security at the transport layer: the Secure Sockets Layer (SSL) Protocol and the Transport Layer Security (TLS) Protocol. The latter is actually an IETF version of the former. SSL Services Security Parameters Sessions and Connections Four Protocols Transport Layer Security Topics discussed in this section:
Figure 32.14 Location of SSL and TLS in the Internet model
Table 32.3 SSL cipher suite list
Table 32.3 SSL cipher suite list ( continued )
The client and the server have six different cryptography secrets. Note
Figure 32.15 Creation of cryptographic secrets in SSL
Figure 32.16 Four SSL protocols
Figure 32.17 Handshake Protocol
Figure 32.18 Processing done by the Record Protocol
32-3 PGP One of the protocols to provide security at the application layer is Pretty Good Privacy (PGP). PGP is designed to create authenticated and confidential e-mails. Security Parameters Services A Scenario PGP Algorithms Key Rings PGP Certificates Topics discussed in this section:
Figure 32.19 Position of PGP in the TCP/IP protocol suite
In PGP, the sender of the message needs to include the identifiers of the algorithms used in the message as well as the values of the keys. Note
Figure 32.20 A scenario in which an e-mail message is authenticated and encrypted
Table 32.4 PGP Algorithms
Figure 32.21 Rings
In PGP, there can be multiple paths from fully or partially trusted authorities to any subject. Note
32-4 FIREWALLS All previous security measures cannot prevent Eve from sending a harmful message to a system. To control access to a system, we need firewalls. A firewall is a device installed between the internal network of an organization and the rest of the Internet. It is designed to forward some packets and filter (not forward) others. Packet-Filter Firewall Proxy Firewall Topics discussed in this section:
Figure 32.22 Firewall
Figure 32.23 Packet-filter firewall
A packet-filter firewall filters at the network or transport layer. Note
Figure 32.24 Proxy firewall
A proxy firewall filters at the application layer. Note

Recomendados

Ipsec
IpsecIpsec
Ipsec
Baidyanath Dutta
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
User datagram protocol
User datagram protocolUser datagram protocol
User datagram protocol
Mohd Arif
 
IP Security
IP SecurityIP Security
IP Security
Keshab Nath
 
Cryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherCryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipher
Niloy Biswas
 
IPSec (Internet Protocol Security) - PART 1
IPSec (Internet Protocol Security) - PART 1IPSec (Internet Protocol Security) - PART 1
IPSec (Internet Protocol Security) - PART 1
Shobhit Sharma
 
Trusted systems
Trusted systemsTrusted systems
Trusted systems
ahmad abdelhafeez
 
Ipsec
IpsecIpsec
Ipsec
Rupesh Mishra
 

Recomendados

Ipsec
IpsecIpsec
Ipsec
Baidyanath Dutta
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
User datagram protocol
User datagram protocolUser datagram protocol
User datagram protocol
Mohd Arif
 
IP Security
IP SecurityIP Security
IP Security
Keshab Nath
 
Cryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherCryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipher
Niloy Biswas
 
IPSec (Internet Protocol Security) - PART 1
IPSec (Internet Protocol Security) - PART 1IPSec (Internet Protocol Security) - PART 1
IPSec (Internet Protocol Security) - PART 1
Shobhit Sharma
 
Trusted systems
Trusted systemsTrusted systems
Trusted systems
ahmad abdelhafeez
 
Ipsec
IpsecIpsec
Ipsec
Rupesh Mishra
 
An introduction to X.509 certificates
An introduction to X.509 certificatesAn introduction to X.509 certificates
An introduction to X.509 certificates
Stephane Potier
 
Hashing
HashingHashing
Hashing
Hossain Md Shakhawat
 
MD5
MD5MD5
MD5
rokham khawaja
 
TCP/IP 3-way Handshake
TCP/IP 3-way Handshake TCP/IP 3-way Handshake
TCP/IP 3-way Handshake
Alok Tripathi
 
Hash Function
Hash FunctionHash Function
Hash Function
Siddharth Srivastava
 
Data compression
Data compressionData compression
Data compression
VIKAS SINGH BHADOURIA
 
Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its Uses
Mohsin Ali
 
Idea(international data encryption algorithm)
Idea(international data encryption algorithm)Idea(international data encryption algorithm)
Idea(international data encryption algorithm)
SAurabh PRajapati
 
Snmp
SnmpSnmp
Snmp
hetaljadav
 
UDP - User Datagram Protocol
UDP - User Datagram ProtocolUDP - User Datagram Protocol
UDP - User Datagram Protocol
Peter R. Egli
 
Internet Key Exchange Protocol
Internet Key Exchange ProtocolInternet Key Exchange Protocol
Internet Key Exchange Protocol
Prateek Singh Bapna
 
IP Sec - Basic Concepts
IP Sec - Basic ConceptsIP Sec - Basic Concepts
IP Sec - Basic Concepts
Avadhesh Agrawal
 
MQTT - MQ Telemetry Transport for Message Queueing
MQTT - MQ Telemetry Transport for Message QueueingMQTT - MQ Telemetry Transport for Message Queueing
MQTT - MQ Telemetry Transport for Message Queueing
Peter R. Egli
 
MPLS Presentation
MPLS PresentationMPLS Presentation
MPLS Presentation
Unni Kannan VijayaKumar
 
Lecture 15
Lecture 15Lecture 15
Lecture 15
Joe Christensen
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6
limsh
 
Cs8792 cns - unit iv
Cs8792 cns - unit ivCs8792 cns - unit iv
Cs8792 cns - unit iv
ArthyR3
 
Ipsec vpn v0.1
Ipsec vpn v0.1Ipsec vpn v0.1
Ipsec vpn v0.1
Sankaranarayanan Subramanian
 
Hash crypto
Hash cryptoHash crypto
Hash crypto
Tony Nguyen
 
IP Security
IP SecurityIP Security
IP Security
Dr.Florence Dayana
 
WE_shouldDoBusiness
WE_shouldDoBusinessWE_shouldDoBusiness
WE_shouldDoBusiness
Meylen Pang
 
Sales And Marketing
Sales And MarketingSales And Marketing
Sales And Marketing
Virtual Enterprise
 

Mais conteúdo relacionado

Mais procurados

MQTT - MQ Telemetry Transport for Message Queueing
MQTT - MQ Telemetry Transport for Message QueueingMQTT - MQ Telemetry Transport for Message Queueing
MQTT - MQ Telemetry Transport for Message Queueing
Peter R. Egli
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6
limsh
 

Mais procurados (20)

An introduction to X.509 certificates
An introduction to X.509 certificatesAn introduction to X.509 certificates
An introduction to X.509 certificates
 
Hashing
HashingHashing
Hashing
 
MD5
MD5MD5
MD5
 
TCP/IP 3-way Handshake
TCP/IP 3-way Handshake TCP/IP 3-way Handshake
TCP/IP 3-way Handshake
 
Hash Function
Hash FunctionHash Function
Hash Function
 
Data compression
Data compressionData compression
Data compression
 
Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its Uses
 
Idea(international data encryption algorithm)
Idea(international data encryption algorithm)Idea(international data encryption algorithm)
Idea(international data encryption algorithm)
 
Snmp
SnmpSnmp
Snmp
 
UDP - User Datagram Protocol
UDP - User Datagram ProtocolUDP - User Datagram Protocol
UDP - User Datagram Protocol
 
Internet Key Exchange Protocol
Internet Key Exchange ProtocolInternet Key Exchange Protocol
Internet Key Exchange Protocol
 
IP Sec - Basic Concepts
IP Sec - Basic ConceptsIP Sec - Basic Concepts
IP Sec - Basic Concepts
 
MQTT - MQ Telemetry Transport for Message Queueing
MQTT - MQ Telemetry Transport for Message QueueingMQTT - MQ Telemetry Transport for Message Queueing
MQTT - MQ Telemetry Transport for Message Queueing
 
MPLS Presentation
MPLS PresentationMPLS Presentation
MPLS Presentation
 
Lecture 15
Lecture 15Lecture 15
Lecture 15
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6
 
Cs8792 cns - unit iv
Cs8792 cns - unit ivCs8792 cns - unit iv
Cs8792 cns - unit iv
 
Ipsec vpn v0.1
Ipsec vpn v0.1Ipsec vpn v0.1
Ipsec vpn v0.1
 
Hash crypto
Hash cryptoHash crypto
Hash crypto
 
IP Security
IP SecurityIP Security
IP Security
 

Destaque

WE_shouldDoBusiness
WE_shouldDoBusinessWE_shouldDoBusiness
WE_shouldDoBusiness
Meylen Pang
 
Pepseo C Suivi N°16
Pepseo C Suivi N°16Pepseo C Suivi N°16
Pepseo C Suivi N°16
guestdcf28166
 
Ibet planejamento tributa rio marcos neder 2013
Ibet planejamento tributa rio marcos neder 2013Ibet planejamento tributa rio marcos neder 2013
Ibet planejamento tributa rio marcos neder 2013
Fernanda Moreira
 
19.2 britain leads the way
19.2 britain leads the way19.2 britain leads the way
19.2 britain leads the way
MrAguiar
 

Destaque (18)

WE_shouldDoBusiness
WE_shouldDoBusinessWE_shouldDoBusiness
WE_shouldDoBusiness
 
Sales And Marketing
Sales And MarketingSales And Marketing
Sales And Marketing
 
Swin_mag_pg14
Swin_mag_pg14Swin_mag_pg14
Swin_mag_pg14
 
Pepseo C Suivi N°16
Pepseo C Suivi N°16Pepseo C Suivi N°16
Pepseo C Suivi N°16
 
Finance
FinanceFinance
Finance
 
JP STEEL CRAFTS
JP STEEL CRAFTSJP STEEL CRAFTS
JP STEEL CRAFTS
 
Ibet planejamento tributa rio marcos neder 2013
Ibet planejamento tributa rio marcos neder 2013Ibet planejamento tributa rio marcos neder 2013
Ibet planejamento tributa rio marcos neder 2013
 
Winners 2014
Winners 2014Winners 2014
Winners 2014
 
Fashion Designer
Fashion DesignerFashion Designer
Fashion Designer
 
White+Collar+Crime
White+Collar+CrimeWhite+Collar+Crime
White+Collar+Crime
 
Registration Of Trademark
Registration Of TrademarkRegistration Of Trademark
Registration Of Trademark
 
Slidesharehistory
SlidesharehistorySlidesharehistory
Slidesharehistory
 
Domoti Corporate Presentation (eng)
Domoti Corporate Presentation (eng)Domoti Corporate Presentation (eng)
Domoti Corporate Presentation (eng)
 
19.2 britain leads the way
19.2 britain leads the way19.2 britain leads the way
19.2 britain leads the way
 
Development of criminology
Development of criminologyDevelopment of criminology
Development of criminology
 
Ch07
Ch07Ch07
Ch07
 
Grande bouquet
Grande bouquetGrande bouquet
Grande bouquet
 
Trabajo segundo ep
Trabajo segundo epTrabajo segundo ep
Trabajo segundo ep
 

Semelhante a Ch32

Chapter 07 - Transport Layer
Chapter 07 - Transport LayerChapter 07 - Transport Layer
Chapter 07 - Transport Layer
Yaser Rahmati
 
محمد مشاري
محمد مشاريمحمد مشاري
محمد مشاري
maherrrrz
 
Internet Protocol Security as the Network Cryptography System
Internet Protocol Security as the Network Cryptography SystemInternet Protocol Security as the Network Cryptography System
Internet Protocol Security as the Network Cryptography System
Universitas Pembangunan Panca Budi
 
IS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email SecurityIS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email Security
Sarthak Patel
 

Semelhante a Ch32 (20)

32 Security in_Internet_IP_SEC_SSL/TLS_PGN_VPN_and_Firewalls
32 Security in_Internet_IP_SEC_SSL/TLS_PGN_VPN_and_Firewalls32 Security in_Internet_IP_SEC_SSL/TLS_PGN_VPN_and_Firewalls
32 Security in_Internet_IP_SEC_SSL/TLS_PGN_VPN_and_Firewalls
 
Ch 31
Ch 31Ch 31
Ch 31
 
1643129870-internet-security.pptx
1643129870-internet-security.pptx1643129870-internet-security.pptx
1643129870-internet-security.pptx
 
IS - SSL
IS - SSLIS - SSL
IS - SSL
 
Chap 02 osi model
Chap 02 osi modelChap 02 osi model
Chap 02 osi model
 
Network security on Cisco routers and switches
Network security on Cisco routers and switchesNetwork security on Cisco routers and switches
Network security on Cisco routers and switches
 
CCNA 1 Routing and Switching v5.0 Chapter 7
CCNA 1 Routing and Switching v5.0 Chapter 7CCNA 1 Routing and Switching v5.0 Chapter 7
CCNA 1 Routing and Switching v5.0 Chapter 7
 
Chapter 07 - Transport Layer
Chapter 07 - Transport LayerChapter 07 - Transport Layer
Chapter 07 - Transport Layer
 
Chapter 7 : Transport layer
Chapter 7 : Transport layerChapter 7 : Transport layer
Chapter 7 : Transport layer
 
CCNAv5 - S1: Chapter 7 - Transport Layer
CCNAv5 - S1: Chapter 7 - Transport LayerCCNAv5 - S1: Chapter 7 - Transport Layer
CCNAv5 - S1: Chapter 7 - Transport Layer
 
محمد مشاري
محمد مشاريمحمد مشاري
محمد مشاري
 
Internet Protocol Security as the Network Cryptography System
Internet Protocol Security as the Network Cryptography SystemInternet Protocol Security as the Network Cryptography System
Internet Protocol Security as the Network Cryptography System
 
Ccna v5-S1-Chapter 7
Ccna v5-S1-Chapter 7Ccna v5-S1-Chapter 7
Ccna v5-S1-Chapter 7
 
I psecurity
I psecurityI psecurity
I psecurity
 
CCNA RS_NB - Chapter 5
CCNA RS_NB - Chapter 5CCNA RS_NB - Chapter 5
CCNA RS_NB - Chapter 5
 
CCNA 1 Routing and Switching v5.0 Chapter 3
CCNA 1 Routing and Switching v5.0 Chapter 3CCNA 1 Routing and Switching v5.0 Chapter 3
CCNA 1 Routing and Switching v5.0 Chapter 3
 
Network IP Security.pdf
Network IP Security.pdfNetwork IP Security.pdf
Network IP Security.pdf
 
Ip security
Ip security Ip security
Ip security
 
IS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email SecurityIS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email Security
 
CCNA RS_ITN - Chapter 3
CCNA RS_ITN - Chapter 3CCNA RS_ITN - Chapter 3
CCNA RS_ITN - Chapter 3
 

Mais de Wayne Jones Jnr

Chapter 26 - Remote Logging, Electronic Mail & File Transfer
Chapter 26 - Remote Logging, Electronic Mail & File TransferChapter 26 - Remote Logging, Electronic Mail & File Transfer
Chapter 26 - Remote Logging, Electronic Mail & File Transfer
Wayne Jones Jnr
 
Operating System Concepts - Ch05
Operating System Concepts - Ch05Operating System Concepts - Ch05
Operating System Concepts - Ch05
Wayne Jones Jnr
 

Mais de Wayne Jones Jnr (20)

Chapter 26 - Remote Logging, Electronic Mail & File Transfer
Chapter 26 - Remote Logging, Electronic Mail & File TransferChapter 26 - Remote Logging, Electronic Mail & File Transfer
Chapter 26 - Remote Logging, Electronic Mail & File Transfer
 
Ch25
Ch25Ch25
Ch25
 
Ch24
Ch24Ch24
Ch24
 
Ch23
Ch23Ch23
Ch23
 
Ch22
Ch22Ch22
Ch22
 
Ch21
Ch21Ch21
Ch21
 
Ch20
Ch20Ch20
Ch20
 
Ch19
Ch19Ch19
Ch19
 
Ch18
Ch18Ch18
Ch18
 
Ch17
Ch17Ch17
Ch17
 
Ch16
Ch16Ch16
Ch16
 
Ch15
Ch15Ch15
Ch15
 
Ch14
Ch14Ch14
Ch14
 
Ch13
Ch13Ch13
Ch13
 
Ch12
Ch12Ch12
Ch12
 
Ch10
Ch10Ch10
Ch10
 
Ch09
Ch09Ch09
Ch09
 
Ch08
Ch08Ch08
Ch08
 
Ch06
Ch06Ch06
Ch06
 
Operating System Concepts - Ch05
Operating System Concepts - Ch05Operating System Concepts - Ch05
Operating System Concepts - Ch05
 

Último

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 

Último (20)

presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 

Ch32

  • 1. Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
  • 2. Figure 32.1 Common structure of three security protocols
  • 3. 32-1 IPSecurity (IPSec) IPSecurity (IPSec) is a collection of protocols designed by the Internet Engineering Task Force (IETF) to provide security for a packet at the network level. Two Modes Two Security Protocols Security Association Internet Key Exchange (IKE) Virtual Private Network Topics discussed in this section:
  • 4. Figure 32.2 TCP/IP protocol suite and IPSec
  • 5. Figure 32.3 Transport mode and tunnel modes of IPSec protocol
  • 6. IPSec in the transport mode does not protect the IP header; it only protects the information coming from the transport layer. Note
  • 7. Figure 32.4 Transport mode in action
  • 8. Figure 32.5 Tunnel mode in action
  • 9. IPSec in tunnel mode protects the original IP header. Note
  • 10. Figure 32.6 Authentication Header (AH) Protocol in transport mode
  • 11. The AH Protocol provides source authentication and data integrity, but not privacy. Note
  • 12. Figure 32.7 Encapsulating Security Payload (ESP) Protocol in transport mode
  • 13. ESP provides source authentication, data integrity, and privacy. Note
  • 14. Table 32.1 IPSec services
  • 15. Figure 32.8 Simple inbound and outbound security associations
  • 16. IKE creates SAs for IPSec. Note
  • 17. Figure 32.9 IKE components
  • 18. Table 32.2 Addresses for private networks
  • 19. Figure 32.10 Private network
  • 20. Figure 32.11 Hybrid network
  • 21. Figure 32.12 Virtual private network
  • 22. Figure 32.13 Addressing in a VPN
  • 23. 32-2 SSL/TLS Two protocols are dominant today for providing security at the transport layer: the Secure Sockets Layer (SSL) Protocol and the Transport Layer Security (TLS) Protocol. The latter is actually an IETF version of the former. SSL Services Security Parameters Sessions and Connections Four Protocols Transport Layer Security Topics discussed in this section:
  • 24. Figure 32.14 Location of SSL and TLS in the Internet model
  • 25. Table 32.3 SSL cipher suite list
  • 26. Table 32.3 SSL cipher suite list ( continued )
  • 27. The client and the server have six different cryptography secrets. Note
  • 28. Figure 32.15 Creation of cryptographic secrets in SSL
  • 29. Figure 32.16 Four SSL protocols
  • 30. Figure 32.17 Handshake Protocol
  • 31. Figure 32.18 Processing done by the Record Protocol
  • 32. 32-3 PGP One of the protocols to provide security at the application layer is Pretty Good Privacy (PGP). PGP is designed to create authenticated and confidential e-mails. Security Parameters Services A Scenario PGP Algorithms Key Rings PGP Certificates Topics discussed in this section:
  • 33. Figure 32.19 Position of PGP in the TCP/IP protocol suite
  • 34. In PGP, the sender of the message needs to include the identifiers of the algorithms used in the message as well as the values of the keys. Note
  • 35. Figure 32.20 A scenario in which an e-mail message is authenticated and encrypted
  • 36. Table 32.4 PGP Algorithms
  • 37. Figure 32.21 Rings
  • 38. In PGP, there can be multiple paths from fully or partially trusted authorities to any subject. Note
  • 39. 32-4 FIREWALLS All previous security measures cannot prevent Eve from sending a harmful message to a system. To control access to a system, we need firewalls. A firewall is a device installed between the internal network of an organization and the rest of the Internet. It is designed to forward some packets and filter (not forward) others. Packet-Filter Firewall Proxy Firewall Topics discussed in this section:
  • 40. Figure 32.22 Firewall
  • 41. Figure 32.23 Packet-filter firewall
  • 42. A packet-filter firewall filters at the network or transport layer. Note
  • 43. Figure 32.24 Proxy firewall
  • 44. A proxy firewall filters at the application layer. Note