* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download VPNs, PKIs, ISSs, SSLs with narration
Cryptography wikipedia , lookup
Deep packet inspection wikipedia , lookup
Authentication wikipedia , lookup
Next-Generation Secure Computing Base wikipedia , lookup
Airport security wikipedia , lookup
Cyber-security regulation wikipedia , lookup
Computer and network surveillance wikipedia , lookup
Unix security wikipedia , lookup
Security printing wikipedia , lookup
Diffie–Hellman key exchange wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Distributed firewall wikipedia , lookup
Computer security wikipedia , lookup
Security and safety features new to Windows Vista wikipedia , lookup
Wireless security wikipedia , lookup
Transport Layer Security wikipedia , lookup
Mobile security wikipedia , lookup
Post-quantum cryptography wikipedia , lookup
Web of trust wikipedia , lookup
Cybercrime countermeasures wikipedia , lookup
Security-focused operating system wikipedia , lookup
VPNs IETF developing IPsec security standards • IP security • At the internet layer • Protects all messages at the transport and application layers E-Mail, WWW, Database, etc. TCP UDP IPsec VPNs IPsec Transport Mode • End-to-end security for hosts Local Network Secure Communication Internet Local Network VPNs IPsec Tunnel Mode • IPsec server at each site • Secure communication between sites Local Network Secure Communication Internet Local Network IPsec Server VPNs IPsec Modes Can be Combined • End-to-end transport mode connection • Within site-to-site tunnel connection Local Network Tunnel Mode Internet Local Network Transport Mode VPNs Another Security System for VPNs is the Point-to-Point Tunneling Protocol (PPTP) • For dial-up connections, based on PPP • Connects user with securely to a remote access server at a site Dial-Up Connection PPTP Connection Internet Local Network Remote Access Server PKIs To use public key methods, an organization must establish a comprehensive Public Key Infrastructure (PKI) • A PKI automates most aspects of using public key encryption and authentication • Uses a PKI Server PKI Server PKIs PKI Server Creates Public KeyPrivate Key Pairs • Distributes private keys to applicants securely • Often, private keys are embedded in delivered software Private Key PKI Server PKIs PKI Server Provides CRL Checks • Distributes digital certificates to verifiers • Checks certificate revocation list before sending digital certificates Digital Certificate PKI Server PKIs CRL (Certificate Revocation List) Checks • If applicant gives verifier a digital certificate, • The verifier must check the certificate revocation list CRL PKI Server OK? OK or Revoked Integrated Security System When two parties communicate … • Their software usually handles the details • First, negotiate security methods • Then, authenticate one another • Then, exchange symmetric session key • Then can communicate securely using symmetric session key and messageby-message authentication SSL Integrated Security System SSL • Secure Sockets Layer • Developed by Netscape TLS (now) • Netscape gave IETF control over SSL • IETF renamed it TLS (Transport Layer Security) • Usually still called SSL Location of SSL Below the Application Layer • IETF views it at the transport layer • Protects all application exchanges • Not limited to any single application WWW transactions, e-mail, etc. E-Mail WWW SSL E-Mail WWW SSL SSL Operation Browser & Webserver Software Implement SSL • User can be unaware SSL Operation SSL ISS Process • Two sides negotiate security parameters • Webserver authenticates itself • Browser may authenticate itself but rarely does • Browser selects a symmetric session key, sends to webserver • Adds a digital signature and encrypts all messages with the symmetric key Importance of SSL Supported by Almost All Browsers • De facto standard for Internet application security Problems • Relatively weak security • Does not involve security on merchant server • Does not validate credit card numbers • Viewed as an available but temporary approach to consumer security Other ISSs SSL is merely an example integrated security system Many other ISSs exist • IPsec • PPP and PPTP • Etc. Other ISSs All ISSs have the same general steps • Negotiate security parameters • Authenticate the partners • Exchange a session key • Communicate with message-bymessage privacy, authentication, and message integrity