Download Network Security

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
Document related concepts

Information privacy law wikipedia , lookup

Unix security wikipedia , lookup

Trusted Computing wikipedia , lookup

Deep packet inspection wikipedia , lookup

Quantum key distribution wikipedia , lookup

Mobile security wikipedia , lookup

Security-focused operating system wikipedia , lookup

One-time pad wikipedia , lookup

Computer security wikipedia , lookup

Public-key cryptography wikipedia , lookup

Wireless security wikipedia , lookup

Certificate authority wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Security and safety features new to Windows Vista wikipedia , lookup

Authentication wikipedia , lookup

Electronic authentication wikipedia , lookup

Cryptanalysis wikipedia , lookup

Next-Generation Secure Computing Base wikipedia , lookup

Diffie–Hellman key exchange wikipedia , lookup

Pretty Good Privacy wikipedia , lookup

Web of trust wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Digital signature wikipedia , lookup

Distributed firewall wikipedia , lookup

Cryptography wikipedia , lookup

3-D Secure wikipedia , lookup

Post-quantum cryptography wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

History of cryptography wikipedia , lookup

Transcript 
Network Security
Krerk Piromsopa.
Department of Computer Engineering.
Chulalongkorn University.
Krerk Piromsopa.
Network Security
• Communicate securely.
– Secrecy (Understand only by the sender and intended)
– Authentication (Confirm Identity of other party involved)
– Message integrity (The message is not altered)
• Passive Intruder, Active Intruder
• Both party might be Routers, applications, etc..
• LAN.
– Packet sniffer (Ethernet promiscuous mode)
Krerk Piromsopa.
Secrecy (Encryption)
• Symmetric Key Cryptography
– Caesar cipher
– DES (Data Encryption Standard)
• Public Key Encryption
– RSA algorithm (Ron Rivest, Adi Shamir, and Leonard Adleman)
Krerk Piromsopa.
Authentication
• Digital Signature
• Key Distribution and Certification (KDC)
• Certification Authority (CA)
Krerk Piromsopa.
Protocols
•
•
•
•
•
PGP
S/MIME
SSL
SET
IPsec
– AH(Authentication Header)
– ESP
Krerk Piromsopa.
Secure sockets layer (SSL)
Client
Browse secure page
Server
Send server’s CA
Got server’s Public Key
Make Random
symmetic key and
encrypts using
server’s Public Key
Krerk Piromsopa.
Got symmetric key
SSL
Krerk Piromsopa.
Secure Email
• Public Key encryption
– inefficient for long messages
(attachments,images, audio,
video)
• Symmetric key session
Krerk Piromsopa.
• Hash function and digital
signatures
• PGP
• S/MIME
PGP
•
PGP (short for Pretty Good Privacy), created by Philip Zimmermann, is the de
facto standard program for secure e-mail and file encryption on the Internet. Its
public-key cryptography system enables people who have never met to secure
transmitted messages against unauthorized reading and to add digital
signatures to messages to guarantee their authenticity. Why do we need PGP?
E-mail sent over the Internet is more like paper mail on a postcard than mail in
a sealed envelope. It can easily be read, or even altered, by anyone with
privileged access to any of the computers along the route followed by the mail.
Hackers can read and/or forge e-mail. Government agencies eavesdrop on
private communications.
Krerk Piromsopa.
Secure electronic transaction (SET)
• Developed by Visa and MasterCard in Feb 1996
• three software components
– Browser wallet
– Merchant server
– Acquirer gateway
Krerk Piromsopa.
IPsec
• Authentication Header (AH)
– Provides source host
identification and data integrity
– not secrecy
– RFC 2402
• AH header includes
–
–
–
–
Next Header field
Security Parameter Index
Sequence Number
Authentication Data (digital
signature)
Krerk Piromsopa.
•
Encapsulation Security
Payload (ESP)
– Encrypt IP Datagram
– RFC 2406
Firewalls
• Benefits
– Prevent intruders from interfering with the daily operation of the
internal network. Denail-of-service attack (SYN flooding)
– Prevent intruders from deleting or modifying information stored
within the internal network.
– Prevent intruders from obtaining secret information.
• Packet Filtering
– Source/Destination IP address, TCP and UDP Source/Destination
Port, ICMP message type, TCP SYN and ACK
• Application Gateways
– Provide services for limit number of user.
Krerk Piromsopa.
Firewalls
Krerk Piromsopa.
Firewalls
Krerk Piromsopa.
VPN
Krerk Piromsopa.
Microsoft Passport
• Single-Sign-On
Krerk Piromsopa.
Microsoft Passport Risk
• DNS attacks
• Active attacks
Krerk Piromsopa.
EC investigates MS Passport's Privacy
•
The European Commission is studying Microsoft's
Passport system to ensure that the sign-on software
complies with security and privacy requirements
• An EC working party has questioned whether the Passport
system breaks the European Union-US Safe Harbour
agreement on data protection, which restricts the migration
of personal data beyond the control of computer users to
other countries.
• Source: Computer Weekly, 20 August 2002
Krerk Piromsopa.
Reference
•
•
•
•
Firewall Figures from http://www.firewalls.pl/
http://www.setco.org/
http://avirubin.com/passport.html
http://www.usabilitynews.com/news/article644.asp
Krerk Piromsopa.
Related documents
Panel: Security and the World Wide Web
Panel: Security and the World Wide Web
application for the 2015 benjamin franklin transatlantic
application for the 2015 benjamin franklin transatlantic
Database Security
Database Security
Slides for lecture 26
Slides for lecture 26
01 threats and goals
01 threats and goals
Powerpoint Slides
Powerpoint Slides
Mathematics
Mathematics
Shouting from the Rooftops: Improving Email
Shouting from the Rooftops: Improving Email
All Definitions for
All Definitions for
2003 - CIS
2003 - CIS
Network Security: It`s Time to Take It Seriously
Network Security: It`s Time to Take It Seriously
01-Intro
01-Intro
Authentication and Access Control
Authentication and Access Control
Presentation4 - University Of Worcester
Presentation4 - University Of Worcester
Chapter 5 - Department of Computer Science and Information Systems
Chapter 5 - Department of Computer Science and Information Systems
securityService
securityService
Passwords - University of Colorado Boulder
Passwords - University of Colorado Boulder
Programme Name> - Uka Tarsadia University
Programme Name> - Uka Tarsadia University
Figure 32.33: Packet
Figure 32.33: Packet
MIS 4850 Systems Security
MIS 4850 Systems Security
Three challenges with secret key encryption
Three challenges with secret key encryption
January - Marcy 2016 Executive Summary - Avocados Go Global
January - Marcy 2016 Executive Summary - Avocados Go Global