Internet Security. Contents. ITS335: IT Security. Internet Security. Secure Email. Summary



Similar documents
Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Computer Networks. Secure Systems

Chapter 32 Internet Security

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

Network Security Fundamentals

APNIC elearning: Network Security Fundamentals. 20 March :30 pm Brisbane Time (GMT+10)

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

Network Security. Lecture 3

Internet Privacy Options

APNIC elearning: IPSec Basics. Contact: esec03_v1.0

How To Understand And Understand The Security Of A Key Infrastructure

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Network Security Part II: Standards

Creating a VPN Using Windows 2003 Server and XP Professional

Chapter 10. Network Security

An Introduction to Secure . Presented by: Addam Schroll IT Security & Privacy Analyst

Chapter 9. IP Secure

Biography of Trainer. Education. Experience. Summary. TLS/SSL : Securing your website PGP : Secure your communication. Topic

Part III-b. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

Secure Network Design: Designing a DMZ & VPN

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

Netzwerksicherheit: Anwendungen

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

Chapter 7 Transport-Level Security

Key Management and Distribution

VPN SECURITY. February The Government of the Hong Kong Special Administrative Region

Lecture 20: PGP, IPSec, SSL/TLS, and Tor Protocols. Lecture Notes on Computer and Network Security. by Avi Kak

Network Access Security. Lesson 10

Chapter 8. Cryptography Symmetric-Key Algorithms. Digital Signatures Management of Public Keys Communication Security Authentication Protocols

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

The basic groups of components are described below. Fig X- 1 shows the relationship between components on a network.

Virtual Private Networks

Network Security Protocols

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Firewalls. ITS335: IT Security. Sirindhorn International Institute of Technology Thammasat University ITS335. Firewalls. Characteristics.

Firewalls. Contents. ITS335: IT Security. Firewall Characteristics. Types of Firewalls. Firewall Locations. Summary

Network Security Essentials:

Linux MDS Firewall Supplement

Exam Questions SY0-401

Managing and Securing Computer Networks. Guy Leduc. Chapter 3: Securing applications. Chapter goals: security in practice:

Security Engineering Part III Network Security. Security Protocols (II): IPsec

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security

Standards and Products. Computer Security. Kerberos. Kerberos

CS 3251: Computer Networking 1 Security Protocols I

IP Security. IPSec, PPTP, OpenVPN. Pawel Cieplinski, AkademiaWIFI.pl. MUM Wroclaw

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

Outline. INF3510 Information Security. Lecture 10: Communications Security. Communication Security Analogy. Network Security Concepts

Chapter 4: Security of the architecture, and lower layer security (network security) 1

TLS/SSL in distributed systems. Eugen Babinciuc

Virtual Private Networks

CS 4803 Computer and Network Security

Govt. of Karnataka, Department of Technical Education Diploma in Computer Science & Engineering. Sixth Semester

A Noval Approach for S/MIME

Why SSL is better than IPsec for Fully Transparent Mobile Network Access

How Virtual Private Networks Work

How To Protect Your Network From Attack

Michal Ludvig, SUSE Labs, 01/30/2004, Secure networking, 1

Network Security and Firewall 1

CS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure

Distributed Systems Security

Department of Computer & Information Sciences. CSCI-445: Computer and Network Security Syllabus

Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.

Lecture 10: Communications Security

VPN. Date: 4/15/2004 By: Heena Patel

Encryption of Traffic

Cisco Which VPN Solution is Right for You?

Vesselin Tzvetkov, Holger Zuleger {vesselin.tzvetkov, Arcor AG&Co KG, Alfred-Herrhausen-Allee 1, Eschborn, Germany

Tutorial: Encrypted with Thunderbird and Enigmail. Author: Shashank Areguli. Published: Ed (August 9, 2014)

Transparent cryptographic embedded computer system

Network Security. Outline of the Tutorial

Network Security - Secure upper layer protocols - Background. Security. Question from last lecture: What s a birthday attack? Dr.

Building scalable IPSec infrastructure with MikroTik. IPSec, L2TP/IPSec, OSPF

Network Security. by David G. Messerschmitt. Secure and Insecure Authentication. Security Flaws in Public Servers. Firewalls and Packet Filtering

Link Layer and Network Layer Security for Wireless Networks

Secure SCADA Network Technology and Methods

Security. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key

HW/Lab 1: Security with PGP, and Crypto CS 336/536: Computer Network Security DUE 09/28/2015 (11am)

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

IP Security. Ola Flygt Växjö University, Sweden

How To Understand And Understand The Ssl Protocol ( And Its Security Features (Protocol)

Computer Networks CS321

SSL Handshake Analysis

Institute of Computer Technology - Vienna University of Technology. L96 - SSL, PGP, Kerberos

Real-Time Communication Security: SSL/TLS. Guevara Noubir CSU610

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

Managing and Securing Computer Networks. Guy Leduc. Chapter 4: Securing TCP. connections. connections. Chapter goals: security in practice:

NETWORK SECURITY (W/LAB) Course Syllabus

GPG - GNU Privacy Guard

WEB Security & SET. Outline. Web Security Considerations. Web Security Considerations. Secure Socket Layer (SSL) and Transport Layer Security (TLS)

Lecture 17 - Network Security

Review: Lecture 1 - Internet History

13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode

Transcription:

2 : IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 2 January 2015 its335y14s2l10, Steve/Courses/2014/s2/its335/lectures/internet.tex, r3506 1 Contents

Many Internet protocols were designed assuming trustworthy links, networks and devices No security mechanisms built in to: IP, TCP, UDP, HTTP, SMTP,... As networks/devices became less trustworthy, extensions were developed to add security to existing protocols and applications: IPsec, TLS, PGP,... Securing communications across the Internet can be performed at different layers: Application, transport, network, link 3 Internet Topology and Stack Example

6 Application Level Security: Application-Specific Application Level Security Application (protocol) implements its own security mechanisms Examples SSH, Email (OpenPGP, S/MIME), DNSSEC,... Advantages Host-to-host encryption Independent of operating system security features Disadvantages Each application must implement common security mechanisms

8 Transport Level Security: TLS/SSL Transport Level Security Application uses OS provided library for security Examples TLS/SSL for TCP-based applications, e.g. HTTPS, IMAPS, FTPS, SMTPS DTLS, SRTP for other transport protocols Advantages Host-to-host encryption Simpler applications; no need to implement complex security mechanisms Disadvantages Only applies for specific transport protocols Applications must be implemented to use OS API

10 Network Level Security: IPsec End-to-End Network Level Security Computer configured to apply security mechanisms to IP packets Examples IPsec Advantages Supports all applications and transport protocols Can be host-to-host encryption Disadvantages Requires support and configuration in OS Commonly used in tunnelling mode

Network Level Security: IPsec Host-to-Router Network Level Security: IPsec Router-to-Router

Network Level Security: Tunnelling Tunnelling: packets at one layer are encapsulated into packets at the same layer Network layer: IP-in-IP, IP-in-IPsec Application layer: SSH Data link layer: PPTP, L2TP Create a Virtual Private Network Support and configuration of security mechanisms can be provided on routers, rather than hosts Does not provide end-to-end encryption 13 Link Level Security: WPA

16 Link Level Security Examples WEP/WPA in wireless LANs, Bluetooth, ZigBee encryption, GSM A3/A5/A8,... Advantages Applies to all data sent across link, independent of application, transport, network protocols Disadvantages Encryption only across the link Requires configuration of both link end-points 15 Contents

18 Email messages originally only text with pre-defined headers (To, From Subject, CC,... ) Multipurpose Internet Mail Extensions (MIME) allows for different message and header formats: different character sets, attachments, new headers Secure email requirements: 1. Authentication: receiver can confirm the actual sender, and that content is not modified 2. Confidentiality: only sender/receiver can read the contents Two common ways to implement secure email: 1. S/MIME 2. OpenPGP Both use similar approach: sender signs message with private key, encrypts message with symmetric key encryption using a secret key, and encrypts the secret key using recipients public key OpenPGP Pretty Good Privacy (PGP) developed by Phil Zimmerman in 1991 IETF standardised as OpenPGP One of first and most widely used applications of public-key cryptography Implementations: Original by Zimmerman: Symantec GNU Privacy Guard (GPG) Many email clients (either direct or through plugins, e.g. Enigmail, GPG4Win) OpenPGP vs S/MIME: OpenPGP: public keys distributed informally: phone, websites, email S/MIME: public keys distrubuted as X.509 digital certificates 17

20 PGP Operation: Concept Credit:xaedes & jfreax & Acdx, Wikimedia Commons, CC Attribution-Share Alike 3.0 19 PGP Operation: Message Generation at A Credit: Figure 18.5 in Stallings, Cryptography and Network Security, 5th Ed., Pearson 2011

22 PGP Operation: Message Reception at B Credit: Figure 18.6 in Stallings, Cryptography and Network Security, 5th Ed., Pearson 2011 21 Contents

24 Key Points Many Internet protocols have extensions to support secure communications Can apply security mechanisms at different layers: application, transport, network, link Trade-offs between: complexity of applications, host-to-host encryption, required support in devices VPNs allow for connecting to networks and offering services as if you were physically attached to that network HTTPS used for web security OpenPGP and S/MIME common for email security 23 Security Issues Key distribution: must be sure public key is correct Man-in-the-middle attacks are possible if public keys are not authentic Different support of algorithms/protocols by devices, operating systems and applications Bugs in implementations create security vulnerabilities

Areas To Explore Application level security: DNSSEC, OpenPGP and S/MIME Virtual private networks with IPsec, L2TP, PPTP and others Trust levels with public key distrubtion 25

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information