Security for the Internet Infrastructure



Similar documents
Network Security. Lecture 3

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

IP Security. Ola Flygt Växjö University, Sweden

APNIC elearning: IPSec Basics. Contact: esec03_v1.0

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

CS 4803 Computer and Network Security

Securing IP Networks with Implementation of IPv6

Chapter 9. IP Secure

Using IPSec in Windows 2000 and XP, Part 2

Gerardo L. Ahuatzin Sánchez Desarrollo de un esquema de traducción de direcciones IPv6-IPv4-IPv6. Anexo A. RFC s

Network Security Fundamentals

APNIC elearning: Network Security Fundamentals. 20 March :30 pm Brisbane Time (GMT+10)

Security Engineering Part III Network Security. Security Protocols (II): IPsec

VPN. VPN For BIPAC 741/743GE

Introduction to Security and PIX Firewall

Part III-b. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

Network Security Part II: Standards

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

How To Add Security To The Basic Protocols

Integrated Services Router with the "AIM-VPN/SSL" Module

Outline. INF3510 Information Security. Lecture 10: Communications Security. Communication Security Analogy. Network Security Concepts

Chapter 10. Network Security

Lecture 10: Communications Security

Lecture 9 - Network Security TDTS (ht1)

Virtual Private Networks

Protocol Security Where?

Integrated Services Router with the "AIM-VPN/SSL" Module

Cisco Cisco 3845 X X X X X X X X X X X X X X X X X X

IPsec Simplified. Peter J. Welcher. Introduction. Just a Very Wee Bit of Cryptology. First, a couple of personal and company news items:

ICTTEN8195B Evaluate and apply network security

Chapter 7 Transport-Level Security

The BANDIT Products in Virtual Private Networks

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Chapter 49 IP Security (IPsec)

Cryptography and network security CNET4523

z/os Firewall Technology Overview

Virtual Private Networks

Branch Office VPN Tunnels and Mobile VPN

IPV6 vs. SSL comparing Apples with Oranges

This Working Paper provides an introduction to the web services security standards.

Remote Access VPNs Performance Comparison between Windows Server 2003 and Fedora Core 6

Measurement of the Usage of Several Secure Internet Protocols from Internet Traces

13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode

Standards and Products. Computer Security. Kerberos. Kerberos

Security Architecture for IP (IPsec)

International Telecommunication Union. IETF Security Work. Magnus Nyström. Technical Director, RSA Security Presentation made on behalf of the IETF

Triple DES Encryption for IPSec

IPv6 Security: How is the Client Secured?

Site to Site Virtual Private Networks (VPNs):

Internet Security Architecture

CS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure

Computer and Network Security

21.4 Network Address Translation (NAT) NAT concept

Lecture 17 - Network Security

Introduction. An Overview of the DX Industrial Router Product Line. IP router and firewall. Integrated WAN, Serial and LAN interfaces

CSCI 454/554 Computer and Network Security. Final Exam Review

Network Application Frameworks Interoperable Virtual Private Networks (VPNs), Directory Services, and Security

Introduction to Internet Security

Internet Security. Contents. ITS335: IT Security. Internet Security. Secure . Summary

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security

VPN SECURITY. February The Government of the Hong Kong Special Administrative Region

(d-5273) CCIE Security v3.0 Written Exam Topics

Laboratory Exercises V: IP Security Protocol (IPSec)

T Cryptography and Data Security

Security vulnerabilities in the Internet and possible solutions

LinkProof And VPN Load Balancing

Internetwork Security

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli

MPLS VPN in Cellular Mobile IPv6 Architectures(04##017)

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

IP SECURITY (IPSEC) PROTOCOLS

Chapter 32 Internet Security

Network Access Security. Lesson 10

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

VPN VPN requirements Encryption VPN-Types Protocols VPN and Firewalls

Chapter 5: Network Layer Security

Global Client Access Managed Communications Solutions. JPMorgan - Global Client Access. Managed Internet Solutions (EC Gateway)

CCNA Security 1.1 Instructional Resource

Recommendations of the National Institute of Standards and Technology

How To Understand And Understand The Security Of A Key Infrastructure

Fireware How To VPN. Introduction. Is there anything I need to know before I start? Configuring a BOVPN Gateway

Adding digital forensic readiness to electronic communication using a security monitoring tool

CSCI 454/554 Computer and Network Security. Topic 8.1 IPsec

Use Shrew Soft VPN Client to connect with IPSec VPN Server on RV130 and RV130W

Application Note: Onsight Device VPN Configuration V1.1

Overview. Protocols. VPN and Firewalls

IBM enetwork Software White Paper enetwork VPNs--IBM s Virtual Private Network Solutions

DirectAccess in Windows 7 and Windows Server 2008 R2. Aydin Aslaner Senior Support Escalation Engineer Microsoft MEA Networking Team

Chapter 2 Virtual Private Networking Basics

Real-Time Communication Security: SSL/TLS. Guevara Noubir CSU610

Chapter 4 Virtual Private Networking

Introduction to Network Security. 1. Introduction. And People Eager to Take Advantage of the Vulnerabilities

Department of Computer & Information Sciences. CSCI-445: Computer and Network Security Syllabus

Report to WIPO SCIT Plenary Trilateral Secure Virtual Private Network Primer. February 3, 1999

VPN. Date: 4/15/2004 By: Heena Patel

CPS Computer Security Lecture 9: Introduction to Network Security. Xiaowei Yang

University of Murcia (Spain) Antonio F. Gómez Skarmeta University of Murcia SPAIN

Configuring an IPSec Tunnel between a Firebox & a Check Point FireWall-1

Transcription:

Security for the Internet Infrastructure Paul A. Lambert palamber@us.oracle.com February 10, 1997

Internet Infrastructure and Security Security for the Internet Infrastructure Datagrams, Messages Name Services/Directories, Routing, Time System Management Infrastructure for Internet Security Confidentiality, Integrity, Authentication Non-repudiation, Access Control Key Management Public Key Infrastructure Trust Management

Specific Topics (this presentation) IP Security (IETF IPsec) Protects IP Datagrams Key Management to create Security Associations W3C Digital Signatures (DSig) Label Systems for Assertions Semantic definition for Assertions Digitally Signed Web Content

Network Security Protects Datagrams leaves routing information unencrypted Provides end-to-end security host-to-host host-to-router router-to-router host-to-firewall Firewall-to-Firewall

IP Security - Secure Pipes Host Router/Firewall Host

IP Security - Multiple Encapsulation Host Router/Firewall Host

Network Layer Security - History Defense Research in Network Encryption PLI ( Early 70 s) IPLI (76) Blacker / Caneware / NES (80 s) Standards Secure Data Network System (86-91) Published by NIST SP3, SP4, Key Management Protocol (KMP) Network Layer Security Protocol (ISO - early 90 s) IPSEC (IETF - now)

IPsec - Network Layer Base Specifications Security Architecture for the Internet Protocol (RFC 1825) IP Encapsulating Security Payload (ESP) (RFC 1827) IP Authentication Header (AH) (RFC 1826) Other RFCs IP Authentication using Keyed MD5 (RFC 1828) The ESP DES-CBC Transform (RFC 1829) HMAC-MD5 IP Authentication with Replay Prevention (RFC 2085) HMAC: Keyed-Hashing for Message Authentication (RFC 2104)

IPsec - Key Management IPsec Base Key Management - ISAKMP/Oakley SKIP Internet Security Association and Key Management Protocol (ISAKMP) The resolution of ISAKMP with Oakley Inline Keying within the ISAKMP Framework. The Internet IP Security Domain of Interpretation for ISAKMP (31320 bytes) SKIP Algorithm Discovery Protocol SKIP Extensions for IP Multicast SKIP extension for Perfect Forward Secrecy (PFS) Simple Key-Management For Internet Protocols (SKIP) Photuris

IP Security in the Internet ISAKMP/Oakley - vendor implementations SKIP Implementations S/WAN Swan and Linux

IP Security - References IETF - IP Security www.ietf.org Freeware Network Encryption Plan http://kpt1.tricon.net/org/aiip/encrypt.html Secure WAN Testing http://www.rsa.com/rsa/swan/home.html IP Security Background http://www.cygnus.com/~gnu/netcrypt.html

W3C Digital Signatures Started with code signing ActiveX Signatures are only Binary (yes/no to submit to Microsoft policy) Generalized to allow assertions on any information object First target is Web Page labeling Built on PICS, Web Content Labeling (Platform for Internet Content Selection) PICS Metalanguage for Rating Systems PICS Labels or Assertions

Semantics for Assertions X.509 Version 3 Extensions Simple Public Key Infrastructure (SPKI) Assertions W3C Digital Signatures (DSig) PICS used as metalanguage for Assertions Trust Modeling and Policy Engine

W3C DSig Metalanguage defines labels includes human readable definitions machine readable format Signature Block binds: rating system assertion (PICS label from rating system) referent (source) target (hash and URL) digital signature Trust Modeling based on Assertions

Dsig Label Example (n 1 v 3)

W3C DSig W3C DSig Applications Web content rating Active content manifests Software Licensing Benefits: Improved Granularity of Authorization (as compared to binary) Flexible policy creation Common model for trust management References - www.w3.org

Summary IP Security could provide a strong base security mechanism for the Internet (75% solution) Too many protocol specific mechanisms Trust management and assertions would support manageable security distributed security management (Federation) need good delegation

Infrastructure Security - Issues Network Security IPSEC - SSL/TLS/PCT - PPP security - SSH Key Management SSL - ISAKMP - SOCKS - PPP - IEEE 802.10 Certificates Mail X.509 - DNS - PGP - W3C DSig PEM - MOSS - S/MIME

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information