SlideShare una empresa de Scribd logo

Ch32

Wayne Jones Jnr
Wayne Jones Jnr
Tecnología
1 de 44
Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Figure 32.1 Common structure of three security protocols
32-1 IPSecurity (IPSec) IPSecurity (IPSec) is a collection of protocols designed by the Internet Engineering Task Force (IETF) to provide security for a packet at the network level. Two Modes Two Security Protocols Security Association Internet Key Exchange (IKE) Virtual Private Network Topics discussed in this section:
Figure 32.2 TCP/IP protocol suite and IPSec
Figure 32.3 Transport mode and tunnel modes of IPSec protocol
IPSec in the transport mode does not protect the IP header; it only protects the information coming from the transport layer. Note
Figure 32.4 Transport mode in action
Figure 32.5 Tunnel mode in action
IPSec in tunnel mode protects the original IP header. Note
Figure 32.6 Authentication Header (AH) Protocol in transport mode
The AH Protocol provides source authentication and data integrity, but not privacy. Note
Figure 32.7 Encapsulating Security Payload (ESP) Protocol in transport mode
ESP provides source authentication, data integrity, and privacy. Note
Table 32.1 IPSec services
Figure 32.8 Simple inbound and outbound security associations
IKE creates SAs for IPSec. Note
Figure 32.9 IKE components
Table 32.2 Addresses for private networks
Figure 32.10 Private network
Figure 32.11 Hybrid network
Figure 32.12 Virtual private network
Figure 32.13 Addressing in a VPN
32-2 SSL/TLS Two protocols are dominant today for providing security at the transport layer: the Secure Sockets Layer (SSL) Protocol and the Transport Layer Security (TLS) Protocol. The latter is actually an IETF version of the former. SSL Services Security Parameters Sessions and Connections Four Protocols Transport Layer Security Topics discussed in this section:
Figure 32.14 Location of SSL and TLS in the Internet model
Table 32.3 SSL cipher suite list
Table 32.3 SSL cipher suite list ( continued )
The client and the server have six different cryptography secrets. Note
Figure 32.15 Creation of cryptographic secrets in SSL
Figure 32.16 Four SSL protocols
Figure 32.17 Handshake Protocol
Figure 32.18 Processing done by the Record Protocol
32-3 PGP One of the protocols to provide security at the application layer is Pretty Good Privacy (PGP). PGP is designed to create authenticated and confidential e-mails. Security Parameters Services A Scenario PGP Algorithms Key Rings PGP Certificates Topics discussed in this section:
Figure 32.19 Position of PGP in the TCP/IP protocol suite
In PGP, the sender of the message needs to include the identifiers of the algorithms used in the message as well as the values of the keys. Note
Figure 32.20 A scenario in which an e-mail message is authenticated and encrypted
Table 32.4 PGP Algorithms
Figure 32.21 Rings
In PGP, there can be multiple paths from fully or partially trusted authorities to any subject. Note
32-4 FIREWALLS All previous security measures cannot prevent Eve from sending a harmful message to a system. To control access to a system, we need firewalls. A firewall is a device installed between the internal network of an organization and the rest of the Internet. It is designed to forward some packets and filter (not forward) others. Packet-Filter Firewall Proxy Firewall Topics discussed in this section:
Figure 32.22 Firewall
Figure 32.23 Packet-filter firewall
A packet-filter firewall filters at the network or transport layer. Note
Figure 32.24 Proxy firewall
A proxy firewall filters at the application layer. Note

Recomendados

OSI Network Layer
OSI Network LayerOSI Network Layer
OSI Network LayerSachii Dosti
 
8251 usart programmable communication interface by aniket bhute
8251 usart programmable communication interface by aniket bhute8251 usart programmable communication interface by aniket bhute
8251 usart programmable communication interface by aniket bhuteAniket Bhute
 
Data Link Layer
Data Link LayerData Link Layer
Data Link LayerSachii Dosti
 
OSI Model - Every Detail Explained
OSI Model - Every Detail ExplainedOSI Model - Every Detail Explained
OSI Model - Every Detail ExplainedAshish Malik
 
Osi and tcp ip model
Osi and tcp ip modelOsi and tcp ip model
Osi and tcp ip modelMuhammad Nadeem Rana
 
Osi model vs TCP/IP
Osi model vs TCP/IPOsi model vs TCP/IP
Osi model vs TCP/IPMannu Khani
 
Introduction for internet connectivity (IoT)
Introduction for internet connectivity (IoT) Introduction for internet connectivity (IoT)
Introduction for internet connectivity (IoT)FabMinds
 
Transport layer services (cn)
Transport layer services (cn)Transport layer services (cn)
Transport layer services (cn)Jay Limbachiya
 

Recomendados

OSI Network Layer
OSI Network LayerOSI Network Layer
OSI Network LayerSachii Dosti
 
8251 usart programmable communication interface by aniket bhute
8251 usart programmable communication interface by aniket bhute8251 usart programmable communication interface by aniket bhute
8251 usart programmable communication interface by aniket bhuteAniket Bhute
 
Data Link Layer
Data Link LayerData Link Layer
Data Link LayerSachii Dosti
 
OSI Model - Every Detail Explained
OSI Model - Every Detail ExplainedOSI Model - Every Detail Explained
OSI Model - Every Detail ExplainedAshish Malik
 
Osi and tcp ip model
Osi and tcp ip modelOsi and tcp ip model
Osi and tcp ip modelMuhammad Nadeem Rana
 
Osi model vs TCP/IP
Osi model vs TCP/IPOsi model vs TCP/IP
Osi model vs TCP/IPMannu Khani
 
Introduction for internet connectivity (IoT)
Introduction for internet connectivity (IoT) Introduction for internet connectivity (IoT)
Introduction for internet connectivity (IoT)FabMinds
 
Transport layer services (cn)
Transport layer services (cn)Transport layer services (cn)
Transport layer services (cn)Jay Limbachiya
 
Chapter 4 data link layer
Chapter 4 data link layerChapter 4 data link layer
Chapter 4 data link layerNaiyan Noor
 
Transport layer
Transport layer Transport layer
Transport layer Mukesh Chinta
 
Network Layer
Network LayerNetwork Layer
Network LayerDr Shashikant Athawale
 
Chapter 16
Chapter 16Chapter 16
Chapter 16Faisal Mehmood
 
Ethernet
EthernetEthernet
Ethernetsijil chacko
 
Frame relay
Frame relay Frame relay
Frame relay balub4
 
Intel 8086 microprocessor
Intel 8086 microprocessorIntel 8086 microprocessor
Intel 8086 microprocessorRavi Yasas
 
Point to point interconnect
Point to point interconnectPoint to point interconnect
Point to point interconnectKinza Razzaq
 
osi vs tcp/ip
osi vs tcp/iposi vs tcp/ip
osi vs tcp/ipharish pillai
 
Error detection correction (CRC)
Error detection correction (CRC)Error detection correction (CRC)
Error detection correction (CRC)Karam Munir Butt
 
Transport layer services
Transport layer servicesTransport layer services
Transport layer servicesMelvin Cabatuan
 
Chapter 18
Chapter 18Chapter 18
Chapter 18Faisal Mehmood
 
Osi Model
Osi ModelOsi Model
Osi ModelSyed Munawer Hassan
 
Ethernet frame format
Ethernet frame formatEthernet frame format
Ethernet frame formatmyrajendra
 
80486
8048680486
80486Jeanie Delos Arcos
 
Microprocessor 8085 Chapter 3
Microprocessor 8085 Chapter 3Microprocessor 8085 Chapter 3
Microprocessor 8085 Chapter 3Rishikesh Bhavsar
 
Asynchronous transfer mode (atm) in computer network
Asynchronous transfer mode (atm) in computer networkAsynchronous transfer mode (atm) in computer network
Asynchronous transfer mode (atm) in computer networkMH Shihab
 
Arp and rarp
Arp and rarpArp and rarp
Arp and rarpMohd Arif
 
transport layer protocols
transport layer protocolstransport layer protocols
transport layer protocolsBE Smârt
 
Chapter 14
Chapter 14Chapter 14
Chapter 14Faisal Mehmood
 
WE_shouldDoBusiness
WE_shouldDoBusinessWE_shouldDoBusiness
WE_shouldDoBusinessMeylen Pang
 
Sales And Marketing
Sales And MarketingSales And Marketing
Sales And MarketingVirtual Enterprise
 

Más contenido relacionado

La actualidad más candente

Chapter 4 data link layer
Chapter 4 data link layerChapter 4 data link layer
Chapter 4 data link layerNaiyan Noor
 
Frame relay
Frame relay Frame relay
Frame relay balub4
 
Intel 8086 microprocessor
Intel 8086 microprocessorIntel 8086 microprocessor
Intel 8086 microprocessorRavi Yasas
 
Point to point interconnect
Point to point interconnectPoint to point interconnect
Point to point interconnectKinza Razzaq
 
Error detection correction (CRC)
Error detection correction (CRC)Error detection correction (CRC)
Error detection correction (CRC)Karam Munir Butt
 
Transport layer services
Transport layer servicesTransport layer services
Transport layer servicesMelvin Cabatuan
 
Ethernet frame format
Ethernet frame formatEthernet frame format
Ethernet frame formatmyrajendra
 
Microprocessor 8085 Chapter 3
Microprocessor 8085 Chapter 3Microprocessor 8085 Chapter 3
Microprocessor 8085 Chapter 3Rishikesh Bhavsar
 
Asynchronous transfer mode (atm) in computer network
Asynchronous transfer mode (atm) in computer networkAsynchronous transfer mode (atm) in computer network
Asynchronous transfer mode (atm) in computer networkMH Shihab
 
Arp and rarp
Arp and rarpArp and rarp
Arp and rarpMohd Arif
 
transport layer protocols
transport layer protocolstransport layer protocols
transport layer protocolsBE Smârt
 

La actualidad más candente (20)

Chapter 4 data link layer
Chapter 4 data link layerChapter 4 data link layer
Chapter 4 data link layer
 
Transport layer
Transport layer Transport layer
Transport layer
 
Network Layer
Network LayerNetwork Layer
Network Layer
 
Chapter 16
Chapter 16Chapter 16
Chapter 16
 
Ethernet
EthernetEthernet
Ethernet
 
Frame relay
Frame relay Frame relay
Frame relay
 
Intel 8086 microprocessor
Intel 8086 microprocessorIntel 8086 microprocessor
Intel 8086 microprocessor
 
Point to point interconnect
Point to point interconnectPoint to point interconnect
Point to point interconnect
 
osi vs tcp/ip
osi vs tcp/iposi vs tcp/ip
osi vs tcp/ip
 
Error detection correction (CRC)
Error detection correction (CRC)Error detection correction (CRC)
Error detection correction (CRC)
 
Transport layer services
Transport layer servicesTransport layer services
Transport layer services
 
Chapter 18
Chapter 18Chapter 18
Chapter 18
 
Osi Model
Osi ModelOsi Model
Osi Model
 
Ethernet frame format
Ethernet frame formatEthernet frame format
Ethernet frame format
 
80486
8048680486
80486
 
Microprocessor 8085 Chapter 3
Microprocessor 8085 Chapter 3Microprocessor 8085 Chapter 3
Microprocessor 8085 Chapter 3
 
Asynchronous transfer mode (atm) in computer network
Asynchronous transfer mode (atm) in computer networkAsynchronous transfer mode (atm) in computer network
Asynchronous transfer mode (atm) in computer network
 
Arp and rarp
Arp and rarpArp and rarp
Arp and rarp
 
transport layer protocols
transport layer protocolstransport layer protocols
transport layer protocols
 
Chapter 14
Chapter 14Chapter 14
Chapter 14
 

Destacado

WE_shouldDoBusiness
WE_shouldDoBusinessWE_shouldDoBusiness
WE_shouldDoBusinessMeylen Pang
 
Pepseo C Suivi N°16
Pepseo C Suivi N°16Pepseo C Suivi N°16
Pepseo C Suivi N°16guestdcf28166
 
Ibet planejamento tributa rio marcos neder 2013
Ibet planejamento tributa rio marcos neder 2013Ibet planejamento tributa rio marcos neder 2013
Ibet planejamento tributa rio marcos neder 2013Fernanda Moreira
 
Registration Of Trademark
Registration Of TrademarkRegistration Of Trademark
Registration Of TrademarkStartupwala
 
Slidesharehistory
SlidesharehistorySlidesharehistory
Slidesharehistoryjmclaugh813
 
Domoti Corporate Presentation (eng)
Domoti Corporate Presentation (eng)Domoti Corporate Presentation (eng)
Domoti Corporate Presentation (eng)Domoti S.A.S
 
19.2 britain leads the way
19.2 britain leads the way19.2 britain leads the way
19.2 britain leads the wayMrAguiar
 

Destacado (18)

WE_shouldDoBusiness
WE_shouldDoBusinessWE_shouldDoBusiness
WE_shouldDoBusiness
 
Sales And Marketing
Sales And MarketingSales And Marketing
Sales And Marketing
 
Swin_mag_pg14
Swin_mag_pg14Swin_mag_pg14
Swin_mag_pg14
 
Pepseo C Suivi N°16
Pepseo C Suivi N°16Pepseo C Suivi N°16
Pepseo C Suivi N°16
 
Finance
FinanceFinance
Finance
 
JP STEEL CRAFTS
JP STEEL CRAFTSJP STEEL CRAFTS
JP STEEL CRAFTS
 
Ibet planejamento tributa rio marcos neder 2013
Ibet planejamento tributa rio marcos neder 2013Ibet planejamento tributa rio marcos neder 2013
Ibet planejamento tributa rio marcos neder 2013
 
Winners 2014
Winners 2014Winners 2014
Winners 2014
 
Fashion Designer
Fashion DesignerFashion Designer
Fashion Designer
 
White+Collar+Crime
White+Collar+CrimeWhite+Collar+Crime
White+Collar+Crime
 
Registration Of Trademark
Registration Of TrademarkRegistration Of Trademark
Registration Of Trademark
 
Slidesharehistory
SlidesharehistorySlidesharehistory
Slidesharehistory
 
Domoti Corporate Presentation (eng)
Domoti Corporate Presentation (eng)Domoti Corporate Presentation (eng)
Domoti Corporate Presentation (eng)
 
19.2 britain leads the way
19.2 britain leads the way19.2 britain leads the way
19.2 britain leads the way
 
Development of criminology
Development of criminologyDevelopment of criminology
Development of criminology
 
Ch07
Ch07Ch07
Ch07
 
Grande bouquet
Grande bouquetGrande bouquet
Grande bouquet
 
Trabajo segundo ep
Trabajo segundo epTrabajo segundo ep
Trabajo segundo ep
 

Similar a Ch32

32 Security in_Internet_IP_SEC_SSL/TLS_PGN_VPN_and_Firewalls
32 Security in_Internet_IP_SEC_SSL/TLS_PGN_VPN_and_Firewalls32 Security in_Internet_IP_SEC_SSL/TLS_PGN_VPN_and_Firewalls
32 Security in_Internet_IP_SEC_SSL/TLS_PGN_VPN_and_FirewallsAhmar Hashmi
 
1643129870-internet-security.pptx
1643129870-internet-security.pptx1643129870-internet-security.pptx
1643129870-internet-security.pptxMARIA401634
 
Network security on Cisco routers and switches
Network security on Cisco routers and switchesNetwork security on Cisco routers and switches
Network security on Cisco routers and switchesAlexandros Britzolakis
 
CCNA 1 Routing and Switching v5.0 Chapter 7
CCNA 1 Routing and Switching v5.0 Chapter 7CCNA 1 Routing and Switching v5.0 Chapter 7
CCNA 1 Routing and Switching v5.0 Chapter 7Nil Menon
 
Chapter 07 - Transport Layer
Chapter 07 - Transport LayerChapter 07 - Transport Layer
Chapter 07 - Transport LayerYaser Rahmati
 
Chapter 7 : Transport layer
Chapter 7 : Transport layerChapter 7 : Transport layer
Chapter 7 : Transport layerteknetir
 
CCNAv5 - S1: Chapter 7 - Transport Layer
CCNAv5 - S1: Chapter 7 - Transport LayerCCNAv5 - S1: Chapter 7 - Transport Layer
CCNAv5 - S1: Chapter 7 - Transport LayerVuz Dở Hơi
 
محمد مشاري
محمد مشاريمحمد مشاري
محمد مشاريmaherrrrz
 
Ccna v5-S1-Chapter 7
Ccna v5-S1-Chapter 7Ccna v5-S1-Chapter 7
Ccna v5-S1-Chapter 7Hamza Malik
 
CCNA RS_NB - Chapter 5
CCNA RS_NB - Chapter 5CCNA RS_NB - Chapter 5
CCNA RS_NB - Chapter 5Irsandi Hasan
 
CCNA 1 Routing and Switching v5.0 Chapter 3
CCNA 1 Routing and Switching v5.0 Chapter 3CCNA 1 Routing and Switching v5.0 Chapter 3
CCNA 1 Routing and Switching v5.0 Chapter 3Nil Menon
 
IS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email SecurityIS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email SecuritySarthak Patel
 
CCNA RS_ITN - Chapter 3
CCNA RS_ITN - Chapter 3CCNA RS_ITN - Chapter 3
CCNA RS_ITN - Chapter 3Irsandi Hasan
 

Similar a Ch32 (20)

32 Security in_Internet_IP_SEC_SSL/TLS_PGN_VPN_and_Firewalls
32 Security in_Internet_IP_SEC_SSL/TLS_PGN_VPN_and_Firewalls32 Security in_Internet_IP_SEC_SSL/TLS_PGN_VPN_and_Firewalls
32 Security in_Internet_IP_SEC_SSL/TLS_PGN_VPN_and_Firewalls
 
Ch 31
Ch 31Ch 31
Ch 31
 
1643129870-internet-security.pptx
1643129870-internet-security.pptx1643129870-internet-security.pptx
1643129870-internet-security.pptx
 
IS - SSL
IS - SSLIS - SSL
IS - SSL
 
Chap 02 osi model
Chap 02 osi modelChap 02 osi model
Chap 02 osi model
 
Network security on Cisco routers and switches
Network security on Cisco routers and switchesNetwork security on Cisco routers and switches
Network security on Cisco routers and switches
 
CCNA 1 Routing and Switching v5.0 Chapter 7
CCNA 1 Routing and Switching v5.0 Chapter 7CCNA 1 Routing and Switching v5.0 Chapter 7
CCNA 1 Routing and Switching v5.0 Chapter 7
 
Chapter 07 - Transport Layer
Chapter 07 - Transport LayerChapter 07 - Transport Layer
Chapter 07 - Transport Layer
 
Chapter 7 : Transport layer
Chapter 7 : Transport layerChapter 7 : Transport layer
Chapter 7 : Transport layer
 
CCNAv5 - S1: Chapter 7 - Transport Layer
CCNAv5 - S1: Chapter 7 - Transport LayerCCNAv5 - S1: Chapter 7 - Transport Layer
CCNAv5 - S1: Chapter 7 - Transport Layer
 
محمد مشاري
محمد مشاريمحمد مشاري
محمد مشاري
 
Internet Protocol Security as the Network Cryptography System
Internet Protocol Security as the Network Cryptography SystemInternet Protocol Security as the Network Cryptography System
Internet Protocol Security as the Network Cryptography System
 
Ccna v5-S1-Chapter 7
Ccna v5-S1-Chapter 7Ccna v5-S1-Chapter 7
Ccna v5-S1-Chapter 7
 
I psecurity
I psecurityI psecurity
I psecurity
 
CCNA RS_NB - Chapter 5
CCNA RS_NB - Chapter 5CCNA RS_NB - Chapter 5
CCNA RS_NB - Chapter 5
 
CCNA 1 Routing and Switching v5.0 Chapter 3
CCNA 1 Routing and Switching v5.0 Chapter 3CCNA 1 Routing and Switching v5.0 Chapter 3
CCNA 1 Routing and Switching v5.0 Chapter 3
 
Network IP Security.pdf
Network IP Security.pdfNetwork IP Security.pdf
Network IP Security.pdf
 
Ip security
Ip security Ip security
Ip security
 
IS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email SecurityIS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email Security
 
CCNA RS_ITN - Chapter 3
CCNA RS_ITN - Chapter 3CCNA RS_ITN - Chapter 3
CCNA RS_ITN - Chapter 3
 

Más de Wayne Jones Jnr

Chapter 26 - Remote Logging, Electronic Mail & File Transfer
Chapter 26 - Remote Logging, Electronic Mail & File TransferChapter 26 - Remote Logging, Electronic Mail & File Transfer
Chapter 26 - Remote Logging, Electronic Mail & File TransferWayne Jones Jnr
 
Operating System Concepts - Ch05
Operating System Concepts - Ch05Operating System Concepts - Ch05
Operating System Concepts - Ch05Wayne Jones Jnr
 

Más de Wayne Jones Jnr (20)

Chapter 26 - Remote Logging, Electronic Mail & File Transfer
Chapter 26 - Remote Logging, Electronic Mail & File TransferChapter 26 - Remote Logging, Electronic Mail & File Transfer
Chapter 26 - Remote Logging, Electronic Mail & File Transfer
 
Ch25
Ch25Ch25
Ch25
 
Ch24
Ch24Ch24
Ch24
 
Ch23
Ch23Ch23
Ch23
 
Ch22
Ch22Ch22
Ch22
 
Ch21
Ch21Ch21
Ch21
 
Ch20
Ch20Ch20
Ch20
 
Ch19
Ch19Ch19
Ch19
 
Ch18
Ch18Ch18
Ch18
 
Ch17
Ch17Ch17
Ch17
 
Ch16
Ch16Ch16
Ch16
 
Ch15
Ch15Ch15
Ch15
 
Ch14
Ch14Ch14
Ch14
 
Ch13
Ch13Ch13
Ch13
 
Ch12
Ch12Ch12
Ch12
 
Ch10
Ch10Ch10
Ch10
 
Ch09
Ch09Ch09
Ch09
 
Ch08
Ch08Ch08
Ch08
 
Ch06
Ch06Ch06
Ch06
 
Operating System Concepts - Ch05
Operating System Concepts - Ch05Operating System Concepts - Ch05
Operating System Concepts - Ch05
 

Último

Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

Último (20)

Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

Ch32

  • 1. Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
  • 2. Figure 32.1 Common structure of three security protocols
  • 3. 32-1 IPSecurity (IPSec) IPSecurity (IPSec) is a collection of protocols designed by the Internet Engineering Task Force (IETF) to provide security for a packet at the network level. Two Modes Two Security Protocols Security Association Internet Key Exchange (IKE) Virtual Private Network Topics discussed in this section:
  • 4. Figure 32.2 TCP/IP protocol suite and IPSec
  • 5. Figure 32.3 Transport mode and tunnel modes of IPSec protocol
  • 6. IPSec in the transport mode does not protect the IP header; it only protects the information coming from the transport layer. Note
  • 7. Figure 32.4 Transport mode in action
  • 8. Figure 32.5 Tunnel mode in action
  • 9. IPSec in tunnel mode protects the original IP header. Note
  • 10. Figure 32.6 Authentication Header (AH) Protocol in transport mode
  • 11. The AH Protocol provides source authentication and data integrity, but not privacy. Note
  • 12. Figure 32.7 Encapsulating Security Payload (ESP) Protocol in transport mode
  • 13. ESP provides source authentication, data integrity, and privacy. Note
  • 14. Table 32.1 IPSec services
  • 15. Figure 32.8 Simple inbound and outbound security associations
  • 16. IKE creates SAs for IPSec. Note
  • 17. Figure 32.9 IKE components
  • 18. Table 32.2 Addresses for private networks
  • 19. Figure 32.10 Private network
  • 20. Figure 32.11 Hybrid network
  • 21. Figure 32.12 Virtual private network
  • 22. Figure 32.13 Addressing in a VPN
  • 23. 32-2 SSL/TLS Two protocols are dominant today for providing security at the transport layer: the Secure Sockets Layer (SSL) Protocol and the Transport Layer Security (TLS) Protocol. The latter is actually an IETF version of the former. SSL Services Security Parameters Sessions and Connections Four Protocols Transport Layer Security Topics discussed in this section:
  • 24. Figure 32.14 Location of SSL and TLS in the Internet model
  • 25. Table 32.3 SSL cipher suite list
  • 26. Table 32.3 SSL cipher suite list ( continued )
  • 27. The client and the server have six different cryptography secrets. Note
  • 28. Figure 32.15 Creation of cryptographic secrets in SSL
  • 29. Figure 32.16 Four SSL protocols
  • 30. Figure 32.17 Handshake Protocol
  • 31. Figure 32.18 Processing done by the Record Protocol
  • 32. 32-3 PGP One of the protocols to provide security at the application layer is Pretty Good Privacy (PGP). PGP is designed to create authenticated and confidential e-mails. Security Parameters Services A Scenario PGP Algorithms Key Rings PGP Certificates Topics discussed in this section:
  • 33. Figure 32.19 Position of PGP in the TCP/IP protocol suite
  • 34. In PGP, the sender of the message needs to include the identifiers of the algorithms used in the message as well as the values of the keys. Note
  • 35. Figure 32.20 A scenario in which an e-mail message is authenticated and encrypted
  • 36. Table 32.4 PGP Algorithms
  • 37. Figure 32.21 Rings
  • 38. In PGP, there can be multiple paths from fully or partially trusted authorities to any subject. Note
  • 39. 32-4 FIREWALLS All previous security measures cannot prevent Eve from sending a harmful message to a system. To control access to a system, we need firewalls. A firewall is a device installed between the internal network of an organization and the rest of the Internet. It is designed to forward some packets and filter (not forward) others. Packet-Filter Firewall Proxy Firewall Topics discussed in this section:
  • 40. Figure 32.22 Firewall
  • 41. Figure 32.23 Packet-filter firewall
  • 42. A packet-filter firewall filters at the network or transport layer. Note
  • 43. Figure 32.24 Proxy firewall
  • 44. A proxy firewall filters at the application layer. Note