tcp/ip protocol suite 1 chapter 28 upon completion you will be able to: security differentiate...
Post on 21-Dec-2015
217 views
TRANSCRIPT
TCP/IP Protocol Suite 1
Chapter 28Chapter 28
Upon completion you will be able to:
SecuritySecurity
• Differentiate between two categories of cryptography schemes • Understand four aspects of security• Know how and where IPSec, TLS, and PGP provide security•Firewall
Objectives
TCP/IP Protocol Suite 2
28.1 CRYPTOGRAPHY
The word cryptography in Greek means “secret writing.” The term today The word cryptography in Greek means “secret writing.” The term today refers to the science and art of transforming messages to make them refers to the science and art of transforming messages to make them secure and immune to attacks.secure and immune to attacks.
The topics discussed in this section include:The topics discussed in this section include:
Symmetric-Key Cryptography Symmetric-Key Cryptography Asymmetric-Key Cryptography Asymmetric-Key Cryptography Comparison Comparison
TCP/IP Protocol Suite 3
Figure 28.1 Cryptography components
TCP/IP Protocol Suite 4
In cryptography, the encryption/decryption algorithms are
public; the keys are secret.
Note:Note:
TCP/IP Protocol Suite 5
In symmetric-key cryptography, the same key is used by the sender (for encryption) and the receiver (for decryption). The key is shared.
Note:Note:
TCP/IP Protocol Suite 6
Figure 28.2 Symmetric-key cryptography
TCP/IP Protocol Suite 7
In symmetric-key cryptography, the same key is used in both directions.
Note:Note:
TCP/IP Protocol Suite 8
Figure 28.3 Caesar cipher
TCP/IP Protocol Suite 9
Figure 28.4 Transpositional cipher
TCP/IP Protocol Suite 10
Figure 28.5 Data Encryption Standard (DES)
TCP/IP Protocol Suite 11
Figure 28.6 Iteration block
TCP/IP Protocol Suite 12
Figure 28.7 Triple DES
TCP/IP Protocol Suite 13
The DES cipher uses the same concept as the Caesar cipher, but the
encryption/ decryption algorithm is much more complex.
Note:Note:
TCP/IP Protocol Suite 14
Figure 28.8 Public-key cryptography
TCP/IP Protocol Suite 15
Figure 28.9 RSA
TCP/IP Protocol Suite 16
Symmetric-key cryptography is often used for long messages.
Note:Note:
TCP/IP Protocol Suite 17
Asymmetric-key algorithms are more efficient for short messages.
Note:Note:
TCP/IP Protocol Suite 18
28.6 SECURITY IN THE INTERNET
IP Level Security: IPSec IP Level Security: IPSec Transport Layer Security Transport Layer Security Application Layer Security: PGP Application Layer Security: PGP
TCP/IP Protocol Suite 19
Figure 28.27 Transport mode
TCP/IP Protocol Suite 20
Figure 28.28 Tunnel mode
TCP/IP Protocol Suite 21
Figure 28.29 Authentication Header (AH)
TCP/IP Protocol Suite 22
The AH protocol provides message authentication and integrity,
but not privacy.
Note:Note:
TCP/IP Protocol Suite 23
Figure 28.30 Encapsulating Security Payload (ESP)
TCP/IP Protocol Suite 24
ESP provides message authentication, integrity, and privacy.
Note:Note:
TCP/IP Protocol Suite 25
Figure 28.31 Position of TLS
TCP/IP Protocol Suite 26
Figure 28.35 PGP at the sender site
TCP/IP Protocol Suite 27
Figure 28.36 PGP at the receiver site
TCP/IP Protocol Suite 28
28.7 FIREWALLS
A firewall is a device (usually a router or a computer) installed between A firewall is a device (usually a router or a computer) installed between the internal network of an organization and the rest of the Internet. It is the internal network of an organization and the rest of the Internet. It is designed to forward some packets and filter (not forward) others.designed to forward some packets and filter (not forward) others.
The topics discussed in this section include:The topics discussed in this section include:
Packet-Filter Firewall Packet-Filter Firewall Proxy Firewall Proxy Firewall
TCP/IP Protocol Suite 29
Figure 28.37 Firewall
TCP/IP Protocol Suite 30
Figure 28.38 Packet-filter firewall
TCP/IP Protocol Suite 31
A packet-filter firewall filters at the network or transport layer.
Note:Note:
TCP/IP Protocol Suite 32
Figure 28.39 Proxy firewall
TCP/IP Protocol Suite 33
A proxy firewall filters at the application layer.
Note:Note: