Abstract image of a woman sitting on books and studying on a laptop

Network security

Download as PPT, PDF
anoop negi, profile picture
anoop negi

This document provides an overview of network security concepts including cryptography, digital signatures, security at various layers, and firewalls. It discusses cryptography principles like plaintext, ciphertext, and keys. Symmetric and asymmetric key cryptography algorithms are explained along with digital signatures and hashing. Network layer security standards like IPsec and its authentication header and encapsulating security payload are described. Transport layer security including TLS handshake, alert, and cipher protocols is also summarized. The roles and types of firewalls in providing access control between networks are defined.

Engineering
1 of 26
Downloaded 11 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
NETWORK SECURITY name- anoop negi roll no- 27 Date: 4-04-2016
CONTENTS  understand principles of network security:  cryptography  Digital Signatures  Security at Various Layers  Firewalls
INTRODUCTION Cryptography is the study of creating and using encryption and decryption techniques. Plaintext is the the data that before any encryption has been performed. Ciphertext is the data after encryption has been performed. The key is the unique piece of information that is used to create ciphertext and decrypt the ciphertext back into plaintext.
KEY TERMS  Confidentiality: only sender, intended receiver should “ understand” message contents  sender encrypts message  receiver decrypts message  Authentication: sender, receiver want to confirm identity of each other  Message Integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) .  Access and Availability: services must be accessible and available to users
CONTINUE……….. ❍ eavesdrop: intercept messages ❍ impersonation: can fake (spoof) source address in packet (or any field in packet) ❍ hijacking: “take over” ongoing connection by removing sender or receiver, inserting himself in place
SYMMETRIC KEY CRYPTOGRAPHY  The same key is used by the sender (for encryption) and the receiver (for decryption).  The key is shared.  Encryption and Decryption Algorithms are public.
Continue……….  substitution cipher: substituting one thing for another.  monoalphabetic cipher: substitute one letter for another . plaintext: abcdefghijklmnopqrstuvwxyz ciphertext: mnbvcxzasdfghjklpoiuytrewq Plaintext: bob. i love you. alice ciphertext: nkn. s gktc wky. mgsbc
Data Encryption Standard  Created in 1977 and in operation into the 1990s, the data encryption standard took a 64- bit block of data and subjected it to 16 levels of encryption.  The choice of encryption performed at each of the 16 levels depends on the 56-bit key applied.  Even though 56 bits provides over 72 quadrillion combinations, a system using this standard has been cracked (in 1998 by Electronic Frontier Foundation in 3 days).
Continue……….
Public Key Cryptography  Very powerful encryption technique in which two keys are used: the first key (the public key) encrypts the message while the second key (the private key) decrypts the message.  Not possible to deduce one key from the other.  Not possible to break the code given the public key.  If you want someone to send you secure data, give them your public key, you keep the private key.  Secure sockets layer on the Internet is a common example of public key cryptography.
RSA  The most common public key algorithm .  Private key is a pair of numbers (n,d).  Public key is a pair of numbers (n,e).  The sender uses the following algorithm to encrypt the message:  C=p*pow(e) mod n  P=plaintext ,C=cyphertext and e,n are components of public key.  Receiver : p=C*pow(d) mod n
RSA
Digital Signature Digital signature can provide: Authentication Integrity Nonrepudiation The sender uses her private key to encrypt(sign) the message . The receiver on the other hand uses the public key of sender to decrypt the msg. No need to sign the entire document(digest). Digital signature does not provide privacy.
Message Digests  Computationally expensive to public-key-encrypt long messages.  Goal: fixed-length, easy to-compute digital “fingerprint”.  apply hash function H to m, get fixed size message digest, H(m).  Hash function properties:  Hashing is one way: digest can only be created from the msg , not vice versa.  Hashing is one to one function: there is little probability that two msg produce same digest.
SECURITY AT IP LEVEL  IP Security (ipsec) is a collection of protocols to provide security for a packet at the IP level.  Ipsec requires a logical connection between two hosts using a signalling protocol called Security Association.  An SA connection can be simplex or duplex.  SA is uniquely defined by three elements:  A 32 bit security parameter index (spi),which acts as virtual circuit identifier in connection oriented protocols.  The source ip address.  The type of protocol used- AH,ESP.
AUTHENTICATION HEADER (AH)  AH provides authentication , integrity and anti-replay for the entire packet(ip header & data payload).  It does not provide confidentiality , which means it does not encrypt the data.  The data is readable but protected from modification.  Integrity and authentication are provided by placement of AH header between the Ip header and transport layer protocol .  AH uses an ip protocol id of 51 to identify itself in the IP header.
AH FIELDS  Next Header: Identifies the next header that uses IP protocol id, ex- value might be 6 to indicate tcp.  Length: indicate length of AH header.  SPI: used in combination with the destination address and security protocol(AH OR ESP) to identify correct security association for the communication.  Sequence no. : provides anti-relay protection. It is a 32 bit number that is never allowed to cycle . The receiver checks this field to verify that a packet with this number has not been received yet. If one is received ,the packet is rejected.  Authentication data: contains integrity check value to verify the integrity of the msg.
ENCAPSULATING SECURITY PAYLOAD Provides confidentiality in addition to authentication , integrity and anti-replay. ESP indicates itself in the IP header using IP protocol id of 50. Ex- alice on computer A sends data to bob on computer B. The data payload is encrypted and signed for integrity. Upon receipt the data payload packet is decrypted . Bob can be certain it was really alice who send the data. Also the data is unmodified and no other was able to read it.
ESP HEADER AND TRAILER FIELD  SECURITY PARAMETER INDEX (SPI): same as in AH.  Sequence no : same as in AH.  Padding : the variable length field of 0’s serves as padding.  Padding length: indicates the length of the padding field in bytes.  This field is used by the receiver to discard the padding field.  Next header: identifies the type of payload tcp or udp.  Authentication data: contains the integrity check value(icv) and a msg authentication code that is used to verify the sender’s identity and msg integrity.
Continue….
Transport layer security  TLS was designed to provide security at transport layer.  TLS allows two parties to exchange messages in a secure environment. To accomplish this TLS require that  Two parties must agree on 3 protocols : an entity authentication protocol, a message authentication protocol and encrypt/decrypt protocol.  TLS has two layers.  The top layer includes three protocols ,one for session setup(handshaking),one for alerting the other party of unusual situation, and one informing the establishment of security parameters.  The lower layer ,the record protocol ,is used to encapsulate msg from the upper layer.
Handshake protocol
Alert protocol  The alert protocol is used to signal an error or a potential error to other party.  The packet exchanged defines the severity level of the condition.
Change cipher spee protocol  This protocol is designed to activate the security services (message authentication and encryption/decryption) after all the agreements are confirmed in the handshake protocol.  After exchanging the one message defined in this protocol ,the two parties can use the services.
FIREWALLS  A system or combination of systems that supports an access control policy between two networks.  A firewall can limit the types of transactions that enter a system, as well as the types of transactions that leave a system.  Firewalls can be programmed to stop certain types or ranges of IP addresses, as well as certain types of TCP port numbers (applications).  A packet filter firewall is essentially a router that has been programmed to filter out or allow to pass certain IP addresses or TCP port numbers.  A proxy server is a more advanced firewall that acts as a doorman into a corporate network. Any external transaction that request something from the corporate network must enter through the proxy server.  Proxy servers are more advanced but make external accesses slower.
THANK YOU

More Related Content

PPT
Data security in data communication
Mohd Arif
 
PPTX
Security in Data Communication and Networking
Zahidul Hossain
 
PPTX
Cryptography and network security
shraddha mane
 
PPTX
Cryptography and network security
patisa
 
PPTX
Network security and cryptography
Pavithra renu
 
PDF
computer-security-and-cryptography-a-simple-presentation
Alex Punnen
 
PPTX
Introduction to Cryptography
Bharat Kumar Katur
 
PPTX
Information and network security 31 public key cryptography
Vaibhav Khanna
 
Data security in data communication
Mohd Arif
 
Security in Data Communication and Networking
Zahidul Hossain
 
Cryptography and network security
shraddha mane
 
Cryptography and network security
patisa
 
Network security and cryptography
Pavithra renu
 
computer-security-and-cryptography-a-simple-presentation
Alex Punnen
 
Introduction to Cryptography
Bharat Kumar Katur
 
Information and network security 31 public key cryptography
Vaibhav Khanna
 

What's hot (20)

DOC
Cryptography full report
harpoo123143
 
PPTX
Cryptography
okolo chukwudumebi prince
 
PPT
Information Security & Cryptography
Arun ACE
 
PPT
Cryptography and Network Security
Ramki M
 
PPTX
Encryption
Nitin Parbhakar
 
PDF
Introduction to Cryptography
Seema Goel
 
PPT
Network Security and Cryptography
Adam Reagan
 
PPTX
Cryptography and network security Nit701
Amit Pathak
 
PPTX
PROJECT REPORT ON CRYPTOGRAPHIC ALGORITHM
saniacorreya
 
PPT
Encryption
Naiyan Noor
 
PDF
Computer Security (Cryptography) Ch01
Saif Kassim
 
PDF
Cryptanalysis and Attacks
Shahbaz Anjam
 
PPTX
Seminar on Encryption and Authenticity
Hardik Manocha
 
PPT
6. cryptography
7wounders
 
PPTX
Data encryption
Deepam Goyal
 
PPTX
Cryptography.ppt
kusum sharma
 
PPTX
Cryptographic tools
CAS
 
PDF
A New Design of Algorithm for Enhancing Security in Bluetooth Communication w...
International Journal of Science and Research (IJSR)
 
PPTX
Cryptography and applications
thai
 
PPTX
Cryptography
Sagar Janagonda
 
Cryptography full report
harpoo123143
 
Cryptography
okolo chukwudumebi prince
 
Information Security & Cryptography
Arun ACE
 
Cryptography and Network Security
Ramki M
 
Encryption
Nitin Parbhakar
 
Introduction to Cryptography
Seema Goel
 
Network Security and Cryptography
Adam Reagan
 
Cryptography and network security Nit701
Amit Pathak
 
PROJECT REPORT ON CRYPTOGRAPHIC ALGORITHM
saniacorreya
 
Encryption
Naiyan Noor
 
Computer Security (Cryptography) Ch01
Saif Kassim
 
Cryptanalysis and Attacks
Shahbaz Anjam
 
Seminar on Encryption and Authenticity
Hardik Manocha
 
6. cryptography
7wounders
 
Data encryption
Deepam Goyal
 
Cryptography.ppt
kusum sharma
 
Cryptographic tools
CAS
 
A New Design of Algorithm for Enhancing Security in Bluetooth Communication w...
International Journal of Science and Research (IJSR)
 
Cryptography and applications
thai
 
Cryptography
Sagar Janagonda
 
Ad

Viewers also liked (20)

PPT
Ch16
Joe Christensen
 
PPT
Ip sec
shifanabasheer
 
PPTX
Network security
Sidiq Dwi Laksana
 
DOCX
Unit 5
Vinod Kumar Gorrepati
 
PDF
BAIT1103 Chapter 8
limsh
 
PPT
Data Security
backdoor
 
PPT
D.Silpa
st anns PG College,Mallapur,Hyderabad, India
 
PPT
Digital Signature
nayakslideshare
 
PPTX
L4 internet security
listergc
 
PPT
Network security
Dhaval Kaneria
 
PPTX
IP Security
Keshab Nath
 
PPTX
Seminar (network security)
Gaurav Dalvi
 
PPTX
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Gopal Sakarkar
 
PPTX
PPT on Family Palnning
GULZAR HUSSAIN
 
PPT
Firewall
Apo
 
PDF
Digital signatures
Ishwar Dayal
 
PPT
Firewall
Amuthavalli Nachiyar
 
PPT
FireWall
rubal_9
 
PPT
Introduction to Digital signatures
Rohit Bhat
 
PPTX
Family planning....ppt
Monika Sharma
 
Ch16
Joe Christensen
 
Ip sec
shifanabasheer
 
Network security
Sidiq Dwi Laksana
 
Unit 5
Vinod Kumar Gorrepati
 
BAIT1103 Chapter 8
limsh
 
Data Security
backdoor
 
D.Silpa
st anns PG College,Mallapur,Hyderabad, India
 
Digital Signature
nayakslideshare
 
L4 internet security
listergc
 
Network security
Dhaval Kaneria
 
IP Security
Keshab Nath
 
Seminar (network security)
Gaurav Dalvi
 
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Gopal Sakarkar
 
PPT on Family Palnning
GULZAR HUSSAIN
 
Firewall
Apo
 
Digital signatures
Ishwar Dayal
 
Firewall
Amuthavalli Nachiyar
 
FireWall
rubal_9
 
Introduction to Digital signatures
Rohit Bhat
 
Family planning....ppt
Monika Sharma
 
Ad

Similar to Network security (20)

PDF
CS6004 CYBER FORENSICS
Kathirvel Ayyaswamy
 
PPT
2800967 for internet and networkings.ppt
allfather027
 
PPT
Seminar on ECommerce
STS
 
PPTX
Parallel and distributed computing .pptx
AmnaNadeem27
 
PDF
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
PPT
Ip sec and ssl
Mohd Arif
 
PPT
Ip security
Dr.K.Sreenivas Rao
 
PPTX
chAPTER 19 INTERNET PROTOCOL SECURITY PRESENTATION
PragyanshuParadkar1
 
PPT
ch22.ppt
ImXaib
 
PPT
Moein
itrraincity
 
PPTX
Chapter 22 Internet Security Protocols and Standards
GoldenMIT
 
PPT
Chapter No 19 - Network and Security-by-MIT
KamranHussainAwan
 
PPT
Network Security Presentation Stallings.
AratiKothari2
 
PPT
CS553_ST7_Ch21-NetworkSecurityhhhhggg.ppt
BinyamBekeleMoges
 
PPT
CS553 ST7 Ch21 Network Security chapter 21
KhaledMohammadSoradi
 
PDF
CNS ppt.pdf
ChaitanyaK65
 
PDF
Module 2.pdf
Sitamarhi Institute of Technology
 
PDF
Module 2.Cryptography and Cryptanalysis
Sitamarhi Institute of Technology
 
PDF
Internet Protocol Security as the Network Cryptography System
Universitas Pembangunan Panca Budi
 
PDF
ipsec.pdfgvdgvdgdgdgddgdgdgdgdgdgdgdgdgd
zmulani8
 
CS6004 CYBER FORENSICS
Kathirvel Ayyaswamy
 
2800967 for internet and networkings.ppt
allfather027
 
Seminar on ECommerce
STS
 
Parallel and distributed computing .pptx
AmnaNadeem27
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
Kathirvel Ayyaswamy
 
Ip sec and ssl
Mohd Arif
 
Ip security
Dr.K.Sreenivas Rao
 
chAPTER 19 INTERNET PROTOCOL SECURITY PRESENTATION
PragyanshuParadkar1
 
ch22.ppt
ImXaib
 
Moein
itrraincity
 
Chapter 22 Internet Security Protocols and Standards
GoldenMIT
 
Chapter No 19 - Network and Security-by-MIT
KamranHussainAwan
 
Network Security Presentation Stallings.
AratiKothari2
 
CS553_ST7_Ch21-NetworkSecurityhhhhggg.ppt
BinyamBekeleMoges
 
CS553 ST7 Ch21 Network Security chapter 21
KhaledMohammadSoradi
 
CNS ppt.pdf
ChaitanyaK65
 
Module 2.pdf
Sitamarhi Institute of Technology
 
Module 2.Cryptography and Cryptanalysis
Sitamarhi Institute of Technology
 
Internet Protocol Security as the Network Cryptography System
Universitas Pembangunan Panca Budi
 
ipsec.pdfgvdgvdgdgdgddgdgdgdgdgdgdgdgdgd
zmulani8
 

Recently uploaded (20)

PDF
Beginners-Guide-to-Artificial-Intelligence.pdf
TamerAMekhimar
 
PPTX
CNS - Unit 1 (Introduction To Computer Networks) - PPT (2).pptx
sn565923
 
PDF
MLpara ingenieira CIVIL, meca Y AMBIENTAL
MarceloArielTisera
 
PPT
UNIT-I Machine Learning Essentials for 2nd years
rajeswarigcse
 
PPTX
BBOC407 BIOLOGY FOR ENGINEERS (CS) - MODULE 1 PART 1.pptx
Abhijith L Kotian
 
PPT
Programmable Logic Controller PLC and Industrial Automation
Nereus Fernandes
 
PDF
AIGA 012_04 Cleaning of equipment for oxygen service_reformat Jan 12.pdf
karthikp452666
 
PDF
MACCAFERRY GUIA GAVIONES TERRAPLENES EN ESPAÑOL
Distribucioneskaled
 
PPTX
Micro1New.ppt.pptx the mai themes of micfrobiology
nehasingh160179
 
PPTX
chapter 1.pptx dotnet technology introduction
gautamb639
 
PPTX
WN UNIT-II CH4_MKaruna_BapatlaEngineeringCollege.pptx
KARUNAPAINAM
 
PDF
Present and Future of Systems Engineering: Air Combat Systems
Bernardo A. Delicado
 
PDF
UEFA_Carbon_Footprint_Calculator_Methology_2.0.pdf
tuchinad02
 
PPTX
Environmental studies, Moudle 3-Environmental Pollution.pptx
PramukhN1
 
PPTX
Wireless sensor networks (WSN) SRM unit 2
jorob10712
 
PDF
Micro 4 New.ppt.pdf a servay of cells and microorganism
nehasingh160179
 
PDF
20250617 - IR - Global Guide for HR - 51 pages.pdf
JanBaumann6
 
PDF
Computer organization and architecuture Digital Notes....pdf
Nune SrinivasRao
 
PDF
Computer System Architecture 3rd Edition-M Morris Mano.pdf
Nune SrinivasRao
 
PPTX
Solar energy pdf of gitam songa hemant k
siddarthakattamuru
 
Beginners-Guide-to-Artificial-Intelligence.pdf
TamerAMekhimar
 
CNS - Unit 1 (Introduction To Computer Networks) - PPT (2).pptx
sn565923
 
MLpara ingenieira CIVIL, meca Y AMBIENTAL
MarceloArielTisera
 
UNIT-I Machine Learning Essentials for 2nd years
rajeswarigcse
 
BBOC407 BIOLOGY FOR ENGINEERS (CS) - MODULE 1 PART 1.pptx
Abhijith L Kotian
 
Programmable Logic Controller PLC and Industrial Automation
Nereus Fernandes
 
AIGA 012_04 Cleaning of equipment for oxygen service_reformat Jan 12.pdf
karthikp452666
 
MACCAFERRY GUIA GAVIONES TERRAPLENES EN ESPAÑOL
Distribucioneskaled
 
Micro1New.ppt.pptx the mai themes of micfrobiology
nehasingh160179
 
chapter 1.pptx dotnet technology introduction
gautamb639
 
WN UNIT-II CH4_MKaruna_BapatlaEngineeringCollege.pptx
KARUNAPAINAM
 
Present and Future of Systems Engineering: Air Combat Systems
Bernardo A. Delicado
 
UEFA_Carbon_Footprint_Calculator_Methology_2.0.pdf
tuchinad02
 
Environmental studies, Moudle 3-Environmental Pollution.pptx
PramukhN1
 
Wireless sensor networks (WSN) SRM unit 2
jorob10712
 
Micro 4 New.ppt.pdf a servay of cells and microorganism
nehasingh160179
 
20250617 - IR - Global Guide for HR - 51 pages.pdf
JanBaumann6
 
Computer organization and architecuture Digital Notes....pdf
Nune SrinivasRao
 
Computer System Architecture 3rd Edition-M Morris Mano.pdf
Nune SrinivasRao
 
Solar energy pdf of gitam songa hemant k
siddarthakattamuru
 

Network security

  • 1. NETWORK SECURITY name- anoop negi roll no- 27 Date: 4-04-2016
  • 2. CONTENTS  understand principles of network security:  cryptography  Digital Signatures  Security at Various Layers  Firewalls
  • 3. INTRODUCTION Cryptography is the study of creating and using encryption and decryption techniques. Plaintext is the the data that before any encryption has been performed. Ciphertext is the data after encryption has been performed. The key is the unique piece of information that is used to create ciphertext and decrypt the ciphertext back into plaintext.
  • 4. KEY TERMS  Confidentiality: only sender, intended receiver should “ understand” message contents  sender encrypts message  receiver decrypts message  Authentication: sender, receiver want to confirm identity of each other  Message Integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) .  Access and Availability: services must be accessible and available to users
  • 5. CONTINUE……….. ❍ eavesdrop: intercept messages ❍ impersonation: can fake (spoof) source address in packet (or any field in packet) ❍ hijacking: “take over” ongoing connection by removing sender or receiver, inserting himself in place
  • 6. SYMMETRIC KEY CRYPTOGRAPHY  The same key is used by the sender (for encryption) and the receiver (for decryption).  The key is shared.  Encryption and Decryption Algorithms are public.
  • 7. Continue……….  substitution cipher: substituting one thing for another.  monoalphabetic cipher: substitute one letter for another . plaintext: abcdefghijklmnopqrstuvwxyz ciphertext: mnbvcxzasdfghjklpoiuytrewq Plaintext: bob. i love you. alice ciphertext: nkn. s gktc wky. mgsbc
  • 8. Data Encryption Standard  Created in 1977 and in operation into the 1990s, the data encryption standard took a 64- bit block of data and subjected it to 16 levels of encryption.  The choice of encryption performed at each of the 16 levels depends on the 56-bit key applied.  Even though 56 bits provides over 72 quadrillion combinations, a system using this standard has been cracked (in 1998 by Electronic Frontier Foundation in 3 days).
  • 10. Public Key Cryptography  Very powerful encryption technique in which two keys are used: the first key (the public key) encrypts the message while the second key (the private key) decrypts the message.  Not possible to deduce one key from the other.  Not possible to break the code given the public key.  If you want someone to send you secure data, give them your public key, you keep the private key.  Secure sockets layer on the Internet is a common example of public key cryptography.
  • 11. RSA  The most common public key algorithm .  Private key is a pair of numbers (n,d).  Public key is a pair of numbers (n,e).  The sender uses the following algorithm to encrypt the message:  C=p*pow(e) mod n  P=plaintext ,C=cyphertext and e,n are components of public key.  Receiver : p=C*pow(d) mod n
  • 12. RSA
  • 13. Digital Signature Digital signature can provide: Authentication Integrity Nonrepudiation The sender uses her private key to encrypt(sign) the message . The receiver on the other hand uses the public key of sender to decrypt the msg. No need to sign the entire document(digest). Digital signature does not provide privacy.
  • 14. Message Digests  Computationally expensive to public-key-encrypt long messages.  Goal: fixed-length, easy to-compute digital “fingerprint”.  apply hash function H to m, get fixed size message digest, H(m).  Hash function properties:  Hashing is one way: digest can only be created from the msg , not vice versa.  Hashing is one to one function: there is little probability that two msg produce same digest.
  • 15. SECURITY AT IP LEVEL  IP Security (ipsec) is a collection of protocols to provide security for a packet at the IP level.  Ipsec requires a logical connection between two hosts using a signalling protocol called Security Association.  An SA connection can be simplex or duplex.  SA is uniquely defined by three elements:  A 32 bit security parameter index (spi),which acts as virtual circuit identifier in connection oriented protocols.  The source ip address.  The type of protocol used- AH,ESP.
  • 16. AUTHENTICATION HEADER (AH)  AH provides authentication , integrity and anti-replay for the entire packet(ip header & data payload).  It does not provide confidentiality , which means it does not encrypt the data.  The data is readable but protected from modification.  Integrity and authentication are provided by placement of AH header between the Ip header and transport layer protocol .  AH uses an ip protocol id of 51 to identify itself in the IP header.
  • 17. AH FIELDS  Next Header: Identifies the next header that uses IP protocol id, ex- value might be 6 to indicate tcp.  Length: indicate length of AH header.  SPI: used in combination with the destination address and security protocol(AH OR ESP) to identify correct security association for the communication.  Sequence no. : provides anti-relay protection. It is a 32 bit number that is never allowed to cycle . The receiver checks this field to verify that a packet with this number has not been received yet. If one is received ,the packet is rejected.  Authentication data: contains integrity check value to verify the integrity of the msg.
  • 18. ENCAPSULATING SECURITY PAYLOAD Provides confidentiality in addition to authentication , integrity and anti-replay. ESP indicates itself in the IP header using IP protocol id of 50. Ex- alice on computer A sends data to bob on computer B. The data payload is encrypted and signed for integrity. Upon receipt the data payload packet is decrypted . Bob can be certain it was really alice who send the data. Also the data is unmodified and no other was able to read it.
  • 19. ESP HEADER AND TRAILER FIELD  SECURITY PARAMETER INDEX (SPI): same as in AH.  Sequence no : same as in AH.  Padding : the variable length field of 0’s serves as padding.  Padding length: indicates the length of the padding field in bytes.  This field is used by the receiver to discard the padding field.  Next header: identifies the type of payload tcp or udp.  Authentication data: contains the integrity check value(icv) and a msg authentication code that is used to verify the sender’s identity and msg integrity.
  • 21. Transport layer security  TLS was designed to provide security at transport layer.  TLS allows two parties to exchange messages in a secure environment. To accomplish this TLS require that  Two parties must agree on 3 protocols : an entity authentication protocol, a message authentication protocol and encrypt/decrypt protocol.  TLS has two layers.  The top layer includes three protocols ,one for session setup(handshaking),one for alerting the other party of unusual situation, and one informing the establishment of security parameters.  The lower layer ,the record protocol ,is used to encapsulate msg from the upper layer.
  • 23. Alert protocol  The alert protocol is used to signal an error or a potential error to other party.  The packet exchanged defines the severity level of the condition.
  • 24. Change cipher spee protocol  This protocol is designed to activate the security services (message authentication and encryption/decryption) after all the agreements are confirmed in the handshake protocol.  After exchanging the one message defined in this protocol ,the two parties can use the services.
  • 25. FIREWALLS  A system or combination of systems that supports an access control policy between two networks.  A firewall can limit the types of transactions that enter a system, as well as the types of transactions that leave a system.  Firewalls can be programmed to stop certain types or ranges of IP addresses, as well as certain types of TCP port numbers (applications).  A packet filter firewall is essentially a router that has been programmed to filter out or allow to pass certain IP addresses or TCP port numbers.  A proxy server is a more advanced firewall that acts as a doorman into a corporate network. Any external transaction that request something from the corporate network must enter through the proxy server.  Proxy servers are more advanced but make external accesses slower.