1 / 30

Chapter 14

Chapter 14. Network Security: Firewalls and VPNs. O BJECTIVES. Understand how privacy can be achieved through encryption/ decryption. Understand the digital signature concept and how it can be used to provide authentication, integrity, and nonrepudiation.

byron-mccullough
Download Presentation

Chapter 14

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 14 Network Security: FirewallsandVPNs

  2. OBJECTIVES Understand how privacy can be achieved through encryption/ decryption. Understand the digital signature concept and how it can be used to provide authentication, integrity, and nonrepudiation. Understanding firewalls and their use in isolating an organization from intruders. List and distinguish between the four conditions of security. After reading this chapter, the reader should be able to:

  3. OBJECTIVES (continued) Understand the different access control methods. Be familiar with VPN technology and how it provides privacy.

  4. 14.1 INTRODUCTION

  5. Figure 14-1 Aspects of security

  6. 14.2 PRIVACY

  7. Figure 14-2 Secret-key encryption

  8. Note: In secret-key encryption, the same keyis used by the sender (for encryption)and the receiver (for decryption). The key is shared.

  9. Business Focus:DES One common method of secret-key encryption is the data encryption standard (DES). DES was designed by IBM and adopted by the U.S. government as the standard encryption method for nonmilitary and nonclassified use. The algorithm manipulates a 64-bit plaintext with a 56-bit key. The text is put through 19 different and very complex procedures to create a 64-bit ciphertext.

  10. Figure 14-3 Public-key encryption

  11. Technical Focus:RSA One popular public-key encryption technique is called RSA . The technique uses number theory and the fact that it is easy to create two large numbers and multiply them, but difficult to find the original numbers when the product is given. The public key is made of two large numbers (n and e). The private key is made of two numbers (n and d). The encryption algorithm is C=P e mod n The receiver uses the same procedure but with the private key numbers as shown: C=P d mod n

  12. 14.3 DIGITAL SIGNATURE

  13. Figure 14-4 Signing the whole document

  14. Note: Digital signature cannot be achievedusing secret-key encryption.

  15. Note: Digital signature does not provide privacy. If there is a need for privacy, another layer of encryption/decryption must be applied.

  16. Figure 14-5 Signing the digest

  17. Figure 14-6 Sender site

  18. Figure 14-7 Receiver site

  19. 14.4 SECURITY IN THE INTERNET

  20. Technical Focus:Pretty Good Privacy (PGP) Pretty Good Privacy (PGP), invented by Phil Zimmermann, is an example of a security scheme designed to provide all four aspects of security (privacy, integrity, authentication, and nonrepudiation) in the sending of email. PGP uses digital signature to provide integrity, authentication, and non- repudiation. It uses a combination of secret-key and public- key encryption to provide privacy. Specifically, it uses one hash function, one secret key, and two private-public key pairs.

  21. Technical Focus:AH and ESP IPSec uses two protocols: authentication header (AH) and encapsulating security payload (ESP) to achieve security. The authentication header (AH) protocol is designed to provide integrity. The method involves a digital signature using a hashing function. The message digest created by applying the hashing function is included in a header (AH header), and inserted between the IP header and transport-layer data and header. The AH protocol does not provide privacy, only integrity and message authentication (digital signature). IPSec defines another protocol that provides privacy as well as a combination of integrity and message authentication. This protocol is called encapsulating security payload (ESP).

  22. 14.5 FIREWALLS

  23. Figure 14-8 Firewall

  24. Note: A proxy firewall filters at the application layer.

  25. 14.6 VIRTUAL PRIVATE NETWORKS

  26. Figure 14-9 Private network

  27. Figure 14-10 Hybrid network

  28. Figure 14-11 Virtual private network

  29. 14.4 ACCESS CONTROL

  30. Figure 14-12 Access control methods

More Related