1 / 15

Applying Cryptography

FORE SEC Academy Security Essentials (IV). Applying Cryptography. Applications of Encryption. Confidentiality - In Transit - In Storage Authentication & Integrity. Confidentiality in Transit. Private Network - Pro : Dedicated lines and equipment are not shared by others

wenda
Download Presentation

Applying Cryptography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. FORESEC AcademySecurity Essentials (IV) Applying Cryptography

  2. Applications of Encryption • Confidentiality - In Transit - In Storage • Authentication & Integrity

  3. Confidentiality in Transit • Private Network - Pro: Dedicated lines and equipment are not shared by others - Con: Dedicated lines are expensive, grow more so with distance, and are underutilized except at peak

  4. Virtual Private Network (VPN) • Data is encrypted at one end of the VPN from “cleartext” into “ciphertext” • Ciphertext is transmitted over the Internet • Data is decrypted at the other end of the VPN from “ciphertext” back into the original “cleartext”

  5. VPN Advantages • Improved Flexibility - A VPN “tunnel” over the Internet can be set up rapidly. A frame circuit can take weeks. - A good VPN will also support Quality of Service (QoS). • Lowered Cost - There are documented cases of a VPN paying for itself in weeks or months. - There are also cases where the hidden costs sunk the project!

  6. Types of Remote Access • Client VPN - Example: Laptop dial-up connection to remote access server at HQ • Site-to-Site - Example: L.A. office connection to D.C. office location

  7. VPN System Components - Routers - Firewalls - Servers & clients - Encryption - LDAP server - QoS - X.509 digital certificates - Load balancing - Failover & redundancy - Public Key Infrastructure - Key management schemes

  8. Security Implications • Bypassing Firewalls, IDS, Virus scanners, • Web filters • Trusting the “Other End”

  9. IPSec Overview • Issued by IETF as an open standard (RFC 2401) thus promoting multi-vendor interoperability • Enables encrypted communication between users and devices • Implemented transparently into network infrastructure • Scales from small to very large networks • Commonly implemented - most VPN devices and clients are IPSec-compliant

  10. Types of IPSec Headers • Authentication Header (AH) • - Data integrity-no modification of data in transit • - Origin authentication-identifies where data • originated • Encapsulated Security Payload (ESP) • - Data integrity-no modification of data in transit • - Origin authentication-identifies where data originated • - Confidentiality - all data encrypted

  11. Types of IPSec Modes • Tunnel mode: applied to an • IP tunnel • - Outer IP header specifies • IPSec processing • destination • - Inner IP header specifies • ultimate packet • destination • Transport mode: between • two hosts • - Header after IP header, • before TCP/UDP header

  12. Examples of IPSec Encryption • Data Encryption Standard (DES) - 56-bit algorithm • Triple DES (3DES) - The 56-bit DES algorithm run 3 times - 112-bit triple DES includes 2 keys - 168-bit triple DES includes 3 keys

  13. IPSec Key Management • Internet Key Exchange (IKE) • Security Association (SA) • Authenticates peers - Pre-shared keys - Public key cryptography - Digital signatures • Negotiates policy to protect communication • Key exchange - Diffie-Hellman

  14. Examples of Non-IPSec VPNs • Layer 2 Forwarding (L2F) • Layer 2 Tunneling Protocol (L2TP), combines PPTP and L2F • PPP Extensible Authentication Protocol (authentication only, RFC 2284) • SOCKS protocol • PPP • SLIP

  15. Confidentiality in Storage • Pretty Good Privacy (PGP) - Started out in 1991 as a way to bring privacy to a very new, very public communication medium: Email. - Freeware accessible at: http://www.pgpi.org/

More Related