internet security
play

Internet Security Summary ITS335: IT Security Sirindhorn - PowerPoint PPT Presentation

Sep 02, 2023 •183 likes •450 views

ITS335 Internet Security Internet Security Secure Email Internet Security Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20 December 2015 its335y15s2l10,

  1. ITS335 Internet Security Internet Security Secure Email Internet Security Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20 December 2015 its335y15s2l10, Steve/Courses/2015/s2/its335/lectures/internet.tex, r4287 1/25

  2. ITS335 Contents Internet Security Internet Security Secure Email Summary Internet Security Secure Email Summary 2/25

  3. ITS335 Internet Security Internet Security ◮ Many Internet protocols were designed assuming Internet Security trustworthy links, networks and devices Secure Email ◮ No security mechanisms built in to: IP, TCP, UDP, Summary HTTP, SMTP, . . . ◮ As networks/devices became less trustworthy, extensions were developed to add security to existing protocols and applications: IPsec, TLS, PGP, . . . ◮ Securing communications across the Internet can be performed at different layers: ◮ Application, transport, network, link 3/25

  4. Internet Topology and Stack Example

  5. Application Level Security: Application-Specific

  6. ITS335 Application Level Security Internet Security Application (protocol) implements its own security Internet Security mechanisms Secure Email Examples Summary ◮ SSH, Email (OpenPGP, S/MIME), DNSSEC, . . . Advantages ◮ Host-to-host encryption ◮ Independent of operating system security features Disadvantages ◮ Each application must implement common security mechanisms 6/25

  7. Transport Level Security: TLS/SSL

  8. ITS335 Transport Level Security Internet Security Application uses OS provided library for security Internet Security Examples Secure Email Summary ◮ TLS/SSL for TCP-based applications, e.g. HTTPS, IMAPS, FTPS, SMTPS ◮ DTLS, SRTP for other transport protocols Advantages ◮ Host-to-host encryption ◮ Simpler applications; no need to implement complex security mechanisms Disadvantages ◮ Only applies for specific transport protocols ◮ Applications must be implemented to use OS API 8/25

  9. Network Level Security: IPsec End-to-End

  10. ITS335 Network Level Security Internet Security Computer configured to apply security mechanisms to IP Internet Security packets Secure Email Examples Summary ◮ IPsec Advantages ◮ Supports all applications and transport protocols ◮ Can be host-to-host encryption Disadvantages ◮ Requires support and configuration in OS Commonly used in tunnelling mode 10/25

  11. Network Level Security: IPsec Host-to-Router

  12. Network Level Security: IPsec Router-to-Router

  13. ITS335 Network Level Security: Tunnelling Internet Security ◮ Tunnelling: packets at one layer are encapsulated into Internet Security packets at the same layer Secure Email ◮ Network layer: IP-in-IP, IP-in-IPsec Summary ◮ Application layer: SSH ◮ Data link layer: PPTP, L2TP ◮ Create a Virtual Private Network ◮ Support and configuration of security mechanisms can be provided on routers, rather than hosts ◮ Does not provide end-to-end encryption 13/25

  14. Link Level Security: WPA

  15. ITS335 Link Level Security Internet Security Examples Internet Security Secure Email ◮ WEP/WPA in wireless LANs, Bluetooth, ZigBee Summary encryption, GSM A3/A5/A8, . . . Advantages ◮ Applies to all data sent across link, independent of application, transport, network protocols Disadvantages ◮ Encryption only across the link ◮ Requires configuration of both link end-points 15/25

  16. ITS335 Contents Internet Security Internet Security Secure Email Summary Internet Security Secure Email Summary 16/25

  17. ITS335 Secure Email Internet Security ◮ Email messages originally only text with pre-defined Internet Security headers (To, From Subject, CC, . . . ) Secure Email ◮ Multipurpose Internet Mail Extensions (MIME) allows Summary for different message and header formats: different character sets, attachments, new headers ◮ Secure email requirements: 1. Authentication: receiver can confirm the actual sender, and that content is not modified 2. Confidentiality: only sender/receiver can read the contents ◮ Two common ways to implement secure email: 1. S/MIME 2. OpenPGP ◮ Both use similar approach: sender signs message with private key, encrypts message with symmetric key encryption using a secret key, and encrypts the secret key using recipients public key 17/25

  18. ITS335 OpenPGP Internet Security ◮ Pretty Good Privacy (PGP) developed by Phil Internet Security Zimmerman in 1991 Secure Email ◮ IETF standardised as OpenPGP Summary ◮ One of first and most widely used applications of public-key cryptography ◮ Implementations: ◮ Original by Zimmerman: Symantec ◮ GNU Privacy Guard (GPG) ◮ Many email clients (either direct or through plugins, e.g. Enigmail, GPG4Win) ◮ OpenPGP vs S/MIME: ◮ OpenPGP: public keys distributed informally: phone, websites, email ◮ S/MIME: public keys distrubuted as X.509 digital certificates 18/25

  19. ITS335 PGP Operation: Concept Internet Security Internet Security Secure Email Summary Credit:xaedes & jfreax & Acdx, Wikimedia Commons, CC Attribution-Share Alike 3.0 19/25

  20. ITS335 PGP Operation: Message Generation at A Internet Security Internet Security Secure Email Summary Credit: Figure 18.5 in Stallings, Cryptography and Network Security , 5th Ed., Pearson 2011 20/25

  21. ITS335 PGP Operation: Message Reception at B Internet Security Internet Security Secure Email Summary Credit: Figure 18.6 in Stallings, Cryptography and Network Security , 5th Ed., Pearson 2011 21/25

  22. ITS335 Contents Internet Security Internet Security Secure Email Summary Internet Security Secure Email Summary 22/25

  23. ITS335 Key Points Internet Security ◮ Many Internet protocols have extensions to support Internet Security secure communications Secure Email ◮ Can apply security mechanisms at different layers: Summary application, transport, network, link ◮ Trade-offs between: complexity of applications, host-to-host encryption, required support in devices ◮ VPNs allow for connecting to networks and offering services as if you were physically attached to that network ◮ HTTPS used for web security ◮ OpenPGP and S/MIME common for email security 23/25

  24. ITS335 Security Issues Internet Security ◮ Key distribution: must be sure public key is correct Internet Security ◮ Man-in-the-middle attacks are possible if public keys are Secure Email not authentic Summary ◮ Different support of algorithms/protocols by devices, operating systems and applications ◮ Bugs in implementations create security vulnerabilities 24/25

  25. ITS335 Areas To Explore Internet Security ◮ Application level security: DNSSEC, OpenPGP and Internet Security S/MIME Secure Email ◮ Virtual private networks with IPsec, L2TP, PPTP and Summary others ◮ Trust levels with public key distrubtion 25/25

Recommend

The Internet Security Alliance The Internet Security Alliance is a collaborative effort with

The Internet Security Alliance The Internet Security Alliance is a collaborative effort with

The Internet Security Alliance The Internet Security Alliance is a collaborative effort with Carnegie Mellon University. It is a cross-sector, internationally- based trade association devoted to cyber security. ISA has individual corporate

349 views • 30 slides
Communication security over the Internet The big picture Me Internet Resource Internet

Communication security over the Internet The big picture Me Internet Resource Internet

Communication security over the Internet The big picture Me Internet Resource Internet Server Client Attack vectors MAN DNS LAN Client Internet Back Bone Router Networking WWW overview MITM (Man In The Middle) 3 2 4 5 LAN

244 views • 23 slides
Network Security Architecture 1 Additional Reading Firewalls and Internet Security:

Network Security Architecture 1 Additional Reading Firewalls and Internet Security:

Network Security Architecture 1 Additional Reading Firewalls and Internet Security: Repelling the Wily Hacker, Cheswick, Bellovin, and Rubin. New second edition Firewall and Internet Security, the Second Hundred (Internet)

801 views • 78 slides
The Internet Security Alliance The Internet Security Alliance is a collaborative effort between

The Internet Security Alliance The Internet Security Alliance is a collaborative effort between

The Internet Security Alliance The Internet Security Alliance is a collaborative effort between Carnegie Mellon Universitys Software Engineering Institute (SEI) and its CERT Coordination Center (CERT/CC) and the Electronic Industries Alliance

294 views • 10 slides
Internet Security HTTPS SSH CSS441: Security and Cryptography Sirindhorn International

Internet Security HTTPS SSH CSS441: Security and Cryptography Sirindhorn International

CSS441 Internet Security Web Security TLS/SSL Internet Security HTTPS SSH CSS441: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20 December 2015

832 views • 32 slides
Internet of Things Security A Survey by Avi Webberman Outline What is the Internet of Things

Internet of Things Security A Survey by Avi Webberman Outline What is the Internet of Things

Internet of Things Security A Survey by Avi Webberman Outline What is the Internet of Things (IoT)? Why is IoT Security so Important? Dyn DDOS Attack What are the security challenges of an IoT network? A Proposed Taxonomy

176 views • 14 slides
Outline Preliminaries: Internet protocols, PKI, X.509, Encoding Internet Security

Outline Preliminaries: Internet protocols, PKI, X.509, Encoding Internet Security

Outline Preliminaries: Internet protocols, PKI, X.509, Encoding Internet Security Protocols Application layer security (email) PGP, S/MIME Transport layer security Bart Preneel SSL / TLS June 2003 Network layer

571 views • 19 slides
ICANN & Internet Security (DNS) Security Albert Daniels Albert.daniels@icann.og Internet

ICANN & Internet Security (DNS) Security Albert Daniels Albert.daniels@icann.og Internet

ICANN & Internet Security (DNS) Security Albert Daniels Albert.daniels@icann.og Internet Week Guyana 11 th October 2017 | 1 What Does ICANN Mean for the End User? POLIC Y The Domain Name System Policy Development is an L-Root is one

636 views • 32 slides
The Economy is reliant on the Internet The state of Internet security is eroding quickly. Trust

The Economy is reliant on the Internet The state of Internet security is eroding quickly. Trust

The Economy is reliant on the Internet The state of Internet security is eroding quickly. Trust in online transactions is evaporating, and it will require strong security leadership for that trust to be restored. For the Internet to remain the

433 views • 29 slides
COMPUTER-INTERNET SECURITY How am I vulnerable? 1 COMPUTER-INTERNET SECURITY Virus

COMPUTER-INTERNET SECURITY How am I vulnerable? 1 COMPUTER-INTERNET SECURITY Virus

COMPUTER-INTERNET SECURITY How am I vulnerable? 1 COMPUTER-INTERNET SECURITY Virus Worm Trojan Spyware Adware Messenger Service 2 VIRUS VIRUS A virus must meet two A computer virus is a small criteria:

525 views • 23 slides
Advanced Systems Security Retrofitting for Security Trent Jaeger Systems and Internet

Advanced Systems Security Retrofitting for Security Trent Jaeger Systems and Internet

Advanced Systems Security Retrofitting for Security Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and Engineering Department Pennsylvania State University Systems and Internet Infrastructure Security

370 views • 33 slides
Compiler Infrastructure Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1

Compiler Infrastructure Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Compiler Infrastructure Systems and Internet Infrastructure Security

603 views • 23 slides
Namespaces Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1 Outline Sects

Namespaces Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1 Outline Sects

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Namespaces Systems and Internet Infrastructure Security (SIIS)

1.13k views • 49 slides
Larry Clinton President & CEO Internet Security Alliance lclinton@ISAlliance.org

Larry Clinton President & CEO Internet Security Alliance lclinton@ISAlliance.org

Larry Clinton President & CEO Internet Security Alliance lclinton@ISAlliance.org 703-907-7028 202-236-0001 Cyber Security and the Economy The state of Internet security is eroding quickly. Trust in online transactions is evaporating,

321 views • 18 slides
CMPSC 497 Security Basics Trent Jaeger Systems and Internet Infrastructure Security (SIIS)

CMPSC 497 Security Basics Trent Jaeger Systems and Internet Infrastructure Security (SIIS)

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA CMPSC 497 Security Basics Trent Jaeger Systems and Internet

397 views • 28 slides
Advanced Systems Security: Internet of Things Trent Jaeger Systems and Internet

Advanced Systems Security: Internet of Things Trent Jaeger Systems and Internet

Advanced Systems Security: Internet of Things Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Penn State University Systems and Internet Infrastructure Security Laboratory (SIIS) Page 1 Connecting Things Product

553 views • 33 slides
Internet Security Certficate Extensions and Attributes Supporting Authentication in PPP and

Internet Security Certficate Extensions and Attributes Supporting Authentication in PPP and

Internet Security Certficate Extensions and Attributes Supporting Authentication in PPP and Wireless LAN Daniel Schwarz Nrnberg, Internet Security Dozent: Prof. Dr. Trommler 27.April 2004 Overview: 1. Introduction I. PKIX 2. Basics

560 views • 35 slides
Advanced Systems Security: Introduction to OS Security Trent Jaeger Systems and Internet

Advanced Systems Security: Introduction to OS Security Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Introduction to OS Security Trent

770 views • 28 slides
Larry Clinton Operations Officer Internet Security Alliance lclinton@ISAlliance.org

Larry Clinton Operations Officer Internet Security Alliance lclinton@ISAlliance.org

Larry Clinton Operations Officer Internet Security Alliance lclinton@ISAlliance.org 703-907-7028 202-236-0001 The Internet Security Alliance The Internet Security Alliance is a collaborative effort between Carnegie Mellon Universitys

433 views • 21 slides
Larry Clinton Operations Officer Internet Security Alliance lclinton@isalliance.org

Larry Clinton Operations Officer Internet Security Alliance lclinton@isalliance.org

Larry Clinton Operations Officer Internet Security Alliance lclinton@isalliance.org 703-907-7028 202-236-0001 The Internet Security Alliance The Internet Security Alliance is a collaborative effort between Carnegie Mellon Universitys

314 views • 12 slides
Security and Networking Basics Security and Networking Basics Internet Security [1] VU Engin

Security and Networking Basics Security and Networking Basics Internet Security [1] VU Engin

Security and Networking Basics Security and Networking Basics Internet Security [1] VU Engin Kirda engin@infosys.tuwien.ac.at Christopher Kruegel chris@auto.tuwien.ac.at Outline Introduction and Motivation Security Threats Open

725 views • 46 slides
Constraint Solving Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1 Outline

Constraint Solving Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1 Outline

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Constraint Solving Systems and Internet Infrastructure Security (SIIS)

455 views • 18 slides
Detecting Security Problems and Internet Measurement Evaluating Security Solutions The

Detecting Security Problems and Internet Measurement Evaluating Security Solutions The

Detecting Security Problems and Internet Measurement Evaluating Security Solutions The Internet as a whole is poorly CS 239 measured Advanced Topics in Network And, hence, poorly understood Security No existing network-wide

354 views • 4 slides
Internet Infrastructure Security Internet Infrastructure Security Simon Fraser University Scott

Internet Infrastructure Security Internet Infrastructure Security Simon Fraser University Scott

Internet Infrastructure Security Internet Infrastructure Security Simon Fraser University Scott Wakelin 4/27/2004 1 Road Map Road Map Project Goals and Overview Project Status Network Infrastructure ISP Topology ISP

554 views • 30 slides

More recommend