SlideShare a Scribd company logo

Network Security Applications Guide

Hatem Mahmoud
Hatem Mahmoud

A quick presentation with a brief introduction, an example of an authentication application, Kerberos, and a web security standard, SSL/TLS.

TechnologyEducation
1 of 40
Download to read offline
Network Security Applications Hatem Mahmoud hatem@expressionlab.com
Agenda ▪ Introduction ▪ An Authentication Application ▪ A Web Security Standard ▪ Summary ▪ References Network Security Applications 2
Introduction Network Security Applications 3
Introduction Network security applications: ▪ Authentication Applications (Kerberos) ▪ Web Security Standards (SSL/TLS) ▪ Email Security ▪ IP Security Network Security Applications 4
Kerberos An Authentication Application Network Security Applications 5
Kerberos Overview ▪ Kerberos is a trusted third-party authentication protocol designed for TCP/IP networks (developed at MIT) ▪ A Kerberos service on the network acts as a trusted arbitrator ▪ Kerberos allows clients to access different entities (clients/servers) on the network Network Security Applications 6
Kerberos The Kerberos Model ▪ Kerberos keeps a database of clients and their secret keys ▪ Services requiring authentication, as well as their clients, register their secret keys with Kerberos Network Security Applications 7
Kerberos The Kerberos Model ▪ Kerberos creates a shared session key and gives it to client and server (or two clients) to encrypt messages ▪ Kerberos uses DES for encryption ▪ Kerberos Version 4 provided a weak nonstandard mode for authentication ▪ Kerberos Version 5 uses CBC mode Network Security Applications 8
Kerberos How Kerberos Works 1. A client requests a ticket for a TGS (Ticket- Granting Service) from Kerberos 2. Kerberos sends the ticket to the client, encrypted in client’s secret key 3. To use a particular service, client requests a ticket from TGS 4. TGS issues and send a ticket to the client, encrypted with server's secret key Network Security Applications 9
Kerberos How Kerberos Works - The ticket is used by server to ensure that it is the same client to whom the ticket was issued - Client can use the ticket multiple times to access the server until the ticket expires 5. Client presents ticket to server with an authenticator (the authenticator contains client’s name and a timestamp, encrypted with the shared session key) Network Security Applications 10
Kerberos How Kerberos Works - Unlike a ticket, an authenticator can only be used once - The client can generate authenticators as needed using the shared secret key 6. If client credentials (ticket + authenticator) are correct, server provides access to service Network Security Applications 11
Kerberos How Kerberos Works Kerberos TGS 2 3 1 4 Client Server 5 Network Security Applications 12
Kerberos Security of Kerberos  It may be possible to cache and replay old authenticators. Although timestamps are supposed to prevent this, replays can be done during the lifetime of the ticket  Authenticators assume all clocks in the network are synchronized. If a host is fooled about the correct time, an old authenticator can be replayed Network Security Applications 13
Kerberos Security of Kerberos  Password-guessing attacks: an intruder can collect tickets and then try to decrypt them. The average user doesn’t usually choose good passwords  Malicious software: Kerberos rely on that its software is trustworthy. It is possible to replace all client Kerberos software with a version that records passwords Network Security Applications 14
Kerberos Security of Kerberos  New enhancements to Kerberos include an implementation of public-key cryptography and a smart-card interface for key management Network Security Applications 15
SSL/TLS A Web Security Standard Network Security Applications 16
SSL/TLS Overview Web security threats: ▪ Location ● Server or client (System Security) ● Network traffic (Web Security) ▪ Type ● Passive attacks ● Active attacks Network Security Applications 17
SSL/TLS Overview ▪ Passive attacks include accessing network traffic between browser and server, accessing restricted information on a website, etc. ▪ Active attacks includes impersonating another user, altering messages in traffic, altering information on a website, etc. Network Security Applications 18
SSL/TLS Overview ▪ Netscape originated the SSL (Secure Socket Layer) protocol to provide a reliable secure service on TCP ▪ TLS (Transport Layer Service) is the Internet standard version of SSL ▪ TLS is very similar to SSLv3 Network Security Applications 19
SSL/TLS Connections and Sessions ▪ A connection is a transport that provides a suitable type of service ▪ An session is an association between a client and a server ▪ Sessions define a set security parameters which can be shared among multiple connections Network Security Applications 20
SSL/TLS Connections and Sessions ▪ A number of states are associated with each session ▪ During the handshake, pending read and write states are created ▪ Upon successful conclusion of the handshake, the pending states become the current states Network Security Applications 21
SSL/TLS SSL Architecture ▪ Layer1 (provides basic security services to higher-layer protocols such as HTTP): ● Record Protocol ▪ Layer 2 (manages SSL exchanges): ● Handshake Protocol ● Change Cipher Spec Protocol ● Alert Protocol Network Security Applications 22
SSL/TLS SSL Architecture Network Security Applications 23
SSL/TLS 1. Record Protocol Provides: ▪ Confidentiality: a shared secret key is used for encryption ▪ Message Integrity: a shared secret key is used to form a MAC (message authentication code) Network Security Applications 24
SSL/TLS 1. Record Protocol 1)Fragments data into blocks 2)Compresses the data (optional) 3)Applies a MAC 4)Encrypts using a symmetric encryption such as AES and RC4 5)Adds a header (length, SSL version, etc.) 6)Transmits in a TCP segment Network Security Applications 25
SSL/TLS 1. Record Protocol Received data are: 1)Decrypted 2)Verified 3)Decompressed 4)Reassembled 5)Delivered to higher levels Network Security Applications 26
SSL/TLS 1. Record Protocol Network Security Applications 27
SSL/TLS 2. Handshake Protocol  Used before any data is transmitted  Allows the server and client to authenticate each other through a series of messages. Each message has:  Type: one of 10 types  Length: length in bytes  Content: session id, version, hash, etc. Network Security Applications 28
SSL/TLS 2. Handshake Protocol Network Security Applications 29
SSL/TLS 2. Handshake Protocol Network Security Applications 30
SSL/TLS 3. Change Cipher Spec  Consists of a single message which consists of a single byte with the value 1  Copies the pending state into the current state, which updates the cipher suite to be used on this connection Network Security Applications 31
SSL/TLS 4. Alert Protocol  Conveys SSL-related alert messages  Each message consists of two bytes: ● Severity – Warning (1): certificate_expired, etc. – Fatal (2) - terminates the connection: handshake_failure, bad_record_mac, etc. ● Code Network Security Applications 32
SSL/TLS SSL Protocols Network Security Applications 33
SSL/TLS TLS vs SSLv3 Differences include:  Version number: 3.x vs 3  MAC algorithm  Pseudorandom function for key generation and validation  Alert Codes Network Security Applications 34
Summary Network Security Applications 35
Summary ▪ Kerberos is a trusted third-party authentication protocol that enables clients and servers to establish authenticated communication ▪ SSL provides security services between TCP and applications that use TCP ▪ TLS is the Internet standard version Network Security Applications 36
Summary ▪ SSL/TLS provides confidentiality using symmetric encryption and message integrity using a MAC ▪ SSL/TLS enables two TCP users to determine the security mechanisms and services they will use Network Security Applications 37
References Network Security Applications 38
References ▪ Cryptography and Network Security Principles and Practices, 4th Edition, William Stallings ▪ Applied Cryptography, 2nd Edition, Bruce Schneier Network Security Applications 39
Thank You! Hatem Mahmoud hatem@expressionlab.com Network Security Applications 40

Recommended

Security in cloud computing
Security in cloud computingSecurity in cloud computing
Security in cloud computingveena venugopal
 
Network security
Network security Network security
Network security Madhumithah Ilango
 
Cloud security
Cloud securityCloud security
Cloud securityNiharika Varshney
 
Cloud security
Cloud securityCloud security
Cloud securityBikashPokharel3
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptxMoshe Ferber
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)Arun Shukla
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Radar Cyber Security
 

Recommended

Security in cloud computing
Security in cloud computingSecurity in cloud computing
Security in cloud computingveena venugopal
 
Network security
Network security Network security
Network security Madhumithah Ilango
 
Cloud security
Cloud securityCloud security
Cloud securityNiharika Varshney
 
Cloud security
Cloud securityCloud security
Cloud securityBikashPokharel3
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptxMoshe Ferber
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)Arun Shukla
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Radar Cyber Security
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
Cyber security
Cyber security Cyber security
Cyber security Sachith Lekamge
 
Digital Signature
Digital SignatureDigital Signature
Digital SignatureMohamed Talaat
 
Computer Security Lecture 1: Overview
Computer Security Lecture 1: OverviewComputer Security Lecture 1: Overview
Computer Security Lecture 1: OverviewMohamed Loey
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAWS User Group Bengaluru
 
Web Security
Web SecurityWeb Security
Web SecurityDr.Florence Dayana
 
Key management
Key managementKey management
Key managementSujata Regoti
 
Wireless Networking Security
Wireless Networking SecurityWireless Networking Security
Wireless Networking SecurityAnshuman Biswal
 
Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Ali Raw
 
Cyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in DepthCyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in DepthMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101Cybersecurity Education and Research Centre
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architectureVladimir Jirasek
 
Ch06 Wireless Network Security
Ch06 Wireless Network SecurityCh06 Wireless Network Security
Ch06 Wireless Network SecurityInformation Technology
 
Mobile security
Mobile securityMobile security
Mobile securitydilipdubey5
 
Cyber security
Cyber securityCyber security
Cyber securityManjushree Mashal
 
Cloud Computing Security Challenges
Cloud Computing Security ChallengesCloud Computing Security Challenges
Cloud Computing Security ChallengesYateesh Yadav
 
Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets LayerNascenia IT
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)Kalpesh Kalekar
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLSDr Anjan Krishnamurthy
 
SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )Monodip Singha Roy
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYMonodip Singha Roy
 

More Related Content

What's hot

Network security
Network securityNetwork security
Network securityEstiak Khan
 
Computer Security Lecture 1: Overview
Computer Security Lecture 1: OverviewComputer Security Lecture 1: Overview
Computer Security Lecture 1: OverviewMohamed Loey
 
Wireless Networking Security
Wireless Networking SecurityWireless Networking Security
Wireless Networking SecurityAnshuman Biswal
 
Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Ali Raw
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architectureVladimir Jirasek
 
Cloud Computing Security Challenges
Cloud Computing Security ChallengesCloud Computing Security Challenges
Cloud Computing Security ChallengesYateesh Yadav
 
Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets LayerNascenia IT
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)Kalpesh Kalekar
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 

What's hot (20)

Network security
Network securityNetwork security
Network security
 
Cyber security
Cyber security Cyber security
Cyber security
 
Digital Signature
Digital SignatureDigital Signature
Digital Signature
 
Computer Security Lecture 1: Overview
Computer Security Lecture 1: OverviewComputer Security Lecture 1: Overview
Computer Security Lecture 1: Overview
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Web Security
Web SecurityWeb Security
Web Security
 
Key management
Key managementKey management
Key management
 
Wireless Networking Security
Wireless Networking SecurityWireless Networking Security
Wireless Networking Security
 
Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)
 
Cyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in DepthCyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in Depth
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
 
Ch06 Wireless Network Security
Ch06 Wireless Network SecurityCh06 Wireless Network Security
Ch06 Wireless Network Security
 
Mobile security
Mobile securityMobile security
Mobile security
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cloud Computing Security Challenges
Cloud Computing Security ChallengesCloud Computing Security Challenges
Cloud Computing Security Challenges
 
Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets Layer
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLS
 

Similar to Network Security Applications Guide

SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )Monodip Singha Roy
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYMonodip Singha Roy
 
Network Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr ShivashankarNetwork Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr ShivashankarDr. Shivashankar
 
Network Security_Module_2.pdf
Network Security_Module_2.pdfNetwork Security_Module_2.pdf
Network Security_Module_2.pdfDr. Shivashankar
 
Lecture 6 web security
Lecture 6 web securityLecture 6 web security
Lecture 6 web securityrajakhurram
 
ssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptxssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptxjithu26327
 
SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layerAhmed Elnaggar
 
BSET_Lecture_Crypto and SSL_Overview_FINAL
BSET_Lecture_Crypto and SSL_Overview_FINALBSET_Lecture_Crypto and SSL_Overview_FINAL
BSET_Lecture_Crypto and SSL_Overview_FINALGlenn Haley
 
SecureSocketLayer.ppt
SecureSocketLayer.pptSecureSocketLayer.ppt
SecureSocketLayer.pptPranavUndre1
 
VULNERABILITIES OF THE SSL/TLS PROTOCOL
VULNERABILITIES OF THE SSL/TLS PROTOCOLVULNERABILITIES OF THE SSL/TLS PROTOCOL
VULNERABILITIES OF THE SSL/TLS PROTOCOLcscpconf
 
Vulnerabilities of the SSL/TLS Protocol
Vulnerabilities of the SSL/TLS ProtocolVulnerabilities of the SSL/TLS Protocol
Vulnerabilities of the SSL/TLS Protocolcsandit
 
ch22.ppt
ch22.pptch22.ppt
ch22.pptImXaib
 
SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf
SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdfSECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf
SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdfNiharikaDubey17
 
BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4limsh
 

Similar to Network Security Applications Guide (20)

SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
 
Network Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr ShivashankarNetwork Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr Shivashankar
 
Network Security_Module_2.pdf
Network Security_Module_2.pdfNetwork Security_Module_2.pdf
Network Security_Module_2.pdf
 
Lecture 6 web security
Lecture 6 web securityLecture 6 web security
Lecture 6 web security
 
Secure socket later
Secure socket laterSecure socket later
Secure socket later
 
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level SecurityCRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
 
ssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptxssl-tls-ipsec-vpn.pptx
ssl-tls-ipsec-vpn.pptx
 
SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layer
 
BSET_Lecture_Crypto and SSL_Overview_FINAL
BSET_Lecture_Crypto and SSL_Overview_FINALBSET_Lecture_Crypto and SSL_Overview_FINAL
BSET_Lecture_Crypto and SSL_Overview_FINAL
 
SecureSocketLayer.ppt
SecureSocketLayer.pptSecureSocketLayer.ppt
SecureSocketLayer.ppt
 
VULNERABILITIES OF THE SSL/TLS PROTOCOL
VULNERABILITIES OF THE SSL/TLS PROTOCOLVULNERABILITIES OF THE SSL/TLS PROTOCOL
VULNERABILITIES OF THE SSL/TLS PROTOCOL
 
Vulnerabilities of the SSL/TLS Protocol
Vulnerabilities of the SSL/TLS ProtocolVulnerabilities of the SSL/TLS Protocol
Vulnerabilities of the SSL/TLS Protocol
 
Unit 6
Unit 6Unit 6
Unit 6
 
ssl
sslssl
ssl
 
Secure Socket Layer.pptx
Secure Socket Layer.pptxSecure Socket Layer.pptx
Secure Socket Layer.pptx
 
ch22.ppt
ch22.pptch22.ppt
ch22.ppt
 
SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf
SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdfSECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf
SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf
 
BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4
 
What is TLS/SSL?
What is TLS/SSL? What is TLS/SSL?
What is TLS/SSL?
 

Recently uploaded

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 

Recently uploaded (20)

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 

Network Security Applications Guide

  • 1. Network Security Applications Hatem Mahmoud hatem@expressionlab.com
  • 2. Agenda ▪ Introduction ▪ An Authentication Application ▪ A Web Security Standard ▪ Summary ▪ References Network Security Applications 2
  • 4. Introduction Network security applications: ▪ Authentication Applications (Kerberos) ▪ Web Security Standards (SSL/TLS) ▪ Email Security ▪ IP Security Network Security Applications 4
  • 5. Kerberos An Authentication Application Network Security Applications 5
  • 6. Kerberos Overview ▪ Kerberos is a trusted third-party authentication protocol designed for TCP/IP networks (developed at MIT) ▪ A Kerberos service on the network acts as a trusted arbitrator ▪ Kerberos allows clients to access different entities (clients/servers) on the network Network Security Applications 6
  • 7. Kerberos The Kerberos Model ▪ Kerberos keeps a database of clients and their secret keys ▪ Services requiring authentication, as well as their clients, register their secret keys with Kerberos Network Security Applications 7
  • 8. Kerberos The Kerberos Model ▪ Kerberos creates a shared session key and gives it to client and server (or two clients) to encrypt messages ▪ Kerberos uses DES for encryption ▪ Kerberos Version 4 provided a weak nonstandard mode for authentication ▪ Kerberos Version 5 uses CBC mode Network Security Applications 8
  • 9. Kerberos How Kerberos Works 1. A client requests a ticket for a TGS (Ticket- Granting Service) from Kerberos 2. Kerberos sends the ticket to the client, encrypted in client’s secret key 3. To use a particular service, client requests a ticket from TGS 4. TGS issues and send a ticket to the client, encrypted with server's secret key Network Security Applications 9
  • 10. Kerberos How Kerberos Works - The ticket is used by server to ensure that it is the same client to whom the ticket was issued - Client can use the ticket multiple times to access the server until the ticket expires 5. Client presents ticket to server with an authenticator (the authenticator contains client’s name and a timestamp, encrypted with the shared session key) Network Security Applications 10
  • 11. Kerberos How Kerberos Works - Unlike a ticket, an authenticator can only be used once - The client can generate authenticators as needed using the shared secret key 6. If client credentials (ticket + authenticator) are correct, server provides access to service Network Security Applications 11
  • 12. Kerberos How Kerberos Works Kerberos TGS 2 3 1 4 Client Server 5 Network Security Applications 12
  • 13. Kerberos Security of Kerberos  It may be possible to cache and replay old authenticators. Although timestamps are supposed to prevent this, replays can be done during the lifetime of the ticket  Authenticators assume all clocks in the network are synchronized. If a host is fooled about the correct time, an old authenticator can be replayed Network Security Applications 13
  • 14. Kerberos Security of Kerberos  Password-guessing attacks: an intruder can collect tickets and then try to decrypt them. The average user doesn’t usually choose good passwords  Malicious software: Kerberos rely on that its software is trustworthy. It is possible to replace all client Kerberos software with a version that records passwords Network Security Applications 14
  • 15. Kerberos Security of Kerberos  New enhancements to Kerberos include an implementation of public-key cryptography and a smart-card interface for key management Network Security Applications 15
  • 16. SSL/TLS A Web Security Standard Network Security Applications 16
  • 17. SSL/TLS Overview Web security threats: ▪ Location ● Server or client (System Security) ● Network traffic (Web Security) ▪ Type ● Passive attacks ● Active attacks Network Security Applications 17
  • 18. SSL/TLS Overview ▪ Passive attacks include accessing network traffic between browser and server, accessing restricted information on a website, etc. ▪ Active attacks includes impersonating another user, altering messages in traffic, altering information on a website, etc. Network Security Applications 18
  • 19. SSL/TLS Overview ▪ Netscape originated the SSL (Secure Socket Layer) protocol to provide a reliable secure service on TCP ▪ TLS (Transport Layer Service) is the Internet standard version of SSL ▪ TLS is very similar to SSLv3 Network Security Applications 19
  • 20. SSL/TLS Connections and Sessions ▪ A connection is a transport that provides a suitable type of service ▪ An session is an association between a client and a server ▪ Sessions define a set security parameters which can be shared among multiple connections Network Security Applications 20
  • 21. SSL/TLS Connections and Sessions ▪ A number of states are associated with each session ▪ During the handshake, pending read and write states are created ▪ Upon successful conclusion of the handshake, the pending states become the current states Network Security Applications 21
  • 22. SSL/TLS SSL Architecture ▪ Layer1 (provides basic security services to higher-layer protocols such as HTTP): ● Record Protocol ▪ Layer 2 (manages SSL exchanges): ● Handshake Protocol ● Change Cipher Spec Protocol ● Alert Protocol Network Security Applications 22
  • 23. SSL/TLS SSL Architecture Network Security Applications 23
  • 24. SSL/TLS 1. Record Protocol Provides: ▪ Confidentiality: a shared secret key is used for encryption ▪ Message Integrity: a shared secret key is used to form a MAC (message authentication code) Network Security Applications 24
  • 25. SSL/TLS 1. Record Protocol 1)Fragments data into blocks 2)Compresses the data (optional) 3)Applies a MAC 4)Encrypts using a symmetric encryption such as AES and RC4 5)Adds a header (length, SSL version, etc.) 6)Transmits in a TCP segment Network Security Applications 25
  • 26. SSL/TLS 1. Record Protocol Received data are: 1)Decrypted 2)Verified 3)Decompressed 4)Reassembled 5)Delivered to higher levels Network Security Applications 26
  • 27. SSL/TLS 1. Record Protocol Network Security Applications 27
  • 28. SSL/TLS 2. Handshake Protocol  Used before any data is transmitted  Allows the server and client to authenticate each other through a series of messages. Each message has:  Type: one of 10 types  Length: length in bytes  Content: session id, version, hash, etc. Network Security Applications 28
  • 29. SSL/TLS 2. Handshake Protocol Network Security Applications 29
  • 30. SSL/TLS 2. Handshake Protocol Network Security Applications 30
  • 31. SSL/TLS 3. Change Cipher Spec  Consists of a single message which consists of a single byte with the value 1  Copies the pending state into the current state, which updates the cipher suite to be used on this connection Network Security Applications 31
  • 32. SSL/TLS 4. Alert Protocol  Conveys SSL-related alert messages  Each message consists of two bytes: ● Severity – Warning (1): certificate_expired, etc. – Fatal (2) - terminates the connection: handshake_failure, bad_record_mac, etc. ● Code Network Security Applications 32
  • 33. SSL/TLS SSL Protocols Network Security Applications 33
  • 34. SSL/TLS TLS vs SSLv3 Differences include:  Version number: 3.x vs 3  MAC algorithm  Pseudorandom function for key generation and validation  Alert Codes Network Security Applications 34
  • 36. Summary ▪ Kerberos is a trusted third-party authentication protocol that enables clients and servers to establish authenticated communication ▪ SSL provides security services between TCP and applications that use TCP ▪ TLS is the Internet standard version Network Security Applications 36
  • 37. Summary ▪ SSL/TLS provides confidentiality using symmetric encryption and message integrity using a MAC ▪ SSL/TLS enables two TCP users to determine the security mechanisms and services they will use Network Security Applications 37
  • 39. References ▪ Cryptography and Network Security Principles and Practices, 4th Edition, William Stallings ▪ Applied Cryptography, 2nd Edition, Bruce Schneier Network Security Applications 39
  • 40. Thank You! Hatem Mahmoud hatem@expressionlab.com Network Security Applications 40