chapter 5 – authentication and encryption technology
TRANSCRIPT
CHAPTER 5 – AUTHENTICATION AND ENCRYPTION TECHNOLOGY
Content :- Authentication- Cryptographic terminologies- Virtual private network
Authentication
• Authentication is the process in which a user is identified on a device.
• Purpose – to restrict access to network device• It identifies the individual who attempting to
perform a function.• It proves that individual is who he claims to
be.
Authentication• There are 3 types of authentication factors
– Something you know (password)– Something you have (smart card)– Something you are ( fingerprints)
• Importance's of authentication:- Identify of user and system on the network.- Avoid the network and system to public- Validate user- Controlling user who log in the network- Avoid fraud
Authentication
• Various attack can be launched if authentication is not implemented:– Individual attacks caused in damages to individual
organizations– Organizations suffered the greatest financial loss
and damage, when attackers used stolen IDs and passwords
– Losses from stolen IDs and passwords far exceeded damages from worms, viruses, and other attack methods not utilizing logon accounts
Cryptographic terminologies
• Encryption - A process of converting a data into a form that cannot be
easily understood by unauthorized people. • Cipher text - The disguised (encrypted) file or message that could not
been read directly.• Decryption
- Process to convert the cipher text into the plain text. Decryption requires a secret key or password.
• Cryptanalysis- The study of principles and methods of transforming an unintelligible message back into an intelligible message without knowledge of the key.
Key-Based Encryption Algorithms• Symmetric (single-key)
- Use the same key for encryption and decryption. The sender and the receiver need to agree on the key they will use throughout the secure conversation
• Asymmetric (public key)- The sender encrypts the message using the receiver's public key. This public key is known to everyone. The encrypted message is sent to the receiving end, who will decrypt the message with his private key.
Differentiate between symmetric and asymmetric encryption
SYMMETRIC ASYMMETRIC
Cryptographic Protocols and Standards• Domain Name Server Security (DNSSEC)
- This is a protocol for secure distributed name services.• Generic Security Services API (GSSAPI)
- GSSAPI provides an authentication, key exchange, and encryption interface to different cryptographic algorithms and systems.
• Secure Sockets Layer (SSL)- SSL is one of the two protocols for secure WWW connections. WWW security has become important as increasing amounts of sensitive information, such as credit card numbers, are being transmitted over the Internet. -SSL was originally developed by Netscape as an open protocol standard.
• Secure Hypertext Transfer Protocol (SHTTP)- This is another protocol for providing more security for WWW transactions. In many ways it is more flexible than SSL, but due to Netscape's original dominance in the marketplace SSL is in a very strong position.
• IP Security (IPSEC)- While all the above protocols operate on the application layer of the internet, allowing particular programs to communicate on a secure channel in an inherently insecure network, IPSec attempts to make the internet secure in its essence, the internet protocol (IP). A list of RFC's and a full-scale implementation can be found at the
• Security Tokens- A security token (or sometimes a hardware
token, hard token, authentication token, USB token, cryptographic token[) may be a physical device that an authorized user of computer services is given to ease authentication.
VIRTUAL PRIVATE NETWORK
VPN session
• A virtual private network session is an authenticated and encrypted communication channel across some form of public network, such as the Internet.
• Since the network is considered insecure, encryption and authentication are used to protect the data while it is in transit.
VPN Architecture
VPN CLIENT
MAIN OFFICE BRANCH OFFICE
VPN Tunnels and IPsec
• Tunnels- A Tunnel is type of encryption that makes the connection from one point to other point secure.
• IPsec- Internet Protocol Security (IPsec) is a standard based protocol that provides privacy, integrity and authenticity to data that is transferred across a network.
Public Key Infrastructure
• The Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, store and distribute.
• Public key infrastructure (PKI) is a foundation on which other applications, system, and network security components are built.
VPN Usage
• Although VPNs are beginning to be widely deployed, they are being used for two primary applications:
◆ Replacement for dial-in modem pools ◆ Replacement for dedicated WAN links
VPN Product
Features of good VPN product :• Strong authentication• Adequate encryption• Adherence to standards
VPN Devices
Various Devices for a VPN connection:• Firewall-based VPN• Router-based VPN• Dedicated software or hardware.
THANK YOU