Scribd Logo
Importer

Bienvenue sur Scribd !

  • Keamanan - Internet Security

    Transféré par

    IeMa Halim
    18 vues21 pages
    jarkom

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Formats disponibles

    PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    jarkom

    Droits d'auteur :

    Attribution Non-Commercial (BY-NC)
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    18 vues21 pages

    Keamanan - Internet Security

    Transféré par

    IeMa Halim
    jarkom

    Droits d'auteur :

    Attribution Non-Commercial (BY-NC)
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 21

    10/25/2010

    1
    cr aw- i l l he cr aw- i l l ompani es, nc. ,
    Chapter 29
    I nternet
    Security
    cr aw- i l l he cr aw- i l l ompani es, nc. ,
    CONTENTS
    INTRODUCTION
    PRIVACY
    DIGITAL SIGNATURE
    SECURITY IN THE INTERNET
    APPLICATION LAYER SECURITY
    TRANSPORT LAYER SECURITY: TLS
    SECURITY AT THE IP LAYER: IPSEC
    FIREWALLS
    10/25/2010
    2
    cr aw- i l l he cr aw- i l l ompani es, nc. ,
    INTRODUCTION
    29.1
    cr aw- i l l he cr aw- i l l ompani es, nc. ,
    Figure 29-1
    Aspects of security
    10/25/2010
    3
    cr aw- i l l he cr aw- i l l ompani es, nc. ,
    PRIVACY
    29.2
    cr aw- i l l he cr aw- i l l ompani es, nc. ,
    Figure 29-2
    Secret-key encryption
    10/25/2010
    4
    cr aw- i l l he cr aw- i l l ompani es, nc. ,
    In secret-key encryption,
    the same key is used by the sender
    (for encryption)
    and the receiver
    (for decryption).
    The key is shared.
    cr aw- i l l he cr aw- i l l ompani es, nc. ,
    Secret-key encryption is often called
    symmetric encryption because
    the same key can
    be used in both directions.
    10/25/2010
    5
    cr aw- i l l he cr aw- i l l ompani es, nc. ,
    Secret-key encryption is
    often used for long messages.
    cr aw- i l l he cr aw- i l l ompani es, nc. ,
    We discuss one secret-key
    algorithm in Appendix E.
    10/25/2010
    6
    cr aw- i l l he cr aw- i l l ompani es, nc. ,
    KDC
    can solve the problem
    of secret-key distribution.
    cr aw- i l l he cr aw- i l l ompani es, nc. ,
    Figure 29-3
    Public-key encryption
    10/25/2010
    7
    cr aw- i l l he cr aw- i l l ompani es, nc. ,
    Public-key algorithms are more
    efficient for short messages.
    cr aw- i l l he cr aw- i l l ompani es, nc. ,
    A
    CA
    can certify the binding between
    a public key and the owner.
    10/25/2010
    8
    cr aw- i l l he cr aw- i l l ompani es, nc. ,
    Figure 29-4
    Combination
    cr aw- i l l he cr aw- i l l ompani es, nc. ,
    To have the advantages of both
    secret-key and public-key
    encryption, we can encrypt the secret key
    using the public key and encrypt
    the message using the secret key.
    10/25/2010
    9
    cr aw- i l l he cr aw- i l l ompani es, nc. ,
    DIGITAL SIGNATURE
    29.3
    cr aw- i l l he cr aw- i l l ompani es, nc. ,
    Figure 29-5
    Signing the whole document
    10/25/2010
    10
    cr aw- i l l he cr aw- i l l ompani es, nc. ,
    Digital signature cannot be
    achieved using only secret keys.
    cr aw- i l l he cr aw- i l l ompani es, nc. ,
    Digital signature does not
    provide privacy.
    If there is a need for privacy,
    another layer of
    encryption/decryption
    must be applied.
    10/25/2010
    11
    cr aw- i l l he cr aw- i l l ompani es, nc. ,
    Figure 29-6
    Signing the digest
    cr aw- i l l he cr aw- i l l ompani es, nc. ,
    Figure 29-7
    Sender site
    10/25/2010
    12
    cr aw- i l l he cr aw- i l l ompani es, nc. ,
    Figure 29-8
    Receiver site
    cr aw- i l l he cr aw- i l l ompani es, nc. ,
    SECURITY IN THE
    INTERNET
    29.4
    10/25/2010
    13
    cr aw- i l l he cr aw- i l l ompani es, nc. ,
    APPLICTION LAYER
    SECURITY
    29.5
    cr aw- i l l he cr aw- i l l ompani es, nc. ,
    Figure 29-9
    PGP at the sender site
    10/25/2010
    14
    cr aw- i l l he cr aw- i l l ompani es, nc. ,
    Figure 29-10
    PGP at the receiver site
    cr aw- i l l he cr aw- i l l ompani es, nc. ,
    TRANSPORT LAYER
    SECURITY
    (TLS)
    29.6
    10/25/2010
    15
    cr aw- i l l he cr aw- i l l ompani es, nc. ,
    Figure 29-11
    Position of TLS
    cr aw- i l l he cr aw- i l l ompani es, nc. ,
    Figure 29-12
    Handshake protocol
    10/25/2010
    16
    cr aw- i l l he cr aw- i l l ompani es, nc. ,
    SECURITY AT THE
    IP LAYER
    (IPSec)
    29.7
    cr aw- i l l he cr aw- i l l ompani es, nc. ,
    Figure 29-13
    Authentication
    10/25/2010
    17
    cr aw- i l l he cr aw- i l l ompani es, nc. ,
    Figure 29-14
    Header format
    cr aw- i l l he cr aw- i l l ompani es, nc. ,
    Figure 29-15
    ESP
    10/25/2010
    18
    cr aw- i l l he cr aw- i l l ompani es, nc. ,
    Figure 29-16
    ESP format
    cr aw- i l l he cr aw- i l l ompani es, nc. ,
    FIREWALLS
    29.8
    10/25/2010
    19
    cr aw- i l l he cr aw- i l l ompani es, nc. ,
    Figure 29-17
    Firewall
    cr aw- i l l he cr aw- i l l ompani es, nc. ,
    Figure 29-18
    Packet-filter firewall
    10/25/2010
    20
    cr aw- i l l he cr aw- i l l ompani es, nc. ,
    A packet-filter firewall filters
    at the network or transport layer.
    cr aw- i l l he cr aw- i l l ompani es, nc. ,
    Figure 29-19
    Proxy firewall
    10/25/2010
    21
    cr aw- i l l he cr aw- i l l ompani es, nc. ,
    A proxy firewall
    filters at the application layer.

    Vous aimerez peut-être aussi