Internet Security Applications

Previous page
Table of content
Next page

As with e-mail applications, several protocols, standards, and applications have been developed to provide security for Internet communications and transactions.

image from book
Secure Electronic Transaction (SET)

The Secure Electronic Transaction(SET) specification was developed by MasterCard and Visa to provide secure e-commerce transactions by implementing authentication mechanisms while protecting the confidentiality and integrity of cardholder data. SET defines the following features:

  • Confidentiality (using DES)

  • Integrity (using digital signatures and RSA asymmetric system)

  • Cardholder authentication (using digital signatures and X.509 digital certificates)

  • Merchant authentication (using digital signatures and X.509 digital certificates)

  • Interoperability (between different hardware and software manufacturers)

SET utilizes dual signatures by allowing two pieces of data to be linked and sent to two different entities. SET never won favor in the marketplace and has fallen into disuse.

image from book

Secure Sockets Layer (SSL)/Transport Layer Security (TLS)

The Secure Sockets Layer (SSL) protocol, developed by Netscape in 1994, provides session-based encryption and authentication for secure communication between clients and servers on the Internet. SSL operates at the Transport Layer, is independent of the application protocol, and provides server authentication with optional client authentication. SSL uses the RSA asymmetric key system; IDEA, DES, and 3DES symmetric key systems; and the MD5 hash function. The current version is SSL 3.0. SSL 3.0 was standardized by the IETF in TLS 1.0 and released in 1999 with only minor modifications to the original SSL 3.0 specification.

 Tip   SSL is most visible when used in conjunction with Web servers when they serve encrypted pages using the https protocol. SSL is also gaining favor as a protocol for Virtual Private Networks (VPNs) used for remote access.

 Instant Answer   Although it is not as popular as it once was, you should know that the Secure Electronic Transaction (SET) specification is an Internet security application developed jointly by MasterCard and Visa for secure e-commerce.

Secure Hypertext Transfer Protocol (S-HTTP)

Secure Hypertext Transfer Protocol (S-HTTP) is an Internet protocol that provides a method for secure communications with a Web server. S-HTTP is a connectionless-oriented protocol that encapsulates data after security properties for the session have been successfully negotiated. It uses symmetric encryption (for confidentiality), message digests (for integrity), and public key encryption (for client-server authentication and non-repudiation). Instead of encrypting an entire session as in SSL, S-HTTP can be applied to individual Web documents.

 Remember   S-HTTP is not widely used, and should not be confused with https. See the earlier section on SSL/TLS.

IPSec

Internet Protocol Security (IPSec) is an IETF open standard for secure communications over public IP-based networks, such as the Internet. IPSec ensures confidentiality, integrity, and authenticity by using OSI model Layer 3 (Network) encryption and authentication to provide an end-to-end solution. IPSec operates in two modes:

  • Transport Mode: Only the data is encrypted.

  • Tunnel Mode: The entire packet is encrypted.

 Instant Answer   The two modes of IPSec are Transport Mode and Tunnel Mode.

The two main protocols used in IPSec are

  • Authentication Header (AH): Provides integrity, authentication, and non-repudiation

  • Encapsulating Security Payload (ESP): Provides confidentiality (encryption) and limited authentication

Each pair of hosts communicating in an IPSec session must establish a security association (SA).

An SA is a one-way connection between two communicating parties, meaning that two SAs are required for each pair of communicating hosts. Additionally, each SA only supports a single protocol (AH or ESP). Thus, if both AH and ESP are used between two communicating hosts, a total of four SAs is required. An SA has three parameters that uniquely identify it in an IPSec session:

  • Security Parameter Index (SPI): The SPI is a 32-bit string used by the receiving station to differentiate between SAs terminating on that station. The SPI is located within the AH or ESP header.

  • Destination IP Address: The destination address could be the end station or an intermediate gateway or firewall but must be a unicast address.

  • Security Protocol ID: This is either an AH or ESP association.

 Instant Answer   In IPSec, a Security Association (SA) is a one-way connection. A minimum of two SAs is required for two-way communications.

Key management is provided in IPSec by using the Internet Key Exchange (IKE). IKE is actually a combination of three complementary protocols: The Internet Security Association and Key Management Protocol (ISAKMP), the Secure Key Exchange Mechanism (SKEME), and the Oakley Key Exchange Protocol. IKE operates in three modes: Main Mode, Aggressive Mode, and Quick Mode.

Multi-Protocol Label Switching (MPLS)

Multi-Protocol Label Switching (MPLS) is an extremely fast method for forwarding packets through a network by using labels inserted between Layer 2 and Layer 3 headers in the packet. It is protocol independent and highly scalable, providing Quality of Service (QoS) with multiple Classes of Service (CoS) and secure Layer 3 Virtual Private Network (VPN) tunneling.

Secure Shell (SSH-2)

Secure Shell (SSH-2, or version 2) is used for secure remote access as one alternative to Telnet. It can be used to provide confidentiality, integrity, and authentication. SSH-2 establishes an encrypted tunnel between the SSH client and SSH server and can also authenticate the client to the server. SSH version 1 is also widely used but has inherent vulnerabilities that are easily exploited.

 Instant Answer   SSH-2 (or simply SSH) is an Internet security application that provides secure remote access.

Wireless Transport Layer Security (WTLS)

The Wireless Transport Layer Security (WTLS) protocol provides security services for the Wireless Application Protocol (WAP) commonly used for Internet connectivity by mobile devices. WTLS provides three classes of security as follows:

  • Class 1: Anonymous Authentication

  • Class 2: Server Authentication Only

  • Class 3: Client-Server Authentication

Additional (but somewhat limited) security is provided in WAP through the use of Service Set Identifiers (SSID) and Wired Equivalent Privacy (WEP) Keys. A significant improvement in wireless security incorporates the Extensible Authentication Protocol (EAP), which uses a Remote Authentication Dial-In User Service (RADIUS) server for authentication.



Previous page
Table of content
Next page
CISSP For Dummies
CISSP For Dummies
ISBN: 0470537914
EAN: 2147483647
Year: 2004
Pages: 242
Authors: Lawrence C. Miller, Peter H. Gregory CISA CISSP
BUY ON AMAZON
Interprocess Communications in Linux: The Nooks and Crannies
Identifying and Managing Project Risk: Essential Tools for Failure-Proofing Your Project
Snort Cookbook
Visual C# 2005 How to Program (2nd Edition)
Competency-Based Human Resource Management
Microsoft Visual Basic .NET Programmers Cookbook (Pro-Developer)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy