Identifiers for all the approved encryption and authentication algorithms
About size and lifetime of keys
Key Management
Manual
ipseckey
Automatic
Internet Key Exchange (IKE) protocol
Security Association
Relationship between two entities that are communicating
Describes how security services should be utilized for secure communication
Security Parameter Index
Uniquely identify a security association
Security Protocol Identifier
Identify the protocol used
Sequence number counter
0 to 232-1
Initially 0 then incremented
AH information
Information about algorithm
Key size, lifetime
Architecture
Next Header
Type of header immediately following this header
Payload length
Defines the length of the authentication header in 4-byte multiples
Reserved
For future use
SPI
Which security association this belongs to
Authentication data (Variable)
Contains Integrity Check Value (ICV) that tells if any undesired modification has been performed
Modes of Operation
Transport Mode
Tunnel Mode
ESP information
Information about algorithm
Keys used for encryption, size, lifetime
With & Without Authentication
Payload data
Normal data in encrypted form
Padding (0 to 255 Bytes)
Extra bytes required to make block for encryption algorithm
Pad Length
Bytes used for padding
Next header
Type of data present in payload
Authentication data (optional)
Modes of Operation
Transport Mode
ESP authentication is never encrypted
Tunnel Mode
Life time of SA
Generate > Initiate > Terminate
Ipsec Protocol mode
Transport mode
Payload is encrypted but not IP header
End to end communication
Tunnel mode
Payload and IP header is encrypted
Gateway to Gateway communication
Secure Socket Layer (SSL)
Acts in between Application and Transport Layer
Working
Data given to SSL, encrypts it and add its header (SSL header) and sends this packet to receiver
For decrypting it first removes SSL header then applies decryption algorithm to gives it to application layer
SSL Protocol Stack
SSL Handshake Protocol
Establish connection and Authenticate entities
Phase 1
SSL Version
Session ID
Cipher Suite
Compression Me
Phase 4
Change cipher specification sends information about current status
SSL change cipher spec protocol
Consist of one message of 1 byte of value 1
Gets pending state to current state
SSL Alert protocol
Warning, Filter, Error messages
Alert Message => Description
Close_notify => No more message sender
Unexpected_message => Incorrect message received
bad_record_mac => Wrong mac received
bad_certificate => Received a corrupted certificate
Certificate expired
SSL Record Protocol
Provides confidentiality using encryption and integrity using MAC (Message Authentication Code)
Data divided into equal size fragments > Plain text size should be less than 214
Compress plain text using lossless methods > Compute MAC and append it
Encrypt this and add Record Header in the front
Notions of Security Protocol
Identity and Access Management (IdAM)
Basic
IAM is also called identity management (IdM)
A way to tell who user is and what they are allowed to do
Managing a given set of users' digital identities, and the privileges associated with each identity
To verify identity, a computer system will assess a user for characteristics that are specific to them, These characteristics are known as "authentication factors"
The three most widely used authentication factors are
Something the user knows
Some knowledge of user
Something the user has
This factor refers to possession of a physical token that is issued to authorized users
Something the user is
This refers to a physical property of one's body
Access management
"Access" refers to what data a user can see and what actions they can perform once they log in
Firewall
Basic
Hardware or software device that protects a computer network from unauthorized access
Firewalls filters the information coming through the Internet connection into a user private network
Most home network routers have built in firewall
A firewall works with the proxy server making request on behalf of workstation users
To control traffic in and out of the network firewalls one or more of the three methods are used including
Packet filtering
Proxy service
Stateful inspection
Ethical Hacking
Basic
Ethical Hacking is an authorized practice of bypassing system security to identify potential data breaches and threats in a network
Ethical hackersĀ aim to investigate the system or network for weak points that malicious hackers can exploit or destroy
They check for key vulnerabilities include but are not limited to
Injection attacks
Changes in security settings
Exposure of sensitive data
Breach in authentication protocols
Components used in the system or network that may be used as access points
Type of Hackers
White Hat hackers
Black Hat hackers
Ethical Hacker Roles and Responsibilities
An ethical hacker must seek authorization from the organization that owns the system. Hackers should obtain complete approval before performing any security assessment on the system or network
Report any security breaches and vulnerabilities found in the system or network
Keep their discoveries confidential. As their purpose is to secure the system or network, ethical hackers should agree to and respect their non-disclosure agreement
