Network security includes securing data against assaults while it is in transit on a network. To obtain this goal, many real-time security protocols were designed. There are popular standards for real-time network security protocols including S/MIME, SSL/TLS, SSH, and IPsec. As mentioned earlier, those protocols work at special layers of networking model.
In the last chapter, we mentioned a few popular protocols which are designed to provide application layer protection. in this chapter, we will discuss the method of achieving network security at transport Layer and related security protocols.
For TCP/IP protocol based network, physical and data link layers are commonly implemented within the user terminal and network card hardware. TCP and IP layers are carried out within the operating system. anything above TCP/IP is implemented as user method.
Let’s discuss a regular internet-based business transaction.
Bob visits Alice’s website for selling goods. In a form on the website, Bob enters the kind of top and amount preferred, his address and payment card information. Bob clicks on submit and waits for delivery of products with debit of price quantity from his account. All this sounds good, however in absence of network security, Bob will be in for a few surprises.
Transport layer security schemes can address those issues by way of enhancing TCP/IP based network conversation with confidentiality, information integrity, server authentication, and client authentication.
The security at this residue is normally used to comfortable HTTP based web transactions on a network. however, it is able to be employed through any software running over TCP.
Transport Layer security (TLS) protocols operate above the TCP layer. layout of these protocols use popular application program Interfaces (API) to TCP, called “sockets" for interfacing with TCP layer.
Applications are now interfaced to move security Layer instead of TCP immediately. transport safety Layer presents a simple API with sockets, which is similar and analogous to TCP's API.
In the above diagram, even though TLS technically is living between application and transport layer, from the common attitude it is a transport protocol that acts as TCP layer improved with security services.
TLS is designed to operate over TCP, the reliable layer four protocol (not on UDP protocol), to make layout of TLS much simpler, because it doesn't have to worry about ‘timing out’ and ‘retransmitting lost information’. The TCP layer keeps doing that as usual which serves the want of TLS.
The purpose for popularity of using a security at transport Layer is simplicity. layout and deployment of security at this layer does not require any alternate in TCP/IP protocols which are carried out in an operating system. only user techniques and applications needs to be designed/changed that is less complex.
In this section, we discuss the family of protocols designed for TLS. The family consists of SSL versions 2 and 3 and TLS protocol. SSLv2 has been now changed through SSLv3, so we will recognition on SSL v3 and TLS.
In year 1995, Netscape advanced SSLv2 and used in Netscape Navigator 1.1. The SSL version1 become never published and used. Later, Microsoft advanced upon SSLv2 and brought another similar protocol named private Communications technology (PCT).
Netscape substantially improved SSLv2 on various security problems and deployed SSLv3 in 1999. The internet Engineering task force (IETF) in the end, introduced a similar TLS (delivery Layer security) protocol as an open standard. TLS protocol is non-interoperable with SSLv3.
TLS changed the cryptographic algorithms for key expansion and authentication. additionally, TLS suggested use of open crypto Diffie-Hellman (DH) and digital Signature standard (DSS) in place of patented RSA crypto used in SSL. however due to expiry of RSA patent in 2000, there existed no strong reasons for users to shift away from the widely deployed SSLv3 to TLS.
The salient features of SSL protocol are as follows −
SSL is precise to TCP and it does not work with UDP. SSL presents application Programming Interface (API) to applications. C and Java SSL libraries/classes are simply available.
SSL protocol is designed to interwork between application and transport layer as proven within the following image –
SSL itself is not a single layer protocol as depicted inside the image; in fact it is composed of sub-layers.
The four sub-components of the SSL protocol deal with numerous tasks for comfortable communication among the client device and the server.
As mentioned above, there are four phases of SSL session establishment. these are specially handled through SSL Handshake protocol.
Phase 1 − Establishing security capabilities.
Phase 2 − Server authentication and key exchange.
Phase 3 − client authentication and key exchange.
Phase 4 − finish.
All four phases, mentioned above, show up inside the establishment of TCP session. SSL session establishment begins after TCP SYN/ SYNACK and finishes before TCP Fin.
We have visible that in section three of SSL session establishment, a pre-master secret is sent through the client to the server encrypted using server’s public key. The master secret and various consultation keys are generated as follows −
In order to provide an open internet wellknown of SSL, IETF released The transport Layer security (TLS) protocol in January 1999. TLS is described as a proposed net standard in RFC 5246.
There are major eight differences between TLS and SSLv3 protocols. these are as follows −
The above differences between TLS and SSLv3 protocols are summarized in the following table.
In this phase, we will speak the use of SSL/TLS protocol for performing secure web browsing.
Hyper text transfer Protocol (HTTP) protocol is used for web browsing. The feature of HTTPS is just like HTTP. The only difference is that HTTPS offers “secure” internet browsing. HTTPS stands for HTTP over SSL. This protocol is used to offer the encrypted and authenticated connection between the client web browser and the website server.
The secure browsing through HTTPS ensures that the following content are encrypted −
HTTPS application protocol commonly uses one of two famous transport layer security protocols - SSL or TLS. The process of secure browsing is defined in the following points.
Present day web browsers and web servers are ready with HTTPS assist. the use of HTTPS over HTTP, however, requires more computing power at the client and the server give up to carry out encryption and SSL handshake.
The salient features of SSH are as follows −
SSH is prepared as three sub-protocols.
SSH presents three important services that allow provision of many secure solutions. those services are briefly described as follows −
The benefits and limitations of using communication security at transport layer are as follows −
A large number of web applications have emerged at the internet within the past decade. Many e-Governance and e-trade portal have come online. those programs require that consultation among the server and the client is secure supplying confidentiality, authentication and integrity of sessions.
One manner of mitigating a ability assault all through a user’s session is to use a secure conversation protocol. of such communication protocols, secure Sockets Layer (SSL) and transport Layer security (TLS), are mentioned in this chapter. both of those protocol feature at transport layer.
Another transport layer protocol, secure Shell (SSH), designed to update the TELNET, presents comfortable method of remote logon facility. it is capable of presenting various services inclusive of secure Command Shell and SFTP.
Employment of transport layer security has many advantages. however, the security protocol designed at these layer may be used with TCP only. They do not provide security for communication implemented using UDP.
Network Security Related Interview Questions
|Networking Interview Questions||Verilog Interview Questions|
|Switching Interview Questions||Firewall Support Interview Questions|
|System Verilog Interview Questions||Penetration Testing Interview Questions|
|Cryptography Interview Questions||Firewall (computing) Interview Questions|
|Check Point Certified Security Administrator (CCSA) Interview Questions||CheckPoint Firewall Interview Questions|
|Digital Communication Interview Questions||Siemens PLC Interview Questions|
|ASIC Interview Questions||Information Security Analyst Interview Questions|
Network Security Related Practice Tests
|Networking Practice Tests||Verilog Practice Tests|
|Switching Practice Tests||Firewall Support Practice Tests|
|System Verilog Practice Tests||Cryptography Practice Tests|
|Firewall (computing) Practice Tests||Check Point Certified Security Administrator (CCSA) Practice Tests|
Network Security Tutorial
All rights reserved © 2020 Wisdom IT Services India Pvt. Ltd
Wisdomjobs.com is one of the best job search sites in India.