Secure Networking Protocols Portal

In this portal, we will look at the protocols that are currently most in use to allow us to communicate securely over the Internet. As is quite well-known, the Internet is not a secure network. The data that is transmitted can be easily compromised. In several of the tutorials on this website, we've used the packet capture program Wireshark. Being able to use a packet capture program on a broadcast medium might be the extreme case of insecurity. Not all transmission media are that simple to eavesdrop on as a traditional bus-topology Ethernet. But it takes just one weak point (or subnet) in the path from point A to point B to render your communication insecure.

Eavesdropping, or lack of privacy, is just one aspect of communications that we must overcome if we want secure communications. Another important aspect of secure communications is insuring that when a message is received, the recipient - whether a person or a server that is asked to provide services - is certain who sent it - that's authentication. We also want to protect against message replay. If a message is sent to withdraw money from a bank account and transfer it to another account, say using a bank's website, we wouldn't want someone to be able to capture the message and then "replay" it. We also wouldn't want the message to be modified - say if the transfer was for $1000, to have an extra zero added, making the transfer for $10,000. Replay and modification are threats to data integrity. Lastly, we want to be sure that if the message was sent, the person who sent it can't deny that it was sent. That feature is called non-repudiation. Non-repudiation is a mechanism that can prove that the sender really sent the message.

The first portion of this portal will present an overview of the security protocols that provide the features of privacy, authentication, data integrity, and non-repudiation. These protocols include encryption protocols and authentication protocols. These security protocols are not of much used by themselves. They are employed by network applications. In the second portion of this portal, we will look at standard Internet application protocols that make use of the security protocols to provide a secure application environment over the network for users. Lastly, the final chapter will discuss where IPsec and IPv6 security (which are basically the same) fit into the picture.

I've heard it said that "there are no secure networks, only secure systems". Well, actually, to have secure networks, you must have secure systems, but it is not sufficient. Clearly, if the computer systems are not secure - whether they can be broken into by "hackers" or they can be penetrated by malicious code, then privacy and authentication protocols are worthless. However, the focus of this portal is secure communications and secure Internet applications. Securing operating systems and securing proprietary applications (whether networked or not) is not within the scope of this tutorial. Likewise, protecting against viruses and malicious code is also not within the scope - these topics really fall more into the category of secure systems, even if the network is used to penetrate the insecure systems. Nevertheless, proper authentication and data integrity can certainly reduce the introduction of malicious code. If you know you can trust a server that you access and that the data was not modified, you are less likely to end up downloading infected software. If you know you can trust the source of an email message and that its integrity is guaranteed, then you are less likely to receive a virus. The most secure systems can be compromised if you trust someone that you shouldn't. So, to have secure networked systems, it is necessary, though not sufficient, to have secure networks and secure network applications.

Thank you for visiting RAD University. We hope that this portal will be helpful and fun, and we welcome your comments.

Debby Koren, "Dean" RAD University


www.rad.com