The fundamental reason why security protocols are implemented in networks is simple – to protect data as it traverses the network. The mechanism associated with protecting data on its travels is called cryptography. This particular mechanism employs algorithms which encrypt data so that hackers are prevented from easily intercepting the data. Cryptography operates in tandem with a group of protocols which help to control the passing of data between network devices. Therefore, security protocols are a vital component in networks in order to increase data security and without them security would be compromised (Linn, 2014).
The main section of the report will give an overview of both protocols in question, followed by a look at the similarities and differences between the protocols including any advantages and disadvantages. The report shall then analyse associated infrastructure requirements and scenarios where both protocols could be implemented.
Main Section
A Brief Overview of TLS and SSH:
TLS (short for Transport Layer Security) was first released in January 1999 and its main focus was to ensure secure data communication. TLS provides the means for a variety of client and server applications to converse efficiently and to rule out the possibility of any data being captured and in worst cases tampered with.
The TLS protocol is composed of two major levels and these are termed the Handshake Protocol and the Record Protocol. The Handshake protocol means that
the client and server are able to correspond with one another though only if authentication has been established. Both the client and server can then come to a decision on a particular encryption method before any data can be transmitt...
... middle of paper ...
...014].
McKinley, H. L., 2003. SSL and TLS: A Beginners Guide. SANS Institute InfoSec Reading Room, p. 8.
Paw, S., 2012. Decoded Node. [Online]
Available at: http://sapphirepaw.blogspot.co.uk/2012/02/tls-nee-ssl-and-ssh-compact-comparison.html
[Accessed 24 March 2014].
Tang, A., 2013. Pros and Cons of SSH Disclosed. [Online]
Available at: http://besthostingsearch.net/tutorial/ssh-pros-cons/
[Accessed 26 March 2014].
Technet, 2003a. What is TLS/SSL. [Online]
Available at: http://technet.microsoft.com/en-us/library/cc784450(v=ws.10).aspx
[Accessed 26 March 2014].
Technet, 2003b. SSL/TLS Scenarios. [Online]
Available at: http://technet.microsoft.com/en-us/library/cc779109(v=ws.10).aspx
[Accessed 27 March 2014].
Wikipedia, 2014. The Free Encyclopedia. [Online]
Available at: http://en.wikipedia.org/wiki/X.509
[Accessed 28 March 2014].
In this process of end to end encryption, the unauthorized users such as service provider or any intermediate person can’t decrypt or read the communication between the sender and receiver. In the present day, Service Providers have access to our communication but when we deploy the end to end encryption then the service provider can intercept the communication but can’t read the content of our communication and the common example is WhatsApp messaging service. We can also secure our emails by using PGP encryption technology.
In the rapidly developing field of computer science, there is no more controversial issue than encryption. Encryption has become a highly contested issue with the broad use of global networks including the Internet. As more and more sensitive documents are being placed on computer networks, and trusted information is being sent from computer to computer throughout the world, the need for encryption has never been greater. However, the effects of encryption on our lifestyle and the government's role in encryption has been (and will continue to be) debated for years to come.
Gibson, Darril. Understanding The Security Triad (Confidentiality, Integrity, and Availability). Pearson IT Certification. 2011. http://www.pearsonitcertification.com/articles/article.aspx?p=1708668
Whitman, M. E., & Mattord, H. J. (2011). Principles of information security. Boston, Mass: Thomson Course Technology.
capacity and performance. However, as networks enable more and more applications and are available to more and more users, they become ever more vulnerable to a wider range of security threats. To combat those threats and ensure that e-business transactions are not compromised, security technology must play a major role in today's networks.
Authentication—Mechanism by which sender and receiver identity of a communication exchange is established reliably. This is done using SSL V.3 and digital certificates.
Tracy, M., Jansen, W., Scarfone, K., & Winograd, T. (2007, 09 30). Guidelines on Securing Public Web Servers. Retrieved from http://csrc.nist.gov/publications/nistpubs/800-44-ver2/SP800-44v2.pdf
Nake, N. (2013). An Overview of Network Architecture and security framework of Asynchronous Transfer Mode, Retrieved from http://www.ijsrp.org/research-paper-0413/ijsrp-p16118.pdf
Peer-to-peer is a communications model in which each party has the same capabilities and either party can initiate a communication session. Other models with which it might be contrasted include the client/server model and the master/slave model. In some cases, peer-to-peer communications is implemented by giving each communication node both server and client capabilities. In recent usage, peer-to-peer has come to describe applications in which users can use the Internet to exchange files with each other directly or through a mediating server.
Cryptography was first used long before the invention of computers. One well-known system was attributed to the reign of Julius Caesar (Klein ix). Another example is the famous Zimmerman telegraph, which was sent from Germany to Mexico during World War I (ix). In a more modern setting, cryptology was mainly used by the government until the late 1970s (Simpson 1). This is largely due to the fact that computers were too expensive, so not many households or businesses had them (1). However, after the computer revolution, cryptology became more public, especially in the business industry where there was a greater need to secure things like transactions (1).
Explain how the two important transport protocols deliver messages on behalf of the application and discuss the differences between them
In this writing, the author plans to help one understand, in simple terms (where possible), what exactly these technologies are and where they may belong. He provides an overview of each, explains the differences between them, and outlines the advantages and disadvantages of using them. His goal is to provide you, the reader, with the ability to understand at a high-level what these technologies are, and how they can be used.
For thousands of years cryptography and encryption have been used to secure communication. Military communication has been the leader of the use of cryptography and the advancements. From the start of the internet there has been a greater need for the use of cryptography. The computer had been invented in the late 1960s but there was not a widespread market for the use of computers really until the late 1980s, where the World Wide Web was invented in 1989. This new method of communication has called for a large need for information security. The internet allows people to communicate sensitive information, and if received into the wrong hands can cause many problems for that person.
TCP/IP operates at both levels 3 and 4 of the OSI model. The TCP portion of TCP/IP operates at level 3 (Network) as its primary function is to control the flow of data. IP operates at level 4 (Transport) of the OSI model. IP is the protocol responsible for the actual transmission of packet across the network.
In this era when the Internet provides essential communication between tens of millions of people and is being increasingly used as a tool for security becomes a tremendously important issue to deal with, So it is important to deal with it. There are many aspects to security and many applications, ranging from secure commerce and payments to private communications and protecting passwords. One essential aspect for secure communications is that of cryptography. But it is important to note that while cryptography is necessary for secure communications, it is not by itself sufficient. Cryptography is the science of writing in secret code and is an ancient art; In the old age people use to send encoded message which can be understand by the receiver only who know the symbolic and relative meaning of that encoded message .The first documented use of cryptography in writing dates back to circa 1900 B.C. Egyptian scribe used non-standard hieroglyphs in an inscription. After writing was invented cryptography appeared spontaneously with applications ranging from diplomatic missives to war-time battle plans. It is no surprise, then, that new forms of cryptography came soon after the widespread development of computer communications. In telecommunications and data cryptography is necessary when communicating in any untrusted medium, which includes any network, particularly the Internet [1].Within the context of any application-to-application communication, there are some security requirements, including: