Security Training: #1 What Actually a Security Is?

Editor's Notes

• #3: Kick-off:ProtectionControlDesignEnvironment
• #5: Many people see privacy and security as different views of the same issue. However, privacy can be seen as a way of complying with policy and security as a way of enforcing policy. Restrooms are a good analogy of this concept. The sign on a restroom door indicates the policy for who should enter the restroom, but no security prevents anyone who might want to enter. Adding a lock to the door would provide security to help enforce the privacy policy. The same situation with DND signs.
• #6: Security can affect privacy.
• #9: Wax SealsCaesar Cipher: symbols’ shiftEnigma machineThe COPACOBANA machine, built by the Universities of Bochum and Kiel, Germany, contains 120 low-cost FPGAs and can perform an exhaustive key search on DES in 6.4 days on average. The photo shows the backplane of the machine with the FPGAs (Field-Programmable Gate Array, a type of logic chip that can be programmed.).DES – Data Encryption Standard – symmetric key, 56 bit, 1976. triple DES (Three Keys).AES – Advanced Encryption Standard (Rijndael)
• #15: Confidentiality is the property of preventing disclosure of information to unauthorized individuals or systems. For example, a credit card transaction on the Internet requires the credit card number to be transmitted from the buyer to the merchant and from the merchant to a transaction processing network. The system attempts to enforce confidentiality by encrypting the card number during transmission, by limiting the places where it might appear (in databases, log files, backups, printed receipts, and so on), and by restricting access to the places where it is stored. If an unauthorized party obtains the card number in any way, a breach of confidentiality has occurred. Confidentiality is necessary (but not sufficient) for maintaining the privacy of the people whose personal information a system holds. In information security, integrity means that data cannot be modified without authorization. (This is not the same thing as referential integrity in databases.) Integrity is violated when an employee (accidentally or with malicious intent) deletes important data files, when a computer virus infects a computer, when an employee is able to modify his own salary in a payroll database, when an unauthorized user vandalizes a web site, when someone is able to cast a very large number of votes in an online poll, and so on. For any information system to serve its purpose, the information must be available when it is needed. This means that the computing systems used to store and process the information, the security controls used to protect it, and the communication channels used to access it must be functioning correctly. High availability systems aim to remain available at all times, preventing service disruptions due to power outages, hardware failures, and system upgrades. Ensuring availability also involves preventing DoS attacks (denial-of-service attacks).
• #16: The Parkerian Hexad is a set of six elements of information security proposed by Donn B. Parker. The term was coined by M. E. Kabay. The Parkerian hexad adds three additional attributes to the three classic security attributes of the CIA triad (confidentiality, integrity, availability).The Parkerian Hexad attributes are the following:ConfidentialityPossession or ControlIntegrityAuthenticityAvailabilityUtilityThese attributes of information are atomic in that they are not broken down into further constituents; they are non-overlapping in that they refer to unique aspects of information. Any information security breach can be described as affecting one or more of these fundamental attributes of information.
• #17: Confidentiality examples:The early unauthorized release (leak) of information related to our latest marketing strategies – thereby allowing our competitors to prepare counter strategies.
• #18: Possession (Control) examples:The loss of laptop computers or PDA’s containing customer or employee data (e.g. SSNs, credit card numbers, personal health information, etc.).Impossibility to control important data flow.
• #19: Integrity example:An employee modifying the body text of an email so as to create a false record of events (i.e. to show that Vasia Pupkin said something that she did not really say).
• #20: Authenticity examples:Reproduction of employee ID badges, calling into a help-desk and posing as another individual.
• #21: Availability examples:Denial-of-Service (DOS) attack to compromise the availability of systems/data.
• #22: Utility examples:For example if a database, table, or other information is somehow altered in such a way as to remain accurate but unusable for its intended purpose, it has lost utility. Examples involve the use of encryption to “kidnap” data for ransom. This is accomplished via encrypting the data without the owner’s consent. In this, and similar cases, the victim maintains ownership of the data; and the data, technically, has integrity.
• #33: Economy of mechanism Keep the code and design simple and small. The more complex the software, the greater the likelihood of bugs in the code. When the code is small, less can go wrong.Fail-safe defaults The default action for any request should be to deny the action. Thus, if the user request fails, the system remains secure.Complete mediation Every access to every protected object should be validated. Follow the best practice of performing the check as close to the protected object as possible. For example, if your Web-based application protects a file, operating system file system access control lists (ACLs) are a more robust protection mechanism than an access check within your Web-based code.Defense-In-Depth. Don’t rely on any one for security. Prevent, Detect, Contain, and Recover.Should have mechanisms for preventing attacks, detecting breaches, containing (ограничивать, сдерживать; подавлять; обуздывать) attacks in progress, and recovering from them. Detection particularly important for network security since it may not be clear when an attack is occurring.Secure the weakest link. "Information System is only as strong as its weakest link.“ Common Weak Links:Unsecured Dial-In Hosts: War DialersWeak Passwords: easy to crackPeople: Social Engineering AttacksBuffer Overflows from garbage inputOpen design Open design, as opposed to "security through obscurity," suggests that designs should not be secret. The most well-known embodiment of this principle is Kerchoff's Law, which applied to cryptographic designs states, "The system should not depend on secrecy, and it should be able to fall into enemy hands without disadvantage" (Wikipedia 2006).Separation of privilege Do not permit an operation based on one condition. Examples include two-factor authentication, and, at a higher level, separation of duties.Least privilege Operate with the lowest level of privilege necessary to perform the required tasks. This subject is covered in more detail later in this chapter.Least common mechanism Minimize shared resources such as files and variables. You can more easily control individual processes manipulating private files than two processes manipulating the same file. Furthermore, code that uses only local variables is more robust and maintainable than code that uses global variables.Psychological acceptability Is your secured product easy to use? If not, it won't be used. You should always ask yourself, "Can I implement this system in a way that makes the product easier to use?" Never forget about your users. Psychological acceptability requires a great deal of skill and user interface design expertise.
• #34: Attack Surface Reduction. The core tenet of ASR is that all code has a nonzero likelihood of containing one or more vulnerabilities. Some vulnerabilities result in customer compromises. Therefore, the only way to avoid customer compromises is to reduce code usage to zero. ASR compromises between perfect safety and unmitigated risk by minimizing code exposed to untrusted users. Code quality and ASR can help produce software that is more secure; striving to write perfect code alone will not.
• #40: Identity. Is an abstract concept; it does not map to a person, it maps to a persona. Identities are different from credentials, which are something you use to prove identity. For example, your login password is a credential. Digital identity: http://msdn.microsoft.com/en-us/library/aa480030.aspx. Authority.When we are attempting to identify someone, we are relying upon some authority, usually the state government. When you register a domain name with a registrar, they record your personal information in the WHOIS database; this is the system of record (http://en.wikipedia.org/wiki/System_of_record). No matter how careful we are, we can never have a higher level of assurance than this authority has. If the government gave that person a false identity, or the person bribed a DMV clerk to do so, we can do absolutely nothing about it. This is an important implication of the limitations of accuracy.Authentication Factors: something you arelike biometric signatures such as the pattern of capillaries on your retina, your fingerprints, etc. something you havelike a token, physical key, or thumb drive something you knowlike a passphrase or password somewhere you areif you put a GPS device in a computer, or did direction-finding on transmissions, or simply require a person to be physically present somewhere to operate the system somewhere you can be reachedlike a mailing address, network address, email address, or phone number Authentication: When, What.Do we authenticate each transaction or command (sudo), or a session (SSH), or only certain commands (passwd)? What is being authenticated, the remote system, the agent, the user, or the data? Authentication Problems: Randomly-Chosen Identity Fictitious Identity Stolen Identity
• #41: Definition. Authorization is a process (often part of the operating system) that protects computer resources by only allowing those resources to be used by resource consumers that have been granted authority to use them. Resources include individual files' or items' data, computer programs, computer devices and functionality provided by computer applications. Examples of consumers are computer users, computer programs and other devices on the computer. Authorization (deciding whether to grant access) is a separate concept to authentication (verifying identity), and usually dependent on it.Authentication vs. Authorization.To distinguish "authentication" from the closely related term "authorization," the short-hand notations A1 (authentication) and A2 (authorization) are occasionally used. The terms AuthN / AuthZ or Au / Az are also used to make this distinction in some communities.The problem of authorization is often thought to be identical to that of authentication; many widely adopted standardsecurity protocols, obligatory regulations, and even statutes are based on this assumption. However, more precise usage describes authentication as the process of verifying a claim made by a person (or a computer, smart card etc.), while authorization is the process of verifying that an authenticated person has the authority to perform a certain operation. Authentication, therefore, must precede authorization. For example, when you show proper identification to a bank teller, you could be authenticated by the teller, and you would be authorized to access information about your bank accounts. You would not be authorized to access accounts that are not your own.Since authorization cannot occur without authentication, the former term is sometimes used to mean the combination of authentication and authorization.Access Control.In an ACL-based security model, when a subject requests to perform an operation on an object, the system first checks the list for an applicable entry in order to decide whether to proceed with the operation. A key issue in the definition of any ACL-based security model is the question of how access control lists are edited. For each object; who can modify the object's ACL and what changes are allowed.Systems that use ACLs can be classified into two categories: discretionary and mandatory. A system is said to have discretionary access control if the creator or owner of an object can fully control access to the object, including, for example, altering the object's ACL to grant access to anyone else. A system is said to have mandatory access control (also known as "non-discretionary access control" in the security literature) if it enforces system-wide restrictions that override the permissions stated in the ACL.Traditional ACL systems assign permissions to individual users, which can become cumbersome in a system with a large number of users. In a more recent approach called role-based access control, permissions are assigned to roles, and users are assigned to roles.
• #42: Definition.Until modern times, cryptography referred almost exclusively to encryption, the process of converting ordinary information (plaintext) into unintelligible gibberish (i.e., ciphertext).[2] Decryption is the reverse, moving from unintelligible ciphertext to plaintext. A cipher (or cypher) is a pair of algorithms which creates the encryption and the reversing decryption. The detailed operation of a cipher is controlled both by the algorithm and, in each instance, by a key. This is a secret parameter (ideally, known only to the communicants) for a specific message exchange context. Keys are important, as ciphers without variable keys are trivially breakable and therefore less than useful for most purposes.Confidentiality. To ensure data remains private. Confidentiality is usually achieved using encryption. Encryption algorithms (that use encryption keys) are used to convert plain text into cipher text and the equivalent decryption algorithm is used to convert the cipher text back to plain text. Symmetric encryption algorithms use the same key for encryption and decryption, while asymmetric algorithms use a public/private key pair.Dataintegrity. To ensure data is protected from accidental or deliberate (malicious) modification. Integrity is usually provided by message authentication codes or hashes. A hash value is a fixed length numeric value derived from a sequence of data. Hash values are used to verify the integrity of data sent through insecure channels. The hash value of received data is compared to the hash value of the data as it was sent to determine if the data was altered.Authentication. To assure that data originates from a particular party. Digital certificates are used to provide authentication. Digital signatures are usually applied to hash values as these are significantly smaller than the source data that they represent.
• #43: Symmetric key. Symmetric-key cryptography refers to encryption methods in which both the sender and receiver share the same key (or, less commonly, in which their keys are different, but related in an easily computable way).Block and Stream.The modern study of symmetric-key ciphers relates mainly to the study of block ciphers and stream ciphers and to their applications. Blockciphers take as input a block of plaintext and a key, and output a block of ciphertext of the same size.Streamciphers, in contrast to the 'block' type, create an arbitrarily long stream of key material, which is combined with the plaintext bit-by-bit or character-by-character, somewhat like the one-time pad. In a stream cipher, the output stream is created based on an internal state which changes as the cipher operates. That state change is controlled by the key, and, in some stream ciphers, by the plaintext stream as well. RC4 is an example of a well-known, and widely used, stream cipher; DES.The Data Encryption Standard is a cipher (a method for encrypting information) that was selected by NBS as an official Federal Information Processing Standard (FIPS) for the United States in 1976. It is based on a Symmetric-key algorithm that uses a 56-bit key. DES is now considered to be insecure for many applications. This is chiefly due to the 56-bit key size being too small; in January, 1999, distributed.net and the Electronic Frontier Foundation collaborated to publicly break a DES key in 22 hours and 15 minutes.Triple-DESis a block cipher formed from the Data Encryption Standard (DES) cipher by using it three times. TDES can be operated with variations in two parameters: number of keys used and order of operations. Using three distinct keys is the most secure operation and would be desingnated as DES-EEE3 or DES-EDE3. AES tends to be around six times faster.AES Advanced Encryption Standard, also known as Rijndael, is a block cipher adopted as an encryption standard by the U.S. government. The cipher was developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen, and submitted to the AES selection process under the name "Rijndael", a portmanteau of the names of the inventors. (Rijndael is pronounced [rɛindaːl]). AESs key size of 128, 192, or 256 bits.RC2.is a block cipher with a variable size key.The development of RC2 was sponsored by Lotus. Initially, the details of the algorithm were kept secret — proprietary to RSA Security — but on 29th January, 1996, source code for RC2 was anonymously posted to the Internet.RC2 is vulnerable to a related-key attack using 234chosen plaintexts.RC4.In cryptography, RC4 (also known as ARC4 or ARCFOUR meaning Alleged RC4, see below) is the most widely-used software stream cipher and is used in popular protocols such as Secure Sockets Layer (SSL) (to protect Internet traffic) and WEP (to secure wireless networks). RC4 was designed by Ron Rivest of RSA Security in 1987. While it is officially termed "Rivest Cipher 4", the RC acronym is alternatively understood to stand for "Ron's Code“. While remarkable for its simplicity and speed in software, RC4 is vulnerable to attacks when the beginning of the output keystream is not discarded, or a single keystream is used twice; some ways of using RC4 can lead to very insecure cryptosystems such as WEP. RC4-based cryptosystemsWEPWPABitTorrent protocol encryptionMicrosoft Point-to-Point EncryptionSecure Sockets Layer (optionally)Secure shell (optionally)Remote Desktop ProtocolKerberos (optionally)Where a cryptosystem is marked with "(optionally)", RC4 is one of several ciphers the system can be configured to use.Hash functions.A cryptographichash function is a transformation that takes an input (or 'message') and returns a fixed-size string, which is called the hash value (sometimes termed a message digest, a digital fingerprint, a digest or a checksum). The ideal hash function has three main properties - it is extremely easy to calculate a hash for any given data, it is extremely difficult or almost impossible in a practical sense to calculate a text that has a given hash, and it is extremely unlikely that two different messages, however close, will have the same hash. Practical applications include message integrity checks, digital signatures, authentication, and various information security applications.MD5. In cryptography, MD5 (Message-Digest algorithm 5) is a widely used, partially insecure[1]cryptographic hash function with a 128-bit hash value. As an Internet standard (RFC 1321), MD5 has been employed in a wide variety of security applications, and is also commonly used to check the integrity of files. An MD5 hash is typically expressed as a 32 digit hexadecimal number. MD5 digests have been widely used in the software world to provide some assurance that a transferred file has arrived intact. In some cases the checksum cannot be trusted (for example, if it was obtained over the same channel as the downloaded file), in which case MD5 can only provide error-checking functionality: it will recognize a corrupt or incomplete download, which becomes more likely when downloading larger files. MD5 is widely used to store passwords. To mitigate against the vulnerabilities mentioned above, one can add a salt to the passwords before hashing them. Some implementations may apply the hashing function more than once—see key strengthening.SHA-1. SHA stands for Secure Hash Algorithm. The five algorithms are denoted SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512. The latter four variants are sometimes collectively referred to as SHA-2. SHA-1 produces a message digest that is 160 bits long; the number in the other four algorithms' names denote the bit length of the digest they produce. SHA-1 (as well as SHA-0) produces a 160-bit digest from a message with a maximum length of (264 − 1) bits. It forms part of several widely used security applications and protocols, including TLS and SSL, PGP, SSH, S/MIME, and IPsec. A prime motivation for the publication of the Secure Hash Algorithm was the Digital Signature Standard, in which it is incorporated.MACmessage authentication code is a short piece of information used to authenticate a message. A MAC algorithm accepts as input a secret key and an arbitrary-length message to be authenticated, and outputs a MAC (sometimes known as a tag). The MAC value protects both a message's data integrity as well as its authenticity, by allowing verifiers (who also possess the secret key) to detect any changes to the message content, and so should be called Message Authentication and Integrity Code: (MAIC). MAC algorithms can be constructed from other cryptographic primitives, such as cryptographic hash functions (as in the case of HMAC) or from block cipher algorithms (OMAC, CBC-MAC and PMAC). Data Authentication Algorithm DES-based MAC algorithm from ANSI
• #44: URL: http://www.rsa.com/rsalabs/node.asp?id=2152http://msdn.microsoft.com/en-us/library/aa302378.aspxhttp://msdn.microsoft.com/en-us/library/aa480545.aspxTransfer: Symmetric-key cryptosystems use the same key for encryption and decryption of a message, though a message or group of messages may have a different key than others. A significant disadvantage of symmetric ciphers is the key management necessary to use them securely. Each distinct pair of communicating parties must, ideally, share a different key, and perhaps each ciphertext exchanged as well. The number of keys required increases as the square of the number of network members, which very quickly requires complex key management schemes to keep them all straight and secret. The difficulty of securely establishing a secret key between two communicating parties, when a secure channel doesn't already exist between them, also presents a chicken-and-egg problem which is a considerable practical obstacle for cryptography users in the real world.Public key cryptography, also known as asymmetric cryptography, is a form of cryptography in which the key used to encrypt a message differs from the key used to decrypt it. In public key cryptography, a user has a pair of cryptographic keys—a public key and a private key. The private key is kept secret, while the public key may be widely distributed. Incoming messages would have been encrypted with the recipient's public key and can only be decrypted with his corresponding private key. The keys are related mathematically, but the private key cannot be practically derived from the public key. Public key encryption:a message encrypted with a recipient's public key cannot be decrypted by anyone except the recipient possessing the corresponding private key. This is used to ensure confidentiality.Digital signatures: a message signed with a sender's private key can be verified by anyone who has access to the sender's public key, thereby proving that the sender signed it and that the message has not been tampered with. This is used to ensure authenticity. Digital signatures can also provide non-repudiation, meaning that the signer cannot successfully claim they did not sign a message, while also claiming their private key remains secret; further, some non-repudiation schemes offer a time stamp for the digital signature, so that even if the private key is exposed, the signature is valid nonetheless.RSA. The algorithm was publicly described in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman at MIT; the letters RSA are the initials of their surnames. It is the first algorithm known to be suitable for signing as well as encryption. It is currently recommended that n be at least 2048 bits long.DSA. The Digital Signature Algorithm (DSA) is a United States Federal Governmentstandard for digital signatures. NIST recommends lengths of 2048 (or 3072) for keys with security lifetimes extending beyond 2010 (or 2030).Notes. In practice, public key cryptography is often used in combination with secret-key methods for efficiency reasons. Such a combination is called a hybrid cryptosystem. For encryption, the sender encrypts the message with a secret-key algorithm using a randomly generated key, and that random key is then encrypted with the recipient's public key. For digital signatures, the sender hashes the message (using a cryptographic hash function) and then signs the resulting "hash value". Before verifying the signature, the recipient also computes the hash of the message, and compares this hash value with the signed hash value to check that the message has not been tampered with.Public Key Approaches. A central problem for use of public-key cryptography is confidence (ideally proof) that a public key is correct, belongs to the person or entity claimed (i.e., is 'authentic'), and has not been tampered with or replaced by a malicious third party. The usual approach to this problem is to use a public-key infrastructure (PKI), in which one or more third parties, known as certificate authorities, certify ownership of key pairs. Another approach, used by PGP, is the "web of trust" method to ensure authenticity of key pairs.PKI: public key infrastructure is an arrangement that binds public keys with respective user identities by means of a certificate authority (CA - an entity which issues digital certificates for use by other parties). The user identity must be unique for each CA. The binding is established through the registration and issuance process, which, depending on the level of assurance the binding has, may be carried out by software at a CA, or under human supervision. The PKI role that assures this binding is called the Registration Authority (RA) . For each user, the user identity, the public key, their binding, validity conditions and other attributes are made unforgeable in public key certificates issued by the CA. X.509 is a standard for a public key infrastructure.X.509 supporting protocols:Transport Layer Security (TLS/SSL) Secure Multipurpose Internet Mail Extensions (S/MIME) IPsecSSHSmartcardHTTPSExtensible Authentication ProtocolLightweight Directory Access ProtocolWeb of trust is a concept used in PGP, GnuPG, and other OpenPGP-compatible systems to establish the authenticity of the binding between a public key and a user. Its decentralized grass roots trust model is an alternative to the centralized trust model of a public key infrastructure (PKI), which relies exclusively on a certificate authority (or a hierarchy of such). As with computer networks, there are many independent webs of trust, and any user (through their identity certificate) can be a part of, and a link between, multiple webs. As time goes on, you will accumulate keys from other people that you may want to designate as trusted introducers. Everyone else will each choose their own trusted introducers. And everyone will gradually accumulate and distribute with their key a collection of certifying signatures from other people, with the expectation that anyone receiving it will trust at least one or two of the signatures. This will cause the emergence of a decentralized fault-tolerant web of confidence for all public keys.PGP (Pretty Good Privacy), GPG (GNU Privacy Guard) - OpenPGP standards. PGP encryption uses public-key cryptography and includes a system which binds the public keys to a user name and/or an e-mail address. The first version of this system was generally known as a web of trust to contrast with the X.509 system which uses a hierarchical approach based on certificate authority and which was added to PGP implementations later. Current versions of PGP encryption include both alternatives through an automated key management server.
• #45: URL: http://en.wikipedia.org/wiki/Category:Cryptographic_protocolsIpsec, Internet Protocol Security is a suite of protocols for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a data stream. IPsec also includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used to protect data flows between a pair of hosts (e.g. computer users or servers), between a pair of security gateways (e.g. routers or firewalls), or between a security gateway and a host. [1]IPsec is an end-to-end security solution and operates at the Internet Layer of the Internet Protocol Suite, comparable to Layer 3 in the OSI model. IPsec uses the following protocols to perform various functions:Internet key exchange (IKE and IKEv2) to set up a security association (SA) by handling negotiation of protocols and algorithms and to generate the encryption and authentication keys to be used by Ipsec.Authentication Header (AH) to provide connectionless integrity and data origin authentication for IP datagrams and to provide protection against replay attacks.Encapsulating Security Payload (ESP) to provide confidentiality, data origin authentication, connectionless integrity, an anti-replay service (a form of partial sequence integrity), and limited traffic flow confidentiality.Kerberosis a computer networkauthenticationprotocol, which allows individuals communicating over a non-secure network to prove their identity to one another in a secure manner. Kerberos builds on symmetric key cryptography and requires a trusted third party. Extensions to Kerberos can provide for the use of public-key cryptography during certain phases of authentication. It makes use of a trusted third party, termed a key distribution center (KDC), which consists of two logically separate parts: an Authentication Server (AS) and a Ticket Granting Server (TGS). Kerberos works on the basis of "tickets" which serve to prove the identity of users.The KDC maintains a database of secret keys; each entity on the network — whether a client or a server — shares a secret key known only to itself and to the KDC. Knowledge of this key serves to prove an entity's identity. For communication between two entities, the KDC generates a session key which they can use to secure their interactions.NTLM. (NT LAN Manager) a Microsoftauthentication protocol used with the SMB protocol.Microsoft adopted Kerberos as the preferred authentication protocol for Windows 2000 and Windows 2003 Active Directory domains. NTLM is still used in the following situations:The client is authenticating to a server using an IP address.The client is authenticating to a server that belongs to a different Active Directory forest, or doesn't belong to a domain.No Active Directory domain exists (commonly referred to as "workgroup" or "peer-to-peer").Where a firewall would otherwise restrict the ports required by Kerberos (of which there are quite a few)TLS,Transport Layer Security Protocol and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide security and data integrity for communications over TCP/IP networks. TLS and SSL encrypt the datagrams of the Transport Layer protocols in use for an end-to-end connection across the network. Typically, only the server is authenticated (i.e., its identity is ensured) while the client remains unauthenticated; this means that the end user (whether an individual or an application, such as a Web browser) can be sure with whom it is communicating. The next level of security — in which both ends of the "conversation" are sure with whom they are communicating — is known as mutual authentication. Mutual authentication requires public key infrastructure (PKI) deployment to clients unless TLS-PSK or the Secure Remote Password (SRP) protocol are used, which provide strong mutual authentication without needing to deploy a PKI. TLS involves three basic phases:Peer negotiation for algorithm supportKey exchange and authenticationSymmetric cipher encryption and message authenticationTLS runs on layers beneath application protocols such as HTTP, FTP, SMTP, NNTP, and XMPP and above a reliable transport protocol, TCP for example. TLS can also be used to tunnel an entire network stack to create a VPN, as is the case with OpenVPN. When compared against traditional IPsec VPN technologies, TLS has some inherent advantages in firewall and NAT traversal that make it easier to administer for large remote-access populations.SSH, Secure Shell Protocol uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary.[1]SSH is typically used to log into a remote machine and execute commands, but it also supports tunneling, forwarding TCPports and X11 connections; it can transfer files using the associated SFTP or SCP protocols.