Fortinet NSE4_FGT-7.2 — FortiGate Firewall — Section 1: FortiGate Firewall V6.4 1 Part 49
67. Lecture-67: Introduction to Diffi-Hellman (DH) Group.
This Diffee Helmond derailment, we call them d.H as well, basically two scientists with Dr. Widefield Beefy and Dr. Martin Hellman, these two scientists in nineteen seventy six, they developed this algorithm, this method, this formula, this mathematical algorithm that if two parties want to communicate and don’t want to exchange the key, so we have a method to exchange the key without exchanging the key and VPN. The big issue was suppose if you have two older women, you get another one is in USSI.
So, we and what they will do first, they will authenticate each other.
So, definitely they will send a clear text, their data and through Internet.
So, if anybody in the middle, they will see the key, then what they will. What the hell of this then weepin. They can hack everything after they know the password.
So, the question was how to exchange the key through unsecure Channon using a secure method so that methods and methods DPL meant they developed a mathematical formula that no need to exchange. The key, we will use some mathematical techniques.
So, even if somebody in the middle can see the key, they will not understand it. They will generate some random guy in mathematical multiplication and mathematical division in something. And at the end of the day, the panel will be established and all SSH, DNS, SSL, all of these are using BP, Helmund method, if you are going to any banking website, started using this method. Otherwise, first time you held to send data and clear text in VPN, but that’s okay due to this BP Hilman and we call them and garbage. These are the famous one, two, five, 14, 15, 19 and 20 and Heldman. But there are so many from one to 30 and from thirty one, two, three, two, seven, six, seven. These are unassigned not only in firewall and router. You will see these group. You have to choose this group. The more you go, the more you will get a stronger and more strong method. DPL man one two, five, 14, 15, 19, 20, 21 and 24.
So, this is the method how they will exchange the key. First of all, they both party will decide any prime number. I suppose they both decide prime number 13. It’s okay if in the middle they will see that these two guys choose 13. It’s okay here, Connotative. No, it’s okay. Then both the party will generate a prime number.
So, do you. One number. Suppose, they choose sit again the hacker nor that they choose six.
So, what now? Both the party will generate a private key which I just show you private key. Now the hacker don’t know. They will not exchange this key. No hacker, not only 13 and six. Now this side and this are they generate some random key. What they will do then the private key Iniki anything and they will do a marvelous and they will do some multiplication with that that have been private. Key is five six, power five and modulus, starting with this this one, they will do some mathematical I’m showing you and Schatzker and real world. It will be a bigger number. Nada’s more like a thirteen I will show you from some software.
So, they will generate some public key from these mathematical techniques and this guy will also do the same, whatever they choose. They don’t know their private key. And this guy, I don’t know their private key in the middle heck, don’t know which private key they choose, but they multiply with those things and the and they get nine and they get to know they will exchange again the heck on all these Tukey.
So, what they’re not they’re being six and they’re not two and nine. They can do nothing with those keys.
So, in the exchange.
So, what they will do, they will do again this they will choose nine. Their key. You know, the key is she exchange with their private key.
So, now the hacker door, no private key, they will multiply sorry. They will the power and modules and there will be a key generated automatically. And this start they will get two and they will do the same thing and they will get the same key. This the mathematical techniques and they call them BP. Hilman, let me show you quickly, if I help Krypto Tool, there is a krypto tool. Great tool, there is all one which is for Hill and the old one, this one good one, the new one, they change them many things.
So, let me show you to do this one. Let me show you.
So, let me go to protocol. And there is Deep Helmond demonstration. Set public barometer. Okay, so let me give you this example, then I will change them.
So, what do you want from number? We choose from number nine, which is nine. What was three prime numbers, 13, 13 and generators nine. Okay, 13 and nine. Then this site, which they select, they select five. And this are what they select. They sell it for. Then create a shaky calculus jerkies three, which is tricky. Okay, this one has two, but our one is three three and they certainly generate. Nine now they will exchange the key, which I told you, this public will be generated, exchange the key, so they join the exchange, the key, they start and they exchange the key. This, sir. Now, there is a mathematical equation again. And end of the day, they will get the same key, calculate they get three and calculate they get three without exchanging the private key. They’re done their job. Five and four is not in the action. This is called DP Hillmann. Now, let me show you in real work and real world, it will be like this one. Look at the huge number itself. And now let me generate a huge number. It will be like this. Choose a secret. Let me choose a secret key. It will be like this. Let me choose this selector key like a key. This is not one, two, three. I was just to show you and simple words. Now calculate this the huge number. What the heck with this name. And now they will exchange this huge number with each other and they will exchange. Now you can generate calculation and okay. And this key will be the last digits is to zero and this will be also two zero two zero. And this is going to be.
So, in weepin, we will use this method this way, I am telling you this.
68. Lecture-68: Introduction to Internet Protocol Security IPsec.
Is it basic protocol, what is IP, Internet protocol, security, basically basic as an open standard as like a suit, you know, like a kid, football kid, hockey kid, either like your exercise skit where everything is available, like a first aid kit, first aid kit, whatever is there is everything available, SESAR and everything.
So, whenever somebody got a wand or something, so you have a complete kit to put first aid.
So, it becomes like a suit, like a kit which provide each and everything for the weapon.
So, what those things are, those are confidentiality, integrity, authentication and teleplay.
So, it can provide you all these detailed. And is the open standard you can use in any way, the road or anywhere near the firewall, anything so APC can provide you confidentiality, what is confidentiality? Basically encryption called confidentiality. What is encryption? We just discussed encryption. Encryption means to make the data hard so that nobody knowing the middle and we use one method from there, I assure you, from the software. This is called confidentiality, confidentiality to hide your data confidential, only the you know, the sender and receiver know and only sending and receiving will able to read the data. This is called confidentiality. Another is integrity. We just discuss integrity. Modified Insha. The two meter integrity means that what they want to send the data, the receiver can receive the same data without changing, nor after the data has not been altered, not being changed in the middle and how they will check their use. Hey, I just show you and this are that we brought up the European firewall will generate a hash value and they will send the hash value separately to the other device. And when the other divisive issue, the data, they will generate a hedge and they will compare with the hash, said the hedge. Similar. It means integrities, dear. Nobody changed the data in the packet. This is called integrity. I can provide you this. Third one is authentication. We also need to know that the data which I’m giving to someone is the right person or someone else. Supposedly, if you receive a letter and somebody knock on the door, postmen, that is, there is a inside and somebody else come out. And he received my letter and he said, yes, I am. No postman will not give them. They will say, give me your identity, your passport, your identity card and anything which whatever I did before do I do with signature to that I can verify you that this letter belong to you. This is a complication.
So, they will attempt to get the other part. B Are you the actual person to receive the data? And then the last entry, I suppose if somebody slowed the packet and, you know, duplicate them and intercept them.
So, when they receive the same packet, they will say, no, no, this is not packet is miss the packet so I can provide you and plays with.
So, I because these protocol, ESPN, El-Hage encryption is so many, three of them as deep as three years and eight years. Authentication is five Insha and Deep Helmond. It can support many, but three of them I mentioned here.
So, IP protocol. There are two way to configure IPCA. One is USB, which is the best one insert to start with and we are using E.S.P integrity, encryption, authentication and intraplate. Everything you will receive if you are using encapsulating security payload method IPV six Asadi APC. Also working with the energy devices, if energy devices is coming in the middle.
So, E.S.P, what they will do, they will encrypt the entire packet and will create a new IP header, but there is another method as well authentication here which can provide you integrity and dignity we just discussed and authentication, but no encryption. It will not encrypt the data. The data will go and clear text.
So, it’s not a good solution.
So, you can configure IP six in two different way authentication header and E.S.P. This method will not create a header, but they will put their own here inside the IP header. Then IP six can be configured in two different morde, not different method more than Elmau, which will create a tunnel between two devices. This is a firewall and this is Oroton. Any combination, it can be a firewall and firewall. They will make a tunnel between these two, but after the tunnel the data will be in clear text because you don’t get this is not in our infra and our insert.
So, we don’t care. It’s like a security suppos emeny either the union president.
So, when they go from their homes, when they come out from their door, then security will start. And when they reached the office, security will stop on their door inside the office. We don’t get an answer. The home, we don’t care.
So, this is called Tannenwald. And normally side to side would be in remote access, would be in get shape and we all use tunnel more. Then there is our transport more, which is security. Start from your bed, from your home. But security guard will be there with you inside your home as well. Inside your room, inside your bed. And they will in and they will secure you until you reach to your office chair. This is guard transport more, which is not normally used. Authentication, we use these we’ve already discussed the error to modify and then ensure we have so many flavor encryption, we already discussed to encrypt the data to make them good, which nobody knows. There are so many method. One of them is B.S. means encryption, data encryption standard. It will encrypt the virus to produce, which is more powerful than previous three time. It will encrypt the data and the rest is more advanced than that one advanced encryption standard.
So, far, encryption. You have three different way. B is B if the old one, then three areas and then A is then an alias, you have 128, 192 and 256 flavor so you can go more. And BP, I already told you how it is working then.