 In this video, we will identify and explain security services that are relevant for internet security. Access Control is a security service that protects resources against unauthorized usage. Such resources may be end systems, such as servers and PCs, but also network systems, such as routers and switches, as well as network links. Access Control at the network level is often achieved using firewalls. Access Control within systems can be achieved by using access control lists. Access Control is one of the services needed to protect against masquerade attacks. An audit is a service formed by independent specialists. Such specialists review and examine security-related information to ensure compliance with the accepted security policies and procedures. Examples of information that may be investigated are access logs, firewall logs and the output of intrusion detection systems. Nowadays, banks and other organizations that hold sensitive data also store network traces, such as collected using NetFlow or IPvix, as part of their security audit trail. Availability is a security service to protect against denial of service attacks. Depending on the precise detail of such attacks, different mitigation strategies may be possible. For example, companies may rely on DDoS protection services that reroute all traffic via this service and filter attack traffic. DDoS protection services can be obtained from commercial companies, such as Cloudflare and Incapsula, but also from non-commercial institutions, such as the National Washing Street, abbreviated as NAVAS in the Netherlands. Next to relying on DDoS protection services, it might also be possible to quickly upscale server capacity. Data confidentiality is a security service that protects against message disclosure attacks. A common mechanism to implement data confidentiality is data encryption. Encryption algorithm can be divided into two categories. The first category is symmetric encryption, where both parties share the same encryption key. Examples of symmetric encryption algorithms include DES, DDoS and AES CBC. The second category is public key cryptography, where two keys are needed, a public and a private. Examples of public key algorithms include ECC, Diffie-Hellman and RSA. Symmetric encryption is much faster than public key encryption, but has its main drawback key management. Therefore, security protocols such as IPSEC, SSH and SSL usually start with using public key encryption, but switch to symmetric key encryption as soon as a secure channel has been created. Data integrity is a security service that protects against message modification, insertion, deletion or replay attacks. It relies on the inclusion of a hash-based message authentication code, abbreviated as HMAC, to each individual message. Such code is calculated by a hash algorithm by feeding it with message contents as well as a secret key. Each message therefore includes a unique code. To detect insertion, deletion or replay, also a sequence number must be added to each message. Data integrity is provided by using authentication algorithms. Well-known examples of such algorithms are HMAC SHA-1 and HMAC MD-5. The second one has some theoretical weaknesses, however, and will therefore likely be avoided in future protocols. Data authentication is a security service that protects against masquerade attacks. There are two forms of this service. The first form is peer entity authentication, which is used whenever connections or associations can be established between both communicating parties. The second form is data origin authentication, which is used in connectionless environments. Like data integrity, authentication services rely on the use of hash-based message authentication codes. Non-repudiation is a security service that protects against false denial of involvement in an association. Two forms should be distinguished. The first is non-repudiation with proof of origin, which protects against senders that deny that they have sent a certain message. The second is non-repudiation with proof of receipt, which protects against receivers that deny that they have received a certain message. For non-repudiation, there are no specific algorithms, since it can be achieved a side-effect of encryption mechanisms, since private keys should only be known to the sender. Finally, system integrity is a security service that protects system resources in a verifiable manner against unauthorized or accidental manipulation. There is not dedicated protocol or mechanism that guarantees system integrity, although it is somehow related to access control.