









Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Practical network security approaches, including ipsec, firewalls, virtual private networks, and wireless security. Topics covered include ipsec headers, isakmp key management, firewall structures and functionalities, security problems, and 802.11 security. Students will gain insights into various network security technologies and their applications.
Typology: Study notes
1 / 15
This page cannot be seen from the preview
Don't miss anything!










RFCs 2401, 2402 and 2406 Multiple service: you may not want all services all the timethe time
Multiple algorithms: a valid algorithm may be broken in the future
Multiple granularities: you can protect a single TCP connection / all traffic between a pair of hosts / alltraffic between a pair of secure routers.
Transport mode: IPsec header is inserted after the IPheader Tunnel mode: entire IP packet is encapsulated in theTunnel mode: entire IP packet is encapsulated in the body of a new IP packet with a completely new IPheader.
AH provides integrity checking and antireplay security, but not secrecy (i.e. no data encryption). Next header field: store the previous value of IP header Security parameter index: connection identifier Sequence number: number all packets sent on SA (detect replayattack)
Structure of firewall: two routers doing packet filteringand one application gateway
If a firewall allows only packets from specific networks, an intruder outsidethe firewall can put in false source addresses.addresses.
Denial of Service (DoS): intruder can send a great number of legitimatepackets to the target until it isoverwhelmed.
What if a company has sites in several cities?
A network built up by from company computers
and leased telephone lines is called private network.network. •
Virtual private network (VPN): overlay networks
over public networks