Network Security in Computer Networks: Practical Approaches and Technologies, Study notes of Computer Systems Networking and Telecommunications

Practical network security approaches, including ipsec, firewalls, virtual private networks, and wireless security. Topics covered include ipsec headers, isakmp key management, firewall structures and functionalities, security problems, and 802.11 security. Students will gain insights into various network security technologies and their applications.

Typology: Study notes

Pre 2010

Uploaded on 08/27/2009

koofers-user-d45-2
koofers-user-d45-2 🇺🇸

10 documents

1 / 15

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
ECE453 – Introduction to
Computer Networks
Lecture 20 – Network Security (III)
(communication security)
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff

Partial preview of the text

Download Network Security in Computer Networks: Practical Approaches and Technologies and more Study notes Computer Systems Networking and Telecommunications in PDF only on Docsity!

ECE453 – Introduction toComputer Networks Lecture 20 – Network Security (III)(communication security)

Communication Security

How to apply previous techniques inpractical networks? Possible approaches:Possible approaches: Ipsec Firewall Virtual private network Wireless security

IPsec (IP security)

RFCs 2401, 2402 and 2406 Multiple service: you may not want all services all the timethe time

Multiple algorithms: a valid algorithm may be broken in the future

Multiple granularities: you can protect a single TCP connection / all traffic between a pair of hosts / alltraffic between a pair of secure routers.

Connection Oriented

Ipsec is connection oriented although it

is in the IP layer.

A key must be established and used forA key must be established and used for

some time (a kind of connection)

A connection in the context of IPsec is

called an SA (security association)

Two modes of IPsec

Transport mode: IPsec header is inserted after the IPheader Tunnel mode: entire IP packet is encapsulated in theTunnel mode: entire IP packet is encapsulated in the body of a new IP packet with a completely new IPheader.

Authentication Header (AH)

AH provides integrity checking and antireplay security, but not secrecy (i.e. no data encryption). Next header field: store the previous value of IP header Security parameter index: connection identifier Sequence number: number all packets sent on SA (detect replayattack)

Firewalls

Firewall: all data traffic in the networkhas to be through an electronicdrawbridge.

Structure

Structure of firewall: two routers doing packet filteringand one application gateway

Security Problems with Firewall

If a firewall allows only packets from specific networks, an intruder outsidethe firewall can put in false source addresses.addresses.

Denial of Service (DoS): intruder can send a great number of legitimatepackets to the target until it isoverwhelmed.

Virtual private networks

What if a company has sites in several cities?

A network built up by from company computers

and leased telephone lines is called private network.network. •

Virtual private network (VPN): overlay networks

over public networks