




Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
E-Commerce is taking over the traditional commerce practices. It is of special concern for the IT students. Following are the key points of these Lecture Slides : Routing, Mechanisms, Application Specific Security, Mechanisms, Security, Network Layer, Traffic Secure, Secure Communication, Branch Office, Remote Access
Typology: Slides
1 / 8
This page cannot be seen from the preview
Don't miss anything!





1
COMP
Application specific securitymechanisms exist (eg., SSL, Kerberos,PGP) sometimes want security at a lowernetwork layer want to be sure all traffic secure can put security at the level of IP COMP 3
provides security even for applicationswith no security awareness three functional areas:^ authentication confidentiality key management COMP
development begun in 1994 designed to be usable with IPv4 andIPv COMP Docsity.com
5
secure communication across LANsand WANs, including the Internet examples^ secure branch office connectivity secure remote access secure communication with otherorganisations enhanced e-commerce security COMP
IP Header IPSecHeader Secure IPPayload Public (Internet) or privatenetwork User systemwith IPSec Networking Device with IPSec IPHeader IPSecHeader Secure IPPayload IP Header IP Payload COMP 7
when implemented in firewall or router trafficacross perimeter receives strong security withno overhead for traffic within perimeter IPSec in firewall resistant to bypass(assuming properly implemented firewall) IPSec below transport layer so transparent toapplications & users can provide security for off-site users COMP
IPSec can contribute to routingarchitecture for Internetworking IPSec can assure^ routing and neighbour advertisementscome from authorised routers redirect message comes from the router towhich initial message was sent routing updates are not forged COMP Docsity.com
13
bit string assigned to SA, localsignificance only SPI carried in AH and ESP headers allows receiver to select the SA underwhich packet processed COMP
endpoint of SA may be end user system or networksystem (router or firewall) COMP 15
IPSec implementation includes databasewhich defines parameters for each SA normal parameters^ sequence number counter ^ sequence counter overflow ^ anti-replay window ^ AH information (algorithm and keys) ^ ESP information (algorithm and keys) ^ Lifetime of SA ^ IPSEC protocol mode ^ Path MTU (maximum transmission unit) COMP
IPSec very flexible user can select which traffic gets IPSecprotection SAs can be combined in a very finegrained manner COMP Docsity.com
17
AH and ESP both support two modes^ transport tunnel COMP
IP Header Encrypted DataBody
19 IP Header Encrypted IP Header Encrypted DataBody
Primarily for protection of upper-layerprotocols ie, payload of IP packet (TCP, UDPsegments or ICMP packet) used for end-to-end communicationbetween two hosts COMP Docsity.com
25
A single SA can use AH or ESP but not both if need both then need more than one SA may need a number of SAs - for^ AH and ESP ^ two way communication ^ between hosts and firewalls ^ etc COMP
Sequence of SAs traffic passes through them to providedesired security services SAs in bundle may terminate at thesame or different endpoints SAs may may be bundled by^ transport adjacency iterated tunneling COMP 27
More than one security protocol isapplied to a packet, without tunneling AH and ESP are combined processing takes place at a singledestination COMP
ESP is applied to the IP payload,without authentication AH is then applied to resulting IP packet authentication covers more fields, suchas IP source and destination, then arecovered by ESP with authentication COMP Docsity.com
29
may wish to do authentication beforeencryption makes altering authentication informationharder and makes it easier to storeauthentication data with original message for example,apply authentication to IP headerand payload then apply ESP to entire packet, givingtunnelling COMP
See text for more information on^ iterated tunneling AH ESP IPSec key management COMP Docsity.com