Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
In CERTs 2001 annual report it listed 52,000 security incidents the most serious involving: IP spoofing intruders creating packets with false address then taking advantages of OS exploits eavesdropping and sniffing attackers listen for userids and passwords and then just walk into target systems as a result the IAB included authentication and encryption in the next generation IP (IPv6) | Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown The need. In CERTs 2001 annual report it listed 52,000 security incidents the most serious involving: IP spoofing intruders creating packets with false address then taking advantages of OS exploits eavesdropping and sniffing attackers listen for userids and passwords and then just walk into target systems as a result the IAB included authentication and encryption in the next generation IP (IPv6) IP Security We’ve considered some application specific security mechanisms eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that cut across protocol layers would like security implemented by the network for all applications IPSec general IP Security mechanisms provides authentication confidentiality key management applicable to use over LANs, across public & private WANs, & for the Internet IPSec Uses Stallings Fig 16-1. Benefits of IPSec in a firewall/router provides . | Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown The need. In CERTs 2001 annual report it listed 52,000 security incidents the most serious involving: IP spoofing intruders creating packets with false address then taking advantages of OS exploits eavesdropping and sniffing attackers listen for userids and passwords and then just walk into target systems as a result the IAB included authentication and encryption in the next generation IP (IPv6) IP Security We’ve considered some application specific security mechanisms eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that cut across protocol layers would like security implemented by the network for all applications IPSec general IP Security mechanisms provides authentication confidentiality key management applicable to use over LANs, across public & private WANs, & for the Internet IPSec Uses Stallings Fig 16-1. Benefits of IPSec in a firewall/router provides strong security to all traffic crossing the perimeter is resistant to bypass is below transport layer, hence transparent to applications can be transparent to end users can provide security for individual users if desired additionally in routing applications: assure that router advertisments come from authorized routers neighbor advertisments come from authorized routers insure redirect messages come from the router to which initial packet was sent insure no forging of router updates IP Security Architecture RFC 2401 (Primary RFC) specification is quite complex defined in numerous RFC’s incl. RFC 2401/2402/2406/2408 many others, grouped by category mandatory in IPv6, optional in IPv4 IPSec Services Two protocols are used to provide security: Authentication Header Protocol (AH) Encapsulation Security Payload (ESP) Services provided are: Access control Connectionless integrity Data origin authentication Rejection of replayed packets a form of partial sequence integrity Confidentiality .
