BU CS 455 - IPSec (22 pages)

Previewing pages 1, 2, 21, 22 of 22 page document View the full content.
View Full Document

IPSec



Previewing pages 1, 2, 21, 22 of actual document.

View the full content.
View Full Document
View Full Document

IPSec

74 views


Pages:
22
School:
Binghamton University
Course:
Cs 455 - Intro to Visual Info Processin
Intro to Visual Info Processin Documents

Unformatted text preview:

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown The need In CERTs 2001 annual report it listed 52 000 security incidents the most serious involving IP spoofing intruders creating packets with false address then taking advantages of OS exploits eavesdropping and sniffing attackers listen for userids and passwords and then just walk into target systems as a result the IAB included authentication and encryption in the next generation IP IPv6 IP Security We ve considered some application specific security mechanisms eg S MIME PGP Kerberos SSL HTTPS however there are security concerns that cut across protocol layers would like security implemented by the network for all applications IPSec general IP Security mechanisms provides authentication confidentiality key management applicable to use over LANs across public private WANs for the Internet IPSec Uses Benefits of IPSec in a firewall router provides strong security to all traffic crossing the perimeter is resistant to bypass is below transport layer hence transparent to applications can be transparent to end users can provide security for individual users if desired additionally in routing applications assure that router advertisments come from authorized routers neighbor advertisments come from authorized routers insure redirect messages come from the router to which initial packet was sent insure no forging of router updates IP Security Architecture RFC 2401 Primary RFC specification is quite complex defined in numerous RFC s incl RFC 2401 2402 2406 2408 many others grouped by category mandatory in IPv6 optional in IPv4 IPSec Services Two protocols are used to provide security Authentication Header Protocol AH Encapsulation Security Payload ESP Services provided are Access control Connectionless integrity Data origin authentication Rejection of replayed packets a form of partial sequence integrity Confidentiality encryption Limited traffic flow confidentiality



View Full Document

Access the best Study Guides, Lecture Notes and Practice Exams

Loading Unlocking...
Login

Join to view IPSec and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view IPSec and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?