Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internet and Intranet Fundamentals

Published byEthan Norris Modified over 6 years ago

Similar presentations

Presentation on theme: "Internet and Intranet Fundamentals"— Presentation transcript:

1 Internet and Intranet Fundamentals
Class 10 Session A

2 Topics Review the Midterm Results Security Wrapup: IPSEC

3 IPSEC Security Architecture for the Internet Protocol RFC 2401
Access Control Connectionless Integrity Data Origin Authentication Protection Against Replays Confidentiality Limited Traffic Flow Confidentiality

4 Objectives of RFC 2401 Achieved Through
Two Major Security Protocols AH = Authentication Header ESP = Encapsulating Security Payload Cryptographic Key Management Procedures and Protocols Algorithm independence

5 Security Policy Database (SPD)
Established / Maintained by User, Sys Admin, Application Three Processing Modes for Packets Afforded IPsec Security Services Discarded Allowed to Bypass IPsec Security Services

6 Security Gateway Intermediate System Implementing IPsec Protocols
Paths Defined between Hosts Security Gateways Hosts and Security Gateways

7 AH = Authentication Header
"IP Authentication Header", RFC 2402 Connectionless Integrity Data Origin Authentication Anti-Replay

8 ESP = Encapsulating Security Payload
"IP Encapsulating Security Payload (ESP)", RFC 2406 Confidentiality (Encryption) Limited Traffic Flow Confidentiality Connectionless Integrity Data Origin Authentication Anti-Replay

9 AH / ESP Modes Transport Mode Tunnel Mode Tunnels can be
Protection for upper layer protocols Tunnel Mode Applied to tunneled packets Tunnels can be end-to-end between two security gateways, or between individual TCP connections

10 AH / ESP Modes Hosts MUST support both modes
Security Gateways need only support tunnel mode May support transport mode, but only when acting as a host

11 Implementation Native IP Implementation Bump-in-the-Stack (BITS)
Source code Bump-in-the-Stack (BITS) In between native IP and data link layer Outboard Cryptoprocessor Military Bump-in-the-wire (BITW). Supporting Router acts as security gateway, as single host == BITS

12 Security Association Simplex connection affording security services to the traffic carried by it Two way traffic will require two SAs. Triple defines: Security Parameter Index (SPI) IP Destination Address security protocol identifier (AH or ESP)

13 Security Association Transport Mode Security Protocol Header Immediately After IP Header, but before high layer headers. Outer and Inner IP headers

14 Implementations of IPSec
Internet Host Computer Host Computer Router w/ IPSec Router w/ IPSec Host Computer Host Computer Host Computer w/IPSec Host Computer w/IPSec Router w/o IPSec Router w/o IPSec Independent of Security Security Applied

Download ppt "Internet and Intranet Fundamentals"

Similar presentations

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
IP security over ATM CS 329 Hwajung Lee Computer and Communications Security The George Washington University.

IP security over ATM CS 329 Hwajung Lee Computer and Communications Security The George Washington University.
IPSec.

IPSec.
CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Internet Security CSCE 813 IPsec

Internet Security CSCE 813 IPsec
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Henric Johnson1 Chapter 6 IP Security Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter 6 IP Security Henric Johnson Blekinge Institute of Technology, Sweden
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Henric Johnson1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 IP Security.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
Henric Johnson1 Chapter 6 IP Security. Henric Johnson2 Outline Internetworking and Internet Protocols IP Security Overview IP Security Architecture Authentication.

Henric Johnson1 Chapter 6 IP Security. Henric Johnson2 Outline Internetworking and Internet Protocols IP Security Overview IP Security Architecture Authentication.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.

IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 

Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
1 IPsec Youngjip Kim 2004. 05. 24. 2 Objective Providing interoperable, high quality, cryptographically-based security for IPv4 and IPv6 Services  Access.

1 IPsec Youngjip Kim Objective Providing interoperable, high quality, cryptographically-based security for IPv4 and IPv6 Services  Access.
Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.

Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.
VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.

VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.
CSCE 715: Network Systems Security

CSCE 715: Network Systems Security
/IPsecurity.ppt 1 - Chapter 6 of William Stallings. Network Security Essentials (2nd edition). Prentice Hall.

/IPsecurity.ppt 1 - Chapter 6 of William Stallings. Network Security Essentials (2nd edition). Prentice Hall.
IPSec IPSec provides the capability to secure communications across a LAN, across private and public wide area networks (WANs) and across the Internet.

IPSec IPSec provides the capability to secure communications across a LAN, across private and public wide area networks (WANs) and across the Internet.

Similar presentations

Ads by Google