Ch 31
-
Upload
soumya-ranjan-mohanty -
Category
Technology
-
view
665 -
download
0
description
Transcript of Ch 31
![Page 1: Ch 31](https://reader035.fdocuments.us/reader035/viewer/2022070316/555ecd27d8b42af67f8b54ce/html5/thumbnails/1.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2004
Chapter 31
Security Protocolsin
the Internet
![Page 2: Ch 31](https://reader035.fdocuments.us/reader035/viewer/2022070316/555ecd27d8b42af67f8b54ce/html5/thumbnails/2.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2004
31.1 IP Level Security31.1 IP Level Security
Security Association
Two Modes
Two Security Protocols
Encapsulating Security Payload (ESP)
Authentication Header (AH)
![Page 3: Ch 31](https://reader035.fdocuments.us/reader035/viewer/2022070316/555ecd27d8b42af67f8b54ce/html5/thumbnails/3.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2004
Figure 31.1 Transport mode
![Page 4: Ch 31](https://reader035.fdocuments.us/reader035/viewer/2022070316/555ecd27d8b42af67f8b54ce/html5/thumbnails/4.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2004
Figure 31.2 Tunnel mode
![Page 5: Ch 31](https://reader035.fdocuments.us/reader035/viewer/2022070316/555ecd27d8b42af67f8b54ce/html5/thumbnails/5.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2004
Figure 31.3 AH
![Page 6: Ch 31](https://reader035.fdocuments.us/reader035/viewer/2022070316/555ecd27d8b42af67f8b54ce/html5/thumbnails/6.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2004
The AH protocol provides source authentication and data integrity,
but not privacy.
NoteNote::
![Page 7: Ch 31](https://reader035.fdocuments.us/reader035/viewer/2022070316/555ecd27d8b42af67f8b54ce/html5/thumbnails/7.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2004
Figure 31.4 ESP
![Page 8: Ch 31](https://reader035.fdocuments.us/reader035/viewer/2022070316/555ecd27d8b42af67f8b54ce/html5/thumbnails/8.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2004
ESP provides source authentication, data integrity, and privacy.
NoteNote::
![Page 9: Ch 31](https://reader035.fdocuments.us/reader035/viewer/2022070316/555ecd27d8b42af67f8b54ce/html5/thumbnails/9.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2004
31.2 Transport Layer Security31.2 Transport Layer Security
Position of TLS
Two Protocols
![Page 10: Ch 31](https://reader035.fdocuments.us/reader035/viewer/2022070316/555ecd27d8b42af67f8b54ce/html5/thumbnails/10.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2004
Figure 31.5 Position of TLS
![Page 11: Ch 31](https://reader035.fdocuments.us/reader035/viewer/2022070316/555ecd27d8b42af67f8b54ce/html5/thumbnails/11.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2004
Figure 31.6 Handshake protocol
![Page 12: Ch 31](https://reader035.fdocuments.us/reader035/viewer/2022070316/555ecd27d8b42af67f8b54ce/html5/thumbnails/12.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2004
31.3 Application Layer Security31.3 Application Layer Security
Pretty Good Privacy
![Page 13: Ch 31](https://reader035.fdocuments.us/reader035/viewer/2022070316/555ecd27d8b42af67f8b54ce/html5/thumbnails/13.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2004
Figure 31.7 PGP at the sender site
![Page 14: Ch 31](https://reader035.fdocuments.us/reader035/viewer/2022070316/555ecd27d8b42af67f8b54ce/html5/thumbnails/14.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2004
Figure 31.8 PGP at the receiver site
![Page 15: Ch 31](https://reader035.fdocuments.us/reader035/viewer/2022070316/555ecd27d8b42af67f8b54ce/html5/thumbnails/15.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2004
31.4 Firewalls31.4 Firewalls
Packet-Filter Firewalls
Proxy Firewalls
![Page 16: Ch 31](https://reader035.fdocuments.us/reader035/viewer/2022070316/555ecd27d8b42af67f8b54ce/html5/thumbnails/16.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2004
Figure 31.9 Firewall
![Page 17: Ch 31](https://reader035.fdocuments.us/reader035/viewer/2022070316/555ecd27d8b42af67f8b54ce/html5/thumbnails/17.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2004
Figure 31.10 Packet-filter firewall
![Page 18: Ch 31](https://reader035.fdocuments.us/reader035/viewer/2022070316/555ecd27d8b42af67f8b54ce/html5/thumbnails/18.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2004
A packet-filter firewall filters at the network or transport layer.
NoteNote::
![Page 19: Ch 31](https://reader035.fdocuments.us/reader035/viewer/2022070316/555ecd27d8b42af67f8b54ce/html5/thumbnails/19.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2004
Figure 31.11 Proxy firewall
![Page 20: Ch 31](https://reader035.fdocuments.us/reader035/viewer/2022070316/555ecd27d8b42af67f8b54ce/html5/thumbnails/20.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2004
A proxy firewall filters at the application layer.
NoteNote::
![Page 21: Ch 31](https://reader035.fdocuments.us/reader035/viewer/2022070316/555ecd27d8b42af67f8b54ce/html5/thumbnails/21.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2004
31. 5 Virtual Private Networks31. 5 Virtual Private Networks
Private Networks
Achieving Privacy
VPN Technology
![Page 22: Ch 31](https://reader035.fdocuments.us/reader035/viewer/2022070316/555ecd27d8b42af67f8b54ce/html5/thumbnails/22.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2004
Table 31.1 Addresses for private networksTable 31.1 Addresses for private networks
PrefixPrefix RangeRange TotalTotal
10/810/8 10.0.0.0 to 10.255.255.25510.0.0.0 to 10.255.255.255 222424
172.16/12172.16/12 172.16.0.0 to 172.31.255.255172.16.0.0 to 172.31.255.255 222020
192.168/16192.168/16 192.168.0.0 to 192.168.255.255192.168.0.0 to 192.168.255.255 221616
![Page 23: Ch 31](https://reader035.fdocuments.us/reader035/viewer/2022070316/555ecd27d8b42af67f8b54ce/html5/thumbnails/23.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2004
Figure 31.12 Private network
![Page 24: Ch 31](https://reader035.fdocuments.us/reader035/viewer/2022070316/555ecd27d8b42af67f8b54ce/html5/thumbnails/24.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2004
Figure 31.13 Hybrid network
![Page 25: Ch 31](https://reader035.fdocuments.us/reader035/viewer/2022070316/555ecd27d8b42af67f8b54ce/html5/thumbnails/25.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2004
Figure 31.14 Virtual private network
![Page 26: Ch 31](https://reader035.fdocuments.us/reader035/viewer/2022070316/555ecd27d8b42af67f8b54ce/html5/thumbnails/26.jpg)
McGraw-Hill ©The McGraw-Hill Companies, Inc., 2004
Figure 31.15 Addressing in a VPN