ch32.ppt
TRANSCRIPT
7/26/2019 ch32.ppt
http://slidepdf.com/reader/full/ch32ppt 1/44
7/26/2019 ch32.ppt
http://slidepdf.com/reader/full/ch32ppt 2/44
7/26/2019 ch32.ppt
http://slidepdf.com/reader/full/ch32ppt 3/44
32.3
32-1 IPSecurity (IPSec)32-1 IPSecurity (IPSec)
IPSecurity (IPSec) is a collection of protocols designed IPSecurity (IPSec) is a collection of protocols designed
by the Internet Engineering Task Force (IETF) toby the Internet Engineering Task Force (IETF) to
provide security for a packet at the netork level! provide security for a packet at the netork level!
Two Modes
Two Security Protocols
Security Association
Internet Key Exchange IKE!
"irtual Pri#ate $etwor%
Topics discussed in this section"To
pics discussed in this section"
7/26/2019 ch32.ppt
http://slidepdf.com/reader/full/ch32ppt 4/44
32.$
Figure 32.2 TCP#IP protocol suite and IPSec
7/26/2019 ch32.ppt
http://slidepdf.com/reader/full/ch32ppt 5/44
7/26/2019 ch32.ppt
http://slidepdf.com/reader/full/ch32ppt 6/44
32.&
IPSec in the transprt !de des nt
prtect the IP header" it nly prtectsthe in#r!atin c!in$ #r! the
transprt layer%
$ote
7/26/2019 ch32.ppt
http://slidepdf.com/reader/full/ch32ppt 7/44
7/26/2019 ch32.ppt
http://slidepdf.com/reader/full/ch32ppt 8/4432.(
Figure 32.' Tunnel mode in action
7/26/2019 ch32.ppt
http://slidepdf.com/reader/full/ch32ppt 9/44
7/26/2019 ch32.ppt
http://slidepdf.com/reader/full/ch32ppt 10/44
7/26/2019 ch32.ppt
http://slidepdf.com/reader/full/ch32ppt 11/4432.11
The &' Prtcl pr(ides surceauthenticatin and data inte$rity,
)ut nt pri(acy%
$ote
7/26/2019 ch32.ppt
http://slidepdf.com/reader/full/ch32ppt 12/44
7/26/2019 ch32.ppt
http://slidepdf.com/reader/full/ch32ppt 13/44
7/26/2019 ch32.ppt
http://slidepdf.com/reader/full/ch32ppt 14/44
7/26/2019 ch32.ppt
http://slidepdf.com/reader/full/ch32ppt 15/4432.1%
Figure 32.+ Simple inbound and outbound security associations
7/26/2019 ch32.ppt
http://slidepdf.com/reader/full/ch32ppt 16/4432.1&
I+* creates S&s #r IPSec%
$ote
7/26/2019 ch32.ppt
http://slidepdf.com/reader/full/ch32ppt 17/44
7/26/2019 ch32.ppt
http://slidepdf.com/reader/full/ch32ppt 18/44
7/26/2019 ch32.ppt
http://slidepdf.com/reader/full/ch32ppt 19/44
7/26/2019 ch32.ppt
http://slidepdf.com/reader/full/ch32ppt 20/44
32.2*
Figure 32.11 &ybrid netork
7/26/2019 ch32.ppt
http://slidepdf.com/reader/full/ch32ppt 21/44
7/26/2019 ch32.ppt
http://slidepdf.com/reader/full/ch32ppt 22/44
7/26/2019 ch32.ppt
http://slidepdf.com/reader/full/ch32ppt 23/44
7/26/2019 ch32.ppt
http://slidepdf.com/reader/full/ch32ppt 24/44
32.2$
Figure 32.1& ocation of SS and TS in the Internet model
7/26/2019 ch32.ppt
http://slidepdf.com/reader/full/ch32ppt 25/44
32.2%
Ta*le 32.3 SS cipher suite list
7/26/2019 ch32.ppt
http://slidepdf.com/reader/full/ch32ppt 26/44
32.2&
Ta*le 32.3 SS cipher suite list ( continued )
7/26/2019 ch32.ppt
http://slidepdf.com/reader/full/ch32ppt 27/44
32.2'
The client and the ser(er ha(e sidi##erent crypt$raphy secrets%
$ote
7/26/2019 ch32.ppt
http://slidepdf.com/reader/full/ch32ppt 28/44
7/26/2019 ch32.ppt
http://slidepdf.com/reader/full/ch32ppt 29/44
32.2)
Figure 32.1( Four SS protocols
7/26/2019 ch32.ppt
http://slidepdf.com/reader/full/ch32ppt 30/44
32.3*
Figure 32.1) &andshake Protocol
7/26/2019 ch32.ppt
http://slidepdf.com/reader/full/ch32ppt 31/44
32.31
Figure 32.1+ Processing done by the *ecord Protocol
7/26/2019 ch32.ppt
http://slidepdf.com/reader/full/ch32ppt 32/44
32.32
32-3 PGP32-3 PGP
+ne of the protocols to provide security at the+ne of the protocols to provide security at theapplication layer is Pretty ,ood Privacy (P,P)! P,P isapplication layer is Pretty ,ood Privacy (P,P)! P,P is
designed to create authenticated and confidentialdesigned to create authenticated and confidential
e-mails!e-mails!
Security Para/eters
Ser#ices
A Scenario
PP Algorith/s
Key ings
PP 0erti4icates
Topics discussed in this section"To pics discussed in this section"
7/26/2019 ch32.ppt
http://slidepdf.com/reader/full/ch32ppt 33/44
32.33
Figure 32.1, Position of P,P in the TCP#IP protocol suite
7/26/2019 ch32.ppt
http://slidepdf.com/reader/full/ch32ppt 34/44
32.3$
In PGP, the sender # the !essa$e
needs t include the identi#iers # theal$rith!s used in the !essa$e as well
as the (alues # the -eys%
$ote
7/26/2019 ch32.ppt
http://slidepdf.com/reader/full/ch32ppt 35/44
7/26/2019 ch32.ppt
http://slidepdf.com/reader/full/ch32ppt 36/44
7/26/2019 ch32.ppt
http://slidepdf.com/reader/full/ch32ppt 37/44
7/26/2019 ch32.ppt
http://slidepdf.com/reader/full/ch32ppt 38/44
7/26/2019 ch32.ppt
http://slidepdf.com/reader/full/ch32ppt 39/44
7/26/2019 ch32.ppt
http://slidepdf.com/reader/full/ch32ppt 40/44
7/26/2019 ch32.ppt
http://slidepdf.com/reader/full/ch32ppt 41/44
7/26/2019 ch32.ppt
http://slidepdf.com/reader/full/ch32ppt 42/44
7/26/2019 ch32.ppt
http://slidepdf.com/reader/full/ch32ppt 43/44
32.$3
Figure 32.2& Pro0y fireall
7/26/2019 ch32.ppt
http://slidepdf.com/reader/full/ch32ppt 44/44