Académique Documents
Professionnel Documents
Culture Documents
IP LAYER SECURITY
Lecture #5
Learning Objectives
2
Understand VPN
Introduction
3
A broad range of solutions to achieve secure data communication These These solutions solutions operate operate at at different different layers layers of of protocol protocol stack: stack:
Network-level security
Introduction
4
Guarantees privacy and integrity of IP data packets irrespective of the security features at the application and socket layer Any application will benefit from the underlying IP security as long as it uses IP to send data
Introduction
5
IPSecs existence is hidden from the application We discuss the security mechanism provided at the IP layer and its applications here
IP offers a connectionless datagram service with no guarantee of packet delivery IP does not provide explicit mechanisms to guarantee correct delivery
Internet
Application Protocol TCP UDP IP
Access Control Application Protocol TCP UDP IP Access Control System B Application Protocol TCP UDP IP Access Control System A System C
Source: http://s000jiq.springnote.com/pages/4649045/attachments/2521669
Total length of IP datagram, or IP fragment if fragmented. Measured in Bytes. Fragment offset from start of IP datagram. Measured in 8 byte (2 words, 64 bits) increments. I1 IP datagram is fragmented, fragment size (Tota\ Length) mus! be a multiple of 8 bytes. x 0x80 reserved {evil bit) D 0x40 Do Not Fragment M 0x20 More Fragments follow Header Checksum Checks-um 01 entire IP header Please refer to RFC for ihe complete Internet Protocol (IF) Specication. Copyright 2004 - Malt Baxter - mjb@fa1pipe.org
Internet Threats
9
Without proper control and measures, any transaction over the Internet is subjected to the followings:
Packet sniffing
Identity spoofing
10
IPSec