Đang chuẩn bị liên kết để tải về tài liệu:
The Illustrated Network- P76

The Illustrated Network- P76:In this chapter, you will learn about the protocol stack used on the global public Internet and how these protocols have been evolving in today’s world. We’ll review some key basic defi nitions and see the network used to illustrate all of the examples in this book, as well as the packet content, the role that hosts and routers play on the network, and how graphic user and command line interfaces (GUI and CLI, respectively) both are used to interact with devices. | CHAPTER 29 IP Security 719 These counts reflect three pings that were sent from LAN1 to LAN2 over the IPSec tunnel. Other commands can be used to give parameters and details of the SA itself but the latter just repeats information stored in the configuration file. Let s see what the major portions of the configuration listing are accomplishing. To do that we ll have to consider some concepts used in IPSec. INTRODUCTION TO IPSec There are three IPSec support components in addition to the transport services provided by AH and ESP One of these components is a set of encryption and hashing algorithms most of which we ve met already in the SSL and SSH chapters. AH and ESP are generic and do not mandate the use of any specific mechanism. IPSec endpoints on a secure path negotiate the ones they will use as does SSH. For example two common hashing methods are Message Digest 5 MD5 and Secure Hash Alogrithm 1 SHA-1 and the endpoints decide which to use with IPSec. Other important support pieces are the security policies and the SAs that embody them.The flexibility allowed in IPSec still has to be managed and security relationships between IPSec devices are tracked by the SA and its security policy. Finally an IPSec key exchange framework and mechanism IKE is defined so that endpoints can share the keys they need to decrypt data. A way to securely send SA information is provided as well. In summary IPSec provides the following protection services at the IP layer itself Authentication of message integrity to detect changes of the content on the network Encryption of data for privacy Protection against some forms of attacks such as replay attacks Negotiation of security methods and keys used between devices Differing security modes called transport and tunnel for flexibility IPSec RFCs When it comes to RFCs aspects of IPSec are covered in a collection of RFCs that define the architecture services and protocols used in IPSec. These are listed in Table 29.1. IPSec Implementation