Computer Networking A Top-Down Approach Featuring the Internet phần 10

Ví dụ, dòng lưu trữ âm thanh / video với sự chậm trễ tương tác người dùng của năm đến mười giây bây giờ là phổ biến trên mạng Internet. Tuy nhiên, trong suốt thời gian giao thông cao điểm, hiệu suất có thể đạt yêu cầu, đặc biệt là khi liên kết can thiệp là các liên kết bị tắc nghẽn (chẳng hạn như liên kết xuyên đại dương tắc nghẽn). | What is Network Security Network Layer Security IPsec Having examined case studies of the use of various security mechanisms at the application socket and transport layers our final case study naturally takes us down to the network layer. Here we ll examine the the IP Security protocol more commonly known as IPsec - a suite of protocols that provides security at the network layer. IPsec is a rather complex animal and different parts of it are described in more than a dozen RFCs. In this section we ll discuss IPsec in a specific context namely in the context that all hosts in the Internet support IPsec. Although this context is many years away the context will simplify the discussion and help us understand the key features of IPsec. Two key RFCs are RFC 2401 which describes the overall IP security architecture and RFC 2411 which provides an overview of the IPsec protocol suite and the documents describing it. A nice introduction to IPsec is given in Kessler . Before getting into the specifics of IPsec let s step back and consider what it means to provide security at the network layer. Consider first what it means to provide network layer secrecy. The network layer would provide secrecy if all data carried by all IP datagrams were encrypted. This means that whenever a host wants to send a datagram it encrypts the data field of the datagram before shipping it out into the network. In principle the encryption could be done with symmetric key encryption public key encryption or with session keys that have are negotiated using public key encryption. The data field could be a TCP segment a UDP segment an ICMP message etc. If such a network layer service were in place all data sent by hosts -- including e-mail Web pages control and management messages such as ICMP and SNMP -- would be hidden from any third party that is wire tapping the network. However the unencrypted data could be snooped at points in the source or destination hosts. Thus such a service would provide

Không thể tạo bản xem trước, hãy bấm tải xuống
TỪ KHÓA LIÊN QUAN
TÀI LIỆU MỚI ĐĂNG
272    20    1    25-11-2024
187    24    1    25-11-2024
Đã phát hiện trình chặn quảng cáo AdBlock
Trang web này phụ thuộc vào doanh thu từ số lần hiển thị quảng cáo để tồn tại. Vui lòng tắt trình chặn quảng cáo của bạn hoặc tạm dừng tính năng chặn quảng cáo cho trang web này.