CONTENTS. vii. Chapter 1 TCP/IP Overview 1. Chapter 2 Symmetric-Key Cryptography 33. Acknowledgements

Similar documents
Cryptography and Network Security Chapter 16. Fourth Edition by William Stallings

CSCE 715: Network Systems Security

Acronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector

Chapter 6. IP Security. Dr. BHARGAVI H. GOSWAMI Department of Computer Science Christ University

Configuration of an IPSec VPN Server on RV130 and RV130W

Table of Contents 1 IKE 1-1

Data Sheet. NCP Secure Entry Mac Client. Next Generation Network Access Technology

BCRAN. Section 9. Cable and DSL Technologies

Virtual Private Network

Chapter 6/8. IP Security

Securing Networks with Cisco Routers and Switches

This version of the des Secure Enterprise MAC Client can be used on Mac OS X 10.7 Lion platform.

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1

Transport Level Security

Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,

HP Instant Support Enterprise Edition (ISEE) Security overview

IBM i Version 7.2. Security Virtual Private Networking IBM

Virtual Private Networks (VPN)

IPsec (AH, ESP), IKE. Guevara Noubir CSG254: Network Security

IPSec Guide. ISAKMP & IKE Formats

VPN Ports and LAN-to-LAN Tunnels

Release Notes. NCP Secure Enterprise Mac Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3.

Chapter 8. Network Security. Cryptography. Need for Security. An Introduction to Cryptography 10/7/2010

Numerics I N D E X. 3DES (Triple Data Encryption Standard), 48

IPSec. Overview. Overview. Levente Buttyán

Release Notes. NCP Android Secure Managed Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3.

IP Security. Have a range of application specific security mechanisms

Sample excerpt. Virtual Private Networks. Contents

iii PPTP... 7 L2TP/IPsec... 7 Pre-shared keys (L2TP/IPsec)... 8 X.509 certificates (L2TP/IPsec)... 8 IPsec Architecture... 11

Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2.

Index. Numerics 3DES (triple data encryption standard), 21

Cryptography and secure channel. May 17, Networks and Security. Thibault Debatty. Outline. Cryptography. Public-key encryption

VPNs and VPN Technologies

Cryptography MIS

The Internet community has developed application-specific security mechanisms in a number of application areas, including electronic mail (S/MIME,

IPSec VPN Setup with IKE Preshared Key and Manual Key on WRVS4400N Router

Release Notes. NCP Secure Enterprise Mac Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3.

NCP Secure Enterprise macos Client Release Notes

Total No. of Questions : 09 ] [ Total No.of Pages : 02

IPSec Site-to-Site VPN (SVTI)

VPN Overview. VPN Types

IPsec NAT Transparency

Configuring VPN from Proventia M Series Appliance to Proventia M Series Appliance

Junos Security. Chapter 8: IPsec VPNs Juniper Networks, Inc. All rights reserved. Worldwide Education Services

VPN and IPsec. Network Administration Using Linux. Virtual Private Network and IPSec 04/2009

Data Sheet. NCP Secure Enterprise macos Client. Next Generation Network Access Technology

Sankalchand Patel College of Engineering, Visnagar Department of Computer Engineering & Information Technology. Question Bank

NCP Secure Entry macos Client Release Notes

Configuring Security for VPNs with IPsec

Lecture 9: Network Level Security IPSec

Set Up a Remote Access Tunnel (Client to Gateway) for VPN Clients on RV016, RV042, RV042G and RV082 VPN Routers

In the event of re-installation, the client software will be installed as a test version (max 10 days) until the required license key is entered.

Data Sheet. NCP Exclusive Remote Access Mac Client. Next Generation Network Access Technology

IPsec NAT Transparency

Virtual Private Network. Network User Guide. Issue 05 Date

Glenda Whitbeck Global Computing Security Architect Spirit AeroSystems

CSC 6575: Internet Security Fall 2017

L13. Reviews. Rocky K. C. Chang, April 10, 2015

8. Network Layer Contents

Data Sheet. NCP Secure Enterprise Linux Client. Next Generation Network Access Technology

NCP Secure Client Juniper Edition (Win32/64) Release Notes

SonicWALL Addendum. A Supplement to the SonicWALL Internet Security Appliance User's Guide

Network Security 2. Module 4 Configure Site-to-Site VPN Using Pre-Shared Keys

BiGuard C01 BiGuard VPN Client Quick Installation Guide (BiGuard series VPN enabled devices) Secure access to Company Network

Virtual Private Cloud. User Guide. Issue 03 Date

Security for VPNs with IPsec Configuration Guide Cisco IOS Release 12.4T

FAQ about Communication

Configuring IPSec tunnels on Vocality units

Chapter 5: Network Layer Security

NCP Secure Client Juniper Edition Release Notes

Configuration of Shrew VPN Client on RV042, RV042G and RV082 VPN Routers through Windows

Chapter 8. Network Security. Need for Security. An Introduction to Cryptography. Transposition Ciphers One-Time Pads

IKE and Load Balancing

Internet security and privacy

Information Security: Principles and Practice Second Edition. Mark Stamp

Firewalls, Tunnels, and Network Intrusion Detection

INFS 766 Internet Security Protocols. Lectures 7 and 8 IPSEC. Prof. Ravi Sandhu IPSEC ROADMAP

Lehrstuhl für Netzarchitekturen und Netzdienste Fakultät für Informatik Technische Universität München. ilab. Lab 8 SSL/TLS and IPSec

BCA III Network security and Cryptography Examination-2016 Model Paper 1

Chapter 11 The IPSec Security Architecture for the Internet Protocol

NCP Secure Managed Android Client Release Notes

The IPsec protocols. Overview

AIT 682: Network and Systems Security

Protocol Architecture (2) Suguru Yamaguchi Nara Institute of Science and Technology Department of Information Science

Secure channel, VPN and IPsec. stole some slides from Merike Kaeo

How to Create a TINA VPN Tunnel between F- Series Firewalls

Security for VPNs with IPsec Configuration Guide, Cisco IOS Release 15M&T

COSC4377. Chapter 8 roadmap

Cisco Exam Questions & Answers

Cryptography and Network Security

CLEARPASS CONFIGURING IPsec TUNNELS

Network Security CSN11111

CRYPTOGRAPHY AND NETWROK SECURITY-QUESTION BANK

Virtual Private Networks

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

Configuring VPN from Proventia M Series Appliance to NetScreen Systems

Remote Connectivity for SAP Solutions over the Internet Technical Specification

VPN, IPsec and TLS. stole slides from Merike Kaeo apricot2017 1

Lecture 12 Page 1. Lecture 12 Page 3

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL II. VERSION 2.0

Transcription:

CONTENTS Preface Acknowledgements xiii xvii Chapter 1 TCP/IP Overview 1 1.1 Some History 2 1.2 TCP/IP Protocol Architecture 4 1.2.1 Data-link Layer 4 1.2.2 Network Layer 5 1.2.2.1 Internet Protocol 5 IPv4 Datagrams Format 9 IPv4 Address Classes 11 Types of IPv4 Addresses 12 Classless Interdomain Routing 12 Private IP Addresses 15 IPv6 Datagram Format 16 IPv6 Addressing 19 1.2.2.2 Internet Control Message Protocol 20 1.2.2.3 Internet Group Management Protocol 25 1.2.3 Transport Layer 25 1.2.3.1 Transmission Control Protocol 26 TCP Header Format 26 Initializing TCP Connections 28 TCP Connection States 29 1.2.3.2 User Datagram Protocol 30 UDP Header Format 30 1.2.4 Application Layer 31 Chapter 2 Symmetric-Key Cryptography 33 2.1 Historical Perspective 34 2.2 The Data Encryption Standard 38 2.2.1 Triple DES 46 2.3 Design of Symmetric-Key Cryptosystems 46 2.3.1 Security Issues 47 2.3.2 Implementation and Performance Issues 51 2.3.3 Mode of Operation 53 vii

viii 2.4 The Advanced Encryption Standard 54 2.4.1 MARS 54 2.4.2 RC6 60 2.4.3 AES (Rijndael) 63 2.4.4 Serpent 68 2.4.5 Twofish 71 2.4.6 Performance Comparison of the AES Finalists 76 2.5 Other Symmetric-Key Cryptosystems 77 Chapter 3 Public-Key Cryptosystems 81 3.1 RSA Cryptosystem 82 3.2 ElGamal Cryptosystem 84 3.3 Elliptic Curve Cryptography 86 3.3.1 Elliptic Curve Over Z p 87 3.3.2 Elliptic Curve Over F 2 m 88 3.3.3 Elliptic Curve Key Pairs 91 3.3.4 Security Considerations 91 3.4 Diffie-Hellman Key Exchange 93 3.4.1 Elliptic Curve Diffie-Hellman Key Exchange Scheme 94 3.5 Digital Signature 96 3.5.1 Digital Signature Algorithm 99 3.5.2 RSA Signature Scheme 100 3.5.3 Elliptic Curve Digital Signature Algorithm 101 3.6 Symmetric-Key vs Public-Key Cryptosystems 103 Chapter 4 Hash Functions and MAC 105 4.1 MD5 Hash Function 106 4.2 Secure Hash Algorithm (SHA-1) 109 4.3 RIPEMD-160 111 4.4 Tiger 114 4.5 Comparative Analysis 116 4.6 HMAC 117 Chapter 5 Public-Key Infrastructure 119 5.1 X.509 Certificates 121 5.1.1 X.509 Certificate Format 123 5.1.2 X.509 Extensions 126 5.1.3 Qualified Certificates 133

ix 5.1.4 Qualified Certificate Extensions 134 5.1.5 Certificate Revocation List 137 5.1.6 CRL Extensions 138 5.1.7 CRL Entry Extensions 140 5.1.8 Online Certificate Status Protocol 141 5.1.9 X.509 Trust Model 145 5.2 PGP Certificates 150 5.2.1 PGP Certificate Format 150 5.2.2 Revocation of PGP Certificates 151 5.2.3 PGP Trust Model 152 5.3 Other PKI Issues 155 Chapter 6 LDAP 159 6.1 X.500 Directory 160 6.2 Overview of LDAP 162 6.3 LDAP/X.500 Attribute Types 164 6.4 LDAP URL Format 171 Chapter 7 IP Security Architecture 175 7.1 What IPSec Does 176 7.2 How IPSec Works 185 7.3 Security Association 186 7.4 Security Association Databases 186 7.4.1 Security Policy Database 187 7.4.2 Security Association Database 188 Chapter 8 Authentication Header 191 8.1 Authentication Header Format 193 8.2 AH Modes of Operation 195 8.2.1 AH Transport Mode 195 8.2.2 AH Tunnel Mode 199 8.3 Integrity Check Value Computation 200 8.4 AH Processing 204 Chapter 9 Encapsulating Security Payload 207 9.1 ESP Packet Format 209 9.2 ESP Modes 211 9.2.1 ESP Transport Mode 211

x 9.2.2 ESP Tunnel Mode 214 9.3 ESP Processing 216 9.3.1 Outbound Processing 216 9.3.2 Inbound Processing 218 Chapter 10 ISAKMP 221 10.1 ISAKMP Header Format 222 10.2 ISAKMP Payloads Formats 225 10.2.1 Generic Payload Header 226 10.2.2 Data Attributes 226 10.2.3 Security Association Payload 229 10.2.4 Proposal Payload 232 10.2.5 Transform Payload 233 10.2.6 Key Exchange Payload 236 10.2.7 Identification Payload 237 10.2.8 Certificate Payload 238 10.2.9 Certificate Request Payload 240 10.2.10 Hash Payload 241 10.2.11 Signature Payload 242 10.2.12 Nonce Payload 242 10.2.13 Notification Payload 243 10.2.14 Delete Payload 245 10.2.15 Vendor ID Payload 246 10.3 ISAKMP Negotiation Phases 247 10.4 ISAKMP Exchange Types 247 10.4.1 Base Exchange 248 10.4.2 Identity Protection Exchange 250 10.4.3 Authentication Only Exchange 251 10.4.4 Aggressive Exchange 251 10.4.5 Informational Exchange 253 Chapter 11 Internet Key Exchange 255 11.1 Exchange Phases 256 11.2 Exchange Modes 256 11.2.1 Main Mode 258 11.2.2 Aggressive Mode 259 11.2.3 Quick Mode 260 11.2.4 New Group Mode 261 11.3 Generation of Keying Material 262

xi 11.4 Oakley Groups 263 11.5 Mode Config 265 11.5.1 Configuration Method Payload and Exchange 266 11.6 DHCP Configuration of IPSec Tunnel Mode in IPv4 269 11.6.1 Description of DHCP mode config 270 11.7 XAuth 273 11.7.1 Detail of XAuth Authentication Mechanism 274 11.8 Hybrid Auth 277 11.8.1 Details of Hybrid Auth Authentication Mechanism 278 Chapter 12 IP Compression 281 12.1 Important Considerations 282 12.2 Compressed IP Datagram Header Structure 284 12.2.1 IPv4 Header Modification 285 12.2.2 IPv6 Header Modification 286 12.3 IPComp Association 287 Chapter 13 VPN Solutions 289 13.1 Scenarios For VPN Utilization 290 13.1.1 Interconnecting Branch Offices 290 13.1.2 Interconnecting Different Organizations Intranets 293 13.1.3 Securing Remote Access Via DSL or Other Broadband Alternatives 294 13.2 Choosing a VPN Solution 295 13.3 A VPN Configuration Case Study 299 13.3.1 Configuration of the PKI Server 299 13.3.2 Configuration of the VPN Gateway 311 13.3.3 Configuration of the VPN Client 321 Appendix A A Reference C Implementation for AES 327 Appendix B A Java Implementation of AES 349 Appendix C A Reference Implementation of MD5 373 Bibliography 383 Index 395

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback