Demystifying the IPsec Puzzle

Share
Add to Wishlist
PDF

Computers\\Networks

This document was uploaded by one of our users. The uploader already confirmed that they had the permission to publish it. If you are author/publisher or own the copyright of this documents, please report to us by using this DMCA report form.

Download

Search on Amazon

Simply click on the Download Book button.

Yes, Book downloads on Ebookily are 100% Free.

Sometimes the book is free on Amazon As well, so go ahead and hit "Search on Amazon"

Now that the Internet has blossomed into the "Information Superhighway," with its traffic (and drivers) becoming increasingly diverse, security has emerged as a primary concern. This innovative new book offers you a global, integrated approach to providing Internet Security at the network layer. You get a detailed presentation of the revolutionary IPsec technology used today to create Virtual Private Networks and, in the near future, to protect the infrastructure of the Internet itself.

The book addresses IPsec’s major aspects and components to help you evaluate and compare features of different implementations. It gives you a detailed understanding of this cutting-edge technology from the inside, which enables you to more effectively troubleshoot problems with specific products. Based on standards documents, discussion list archives, and practitioners’ lore, this one-of-a-kind resource collects all the current knowledge of IPsec and describes it in a literate, clear manner.

Author(s): Sheila Frankel
Series: Artech House Computer Security Series
Publisher: artech-house
Year: 2001

Language: English
Pages: 293

Demystifying the IPsec Puzzle......Page 1
Copyright
......Page 5
Contents
......Page 8
Preface......Page 18
Ch1
Introduction......Page 21
1.1 The TCP/IP Protocol Stack......Page 25
1.1.2 IP Packetization and Fragmentation......Page 30
1.1.1 IP Packets......Page 27
1.2 Introducing IPsec......Page 32
1.3 Summary......Page 33
1.4 Further Reading......Page 34
2.1 Protections Provided by AH......Page 35
2.2 Security Associations and the Security Parameters Index......Page 36
2.3 AH Format......Page 39
2.4 AH Location......Page 40
2.5 AH Modes......Page 41
2.6 Nested Headers......Page 42
2.7 Implementing IPsec Header Processing......Page 43
2.8 AH Processing for Outbound Messages......Page 45
2.9 AH Processing for Inbound Messages......Page 50
2.10 Complications......Page 52
2.11 Auditing......Page 55
2.13 Summary......Page 57
2.14 Further Reading......Page 58
3.1 Protections Provided by ESP......Page 61
3.2 Security Associations and the Security Parameters Index......Page 62
3.3 ESP Header Format......Page 63
3.4 ESP Header Location and Modes......Page 65
3.5 Nested and Adjacent Headers......Page 66
3.6 ESP Header Processing for Outbound Messages......Page 68
3.7 ESP Header Processing for Inbound Messages......Page 69
3.9 Criticisms and Counterclaims......Page 72
3.10 Threat Mitigation......Page 74
3.11 Why Two Security Headers?......Page 75
3.13 Further Reading......Page 76
Ch4
The Third Puzzle Piece: The
Cryptographic Algorithms......Page 79
4.1 Underlying Principles......Page 80
4.2 Authentication Algorithms......Page 82
4.2.1 The MD5 Algorithm......Page 84
4.2.2 The SHA-1 Algorithm......Page 85
4.2.3 The HMAC Algorithm......Page 86
4.3 The ESP Header Encryption Algorithms......Page 88
4.3.1 The DES Algorithm......Page 90
4.3.2 The Triple DES Algorithm......Page 92
4.3.3 Other Encryption Algorithms......Page 96
4.3.4 The AES Algorithm......Page 97
4.4 Complications......Page 98
4.5 Public Key Cryptography......Page 99
4.5.3 The Diffie-Hellman Exchange......Page 100
4.7 Further Reading......Page 102
5.1 The IKE Two-Step Dance......Page 107
5.3 Authentication Methods......Page 108
5.4 Proposals and Counterproposals......Page 110
5.5 Cookies......Page 114
5.7 The Proposal Payload......Page 115
5.9 Nonces......Page 116
5.10 Identities and Identity Protection......Page 117
5.11 Certificates and Certificate Requests......Page 118
5.12 Keys and Diffie-Hellman Exchanges......Page 119
5.13 Notifications......Page 120
5.16 The Phase 1 Negotiation......Page 121
5.16.1 Main Mode......Page 122
5.16.2 Aggressive Mode......Page 128
5.16.3 Base Mode......Page 130
5.17 The Phase 2 Negotiation......Page 132
5.17.1 Quick Mode......Page 133
5.17.2 The Commit Bit......Page 136
5.18 New Group Mode......Page 137
5.19 Informational Exchanges......Page 138
5.20 The ISAKMP Header......Page 139
5.21 The Generic Payload Header......Page 140
5.22 The IKE State Machine......Page 141
5.24 An Example......Page 142
5.25 Criticisms and Counterclaims......Page 143
5.27 Summary......Page 145
5.28 Further Reading......Page 146
Ch6
The Fifth Puzzle Piece: IKE and the Road
Warrior......Page 149
6.1 Legacy Authentication Methods......Page 152
6.2 ISAKMP Configuration Method......Page 154
6.3 Extended Authentication......Page 159
6.4 Hybrid Authentication......Page 160
6.5 Challenge-Response for Authenticated Cryptographic Keys......Page 162
6.7 Credential-Based Approaches......Page 165
6.8 Complications......Page 170
6.11 Further Reading......Page 171
Ch7
The Sixth Puzzle Piece: IKE Frills
and Add-Ons......Page 173
7.1 Renegotiation......Page 174
7.2 Heartbeats......Page 177
7.3 Initial Contact......Page 182
7.4 Dangling SAs......Page 183
7.6 Further Reading......Page 184
Ch8
The Glue: PF_KEY......Page 185
8.1 The PF_KEY Messages......Page 186
8.2 A Sample PF_KEY Exchange......Page 191
8.3 Composition of PF_KEY Messages......Page 193
8.6 Further Reading......Page 197
Ch9
The Missing Puzzle Piece: Policy
Setting and Enforcement......Page 199
9.1 The Security Policy Database......Page 200
9.2.1 Policy Configuration......Page 207
9.2.3 Gateway Discovery......Page 208
9.2.4 Policy Discovery......Page 209
9.2.5 Policy Exchange......Page 210
9.2.7 Policy Decorrelation......Page 211
9.3 Revisiting the Road Warrior......Page 213
9.4 IPsec Policy Solutions......Page 214
9.4.1 The IPsec Configuration Policy Model......Page 215
9.4.3 The Security Policy Protocol......Page 216
9.4.4 The Security Policy Specification Language......Page 220
9.4.5 The KeyNote Trust Management System......Page 221
9.4.6 An Overall Plan......Page 223
9.6 Further Reading......Page 224
Ch10
The Framework: Public Key
Infrastructure (PKI)......Page 227
10.1 PKI Functional Components......Page 228
10.2 The PKI World View......Page 230
10.3 The Life Cycle of a Certificate......Page 231
10.4 PKI Protocol-Related Components......Page 232
10.5 Certificates and CRLs......Page 235
10.6 Certificate Formats......Page 236
10.7 Certificate Contents......Page 238
10.8 IKE and IPsec Considerations......Page 242
10.10 Further Reading......Page 245
Ch11
The Unsolved Puzzle: Secure IP
Multicast......Page 249
11.1 Some Examples......Page 250
11.2 Multicast Logistics......Page 251
11.3 Functional Requirements......Page 252
11.4 Security Requirements......Page 253
11.4.1 Key Management......Page 254
11.4.4 Source Authentication......Page 256
11.4.6 Membership Management......Page 257
11.4.9 Anonymity......Page 258
11.5 Whither IP Multicast Security?......Page 259
11.7 Further Reading......Page 260
Ch12
The Whole Puzzle: Is IPsec the Correct
Solution?......Page 263
12.1 Advantages of IPsec......Page 264
12.3.2 Layer 2 Tunneling Protocol......Page 265
12.5 The Future of IPsec......Page 267
12.7 Further Reading......Page 269
List of Acronyms and Abbreviations......Page 271
About the Author......Page 281
Index......Page 283

Demystifying the IPsec Puzzle

My Account

Infomation

Talk To Us

Demystifying the IPsec Puzzle

How to Download?

Is it Free?

Book is not loading. What to do?