Network Security - Ver2
Network Security - Ver2
Network Security - Ver2
Internet/
Intranet
Internet/
SG SG
Intranet
Internet
SG SG
Intranet Intranet
Internet
SG
Intranet
AuthenAcaAon Data
31
Preventing replay
Using 32 bit sequence numbers helps detect replay of IP packets
The sender iniAalizes a sequence number for every SA
Each succeeding IP packet within a SA increments the sequence number
Receiver implements a window size of W to keep track of
authenAcated packets
Receiver checks the MAC to see if the packet is authenAc
Transport Mode AH
Internet/
Intranet
Internet
SG
Intranet
35
Details of ESP
Security Parameters Index (SPI)
Species to the receiver the algorithms, type of keys, and lifeAme of the keys used
Sequence number
Counter that increases with each IP packet sent from the same host to the same desAnaAon and SA
Payload
ApplicaAon data carried in the TCP segment
Padding
0 to 255 bytes of data to enable encrypAon algorithms to operate properly
To mislead sniers from esAmaAng the amount of data transmiIed
AuthenAcaAon Data
MAC created over the packet
Transport mode ESP
Authenticated
Tunnel mode ESP
Encrypted
Authenticated
Firewall on The Networks
All previous security measures cannot prevent Eve from sending a harmful message to a
system. To control access to a system, we need firewalls. A firewall is a device installed
between the internal network of an organization and the rest of the Internet. It is designed
to forward some packets and filter (not forward) others.
Packet Filter Firewall