tailieunhanh - The Illustrated Network- P77
The Illustrated Network- P77:In this chapter, you will learn about the protocol stack used on the global public Internet and how these protocols have been evolving in today’s world. We’ll review some key basic defi nitions and see the network used to illustrate all of the examples in this book, as well as the packet content, the role that hosts and routers play on the network, and how graphic user and command line interfaces (GUI and CLI, respectively) both are used to interact with devices. | CHAPTER 29 IP Security 729 OAKLEY This extends ISAKMP by describing a specific mechanism for key exchange through different defined modes. Most of IKE s key exchange is directly based on OAKLEY. SKEME This defines a key exchange process different from that of OAKLEY. IKE uses some SKEME features such as public key encryption methods and the fast rekeying feature. IKE takes ISAKMP and adds the details of OAKLEY and SKEME to perform its magic. IKE has the two ISAKMP phases. Phase 1 The first stage is a setup process in which two devices agree on how they will exchange further information securely. This creates an SA for IKE itself although it s called an ISAKMP SA. This special bidirectional SA is used for Phase 2. Phase 2 Now the ISAKMP SA is used to create the other SAs for the two devices. This is where the parameters such as secret keys are negotiated and shared. Why two phases Phase 1 typically uses public key encryption and is slow but technically only has to be done once. Phase 2 is faster and can conjure different but very secure secret keys every hour or every 10 minutes or more frequently for very sensitive transactions . This page intentionally left blank 731 QUESTIONS FOR READERS Figure shows some of the concepts discussed in this chapter and can be used to answer the following questions. Protocol 17 UDP Hdr 17 UDP Datagram IPv4 Hdr IP Data Original IPv4 Packet Protocol 50 IPv4 Hdr ESP Hdr 50 Protocol 17 IPv4 Hdr UDP Hdr 17 UDP Datagram IP Data Original IPv4 Packet Next Hdr 4 ESP Trlr ESP Auth Data Encrypted Fields Authenticated Fields FIGURE IPSec ESP used with an IPv4 packet. 1. Which IPSec ESP mode is used in the figure transport or tunnel 2. Which IP protocol is being tunneled 3. What does the ESP trailer next header value of 4 indicate 4. Could NAT also be used with IPSec to substitute the IPv4 addresses and encrypt them 5. Is the SPI field encrypted Is it authenticated
đang nạp các trang xem trước