1 / 10

IPSec and Firewalls

IPSec and Firewalls. Section 8.6.1, 8.6.2. IPSec. Internet Protocol Security RFC 2401 (4301) security in the network layer authentication secrecy what is the difference? build a Security Association between two computers a shared key is setup

tivona
Download Presentation

IPSec and Firewalls

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IPSec and Firewalls Section 8.6.1, 8.6.2

  2. IPSec • Internet Protocol Security • RFC 2401 (4301) • security in the network layer • authentication • secrecy • what is the difference? • build a Security Association between two computers • a shared key is setup • Internet Key Exchange RFC 4306 (version 2)

  3. http://www.xml-dev.com/xml/images/DiffieHellman.png

  4. Authentication Header When might this cause problems? What does this guarantee? Tanenbaum, p 774, Figure 8-27

  5. Encapsulating Security Payload Header Tanenbaum, p 775, Figure 8-28

  6. Encapsulating Security Payload Header Tanenbaum, p 775, Figure 8-28

  7. Firewall/Packet Filter • Inspect each packet in the kernel • Filter before giving to an application • Linux – netfilter/iptables • http://netfilter.org/ • ipchains is obsolete • FreeBSD & Max OSX – ipfw • http://www.freebsd-howto.com/HOWTO/Ipfw-HOWTO • Windows – built in firewall • many commercial products

  8. iptables # Allow HTTP iptables -A tcp_inbound -p TCP -s 0/0 --destination-port 80 -j ACCEPT # Allow HTTP from zeus.cs.pacificu.edu iptables -A tcp_inbound -p TCP -s zeus.cs.pacificu.edu --destination-port 80 -j ACCEPT # DisAllow HTTP iptables -A tcp_inbound -p TCP -s 0/0 --destination-port 80 -j DENY

More Related