HOME / ¹®¼°øÀ¯ / ¸®Æ÷Æ®/³í¹® / ±â¼ú°øÇÐ
0
0°ÇÀÇ Èı⺸±â(¿µ¹®) IP Security¿¡ ´ëÇØ ±â¼úÇÑ ¸®Æ÷Æ® Âü°íÀÚ·áÀÔ´Ï´Ù.
introduction 1 internet threats packet sniffing
an adversary covertly listens to communication and data
flowing over the internet loss of data integrity
an adversary can tamper data even though he or she cannot read the data flowing
identity spoofing
an adversary can spoof the identity of the source
replay old packets
an adversary may not be able to read or tamper data.however, he or she can replay stale data
introduction 2 ip security (ipsec)
a method proposed to solve the attacks mentioned on the previous slide through interaction with the network layer
supporting a variety of application scenarios is that it can encrypt or authenticate all traffic at the ip level
all distributed applications, including remote login, client/server, e-mail, file transfer, web access, and so on, can be secured
introduction ip security (ipsec)
-scenario
3 ipsec architecture and components 4 ipsec security function data confidentiality data integrity origin identification replay attack prevention ipsec adoption form
ipsec mechanisms are designed to be algorithm independent in
order to accommodate the best cryptographic algorithms
host-to-host communication gateway-to-gateway communication host-to-gateway communication ipsec architecture and components 5 ipsec components authentication header (ah) an authentication-only function encapsulating security payload (esp)
a combined authentication and encryption function
security associations (sas)
represent an agreement between two peers on a set of security services to be applied to the ip traffic stream between these nodes
key management infrastructure setting up sa between two communicating peers ipsec architecture and components 6 authentication header
supporting for data integrity and authentication of ip packets
data integrity feature
ensuring that undetected modification to the content of a packet in transit is not possible
authentication feature
enables an end system or network device to authenticate the user or application and filter traffic accordingly
preventing the address spoofing attacks observed on today¡¯s
internet guarding against replay attacks ipsec architecture and components 7 authentication header ah format next header (8 bits)
identifying the type of header immediately following this header (ÀÌÇÏ »ý·«)
¹ÞÀº º°Á¡
0/5
0°³ÀÇ º°Á¡
¹®¼°øÀ¯ ÀڷḦ µî·ÏÇØ ÁÖ¼¼¿ä.
¹®¼°øÀ¯ Æ÷ÀÎÆ®¿Í Çö±ÝÀ» µå¸³´Ï´Ù.
Æ÷ÀÎÆ® : ÀÚ·á 1°Ç´ç ÃÖ´ë 5,000P Áö±Þ
Çö±Ý : ÀÚ·á 1°Ç´ç ÃÖ´ë 2,000¿ø Áö±Þ