Sol32 - CHAPTER 32 Security In the Internet Solutions to...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
1 CHAPTER 32 Security In the Internet Solutions to Review Questions and Exercises Review Questions 1. IPSec needs a set of security parameters before it can be operative. In IPSec, the establishment of the security parameters is done via a mechanism called security association (SA) . 2. A set of security parameters between any two entities is created using the security association . Security association uses three protocols: IKE , Oakley , and SKEME to create a security association between two parties or a security association data- base between a group of users. 3. The two protocols defined by IPSec for exchanging datagrams are Authentication Header (AH) and Encapsulating Security Payload (ESP). 4. The Authentication Header (AH) protocol adds an AH header that contains next header, payload length, security parameter index, sequence number, and digest fields. Note that the digest is part of the AH header. 5. The Encapsulating Security Payload (ESP) protocol adds an ESP header , ESP trailer , and the digest . The ESP header contains the security parameter index and the sequence number fields. The ESP trailer contains the padding, the padding length, and the next header fields. Note that the digest is a field separate from the header or trailer. 6. Either AH or ESP is needed for IP security. ESP, with greater functionality than AH, was developed after AH was already in use. 7. The two dominant protocols for providing security at the transport layer are the Secure Sockets Layer (SSL) Protocol and the Transport Layer Security (TLS) Protocol. The latter is actually an IETF version of the former. 8. The Internet Key Exchange (IKE) is a protocol designed to create both inbound and outbound security associations in SADBs. IKE is a complex protocol based on three other protocols: Oakley , SKEME , and ISAKMP 9. A session between two systems is an association that can last for a long time; a connection can be established and broken several times during a session. Some of
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 04/18/2008 for the course JAVA CDA 4506 taught by Professor Eisler during the Spring '08 term at University of Central Florida.

Page1 / 6

Sol32 - CHAPTER 32 Security In the Internet Solutions to...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online