Professional Documents
Culture Documents
Computer Security
Network and Transport Security Protocols
Internet Protocol Security
Internet Protocol Security (IPSec) is a framework to
open standards for ensuring secure private
communications over private IP networks.
Based on standards developed by Internet Engineering
Task Force (IETF), IPSec ensures confidentiality,
integrity, and authenticity of data communication
across a public IP network.
IPSec is a necessary component of a standard-based,
flexible solution for deploying a network-wide security
policy
SMTP HTTP NNTP
Network Security
TCP
IP/IPSec
TCP
SSL
Transport Security
IP
IP Security Architecture
IPSec is a combination of several security technologies
to protect the confidentiality, integrity, and
authenticity of IP packets.
There are no any extra cost for implementation and
management when using IPSec instead of ordinary IP
packets. They also can easily routed through any IP
network.
IPSec Services
IP layer based security is provided as secure protocols,
determining algorithms, services, and cryptographic
keys.
Access control
Connectionless integrity (detection of IP packet itself)
Authentication of Data origin
Rejection of replayed packets (partial sequence
integrity)
Confidentiality (encryption)
Limited traffic-flow confidentiality
Authentication Header
Next Header Payload Length Reserved
Sequence Number
A default-deny approach to firewall security is by far the more secure, but due to the
difficulty in configuring and managing a network in that fashion, many networks
instead use the default-allow approach.
Assume for the moment that your firewall management program utilizes a default-
deny policy, and you only have certain services enabled that you want people to be
able to use from the Internet. For example, you have a web server which you want
the general public to be able to access. What happens next depends on what kind of
firewall security you have.
Packet filtering firewall
This type of firewall has a list of firewall security rules
which can block traffic based on IP protocol, IP
address and/or port number.
There are three caveats(warnings), however: first, for some vendors, the
definition of "deep" extends to some particular depth in the packet and
does not necessarily examine the entire packet. This can result in missing
some kinds of attacks.
Second, depending on the hardware, a firewall may not have adequate
processing power to handle the deep packet inspection for your network.
Be sure to ask questions about how much bandwidth it can handle while
performing such inspection. And finally, embedded firewall management
technology may not have the flexibility to handle all attacks.
Application-aware firewall
Similar to deep packet inspection, except that the firewall
understands certain protocols and can parse them, so that
signatures or rules can specifically address certain fields in
the protocol.
http://www.secureworks.com/research/articles/other_articles/firewall-security/