ahmed hossam EltokhyEltokhyEltokhy2.pptx

Secured Routing Protocols Ahmed Hossam Eltokhy

DiffServ : Differentiated Service Architecture Protocol Description: The DiffServ protocol aims to provide service differentiation on the Internet by offering methods to classify and adapt traffic, enabling the specification of different service levels according to application needs and user expectations. The protocol relies on assigning specific behaviors to groups of traffic, allowing packets to be directed based on these behaviors within the network. This requires classification and adaptation of traffic at network boundaries, enabling effective and scalable service differentiation.

DiffServ (Differentiated Services Architecture) Protocol Structure: In DiffServ , a new header field, named the DS field, is introduced, designed to replace the current definitions of the IPv4 TOS octet and the IPv6 Traffic Class octet. The format of the header is as follows: 6 bits for DSCP (Differentiated Services Code Point) and 2 bits for CU (Currently Unused). - DSCP: It represents the codepoint used to select the Per-Hop Behavior (PHB) that a packet encounters at each node. - CU: This field is currently unused and reserved for future use.

GRE: Generic Routing Encap - sulation Protocol Description The GRE protocol is a protocol for encapsulating one network layer protocol over another arbitrary network layer protocol, allowing data packets to be routed from one network to another through an intermediary network. The original data is encoded in a GRE packet and then re-encoded with another protocol for delivery. When using IPv4 as the payload within a GRE packet, the Protocol Type field must be set to 0x800. When a GRE packet containing an IPv4 packet as the payload is decapsulated, the destination address in the IPv4 packet header is used for packet forwarding. Security in a network using GRE should be relatively similar to security in a normal IPv4 network, but packet filtering needs to either inspect GRE packets or be performed at GRE tunnel endpoints. In environments where this is a security concern, terminating the tunnel at the firewall may be desirable.

GRE: Generic Routing Encap - sulation Protocol Structure: In DiffServ , a new header field called the DS field replaces the existing IPv4 TOS octet and IPv6 Traffic Class octet. The header format includes: - C: Checksum Present (optional) - Reserved 0 & 1: Reserved for future use - Ver: Version number, must be zero - Protocol Type: Contains the protocol type of the payload packet This header structure defines the format for the replacement header field in DiffServ , which is crucial for specifying the characteristics of the packet transmission and ensuring proper routing and handling within the network.

IPsec: Security Architecture for IP Protocol Description IPsec (Internet Protocol Security) is an architecture that provides security services at the IP layer, allowing systems to select security protocols, algorithms, and cryptographic keys needed for data protection. It can secure paths between hosts, gateways, or between a gateway and a host. IPsec offers access control, integrity, authentication, anti-replay, confidentiality, and limited traffic flow confidentiality. It employs two main protocols, AH (Authentication Header) and ESP (Encapsulating Security Payload), along with cryptographic key management procedures. IPsec operates independently of algorithms and aims to not disrupt non-secure traffic. Standard default algorithms promote global internet interoperability, facilitating high-quality security technology deployment.

IPsec: Security Architecture for IP Protocol Structure : IPsec Architecture includes many protocols and algorithms. The relationship of these protocols are displayed The details of each protocol will be presented in separate docu ments .

IPsec AH: IPsec Authentication Header Protocol Description IPsec AH (Authentication Header) is used to secure data at the IP level in the Internet by providing integrity and authentication of data origin, and protection against replays. AH provides authentication for as much of the IP header as possible, as well as for upper-level protocol data. However, some IP header fields may change in transit, and their values upon arrival at the receiver may not be predictable by the sender. AH can be used alone, in combination with ESP, or in a nested fashion through tunnel mode. It allows security services between communicating hosts, security gateways, or between a security gateway and a host. When used with IPv6, AH typically appears after the IPv6 Hop-by-Hop Header and before IPv6 Destination Options. With IPv4, AH usually follows the main IPv4 header.

IPsec AH: IPsec Authentication Header Protocol Structure : Next header: Indicates the type of payload following the Authentication Header. Payload Length: Specifies the length of AH in 32-bit words (4-byte units), minus 2. SPI: An arbitrary 32-bit value that, in combination with the destination IP address and security protocol (AH), uniquely identifies the Security Association for this datagram. Sequence Number: A 32-bit value used to prevent replay attacks. It is mandatory and always present, regardless of whether the anti-replay service is enabled. Authentication Data: A variable-length field containing an Integrity Check Value (ICV) computed over the ESP packet without the Authentication Data.

IPsec ESP: IPsec Encapsulating Security Payload Protocol Description : IPsec ESP (Encapsulating Security Payload) provides confidentiality and integrity by encrypting data and placing it in the IP ESP's data portion. It can encrypt either a transport-layer segment or an entire IP datagram, depending on security needs. The ESP header is inserted after the IP header in transport mode or before an encapsulated IP header in tunnel mode. ESP consists of an unencrypted header followed by encrypted data, protecting both ESP header fields and user data. It offers confidentiality, data origin authentication, connectionless integrity, anti-replay, and limited traffic flow confidentiality. Services depend on options selected during Security Association establishment. Confidentiality can be selected independently, but using it without integrity/authentication may expose traffic to active attacks. Data origin authentication and connectionless integrity are optional and offered in conjunction with confidentiality. The anti-replay service can be selected if data origin authentication is chosen, at the receiver's discretion.

IPsec ESP: IPsec Encapsulating Security Payload Protocol Structure : Security Association Identifier: A randomly generated value that identifies the security association for the datagram. Sequence Number: A mandatory, always-present, monotonically increasing counter value, even if anti-replay service isn't enabled. Payload Data: Variable-length field containing data specified by the Next Header field. Padding: Additional data added for encryption purposes. Pad Length: Indicates the number of padding bytes preceding it. Next Header: Identifies the type of data in the Payload Data field (e.g., an extension header in IPv6 or an upper-layer protocol identifier). Authentication Data: Variable-length field containing an Integrity Check Value (ICV) calculated over the ESP packet without Authentication Data.

Thanks

ahmed hossam EltokhyEltokhyEltokhy2.pptx

About This Presentation

Slide Content

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

ahmed hossam EltokhyEltokhyEltokhy2.pptx

About This Presentation

Slide Content

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

Pray For The Peace Of Jerusalem and You Will Prosper

Don_t_Waste_Your_Life_God.....powerpoint

VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf

Fertility awareness methods for women in the society

Chapter 5 Arithmetic Functions Computer Organisation and Architecture

syakira bhasa inggris (1) (1).pptx.......