Details

Network Security


Network Security


1. Aufl.

von: André Pérez

139,99 €

Verlag: Wiley
Format: EPUB
Veröffentl.: 25.09.2014
ISBN/EAN: 9781119043959
Sprache: englisch
Anzahl Seiten: 308

DRM-geschütztes eBook, Sie benötigen z.B. Adobe Digital Editions und eine Adobe ID zum Lesen.

Beschreibungen

<p>This book introduces the security mechanisms deployed in Ethernet, Wireless-Fidelity (Wi-Fi), Internet Protocol (IP) and MultiProtocol Label Switching (MPLS) networks. These mechanisms are grouped throughout the book according to the following four functions: data protection, access control, network isolation, and data monitoring.</p> <p>Data protection is supplied by data confidentiality and integrity control services. Access control is provided by a third-party authentication service. Network isolation is supplied by the Virtual Private Network (VPN) service. Data monitoring consists of applying rules to data in order to authorize its transfer or detect attacks.</p> <p>The chapters of the book cover cryptography, 802.1x mechanism, WPA mechanisms, IPSec mechanism, SSL/TLS/DTLS protocols, network management, MPLS technology, Ethernet VPN, firewalls and intrusion detection.</p>
PREFACE xi <p>ABBREVIATIONS xxxiii</p> <p><b>CHAPTER 1. INTRODUCTION TO CRYPTOGRAPHY 1</b></p> <p>1.1. The encryption function 1</p> <p>1.1.1. 3DES algorithm 3</p> <p>1.1.2. AES algorithm 6</p> <p>1.1.3. RSA algorithm 10</p> <p>1.1.4. ECC algorithm 12</p> <p>1.2. Hash function 13</p> <p>1.2.1. MD5 algorithm 13</p> <p>1.2.2. SHA algorithm 16</p> <p>1.2.3. HMAC mechanism 20</p> <p>1.3. Key exchange 22</p> <p>1.3.1. Secret-key generation 22</p> <p>1.3.2. Public key distribution 24</p> <p><b>CHAPTER 2. 802.1X MECHANISM 27</b></p> <p>2.1. General introduction 27</p> <p>2.2. EAPOL protocol 28</p> <p>2.2.1. EAPOL-Start message 30</p> <p>2.2.2. EAPOL-Logoff message 30</p> <p>2.2.3. EAPOL-Key message 30</p> <p>2.2.4. EAPOL-Encapsulated-ASF-Alert message 31</p> <p>2.2.5. EAPOL-MKA message 31</p> <p>2.2.6. EAPOL-Announcement message 31</p> <p>2.2.7. EAPOL-Announcement-Req message 32</p> <p>2.3. EAP protocol 32</p> <p>2.3.1. EAP-Method Identity 35</p> <p>2.3.2. EAP-Method Notification 35</p> <p>2.3.3. EAP-Method NAK 36</p> <p>2.4. RADIUS protocol 36</p> <p>2.4.1. RADIUS messages 38</p> <p>2.4.2. RADIUS attributes 39</p> <p>2.5. Authentication procedures 42</p> <p>2.5.1. EAP-MD5 procedure 44</p> <p>2.5.2. EAP-TLS procedure 45</p> <p>2.5.3. EAP-TTLS procedure 48</p> <p><b>CHAPTER 3. WPA MECHANISMS 51</b></p> <p>3.1. Introduction to Wi-Fi technology 51</p> <p>3.2. Security mechanisms 54</p> <p>3.3. Security policies 55</p> <p>3.4. Key management 59</p> <p>3.4.1. Key hierarchy 59</p> <p>3.4.2. EAPOL-key messages 61</p> <p>3.4.3. Four-way handshake procedure 63</p> <p>3.4.4. Group key handshake procedure 67</p> <p>3.5. WEP protocol 68</p> <p>3.6. TKIP protocol 70</p> <p>3.7. CCMP protocol 73</p> <p><b>CHAPTER 4. IPSEC MECHANISM 77</b></p> <p>4.1. Review of IP protocols 77</p> <p>4.1.1. IPv4 protocol 77</p> <p>4.1.2. IPv6 protocol 80</p> <p>4.2. IPSec architecture 83</p> <p>4.2.1. Security headers 85</p> <p>4.2.2. Security association 89</p> <p>4.2.3. PMTU processing 92</p> <p>4.3. IKEv2 protocol 93</p> <p>4.3.1. Message header 93</p> <p>4.3.2. Blocks 96</p> <p>4.3.3. Procedure 102</p> <p><b>CHAPTER 5. SSL, TLS AND DTLS PROTOCOLS 109</b></p> <p>5.1. Introduction 109</p> <p>5.2. SSL/TLS protocols 111</p> <p>5.2.1. Record header 111</p> <p>5.2.2. Change_cipher_spec message 112</p> <p>5.2.3. Alert message 112</p> <p>5.2.4. Handshake messages 114</p> <p>5.2.5. Cryptographic information 124</p> <p>5.3. DTLS protocol 126</p> <p>5.3.1. Adaptation to UDP transport 126</p> <p>5.3.2. Adaptation to DCCP transport 129</p> <p>5.3.3. Adaption to SCTP transport 130</p> <p>5.3.4. Adaption to SRTP transport 131</p> <p><b>CHAPTER 6. NETWORK MANAGEMENT 133</b></p> <p>6.1. SNMPv3 management 133</p> <p>6.1.1. Introduction 133</p> <p>6.1.2. SNMPv3 architecture 135</p> <p>6.1.3. SNMPv3 message structure 143</p> <p>6.2. SSH protocol 146</p> <p>6.2.1. SSH-TRANS protocol 146</p> <p>6.2.2. SSH-USERAUTH protocol 151</p> <p>6.2.3. SSH-CONNECT protocol 152</p> <p><b>CHAPTER 7. MPLS TECHNOLOGY 155</b></p> <p>7.1. MPLS overview 155</p> <p>7.1.1. Network architecture 155</p> <p>7.1.2. LSR router tables 157</p> <p>7.1.3. PHP function 158</p> <p>7.1.4. MPLS header format 159</p> <p>7.1.5. DiffServ support 160</p> <p>7.2. LDP protocol 162</p> <p>7.2.1. Principles of functioning 162</p> <p>7.2.2. LDP PDU format 165</p> <p>7.2.3. LDP messages 167</p> <p>7.3. VPN construction 170</p> <p>7.3.1. Network architecture 170</p> <p>7.3.2. Differentiation of routes 174</p> <p>7.3.3. Route target 175</p> <p>7.3.4. Principles of operation 177</p> <p>7.4. Network interconnection 180</p> <p>7.4.1. Hierarchical mode 181</p> <p>7.4.2. Recursive mode 182</p> <p><b>CHAPTER 8. ETHERNET VPN 185</b></p> <p>8.1. Ethernet technology 185</p> <p>8.1.1. Physical layer 186</p> <p>8.1.2. MAC layer 188</p> <p>8.1.3. VLAN isolation 191</p> <p>8.2. PBT technology 194</p> <p>8.3. VPLS technology 196</p> <p>8.3.1. Network architecture 196</p> <p>8.3.2. EoMPLS header 199</p> <p>8.3.3. LDP 201</p> <p>8.4. L2TPv3 technology 203</p> <p>8.4.1. Data message 203</p> <p>8.4.2. Control messages 205</p> <p>8.4.3. Procedures 208</p> <p><b>CHAPTER 9. FIREWALLS 215</b></p> <p>9.1. Technologies 215</p> <p>9.1.1. Packet filter 216</p> <p>9.1.2. Applicative gateway 218</p> <p>9.1.3. NAT/NAPT device 219</p> <p>9.2. NAT/NAPT device crossing 222</p> <p>9.2.1. ICMP protocol 223</p> <p>9.2.2. IPSec mechanism 224</p> <p>9.2.3. SIP, SDP and RTP protocols 227</p> <p>9.2.4. FTP protocol 233</p> <p>9.2.5. Fragmentation 235</p> <p><b>CHAPTER 10. INTRUSION DETECTION 237</b></p> <p>10.1. Typology of attacks 237</p> <p>10.2. Methods of detection 239</p> <p>10.2.1. Signature-based detection 240</p> <p>10.2.2. Anomaly-based detection 240</p> <p>10.2.3. Protocol analysis 241</p> <p>10.3. Technologies 242</p> <p>10.3.1. N-IDPS device 243</p> <p>10.3.2. WIDPS device 246</p> <p>10.3.3. H-IDPS device 248</p> <p>10.3.4. NBA device 249</p> <p>BIBLIOGRAPHY 253</p> <p>INDEX 259</p>
<b>André Perez</b> is a consultant and teacher in networks and telecommunications. He works with industrialists and operators regarding architecture studies and leads training on the 4G and IMS networks for NEXCOM SYSTEMS.

Diese Produkte könnten Sie auch interessieren:

Pulsed Power
Pulsed Power
von: Gennady A. Mesyats
PDF ebook
341,33 €
High-Frequency Oscillator Design for Integrated Transceivers
High-Frequency Oscillator Design for Integrated Transceivers
von: J. van der Tang, Dieter Kasperkovitz, Arthur H.M. van Roermund
PDF ebook
149,79 €
MEMS Vibratory Gyroscopes
MEMS Vibratory Gyroscopes
von: Cenk Acar, Andrei Shkel
PDF ebook
181,89 €