Paperback
-
PICK UP IN STORECheck Availability at Nearby Stores
Available within 2 business hours
Related collections and offers
Overview
Product Details
ISBN-13: | 9780072127577 |
---|---|
Publisher: | McGraw-Hill/Osborne Media |
Publication date: | 04/06/2001 |
Series: | Rsa Press S |
Pages: | 436 |
Product dimensions: | 7.38(w) x 9.08(h) x 1.12(d) |
About the Author
Read an Excerpt
Chapter 1: TCP/IP Overview
The Transmission Control Protocol/Internet Protocol (TCP/IP) is the most widely used network protocol. TCP/IP can be considered the engine that powers the flow of data, the vessel that transports the data, and the controller that navigates the flow of data on the Internet. The Internet is being utilized for just about every transaction imaginable. You can buy groceries online and have them delivered to your door within an hour. Online trading will become ever more commonplace in our lives as time progresses; it therefore certainly helps to have some knowledge of the operation of this ubiquitous infrastructure the Internet-that has become such an integral part of our lives.Since it plays such an important role, we should all be concerned about the security of the Internet. Unfortunately, there are still a number of companies out there whose security infrastructures leave much to be desired, and yet they are wooing us to conduct online transactions with them. It is definitely advantageous to be aware of, if not abreast with, network security concepts and terminologies. This is not just for the "techies." This applies to all of us. Before we click the button and send our credit card or banking account information over the Internet, we should all be able to click the "security" link on the Web page of the company that we are considering doing business with, and make an informed opinion as to whether or not the security mechanisms are adequate for online trading. If we are capable of making this important judgment, we might just save ourselves from the predicament of our credit card number or bank account and PIN number getting into the wrong hands.
For a good understanding of IPSec or any other security protocol, a sound knowledge of TCP/IP can be considered a prerequisite. In this chapter, we are going to give-in some instances-a detailed review of the components of the TCP/IP protocol suite that are relevant to IPSec. If you are not interested in the detail, please feel free to skim through and just direct your attention to the portions that you consider relevant. We will start by giving a brief history of the Internet and TCPAP
1.1 Some History
In the mid-1960s at the height of the cold war, the Department of Defense (DoD) wanted a command and control. network that could survive a nuclear war. The DoD consequently commissioned its research armARPA (Advance Research Projects Agency)-to invent the technology that could get data to their destination reliably even if an arbitrary part of the network disappeared without warning as a result of a nuclear attack.
The technology, called circuit switching, that existed back then and is still used today to transmit wired-telephone data, had serious drawbacks. In circuit switching, a route for data to get from one point to the next needs to be set up using relays that make physical connections among pieces of cable. Consequently, if part of the circuit fails, a new circuit must be set up, which could be quite difficult and time consuming depending on the severity of the damage.
To overcome these problems, ARPA used the technology called packet switching. The idea of packet switching networks was proposed by Paul Baran in the early 1960s [Bar64]. With packet switching, data to be sent over a network are divided up into discrete parts called packets. Each packet is routed independently from one computer to the next over the network until it reaches its final destination.
The first experimental network-called the ARPANET-went into operation in December 1969. It consisted of subnets and host computers. The subnets consisted of minicomputers called IMPs (interface message processors) connected by transmission lines. This network contained four nodes, one each at UCLA (University of California at Los Angeles), UCSB (University of California at Santa Barbara), SRI (Stanford Research Institute), and University of Utah. Each node of the network was made up of an IMP and a host in the same room, connected by wire. For the purposes of our discussion, a host is synonymous with a computer. These four sites were chosen because all had large ARPA contracts; additionally, all four sites had different and completely incompatible computers. This experimental network grew rapidly: in July 1970 it grew to 8 nodes, by March 1971 it had expanded to 16 nodes, in April 1972 it grew to 23 nodes, and by September 1972 it consisted of 34 nodes.
This network worked well in its early stage when there were few nodes. However, as the number of nodes increased, the network experienced a number of system crashes. Additionally, when satellite and radio networks were added to the ARPANET in the early 1970s, Network Control Protocol (NCP) [NKPC70], the existing protocol of the ARPANET, had trouble working with these networks. As a result, research started in the early 1970s for a new protocol that was robust and able to work well with different kinds of networks. The research effort culminated with the development of the TCP/IP protocol suite in 1974.
The TCP/IP protocol suite proved to be quite robust and was very adaptable to different networks...
Table of Contents
Chapter 1: TCP/IP Overview.Chapter 2: Symmetric-Key Cryptography.
Chapter 3: Public-Key Cryptosystems.
Chapter 4: Hash Functions and MAC.
Chapter 5: Public-Key Infrastructure.
Chapter 6: LDAP.
Chapter 7: IP Security Architecture.
Chapter 8: Authentication Header.
Chapter 9: Encapsulating Security Payload.
Chapter 10: ISAKMP.
Chapter 11: Internet Key Exchange.
Chapter 12: IP Compression.
Chapter 13: VPN Solutions.
Appendix A: A Reference C Implementation for AES.
Appendix B: A Java Implementation of AES.
Appendix C: A Reference Implementation of MD5.