Taxonomy of deployed systems
Article by Lucy
Table 5.4 provides a mapping between the interfaces in Figure 5.4 and the protocols in IPv4 and IPv6 that implement the interfaces. Of particular note is the lack of any security protocols for IPv4 on the BN1 and AR1interfaces. As mentioned above, the ARP protocol was developed in the early days of the Internet before security was considered an important issue, and therefore there is no security protocol for ARP. Similarly.
IPv4 Router Discovery messages specied in RFC 1256 (RFC 1256, 1991) contain no cryptographic protection though there are a few rough security rules that prevent simple attacks. We discuss these and mitigation measures for attacks on ARP below.
On the LCS1 and LCS2 interfaces, RFC 3118 describes a standardized authentication option for DHCP, but does not provide any credential or key exchange. Manual, out-ofband conguration is recommended. RFC 3118 applies to either DHCPv4 or DHCPv6; however, DHCPv6 also recommends using IKE for credential and key exchange .
IPsec for data origin authentication protection. The DHCP authentication option is discussed below, IKE and IPsec are discussed in Chapter 6.
Security on the BN1 and AR1interfaces is handled differently in IPv4 and IPv6. There are no formal cryptographic protocols used in IPv4 for securing these interfaces, so security is provided using operational rules. In contrast, the IPv6 Secure Neighbor Discovery protocol provides cryptographic protection against attacks on address resolution, address autoconguration, and router discovery. The next two sections provide details.
Table 5.4 provides a mapping between the interfaces in Figure 5.4 and the protocols in IPv4 and IPv6 that implement the interfaces. Of particular note is the lack of any security protocols for IPv4 on the BN1 and AR1interfaces. As mentioned above, the ARP protocol was developed in the early days of the Internet before security was considered an important issue, and therefore there is no security protocol for ARP. Similarly.
IPv4 Router Discovery messages specied in RFC 1256 (RFC 1256, 1991) contain no cryptographic protection though there are a few rough security rules that prevent simple attacks. We discuss these and mitigation measures for attacks on ARP below.
On the LCS1 and LCS2 interfaces, RFC 3118 describes a standardized authentication option for DHCP, but does not provide any credential or key exchange. Manual, out-ofband conguration is recommended. RFC 3118 applies to either DHCPv4 or DHCPv6; however, DHCPv6 also recommends using IKE for credential and key exchange .
IPsec for data origin authentication protection. The DHCP authentication option is discussed below, IKE and IPsec are discussed in Chapter 6.
Security on the BN1 and AR1interfaces is handled differently in IPv4 and IPv6. There are no formal cryptographic protocols used in IPv4 for securing these interfaces, so security is provided using operational rules. In contrast, the IPv6 Secure Neighbor Discovery protocol provides cryptographic protection against attacks on address resolution, address autoconguration, and router discovery. The next two sections provide details.
My name is Lucy , this website contains a great high quality products such as China Network Information Issue System, 3D LCD Displays Manufacturer, welcome to visite 3D LCD Displays .
Orignal From: Taxonomy of deployed systems
Comments
Post a Comment