1. Security and Applications
a) Discuss the problems caused for firewalls by the use of VPNs and IPSec.
b) Security services may be placed within each of the layers of the OSI reference model. List, describe, and discuss the advantages and disadvantages of placement within each layer. Your answer should include examples of security services within at least three differing layers.
c) Both Alice and Bob have public-key capability. They wish to carry out mutual authentication. Let us assume that Alice and Bob already know each other’s public keys. They want to establish a session, and then use symmetric session keys on that session, since it is typically 100 to 1000 times faster than public key cryptography. Write a protocol that enables Alice and Bob to mutually authenticate each other and agree on a shared secret key.
Research and write a short report (two or three pages) on the different versions of TCP – Tahoe (base version), Reno, NewReno, and Vegas. What are the problems that each tries to solve and the features introduced to address those problems?
a) IPv6 has been standardised for almost 20 years, yet it has not seen widespread deployment. Describe the reasons for the slow adoption of IPv6.
b) What changes are required in regular routing protocols ( that operate with IPv4) in order to prepare them for routing within IP v6 domain?
This material may consist of step-by-step explanations on how to solve a problem or examples of proper writing, including the use of citations, references, bibliographies, and formatting. This material is made available for the sole purpose of studying and learning - misuse is strictly forbidden.
Security and Applications:
(i) Discuss the problems caused for firewalls by the use of VPNs and IPSec
When VPN server is infront of the firewall attached to the internet, there will be need to add the packet filters to the internet interface. This only will allow the VPN traffic from VPN interface address to the internet. This type of configuration will limit the file transfer protocols and other web internet resources with other non-VPN users. Alternatively if the VPN is located behind the firewall, it will be having interface with DMZ as well as with the internet. Such an approach in turn requires configuration of the input and the output filters on its internet interface and this in turn will allow the passing of the tunnel maintenance traffic and will be tunnelled data to the VPN server. Further as the firewall will not be having the encryption keys for each of the VPN connection, it is possible for that to filter only the plain text headers of the tunnelled data....
This is only a preview of the solution. Please use the purchase button to see the entire solution