security at network layer
Answers
Answer:
Ram Ram❤__________✌✌
Network layer security controls have been used frequently for securing communications, particularly over shared networks such as the Internet because they can provide protection for many applications at once without modifying them.
In the earlier chapters, we discussed that many real-time security protocols have evolved for network security ensuring basic tenets of security such as privacy, origin authentication, message integrity, and non-repudiation.
Most of these protocols remained focused at the higher layers of the OSI protocol stack, to compensate for inherent lack of security in standard Internet Protocol. Though valuable, these methods cannot be generalized easily for use with any application. For example, SSL is developed specifically to secure applications like HTTP or FTP. But there are several other applications which also need secure communications.
This need gave rise to develop a security solution at the IP layer so that all higher-layer protocols could take advantage of it. In 1992, the Internet Engineering Task Force (IETF) began to define a standard ‘IPsec’.
In this chapter, we will discuss how security is achieved at network layer using this very popular set of protocol IPsec.
Security in Network Layer
Any scheme that is developed for providing network security needs to be implemented at some layer in protocol stack as depicted in the diagram below −
Layer Communication Protocols Security Protocols
Application Layer HTTP FTP SMTP PGP. S/MIME, HTTPS
Transport Layer TCP /UDP SSL, TLS, SSH
Network Layer IP IPsec
The popular framework developed for ensuring security at network layer is Internet Protocol Security (IPsec).
Features of IPsec
IPsec is not designed to work only with TCP as a transport protocol. It works with UDP as well as any other protocol above IP such as ICMP, OSPF etc.
IPsec protects the entire packet presented to IP layer including higher layer headers.
Since higher layer headers are hidden which carry port number, traffic analysis is more difficult.
IPsec works from one network entity to another network entity, not from application process to application process. Hence, security can be adopted without requiring changes to individual user computers/applications.
Tough widely used to provide secure communication between network entities, IPsec can provide host-to-host security as well.
The most common use of IPsec is to provide a Virtual Private Network (VPN), either between two locations (gateway-to-gateway) or between a remote user and an enterprise network (host-to-gateway).
Security Functions
The important security functions provided by the IPsec are as follows −
Confidentiality
Enables communicating nodes to encrypt messages.
Prevents eavesdropping by third parties.
Origin authentication and data integrity.
Provides assurance that a received packet was actually transmitted by the party identified as the source in the packet header.
Confirms that the packet has not been altered or otherwise.
Key management.
Allows secure exchange of keys.
Protection against certain types of security attacks, such as replay attacks.
Explanation: