SSL / TLS belong to the statute of the transport layer, using the TCP port 443. SSL statute is established from IETF and the last version is 3.1. Thereafter, no other new version of the subsequent emergence. TLS 1.0 and TLS 1.1 are two standardized versions of TLS and that TLS 1.0 equivalent to SSL 3.1. SSL / TLS provide a lot of encryption function that including confidentiality, integrity and digital signatures. The SSL / TLS are different from IPsec. The latter is intended to be co-parties are the same encryption, the former is used the password combination make the encryption and also used to client and server communications transmission. As long as by a trusted certification authority (Certification Authority, CA) to sign SSL server certificates. SSL VPN gate will be able to use this certification to direct Internet users make with authentication. The user can verify that your browser is working with a trusted server communications. In fact, some SSL VPNs, or would use self-signed digital certificate and that this certificate has not been the majority trusted by Internet browsers. In this case, users must use the SSL VPN server certificate certification to join the user's personal list, or select "accept" to indicate trust in the certificate. (Javvin 2004 (1))
TLS protocol was designed to make use of the Transport Control Protocol (TCP) to provide privacy and data integrity on end-to-end communications between two client/server applications (Please refer to Appendix 7.1 for Example internet). TLS was originated by Netscape as the Secure Socket Layer (SSL) protocol and published as an Internet draft document. Subsequently the ITEF formed a working group to produce an Internet Standard that became Request for Comment (RFC 2246), the TLS Protocol Version 1.0. Currently, the most use of transport layer security is in the World Wide Web client/server transfer service provides by the hypertext transfer protocol (HTTP). Virtually all HTTP application clients and servers have been modified to recognize TLS, however any end system can modify its higher layer protocol applications (e.g., FTP, IMAP, or SMTP) to incorporate TLS.
TLS introduces two new protocol layers above TCP to provide reliable end-to-end secure services as depicted in figure 1. These two layers allow independent programs to successfully exchange cryptographic parameters without knowledge of one another's code. The TLS protocol is written such that "the decisions on how to initiate TLS handshaking and how to interpret the authentication certificates exchanged are left up to the judgment of the designers and implementers of protocols which run on top" (Network Dictionary n.d.)
Figure 1: TLS Protocol Stack
The TLS Record Protocol layer provides higher layer protocols connection security that has two basic properties: confidentiality through the use of a negotiated symmetric key and reliability through the use of keyed Message Authentication Codes. To perform these function, the Record Protocol Layer fragments, compresses, adds the authentication code and encrypts and encrypts the information from the four TLS defined higher layer record protocol clients. This process is depicted in figure 2.
Figure 2: TLS Record Protocol Operation
The most complex of these higher layer protocols is the Handshake Protocol. It "consists of a suite of three sub-protocols which are used to allow peers to agree upon security parameters, and report error conditions to one another" (Network Dictionary n.d.). The other three upper layer protocols use the lower Record layer to pass application or control information between the client and server. The Change Cipher Spec Protocol consists of a single message, which causes the negotiated cipher suite to become the current encryption suite. The Alert Protocol conveys TLS-related alerts to the peer entity. If the alert is considered fatal, TLS will terminate the connection. Example of alert messages is: Incorrect MAC, Bad Certificate, Certificate Expired, or a Handshake Failure. "Servers and clients are required to forget any session-identifiers, keys, and secrets associated with a failed connection" (RFC 2246 n.d.).
IPsec
Internet Protocol Security (IPsec) from Internet Engineering Task Force (IETF) that is specifically for the Internet and other public Internet Protocol network, the third OSI layer security to send the information developed for the purpose. IPsec allows the system to select and consultative services required to use the security of the Statute, algorithm and key, and provides basic authentication, data integrity and encryption services (Please refer to Appendix 7.2 for IPsec Practical). IPsec to use the authentication header (Authentication header, AH) and Encapsulating Security Protocol (Encapsulated Security Payload, ESP) two kinds of security of the statute, however, IPsec is limited to Internet protocol packet to send. (Jean Paul and Kenneth G. 2007)
Communication Security Statute
IPsec to use Authentication header (AH) and Encapsulating Security Payload (ESP) of the Statute to provide security services:
AH can provide sources of the Statute of certification and to ensure the integrity of IP packets, but does not provide encryption function. The AH header is added to IP packets. IP data which contains a hashing function, ordinal numbers and can be used to verify the sender to ensure data integrity and prevent relay attacks on information. The figure 3 of IPsec to use AH as listed below:
Figure 3 : IPsec to use AH (Source from Jean Paul and Kenneth G. 2007)
ESP Statute also be able to protect the confidentiality of the data. ESP is using the 3DES symmetric encryption algorithm to protect the confidentiality of data. The communications encryption algorithm used by both sides must be the same. ESP also supports pure encryption or pure authentication configuration. However, a survey conducted in 2007 under the RFC and the use of pure IPsec set ESP encryption may be broken. The figure 4 of IPsec to use ESP as listed below:
Figure 4 : IPsec to use ESP (Source from Jean Paul and Kenneth G. 2007)
Operating Mode
Each Security Statute is able to support two modes of operation: tunnel mode and transfer mode. Tunnel mode header and each packet of data encryption and / or certification, but only the data transfer mode is encrypt and / or authentication. The figure 5 of New IP and Ori Header as listed below:
Figure 5 : New IP and Ori Header (Source from Jean Paul and Kenneth G. 2007)
Tunnel mode (Point to Point)
This mode is protecting the entire data packet. The original IP data packet and the original destination address will insert a new IP data packets, AH and ESP regulations dating application in the new packets. The new IP header will point to the end of the tunnel. When the received packet, the tunnel end point will decrypt the contents of the original data packets in the target network will be further sent to the original destination. (Jean Paul and Kenneth G. 2007)
Transfer mode (host to the host)
This mode AH and ESP header is added to the original IP packet, in addition to IP header, the data will be encrypted and / or certification, the tunnel mode is relatively mild work load. However, the final destination and the sender address of a chance to be peeping, an attacker can type the header information within the communication analysis. Transfer mode is generally used to connect the host. The figure 6 of Original IP Header as listed below:
Figure 6 : Original IP Header (Source from Jean Paul and Kenneth G. 2007)
Main Differences with IPsec, TLS/SSL
TLS/SSL was designed by Netscape2 with HTTP usage in mind. TLS is the latest version of SSL technology. The use of TLS / SSL to provide secure transport layer. TLS / SSL are not a single application such as SSH, but provide security through implementation into applications.
IPsec provide a secure IP packet layer, it is not integrated at higher levels like TLS/SSL. IPsec is a network-level protocol into the server and / or clients such as dedicated VPN concentrator, into an operating systems' kernel or a firewall, into a router.
It is important to remember that there is no interoperability between the SSH, using TLS / SSL and IPsec, they all operate in different levels in TCP models and are design with different uses in mind. Of course, it is possible to tunnel traffic through the SSH run through the TLS on a trusted network use IPsec, but not because of traffic, and then encrypt and decrypt three times, and use a lot of CPU bandwidth. Choose one of the technologies is normal.
Example of company using the VPN technology
A virtual private network (VPN) is a way to use a public communication infrastructure to provide individual users or remote sites with secure access to their company private network. In order to extend that concept to the Internet that the solutions such as IPSec and SSL/TLS have evolved.
The secure connection can contain of two types of end points, either a LAN with a security gateway or individual computer. Traditionally the LAN-to-LAN connection, where a security gateway at each end point with known IP addresses serves as the interface between the secure connection and the private LAN, was the most used. "Today, when mobile device such as a PDA or laptop and telecommuting are very common, another case must also be considered when clients using individual computers with dynamic IP addresses connected to the VPN gateway. This type of client is also referred to as a road warrior." (Asa Pehrsson n.d.)
Figure 7 : Wireless VPN (Source from Asa Pehrsson n.d.)
Benefits and Limitations of TLS and IPsec
Table 1 : Compare Benefits and Limitations with TLS and IPsec
TASK 2
Type of Basic Architecture for IGMP for IPTV Networks
Internet Group management protocol (IGMP) is a multicasting protocol in the internet protocols area (Please refer to Appendix 7.3 for IGMP). Used by IP hosts to report their host group memberships to any immediately neighboring multicast routers. IGMP messages are encapsulated in IP datagram and with an IP protocol number of two. IGMP has versions is IGMP v1, v2 and v3. (Javvin 2004 (2))
For example, In an IPTV network, each broadcast TV channel is the IP multicast group. The subscriber changes the channel by LEAVE-ing one group and JOIN-ing a different group. There are two versions of IGMP used for IPTV, version 2 (IGMPv2) and version 3 (IGMPv3). These two is provide these basic functions. Although the commands to do these differ. (Scott Shoaf 2006)
IGMP Version 1
The IGMP version 1 message is 8 bytes long and contains as listed below:
Version (bits 0 to 3) - should be 1
Type (bits 4 to 7) - there are 2 types of IGMP messages.
1 = Host Membership Query
2 = Host Membership Report.
Group Destination Address (GDA) - bits 32 to 63
The host is issued for Host Membership Report that wants to join a specific multicast group (Group Destination Address) - (hereinafter called GDA). When the IGMP multicast router receive the Host Membership Reports, it starts forwarding the IGMP traffic to this groups and add the GDA to the multicast routing table. The IGMP multicast router is issued for Host Membership Queries at regular intervals to check whether there is still a host interest in the GDA in that segment. The Host Membership Reports is sent either when in response to a Host Membership Query from IGMP multicast router or the host wants to receive GDA traffic.
The IGMP multicasts routers periodically send a Host Membership Query messages to discover which host groups have memberships on their attached local networks. If no reports are receive for a particular group after a certain number of Queries. IGMP version 1 is not having a LEAVE mechanism. When a host is not want to receive the IGMP traffic that it just quit silently. The routers assume that group has no local members and that they need not forward remotely-originated multicasts for that group into the local network. The Host Membership Report messages are transmitted with the following items:
Layer2 Information:
Destination MAC address: MAC address for the GDA (01:00:5E:XX:XX:XX)
Source MAC address: MAC address of the host
Layer 3 Information:
Destination IP address: GDA (from 224.0.0.0 to 239.255.255.255)
Source IP address: IP address of the host
Switch without IGMP Snooping
By default that switch floods multicast traffic within the broadcast domain. This can waste and if many multicast servers are sending streams to the segment is consume a mass of bandwidth. Because a switch usually learns MAC address by looking into the source address field of all the framework it receives. Thus resulting in a multicast traffic is flooded. But since a multicast GDA MAC address (01:00:5E:XX:XX:XX) is never used the MAC source address for a packet and since they do not appear in the MAC Filtering Database. The switch has no means to learn them.
Comparing IGMPv2 and IGMPv3
The following table compares IGMPv2 and IGMPv3:
Table 2 : IGMPv2/v3 comparison (Source from Juniper 2007)
Detail the Initial Exchange Which Takes Place Between These Entities in Order to Establish a Multicast Group
For the IGMP version 1, if a host does not wish to receive IGMP traffic, it just quietly quits from the group. IGMP multicast router periodically sends Host Membership Query message to discover if a member is still interested in particular multicast group traffic. If the IGMP snooping switch receiving the query group message that the message forwarded to the relevant port included in the multicast group. If the router does not receive report group message after three consecutive inquiries, it is the deletion of the MAC GDA of the associated port in the MAC filtering database.
For the IGMP version 2, if the host does not want to receive IGMP traffic and it sends a Leave Group message. When the IGMP Snooping switch received this Leave Group message, it sends the IGMP group specific query message to determine, if any device behind that port is interest in the specific multicast group traffic. If the switch has not received any IGMP Report message, it removes the MAC GDA address from the associated port in the MAC Filtering Database. The figure 7 of IGMP version 1 as listed below:
Figure 8 : IGMP Version 1
IGMP version 1 is the original version of the IGMP protocols. When the Multicast router gets multicast traffic from a multicast server, it will create a multicast group for the multicast stream (Refer to Figure 1).
Compare And Contrast Its Operation in Dense Mode With that In Sparse Mode for Protocol Independent Multicast (PIM)
Dense-Mode Routing
This approach assumes that group members are bandwidth is plentiful and densely distributed over the network. The protocols employ periodically flood the network with multicast traffic and reverse-path multicast algorithms. If this is the first sight of a packet, a router will forward it to all branches except the source. The routers cut the connections which they also cut the connections not actively replying and would not use to re-source a packet via unicast. In this case a minimum connection tree is maintained, although this is an expensive mechanism (Mohammad Banikazemi 1997, Jon Crowcroft 1998). Protocols built on this approach are Distance Vector Multicast Routing Protocol (DVMRP) (D. Waitzman, C. Partridge, S. E. Deering 1988), Multicast Extensions to Open Shortest Path First (MOSPF) (J. Moy 1994) and Protocol-Independent Multicast - Dense Mode (PIM-DM) (PIM-DM Internet Draft 1999).
Sparse-Mode Routing
This approach assumes that group members are bandwidth may be scarce and distally distributed. Where dense-mode protocols use a data-driven approach for tree construction, sparse-mode (or centre-based) trees only initiate routers on the tree as a result of their subnet hosts requesting membership, thus constructing explicit receiver-initiated trees. The three interesting applications of this method are Core-Based Trees (CBT) (A. Ballardie 1997), Protocol-Independent Multicast - Sparse Mode (PIM-SM) (D. Estrin et al 1997) and Border Gateway Multicast Protocol (BGMP) (Jon Crowcroft 1998). Unlike DVMRP or MOSPF, CBT's construct a single group-shared tree around a core router. When the core router receives a join message, it returns an acknowledgement over the reverse path. This becomes a branch. Although this approach is streamlined in terms of router state information, there is potential for traffic congestion around the core. PIM-SM is a similar approach, but allows a group-shared to revert to a shortest-path tree. BGMP is the only attempt so far to scale up to the global Internet. The idea is to construct a tree out of domains of trees already constructed in a sparse or dense mode form.
The table 3 of Comparison of Sparse and Dense-Mode Protocols as listed below:
Table 3 : Comparison of Sparse and Dense-Mode Protocols
Figure 9 : Dense Mode VS Sparse Mode
The figure 8, with dense-mode routing, the source broadcasts everywhere on the network until amended branches are "pruned." Sparse mode is initiated by the receiver sending a request to the first router that receives the multicast, or all the way back to the source to initiate the broadcast.
TASK 3
Function of The Four Internet Hosts for Sends an Email Message
The POP3 / IMAP, MIME and SMTP services are useful for applications that need to provide mail client functionality.
The reception of email is handled by POP3 service that implements the client part of POP3 v.3.0. Sending of e-mail can be achieved by using the SMTP service, which is the client side implementation of the SMTP protocol. (James F. Kurose and Keith W. Ross 2000) In both cases, the safety of transport in the SSL / TLS can be used.
The MIME Service is ensures the conversion of outgoing email messages into the Multipurpose Internet Mail Extensions v1.0 (MIME) format. It also transforms incoming messages from the MIME format into viewable messages. (James F. Kurose and Keith W. Ross 2000)
The scenario for sends an email message from Ruba to Kibsa are listed below:
Ruba use the user agent to write a message and recipients is Kibsa.
Ruba's of user agent that will send the email message to the mail server and email message will be placed in message queue.
The SMTP of Client-side open with Kibsa of mail server TCP connection.
SMTP client will Ruba e-mail messages sent through the TCP connection
Kibsa mail server will send this e-mail messages via POP3 or IMAP's mailbox into the Kibsa
When Kibsa opened his user agent is can read the e-mail messages.
List the Internet Protocols
SMTP
The Simple Mail Transport Protocol (SMTP) is used to deliver e-mail. SMTP is a TCP-based communications agreements, its server-side default is to use TCP/25 communications port. (James F. Kurose and Keith W. Ross 2000)
POP3
The Post Office Protocol (POP) is used to allow end-user to receive e-mail. POP agreement is also based on TCP communication agreement. The default server is used the TCP/110 communications port. There are three versions that included POP, POP2 and POP3. The most commonly are using the POP3 this version. When you receive an e-mail using POP agreement these e-mail will be removed from the MTA. (James F. Kurose and Keith W. Ross 2000)
IMAP
The Internet Message Access Protocol (IMAP) and POP Like the agreement that is provided to client-side for receive an e-mail. IMAP agreement of servers is default using the TCP/143 communications port. The difference of POP agreement is IMAP in client-side after received email also still keep on MTA. In addition, IMAP supports multiple mailboxes, other features and expanded e-mail management. It is precisely because POP to IMAP than the more powerful and use more convenient. At present more and more units use the IMAP to replace the traditional POP Agreement. (James F. Kurose and Keith W. Ross 2000)
HTTP
The Hyper Text Transfer Protocol (HTTP) is the underlying protocol used by the World Wide Web. HTTP defines how messages are transmitted and formatted and browsers should take in response to various commands and what actions Web servers. For example, when you enter a URL in your browser, this actually sends an HTTP command to the Web server directing it to transmit and fetch the requested Web page. (James F. Kurose and Keith W. Ross 2000)
Format of the Sent Message
RFC 822
The standard text based e-mail is based on RFC 822 (P.Resnick 2001). This standard define headers, format and syntax that constitutive e-mail messages. Basically, an e-mail message is include of specific headers, each on a line by e-mail message, a blank line and the message body. An e-mail message at the end with a period "." following a blank line after the e-mail message body. Here is an example listed an e-mail message in the most basic form:
The e-mail message format is very simple. It has been in place for a number of years and the great works if you send the plain text messages in 7-bit US-ASCII characters. However, it cannot to send binary files or if you want to use a characters set for language except the Standard English. Clearly, there need for another solution.
MIME
The solution of the Multipurpose Internet Mail Extensions (MIME). It is used as a superset for RFC 822 based e-mail messages. MIME add in some important headers, so that how it should be interpreted and allow more control over what you can include in e-mail.
The MIME defines 5 additional header lines and each header meaning as listed below:
Figure 10 : MIME defines five additional header lines
The following is an example of what is an e-mail with attachments looks like. (For the sake of clarity, we have shortened the actual binary data "Test.doc" and images "test_file.jpg")
MS-Word : "test.doc" and "test_file.jpg"
The basic format is the same: blank lines, message data, headers and a period '.' to end the message. The part of the middle is a bit more complicated, which is exactly what we need, is in this article. Let's start with some of the important.
The Received Message Differ from the Sent Message
For the difference of receive and send message format is add new message line "Received: from destination and receive date" in receive message. The sample is listed below:
TASK 4
Compare and Contrast with IPv4 and IPv6
As Internet technology continues to evolve. IPv4 gradually exposed the many shortcomings. The most of prominent is the IP address space will be depleted and trunk routing tables growing problem. At the current pace of development of the Internet. IPv4 addresses in 2005 to 2010 are finished allocated. In order to thoroughly solve the problems encountered in IPv4 and future applications as well as to provide better support. Internet Engineering Group (IETF) of the IPng Working Group (IPng Working Group) proposes to amend the IP agreements. The new proposal is the 6th version of IP, it is also known as IPv6. IPv6 has a 128-bit address space. IPv4 addresses can completely solve the problem of insufficient resources. In addition, IPv6 also uses a hierarchical addressing mode, efficient IP header, service quality, host address auto-configuration, authentication, encryption and many other technologies. (B. Rahul n.d.)
Now, the Internet that is used Internet Protocol is the fourth version is called IPv4 that its use 32-bit addressability. The addressability is 2 to the power 32. This addressability the start of the development of the Internet was still very abundant. But in the face today and the future. The home and business computers and equipment are using the Internet case; the Internet node addresses is obviously insufficient. According to APNIC's Geoff Huston network of experts predicted, IPv4 addresses will be completed dispenses from 2010 to 2011. In order to solve the problem when no address is available, Internet Engineering Task Force (IETF) therefore developed a sixth version of Internet Protocol is called IPv6 (B. Rahul n.d.). This will be a major breakthrough in the network.
What is IPv4?
IPv4 is the first version of the Internet Protocol, a widely used; accounts for most of today's Internet traffic (Please refer to Appendix 7.4 for IPv4). Only have more than 4 billion IPv4 addresses. While that is many IP address but that is not enough to last forever (IPv6 Act Now n.d.).
IPv4 Datagram
Figure 11 : IPv4 datagram format (Source: Behrouz A. Forouzan, 2000, p.709)
What is IPv6?
IPv6 is a new numbering system that will provide a much larger IPv4 address pool, amongst other functions (Please refer to Appendix 7.5 for IPv6). It is deployed in 1999 and should tally with the world's IP addressing needs well into the future (IPv6 Act Now n.d.).
IPv6 Datagram
Figure 12 : IPv6 datagram format (Source: Behrouz A. Forouzan, 2000, p.828)
What are the Major Differences between IPv4 and IPv6?
The major difference between IPv4 and IPv6 is the number of IP addresses. The IPv4 just over 4,000,000,000 addresses. But in contrast, IPv6 are over 340,000,000,000,000,000,000,000,000,000,000,000,000 addresses. The technical function of the Internet remains the same with both versions and it is like that both versions will continue keep to operate synchronously on the networks well into the future. To date, most networks that use IPv6 support both IPv4 and IPv6 addresses in their networks (Home-Network-Help n.d.).
Table 4 : The major differences of IPv4 and IPv6
The Characteristic of Ipv6
Larger Address Space
The IPv6 uses 128 bits as the address format of internet node, the number of address is upto 128 power of 2 (extend from 32 bits to the 128 bits) and estimated that everyone on the world can be allocated with 1,000,000 IP addresses, so in the future that range from mobile phone, PDA and even CD walkman and watches will have an unique IP address, and be able to to receive updated information or remontly controlled through the network (MSDN n.d.).
Better Routing Efficiency and the Optimization
The IPv6 devides its addressing space into 3 levels which is Top Level Aggregator Identifierã€Next Level Aggregator Identifierã€Site Level Aggregator Identifier , each one is responsible for authorizing an IP net segment to its lower organization, this kind of management method makes routing to be more simplified. In addition, the IPv6 also supports anycast function, by choosing a best(most short distance or minimum cost etc.) host, which can shorten the respond time and load dispersion, and saving the bandwidth (MSDN n.d.).
Assurance of the Service Quality
The header of IPv6 has reserved a Flow Label column, which can work well with the Multiple Protocol Label Switch (MPLS) technique, the different data stream can be used as the basis of service quality control towards different Flow Label. (MSDN n.d.) In the earlier stage of the Internet, it was only used for exchange data, and the accuracy of for data transmission became the first piority of quality measure, however the telecommunication is delivered on the internet, so the packet service quaility becomes one of the most concern, the IPv6 adds two parameters in the header, and including stream data category and stream data marking which will contribute to the design of service quality control mechanism (MSDN n.d.).
Comparison of IPv6 and IPv4 characteristics as listed below:
Table 5 : IPv4 / IPv6 Comparison (Source from IBM Services & Solutions n.d.)
The Transition Technology Current Status of IPv6
The first problem need to be solved is how to convert IPv4 to IPv6b along with the development of IPv6. It is not realistic that the IPv4 can be converted to IPv6 from one day to the other, as almost all the network equipment is supporting the IPv4. On the other hand, IPv6 must be able to resolve the issues left by IPv4. Therefore, can foresee that the IPv4 takes rather long time to complete to the transition of IPv6. Currently, IETF has already established a specialized workgroup to study the conversion issues from IPv4 to the IPv6, and has already came up a lot of solutions, and mainly with the following categories:
Dual-Stack
To apply both IPv4 and IPv6 protocols on the same node, it is most straight forward way to let IPv6 node fully compatible with IPv4, it is mainly used for the communication node which including hosts and routers, and this technique makes the IPv4 and IPv6 become fully compatible. Nevertheless, it doesn't really helpful to resolve the issue of shortage in IP address. In addition, it also makes the routing become more complicated, as the network infrastructure needed to supporting dual-stack routing (Junn Bi, Jianping Wu, and Xiaoxiang Leng 2007).
Tunneling
Along with the development of IPv6, some IPv6 networks appeared, but IPv6 networks needs IPv6 as backbone to connect other networks. For those IPv6 isolated networks to connect to the other network it requires the IPv4 protocol as the backbone (or tunnel), so it is most convenient method in the transition period for moving IPv4 to IPv6 (Junn Bi, Jianping Wu, and Xiaoxiang Leng 2007).
The router repacks the IPv6 information into IPv4, the IPv4's grouping and source and destination address is the tunnel's entry and exit of IPv4 addresses. At the exit of the tunnel, it takes the IPv6 address and redirect to the destination node. The tunneling technology only requires the entry and exit addresses of the tunnel to be converted, no requirement of the other parts, therefore it is really easier to be achieved, however tunneling technology doesn't support the directly communication between IPv4 and IPv6 hosts.
Network Address Translation Protocol Translation, NAT-PT
By using the SIIT protocol conversion, NAT-PT can connect with the dynamic Network Address Translation (NAT) under IPv4 and also the ALG. It realizes the communication of most applications before IPv4 and IPv6 (Junn Bi, Jianping Wu, and Xiaoxiang Leng 2007).
The above technology mainly relies the supporting of IPv4 as a bridge to the IPv6 conversion, we are looking forward to IPv4 and IPv6 can be compatible via such conversion. Right now, 6to4 structure is one of the most popular techniques.
The Advantage of Ipv6 over Ipv4
Number of Addresses
In the reason of IPv4 address shortage, and therefore NAT is existed and become popular. However, NAT doesn't permit the communication before terminals within a network, and therefore the terminal can access to the server but the server may not access to the terminals, as a result the server may not send request to the user-end. IPv6 address spacing is extend from the original IPv4's 32 bits to 128 bits, it greatly resolved the issues of shortage of IP address from IPv4, all terminals can be communicated with each other's become possible, as the shortage of IP address is now resolved by the IPv6 (Sources from IBM Services & Solutions).
Plug and Use
The design of IPv6 supports two different kinds of auto-configuration modes; they are stateful auto-configuration and Stateless Auto-configuration. The Stateful Auto-configuration is designed to operate with DHCPv6, it is similar with the DHCP under the IPv4 architecture, and the stateless Auto-Configuration doesn't require to preset the IP address, once the host require an IP address just have to send a request of Router Solicitation, then it can receive Router Advertisement information to calculate a unique public IP address., this techniques enhanced the flexibility on usage.
TASK 5
Types of IDSs
An Intrusion detection system (IDS) is a network security device that monitors network and / or system activities for malicious or unwanted behavior.
IDS Types
Intrusion detection systems can be broken up into three main categories (Sourceforge.Net n.d.):
Figure 13 : Intrusion Detection System Diagram (Source from Javvin 2004 (3))
Example of Intrusion Detection - Home Security
Figure 14: Home Security (Source from SmartHome n.d.)
IDS Strengths And Weaknesses
Host-based Intrusion Detection Systems (HIDS)
A "host-based IDS", is can directly running on desktop systems or servers and resource use of that the system together with the audit log files and examine log with leave the system and entering from network traffic. Besides, some host-based system to monitor the log files of specific services such as web pages or FTP servers. These systems can work in real-time or in batch mode to check the log at the preset time interval. (SecurityFocus n.d.)
A "Host-based IDS" might, such as look for unusual such multiple failed logon attempts, in the event of unusual login times and access to system files rather than the usual user access. Host-based intrusion detection system has several strengths and weaknesses.
Network-based Intrusion Detection Systems
"Network-based Intrusion Detection System (NIDS)" traffic monitor pass through the network and comparison of traffic with a database of so-called signatures are known to malicious activity. A number of signatures of a typical use of different types of NIDS:
Header Signatures: Scanning the header portion of the network packets to identify inappropriate or distrustful information.
Port Signatures: Monitoring the destination port of network packets to ensure packets are not destined for the port and the server on the network does not provide services, or the target port known to use of common attacks.
String signatures: Identification string containing in the payload of network packet to identify string known to exist of the malicious code.
A network based IDS will usually only pick up the packet travel in the network segment to which it is attached. In general network intrusion detection systems are generally placed between the firewall and internal network to ensure that all outbound and inbound traffic monitoring. In addition, if network-based IDS software installed on a computer is vital that the computer equipped with network interface card (NIC) that supports promiscuous mode which not just those destined for its own IP addresses, so that it can capture all network packets. (SecurityFocus n.d.)
As the network-based system (NDS) and host-based intrusion detection systems (HIDS) have inherent strengths and weaknesses.
The Advantages And Disadvantages Of Deploying Idss
Network-Based IDSs
"Network-based intrusion detection system", the most common type of commercial product provides the analyzing network packets and detects attacks by capturing. Listen to the network backbone of network-based IDS can monitor a lot of information. Network-based intrusion detection systems are generally used by capture the network traffic across the network or a group of single-purpose hosts "sniff" and report on attacks on a single management console. As no other applications running on the host using a network-based IDS, can be guaranteed from attack. Many of them even have "stealth" mode, which makes it difficult to find the attacker of their existence, and find them. (The Intrusion Detection System Group 1993)
Host-Based IDSs
"Host-based IDSs" operate by analysis the activity on a specifically computer. Therefore, they must collection of information from host they are monitored. This makes host intrusion detection analysis of the activities of a very fine granularity and accurately identify which process and user is implementation of malicious activities on the operating system. Some host-based intrusion detection system to simplify the management of a group of hosts by making the management functions and reports of attacks focused on a single security console. Other generated messages to other compatible with network management system. (The Intrusion Detection System Group 1993).
Application-Based IDSs
Application-based intrusion detection systems can monitor events within the application transpiration. Usually application-based intrusion detection systems detection attacks by analyzing the application's log file. Through interfaces with an directly of application and knowledge of application or possession significant domain, application-based intrusion detection systems are more likely to have fine-grained view of distrustful activity or a more cautious in the application. (The Intrusion Detection System Group 1993).
REFERENCES
A. Ballardie 1997, Core Based Trees (CBT Version 2) multicast routing, Retrieved 29 November 2009, http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.3.3340
Asa Pehrsson, Wireless VPN, IPSec vs SSL/TLS, , Retrieved 2 January 2010, http://www.it.kth.se/courses/IK2555/ExamplePapers/2G1330_asa_pehrsson-20050712.pdf
B. Rahul, Introduction to the IPv6, Retrieved 29 November 2009, http://www.bits-pilani.ac.in/~rahul/
Behrouz A. Forouzan, 2000, Data Communication and Networking, 2nd Edn., McGraw-Hill Internation Edition.
D. Waitzman, C. Partridge, S. E. Deering 1988, Distance Vector Multicast Routing Protocol, Retrieved 29 November 2009, http://www.faqs.org/ftp/rfc/pdf/rfc1075.txt
Estrin et al 1997, Protocol independent multicast-sparse mode (PIM-SM), Retrieved 29 November 2009,http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.31.5427
IBM Services & Solutions, Comparison of IPv6 and IPv4 characteristics, Retrieved 3 Dec 2009, http://publib.boulder.ibm.com/infocenter/zos/v1r9/index.jsp? topic=/com.ibm.zos.r9.hale001/ipv6d0011006452.htm
IETF 1999, The Internet Engineering Task Force (IETF), Retrieved 29 November 2009, http://www.ietf.org/
Home-Network-Help, What is the difference between IPv4 and IPv6, Retrieved 29 November 2009, http://www.home-network-help.com/ipv4-ipv6.html
IPv6 Act Now, What is IPv4, Retrieved 29 November 2009, http://www.ipv6actnow.org/info/what-is-ipv4/
IPv6 Act Now, What is Ipv6, Retrieved 29 November 2009, http://www.ipv6actnow.org/info/what-is-ipv6/
Javvin 2004 (1), TLS, Transport Layer Security Protocol RFC 2246, Retrieved 29 November 2009, http://www.javvin.com/protocolTLS.html
Javvin 2004 (2), IGMP: Internet Group Management Protocol Overview, Retrieved 8 December 2009, http://www.javvin.com/protocolIGMP.html
Javvin 2004 (3), IDS: Intrusion Detection System, Retrieved 17 November 2009, http://www.javvin.com/networksecurity/ids.html
James F. Kurose and Keith W. Ross 2000, Computer Networking, Electronic Mail in the Internet, pp124
Jean Paul and Kenneth G. 2007, IPsec Standards in Encryption-only Configurations, Retrieved 6 December 2009, http://eprint.iacr.org/2007/125
Jon Crowcroft 1998, Internet Multicast Tomorrow, http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_5-4/internet_multicast.html
Juniper 2007, Introduction to IGMP for IPTV Networks, Retrieved 6 December 2009, http://www.juniper.net/solutions/literature/white_papers/
Junn Bi, Jianping Wu, and Xiaoxiang Leng 2007, IJCSNS International Journal of Computer Science and Network Security,IPv4/IPv6 Transition Technologies and Univer6 Architecture, Retrieved 6 December 2009, http://paper.ijcsns.org/07_book/200701/200701B06.pdf
Leader in Converged IP Testing, Multicast: Conformance and Peformance Testing , Retrieved 30 November 2009, http://www.ixiacom.com/library/white_papers/
Mohammad Banikazemi 1997, On-Demand Branching Multicast, Retrieved 8 December 2009, http://www.jos.org.cn/ch/reader/download_pdf.aspx?file_no=20030335&year_id=2003&quarter_id=3&falg=1
msdn, IPv6 Characteristics, Retrieved 29 November 2009, http://msdn.microsoft.com/en-us/library/aa921137.aspx
Network Dictionary, TLS: Transport Layer Security Protocol, Retrieved 29 November 2009, http://www.networkdictionary.com/protocols/tls.php
P.Resnick 2001, RFC2822 - Internet Message Format, Retrieved 30 November 2009,
http://www.faqs.org/rfcs/
PIM-DM Internet Draft 1999, State Refresh in PIM-DM, Retrieved 30 November 2009, http://tools.ietf.org/html/draft-kouvelas-pim-refresh-00
RFC 2246, The TLS Protocol Version 1.0, Retrieved 24 December 2009, http://www.ietf.org/rfc/rfc2246.txt
Scott Shoaf 2006, Introduction to IGMP for IPTV Networks, Retrieved 30 November 2009, http://www.juniper.net/us/en/
SecurityFocus, An Introduction to IDS, Retrieved 30 November 2009, http://www.securityfocus.com/infocus/1520
SmartHome, What Is Home Automation, Retrieved 2 November 2009, http://www.smarthome.com/homeautomation.html
Sourceforge.Net, IDSS Interface for the development of statistical surveys, , Retrieved 28 December 2009, http://idss.sourceforge.net/
T. Dierks, C.Allen 1999, The TLS Protocol Version 1.0, Retrieved 29 November 2009, http://www.javvin.com/protocol/rfc2246.pdf
The Intrusion Detection System Group 1993, Intrusion Detection Systems - Network Based IDS, Retrieved 28 December 2009, http://www.intrusion-detection-system-group.co.uk/network.htm
