IPsecQuestionSolution PDF

-
236350
,"
'28.8.08 ,
:"
:
:
: .
4 . .
12 , . .
.
10 .
. .
. .
IPsec 3 30) IKE-(

Netwix , " . ,
GWA ,Gateway ,GWB- .IPsec-- , -
) ,(Subnet F
Gateway.GWF ,
:Netwix
:
).(http
) telnet ( ,
.
:Netwix USA-
o IPsec transport mode- .Netwix USA-
Netwix Israel- .
o ) (Transport Mode-
,Netwix USA ,Tunnel Mode- Netwix -
.Israel
o ) ," ,(GWF " .GWA
. ' SPD- ,GWA- Gateway-
Netwix Israel , . ,
ESP ) AH ( ,
) / (.
. transport mode-
,Netwix USA- . SPD-
, Netwix USA-
? , . , SPD-
.
. ,Netwix USA -
Tunnel mode" .gateways- chosen plaintext attack
, ) (P,C . ) Netwix Israel
( , GWF GWB- " ) SA ,
( . ) ,
.(Firewall-
.
) (Netwix Israel , IPsec ,
.Tunnel mode- .IKE ,
).(pss
.
.
.
IKE ,
Main mode : ?Aggressive Mode.
' .IKE
' .
.
" " ) IP- .(b
) .(x-
x- ,b- .GWA-
Transport mode- ?
:
..
. SPD- ,ACK ,
.
. GWB .ciphertext
:
telnet .Netwix USA-
.i
Netwix USA- Tunnel- GWB,GWF-
.ii
" .GWB
" , telnet .Netwix USA ,
, " GWB" SA
. , ping
, telnet , . "
,GWB GWF- ." sniffing
.
:
GWB- GWF- , -
.SPD-
. ,Main mode- pss- IP .
.Aggressive Mode
..
. :
'
'
Application
Application
TCP/UDP
TCP/UDP
IPsec
IP: x->b
IP: x->b
IPsec
IPsec
IP: GWA->b
IP: GWA->b
MAC
MAC
'1 Incoming SPD '

:
:
()
Gateway A (GWA) Incoming SPD table
Rule
Spoof
Src. Addr.
Netwix-IL
Dst. Addr.
Any
Protocol
Any
Src. Port
Any
Dst. Port
Any
Action
Drop
httpRuleIn
Any
Netwix-IL
TCP
80
>1023
Forward
telnetRule1
Netwix-US
Netwix-IL
TCP
23
>1023
Secure
ESP, Sign+Encrypt
telnetRule2
Netwix-US
Netwix-IL
TCP
>1023
23
Secure
ESP, Sign+Encrypt
GWB
GWF
IPsec
any
any
Forward
Netwix-US
SubnetF
IPsec
any
any
Forward
Any
Any
Any
Any
Any
drop
FinanceTunnel
FinanceTransport
default
Additional Parameters
Question e: add before the default rule:

VPNIn
Any
Netwix-IL
Any
Any
Any
Secure
IKERule
Any
GWA
UDP
500
500
Forward
ESP, Sign+Encrypt
') : (
.1 , ,Gateway , .IP-spoofing , SPD-:
Action
Drop
Src. Port
Any
Dst. Port
Any
Protocol
Any
Dst. Addr.
Any
Src. Addr.
Netwix-IL
Rule
Spoof
spoofing ,SubnetF- ) Netwix-IL (.

.2 ,default- , :
Action
drop
Src. Port
Any
Dst. Port
Any
Protocol
Any
Dst. Addr.
Any
Src. Addr.
Any
Rule
default
.3 . ) , ( . http
" >1023 80 , 80 . Incoming SPD-
, :
Action
Forward
Src. Port
80
Dst. Port
>1023
Protocol
TCP
Dst. Addr.
Netwix-IL
Src. Addr.
Any
Rule
httpRuleIn
,forward , .
.4 telnet , .
telnet , . :
telnet ; telnet telnet . -
SPD .- , , ) ESP- AH- ( .
:
ESP, Sign+Encrypt
Action
Secure
Dst. Port
>1023
Src. Port
23
Protocol
TCP
Dst. Addr.
Netwix-IL
Src. Addr.
Netwix-US
Rule
telnetRule1
ESP, Sign+Encrypt
Secure
23
>1023
TCP
Netwix-IL
Netwix-US
telnetRule2
.5 .Netwix USA- , .Transport mode-

,GWA- ) ( , .IPsec-
11
GWA , , , .Forward
:
Action
Forward
Dst. Port
any
Src. Port
any
Protocol
IPsec
Dst. Addr.
SubnetF
Src. Addr.
Netwix-US
Rule
FinanceTransport
Netwix-IL- , transport mode- ) " -

.(default rule , drop .
.6 , Tunnel Mode-
. , Tunnel GWF ,GWB Tunnel- GWF-) GWB-
( . Incoming SPD- GWA- " ,IPsec GWB- GWA .GWF-
) ,(Tunnel in Tunnel .forward GWB Netwix-US-
GWF ) SubnetF- ( , . ,
:
Action
Forward
Dst. Port
any
Src. Port
any
Protocol
IPsec
Dst. Addr.
GWF
Src. Addr.
GWB
Rule
FinanceTunnel
':
: , .IKE SA IPsec-
,Tunnel mode ) (gateway- IP , IKE .GWA IKE-
500 .UDP- ,TCP session , UDP- . UDP- "
) TCP- >1023 sessions ( . IKE:
Action
Forward
Dst. Port
500
Src. Port
500
Protocol
UDP
Dst. Addr.
GWA
Src. Addr.
Any
Rule
IKERule
, " IPsec .Tunnel Mode- :

ESP, Sign+Encrypt
Action
Secure
Dst. Port
Any
Src. Port
Any
Protocol
Any
Dst. Addr.
Netwix-IL
Src. Addr.
Any
Rule
VPNIn
" .IPsec ) ,(default-

) .(http
12

IPsecQuestionSolution PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

IPsecQuestionSolution PDF

Uploaded by

Copyright:

Available Formats

-

IPsec 3 30) IKE-(

'1 Incoming SPD '

Question e: add before the default rule:

spoofing ,SubnetF- ) Netwix-IL (.

.5 .Netwix USA- , .Transport mode-

Netwix-IL- , transport mode- ) " -

, " IPsec .Tunnel Mode- :

" .IPsec ) ,(default-

You might also like