Beruflich Dokumente
Kultur Dokumente
TOURO COLLEGE
BY THE I.T. ASSOCIATION OF AMERICA
For more than three decades, this end-toend model has sufficiently met the needs of its users. Since the 80s IPv4 has supported internet growth by accommodating over 4 million unique internet addresses given by Internet Service Providers.
protocols Protocol
addressing that would utilize network number and host number each a 32 bit field. This would allow for the possibility of generating over 4 million unique addresses. Initially many considered that this level of opportunity for volume would suit the needs of internet users however, it has proven to be a crippling limitation. Today the internet and its users have grown so large it has now run out of IP addresses. Network Administrators were able to take precautions to combat this difficulty by implementing NAT or Network Address Translation.
Today, the internet has grown to be a millionnetwork network, which is something with startling consequences. Security and addressing become more prevalent issues
addresses, provides globally unique and hierarchical addressing based on prefixes rather than address classes, which keeps routing tables small and backbone routing efficient.
Today, it has become a very hostile environment. Although certain techniques have been introduced to overcome some of the Internets best known security deficiencies (SSL, IPSec, etc.), they seem to be insufficient
Denial of service attacks (DOS) When there is an attempt to make a computer source unavailable to users. A common method is flooding the target hosts with requests, thus preventing valid network traffic to reach the host. Malicious code distribution- These can propagate themselves from one infected host to another. Man-in-the-middle attacks - An attack is able to read, insert and modify at will messages between two hosts without either hosts knowing that their communication has been compromised. Fragmentation attacks - Different Operating systems have their own method to handle large IPv4 packets and this attack exploits that method. For example the ping of death attacks. This attack uses many small fragmented ICMP packets which when reassembled at the destination exceed the maximum allowable size for an IP datagram which can cause the victim host to crash, hang or even reboot. Port scanning and other reconnaissance attacks - this is used to scan for multiple listening ports on a single, multiple or an entire network hosts. Open ports can be used to exploit the specific hosts further. Because of the small address space, port scanning is easy in IPv4 architecture ARP poisoning and ICMP redirect - ARP poison attack is to send fake, or spoofed, ARP messages to a network. The aim is to associate the attackers MAC address with the IP address of another node. Any traffic meant for that IP address would be mistakenly sent to the attacker instead.
services that could be linked to known weaknesses. To scan ports on IPv4 is very simple because most addresses only 8 bits are allocated for host addressing. Scanning a larger address such as the IPv6, 128 bit encryption becomes more difficult.
required in IPv6 protocol, mandated by RFC4301. IPsec consist of cryptographic protocols that provide a safe communication and key exchange
authentication confidentiality and data integrity. Authentication header protocol prevents packets from being changed or modified with.
Authentication header, however also provides confidentiality. In this header there is a field that identifies what group of security parameters the
functionality to communicate between parties. It negotiates with other peoples protocols, encryption algorithms and keys. It can simply
the ability to discover other nodes link-layer address on the local link. It can also find routers on the local link ; this assists in detecting when a
IPv6
Though IPv6 addresses many of the deficiencies present in IPv4 it is by no means a perfected system. Source trouble through processing all stacks by extension header Potential for security breeches during transitioning between IPv4 and IPv6