Professional Documents
Culture Documents
IPSec
Firewall Design
3 additional areas
ESP HEADER
ESP TRAILER
ESP AUTH - variable size
© MMII JW Ryder CS 428 Computer Networking 12
IPSec ESP
Uses many of same items as AH but reorders them
ESP HEADER
8 octets for SPI and SEQ Number
ESP TRAILER
Optional padding
Padding Length
NEXT HEADER
ESP AUTH data
externally
clients on the bastion host
Inner barrier
Blocks incoming traffic except those coming from bastion
Manual bypass
© MMII JW Ryder CS 428 Computer Networking 26
Secure Firewalls
Web access example
Firewall prevents user computer from receiving
datagrams
User cannot use browser for direct access
Arrange proxy server on bastion host
Inside, each browser configured to use the proxy
Proxy contacts URL, receives information and
returns it transparently to user inside firewall
© MMII JW Ryder CS 428 Computer Networking 27
Firewall Implementation
Each barrier requires router with packet filter
Network connections between the routers and bastion
host
See figure 32.8 on page 594
R2 = outer barrier
H = bastion host
R1 = inner barrier
Safety of firewall depends on safety of bastion host
(software and hardware)
© MMII JW Ryder CS 428 Computer Networking 28
Stub Network
Previous example known as stub network
Stub network isolates organization