1 01/27/03 Scenarios. 2 01/27/03 Business Applications Scenario 1: Secure EPON – FTTH/FTTB (provider network) Scenario 2: IEEE 802 Link Security – RPR.

Slides:



Advertisements
Similar presentations
LinkSec Architecture Attempt 3
Advertisements

1 2/20/03 Link Security Scenarios Ali Abaye Charles Cook Norm Finn Russ Housley Marcus Leech Mahalingam Mani Bob Moskowitz Dave Nelson Antti Pietilainen.
Extended Service Set (ESS) Mesh Network Daniela Maniezzo.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Introducing VLAN Operations.
Networks: Bridges1 Bridges. Networks: Bridges2 Repeater S1S2 S3 LAN1LAN2 S4 A repeater operates at the physical layer and forwards everything between.
Bridges Advanced Computer Networks.
CSCI 465 D ata Communications and Networks Lecture 20 Martin van Bommel CSCI 465 Data Communications & Networks 1.
CSE 6590 Department of Computer Science & Engineering York University 1 Introduction to Wireless Ad-hoc Networking 5/4/2015 2:17 PM.
VLANs Virtual LANs CIS 278.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure Chapter 2: Developing the Active Directory.
William Stallings Data and Computer Communications 7 th Edition (Selected slides used for lectures at Bina Nusantara University) Internetworking.
Computer Networks: Bridges 1 Bridges. Computer Networks: Bridges 2 Repeater S1S2 S3 LAN1LAN2 S4 A repeater operates at the physical layer and forwards.
TDC /502, Summer II Unit 2: Underlying Technologies Transmission media (Section 3.1. Read on your own) Local Area Networks (LANs) –Ethernet.
Chapter 6 SECURE WIRELESS PERSONAL NETWORKS: HOME EXTENDED TO ANYWHERE.
Internetworking Fundamentals (Lecture #5) Andres Rengifo Copyright 2008.
Computer Networks Eyad Husni Elshami. Computer Network A computer network is a group of interconnected computers to share data resources ( printer, data.
Institute of Technology, Sligo Dept of Computing Semester 3, version Semester 3 Chapter 3 VLANs.
Multiples 1 X 2 = 22 X 2 = 43 X 2 = 6 4 X 2 = 8 What do you call 2,4,6,8 ?Multiples of 2 Why?
LAN Overview (part 2) CSE 3213 Fall April 2017.
Overview of Wireless LANs Use wireless transmission medium Issues of high prices, low data rates, occupational safety concerns, & licensing requirements.
Multiple Links Failover Mechanism for RPR Interconnected Rings IEEE WG Orlando, Florida USA March 11~16, 2007.
Network Admin Course Plan Accede Institute Of Science & Technology.
15.1 Chapter 15 Connecting LANs, Backbone Networks, and Virtual LANs Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or.
Submission doc.: IEEE 11-12/0589r0 May 2012 Donald Eastlake 3rd, Huawei R&D USASlide 1 General Links Date: Authors:
Submission doc.: IEEE 11-12/0589r2 July 2012 Donald Eastlake 3rd, Huawei R&D USASlide 1 General Links Date: Authors:
Cisco 3 - LAN Perrine. J Page 110/20/2015 Chapter 8 VLAN VLAN: is a logical grouping grouped by: function department application VLAN configuration is.
Submission doc.: IEEE 11-12/0589r1 May 2012 Donald Eastlake 3rd, Huawei R&D USASlide 1 General Links Date: Authors:
Doc.: mes Submission 7 May 2004 Tricci SoSlide 1 Need Clarification on The Definition of ESS Mesh Prepared by Tricci So.
Repeaters, Hubs, Bridges, Switches, Routers & Gateways Created by: David Elwell Dorian Glassberg Alley Hennigan.
Cisco S3C3 Virtual LANS. Why VLANs? You can define groupings of workstations even if separated by switches and on different LAN segments –They are one.
1 Data Link Layer Lecture 23 Imran Ahmed University of Management & Technology.
Doc.: IEEE 11-04/0319r0 Submission March 2004 W. Steven Conner, Intel Corporation Slide 1 Architectural Considerations and Requirements for ESS.
CCNA Guide to Cisco Networking Chapter 2: Network Devices.
BridgesBridges Advanced Computer Networks D12. Bridges Outline  Repeaters  Bridges –Backward learning  Bridge Loops –Spanning trees (transparent bridges)
1 6/3/2003 IEEE Link Security Study Group, June 2003, Ottawa, Canada Secure Frame Format PAR: 5 Criteria.
Doc.: IEEE /114r1 Submission January 2008 D. Eastlake (Motorola)Slide 1 Segregated Data Services Date: Authors:
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Chapter 16 Connecting LANs, Backbone Networks, and Virtual LANs.
Key Management V 0.4 Discussion of document revision SeaSec Intermediary Meeting, Heppenheim, October 07 Daniel Fischer Uni Lux SECAN-Lab / ESA OPS-GDA.
Dependability in Wireless Networks By Mohammed Al-Ghamdi.
CRICOS No J a university for the world real R Nov 2009 Andy Joyce Infrastructure Services Information Technology Services The Provision, Support.
Chapter 16 Connecting LANs, Backbone Networks, and Virtual LANs
Submission doc.: IEEE 11-13/0526r1 May 2013 Donald Eastlake, HuaweiSlide 1 Sub-Setting Date: Authors:
Doc.: IEEE /1091-r0 SubmissionGuenael Strutt, Jan KruysSlide 1 July 2006 Interworking Considerations Date: Authors: Notice: This document.
Module 8: Planning for Windows Server 2008 Active Directory Services.
IEEE MAC protocol Jaehoon Woo KNU Real-Time Systems Lab. KNU Real-Time Systems Lab.
Embracing the consumerization of IT There are four components to Microsoft’s strategy.
Connectors, Repeaters, Hubs, Bridges, Switches, Routers, NIC’s
IEEE Std Proposed Revision Purpose, Scope & 5 Criteria.
Suresh Krishnan Secure Proxy ND Suresh Krishnan
Chapter 2 Overview of Networking Components
Segregated Data Services
Lab 2 – Hub/Switch Data Link Layer
Robert Moskowitz ICSAlabs
Chapter 4 Data Link Layer Switching
Lab 2 – Hub/Switch Data Link Layer
Subject Name: Computer Communication Networks Subject Code: 10EC71
Connecting LANs, Backbone Networks,
Chapter 16 Connecting LANs, Backbone Networks, and Virtual LANs
User Scenarios - Simplification
Segregated Data Services
Chapter 3 VLANs Chaffee County Academy
Requirements for ESS mesh network development
Chapter 15. Connecting Devices
Computer Networks Presentation IEEE Architecture
Response to Coexistence Presentations
Connectors, Repeaters, Hubs, Bridges, Switches, Routers, NIC’s
Bridges Computer Networks.
IEEE Wireless Local Area Networks (RF-LANs)
Presentation transcript:

1 01/27/03 Scenarios

2 01/27/03 Business Applications Scenario 1: Secure EPON – FTTH/FTTB (provider network) Scenario 2: IEEE 802 Link Security – RPR provider network? – ??? Scenario 3: Secure Bridged Networks – RPR enterprise networks? – ???

3 01/27/03 Levels of Trust Scenarios 3a, 3b and 3c depict different levels of trust of a network In the absence of any SA (#3), all bridges are trusted 3a) Implies the opposite (complete paranoia) 3b) The ES’s trust exactly one SB (there may be other SB’s but the ES’s don’t trust them). 3c) The left ES trusts the left SB and the right ES, the right SB. Neither ES trusts the SB furthest from it. SB’s trust each other, and they may be separated by a normal (security–unware) bridge B or an SB they don’t trust. Different security approach depending on trust level

4 01/27/03 Classification of Scenarios Classify scenarios by trust models (first cut): Scenario T1: ES-EN-ES – Enterprise trust model – ES-EN links may be shared medium Scenario T2: ES-PN-EN – Provider network in one Admin Domain Scenario T3: ES-PN-EN – Provider network spans multiple Admin Domains – EPON ES-PN links or other shared media ES: End System EN: Enterprise Network PN: Provider Network

5 01/27/03 Unified Solution: Two Architecture Views? Single-hop security associations – Basis of the solution is the link security – Secure Bridged network is designed as a (secure) sequence of secure links Multi-hop security associations – A secure bridged network operates as a single end-to-end security association where end points may be secure bridges, not stations – Link security may be obtained by considering the link as the simplest form of a network Combinations are possible

6 01/27/03 Scope of Security Associations

7 01/27/03 Factors Single-hop SAs SA management is between contiguous “devices” (simple) L2 network infrastructure must be security-aware – New infrastructure? – Upgrade existing? What is the impact? Disadvantage: can’t support secure link layer between bridged stations separated by security-unaware bridges Multi-hop SAs No impact in the network infrastructure (transparent service) SA management is more complicated – During SA establishment? – After topology changes Restricted link protection – Control and management frames may cannot be protected – Is it needed? Special mechanisms can be added

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.