Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 01/27/03 Scenarios. 2 01/27/03 Business Applications Scenario 1: Secure EPON – FTTH/FTTB (provider network) Scenario 2: IEEE 802 Link Security – RPR.

Published byRoberta Dawson Modified over 8 years ago

Similar presentations

Presentation on theme: "1 01/27/03 Scenarios. 2 01/27/03 Business Applications Scenario 1: Secure EPON – FTTH/FTTB (provider network) Scenario 2: IEEE 802 Link Security – RPR."— Presentation transcript:

1 1 01/27/03 Scenarios

2 2 01/27/03 Business Applications Scenario 1: Secure EPON – FTTH/FTTB (provider network) Scenario 2: IEEE 802 Link Security – RPR provider network? – ??? Scenario 3: Secure Bridged Networks – RPR enterprise networks? – ???

3 3 01/27/03 Levels of Trust Scenarios 3a, 3b and 3c depict different levels of trust of a network In the absence of any SA (#3), all bridges are trusted 3a) Implies the opposite (complete paranoia) 3b) The ES’s trust exactly one SB (there may be other SB’s but the ES’s don’t trust them). 3c) The left ES trusts the left SB and the right ES, the right SB. Neither ES trusts the SB furthest from it. SB’s trust each other, and they may be separated by a normal (security–unware) bridge B or an SB they don’t trust. Different security approach depending on trust level

4 4 01/27/03 Classification of Scenarios Classify scenarios by trust models (first cut): Scenario T1: ES-EN-ES – Enterprise trust model – ES-EN links may be shared medium Scenario T2: ES-PN-EN – Provider network in one Admin Domain Scenario T3: ES-PN-EN – Provider network spans multiple Admin Domains – EPON ES-PN links or other shared media ES: End System EN: Enterprise Network PN: Provider Network

5 5 01/27/03 Unified Solution: Two Architecture Views? Single-hop security associations – Basis of the solution is the link security – Secure Bridged network is designed as a (secure) sequence of secure links Multi-hop security associations – A secure bridged network operates as a single end-to-end security association where end points may be secure bridges, not stations – Link security may be obtained by considering the link as the simplest form of a network Combinations are possible

6 6 01/27/03 Scope of Security Associations

7 7 01/27/03 Factors Single-hop SAs SA management is between contiguous “devices” (simple) L2 network infrastructure must be security-aware – New infrastructure? – Upgrade existing? What is the impact? Disadvantage: can’t support secure link layer between bridged stations separated by security-unaware bridges Multi-hop SAs No impact in the network infrastructure (transparent service) SA management is more complicated – During SA establishment? – After topology changes Restricted link protection – Control and management frames may cannot be protected – Is it needed? Special mechanisms can be added

Download ppt "1 01/27/03 Scenarios. 2 01/27/03 Business Applications Scenario 1: Secure EPON – FTTH/FTTB (provider network) Scenario 2: IEEE 802 Link Security – RPR."

Similar presentations

LinkSec Architecture Attempt 3

LinkSec Architecture Attempt 3
1 2/20/03 Link Security Scenarios Ali Abaye Charles Cook Norm Finn Russ Housley Marcus Leech Mahalingam Mani Bob Moskowitz Dave Nelson Antti Pietilainen.

1 2/20/03 Link Security Scenarios Ali Abaye Charles Cook Norm Finn Russ Housley Marcus Leech Mahalingam Mani Bob Moskowitz Dave Nelson Antti Pietilainen.
Extended Service Set (ESS) Mesh Network Daniela Maniezzo.

Extended Service Set (ESS) Mesh Network Daniela Maniezzo.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Introducing VLAN Operations.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Introducing VLAN Operations.
Networks: Bridges1 Bridges. Networks: Bridges2 Repeater S1S2 S3 LAN1LAN2 S4 A repeater operates at the physical layer and forwards everything between.

Networks: Bridges1 Bridges. Networks: Bridges2 Repeater S1S2 S3 LAN1LAN2 S4 A repeater operates at the physical layer and forwards everything between.
Bridges Advanced Computer Networks.

Bridges Advanced Computer Networks.
CSCI 465 D ata Communications and Networks Lecture 20 Martin van Bommel CSCI 465 Data Communications & Networks 1.

CSCI 465 D ata Communications and Networks Lecture 20 Martin van Bommel CSCI 465 Data Communications & Networks 1.
CSE 6590 Department of Computer Science & Engineering York University 1 Introduction to Wireless Ad-hoc Networking 5/4/2015 2:17 PM.

CSE 6590 Department of Computer Science & Engineering York University 1 Introduction to Wireless Ad-hoc Networking 5/4/2015 2:17 PM.
VLANs Virtual LANs CIS 278.

VLANs Virtual LANs CIS 278.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure Chapter 2: Developing the Active Directory.

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure Chapter 2: Developing the Active Directory.
William Stallings Data and Computer Communications 7 th Edition (Selected slides used for lectures at Bina Nusantara University) Internetworking.

William Stallings Data and Computer Communications 7 th Edition (Selected slides used for lectures at Bina Nusantara University) Internetworking.
Computer Networks: Bridges 1 Bridges. Computer Networks: Bridges 2 Repeater S1S2 S3 LAN1LAN2 S4 A repeater operates at the physical layer and forwards.

Computer Networks: Bridges 1 Bridges. Computer Networks: Bridges 2 Repeater S1S2 S3 LAN1LAN2 S4 A repeater operates at the physical layer and forwards.
TDC 463-98-501/502, Summer II 20022-1 Unit 2: Underlying Technologies Transmission media (Section 3.1. Read on your own) Local Area Networks (LANs) –Ethernet.

TDC /502, Summer II Unit 2: Underlying Technologies Transmission media (Section 3.1. Read on your own) Local Area Networks (LANs) –Ethernet.
Chapter 6 SECURE WIRELESS PERSONAL NETWORKS: HOME EXTENDED TO ANYWHERE.

Chapter 6 SECURE WIRELESS PERSONAL NETWORKS: HOME EXTENDED TO ANYWHERE.
Internetworking Fundamentals (Lecture #5) Andres Rengifo Copyright 2008.

Internetworking Fundamentals (Lecture #5) Andres Rengifo Copyright 2008.
Computer Networks Eyad Husni Elshami. Computer Network A computer network is a group of interconnected computers to share data resources ( printer, data.

Computer Networks Eyad Husni Elshami. Computer Network A computer network is a group of interconnected computers to share data resources ( printer, data.
Institute of Technology, Sligo Dept of Computing Semester 3, version 2.1.3 Semester 3 Chapter 3 VLANs.

Institute of Technology, Sligo Dept of Computing Semester 3, version Semester 3 Chapter 3 VLANs.
Multiples 1 X 2 = 22 X 2 = 43 X 2 = 6 4 X 2 = 8 What do you call 2,4,6,8 ?Multiples of 2 Why?

Multiples 1 X 2 = 22 X 2 = 43 X 2 = 6 4 X 2 = 8 What do you call 2,4,6,8 ?Multiples of 2 Why?
LAN Overview (part 2) CSE 3213 Fall 2011 21 April 2017.

LAN Overview (part 2) CSE 3213 Fall April 2017.

Similar presentations

Ads by Google