局域網(wǎng)常見攻擊與如何防范講解14集ae簽名

局域網(wǎng)安全 IPsecprotectnetworklayer protectwireless802.114.802.1AEprotectLayer2dataAuthenticationwith802.1XShadowUsers ShadowUsers的情況，就有可能出現(xiàn)未 一旦802.1X啟用802.1AE技術(shù)，用戶和交換機(jī)之間要建立一個SA的MAC和屬于這個SA的數(shù)據(jù)才能通訊，有效的抵御了 和對數(shù)據(jù)的串改LinkSecbringstowirednetworks -2hasalreadydonefor<Linksec在有線網(wǎng)里邊實(shí)現(xiàn) -2已經(jīng)在無線網(wǎng)里實(shí)現(xiàn)的功能Authentication.Entitiesonalinkauthenticatedsimilarto<通過802.1X實(shí)現(xiàn)認(rèn)證Cryptographickeydistribution.Cryptographickeymaterialisexchangedbetweentheauthenticatedentitiesonalinktoestablishalink-levelSA.<在認(rèn)證的設(shè)備之間實(shí)現(xiàn)密鑰的分布,建立鏈路級的安全關(guān)聯(lián)> ityandintegrity.Leveragethekeymaterial/SAtocryptographicallyprotectandauthenticateeachpacketonthelink.Alltrafficisprotected,regardlessofwhatapplicationorlayeritbelongsto.<實(shí)現(xiàn)數(shù)據(jù)的私密性和完整性802.1af.PerformsauthenticationandcryptographickeydistributionamongpeersonthesameLayer2link.Thisstandardiscurrentlybeingdefined.802.1afisaprotocolthatwillbeimplementedinsoftwaresimilarto802.1X.Itisarevisionof802.1Xstandard.<實(shí)現(xiàn)認(rèn)證和密鑰的分布，有點(diǎn)像IPSEC里邊的802.1AE.Definestheframeformat,encryptionalgorithm,dataauthentication,andframeprocessing.802.1AEisfullydefined.Industryproductsnowimplementthisstandard.Typicallyimplementedinhardwareatthenetwork-interfacelevel.<定義幀格式，加密算法，數(shù)據(jù)檢驗(yàn)和幀的處理，類似與SimpleLinkSecAuthenticationandKeyWhenaLinkSec-enabledlinkcomesup,thepeersareauthenticated,andkeymaterialisexchangedtoestablishaSAusing802.1af.AftertheSAisestablished,bothpeershavethesessionkeythatprotectsAsistruewithanyencryptionmodel,sessionkeysneedtobeperiodicallychangedtoavoidpassiveattacks.802.1aftakescareofperiodicpeerreauthenticationandrekeynegotiationofthesessionkey. ityLinkSecmandatesAdvancedEncryptionStandardGaloisCounterMode(AES-GCM)astheauthenticatedencryptionalgorithm.Thisalgorithmusesa128-bitsymmetrickeyforencryptionanddecryption.DataToprovidedataintegrity,GaliosCounterModeMessageAuthentication(GMAC)authenticateseachFrame802.3Ethernet802.1AEProtectedEthernetEncryptionGCM(encryptedandGMAConly(Thepacketisnotencrypted;however,itisNullencryption(Nosecuritymeasuresareused,itmightbeusefulfortroubleshootingthecontrol andkeyexchangeprotocols(802.1af).)Performanceand802.1AEmandatesAES-GCMastheencryptionalgorithm.Itisahighlyoptimizedencryptionmechanismthatcanbeeasilyimplementedinhardwareorsoftwareforalowcost.AES-GCMimplementationscantakeadvantageofparallelismandpipelin