This assignment covers IPsec.
What is IP spoofing and how does it relate to the problem of TCP sequence number prediction? Explain the problems the attacker must solve in order to make the attack successful. Note: This question is not about using IP spoofing in a denial-of-service context. It is about using IP spoofing to grain unauthorized access to a service.
Describe some of the essential differences between applying network security at the network layer (as IPsec does) as opposed to at the transport/application layer boundary (as SSL/TLS does). What are the advantages and disadvantages of each approach?
IPsec introduces the concept of a "security association" or SA. What is an SA and why is it necessary? What do the acronyms SPD and SAD mean in an IPsec context? What do they stand for and what is their purpose?
In IPsec, if authentication and encryption are both to be applied to a packet, the encryption is done first followed by authentication (that is, the MAC is computed on the encrypted packet rather than the other way around). What reason might there be for this ordering? Ferguson and Schneier do not like this aspect of IPsec and feel that authentication should be done first. Why do they say that? See the document IPsec-evaluation.pdf on the class web site. Which operation does TLS do first?
Suppose a company has two locations on either side of the country. Instead of spending money on a private wide area link to connect the two sites, the company decides to transmit "internal" traffic between the two sites over the public internet. To maintain security, an IPsec tunnel mode SA is configured between the gateway routers at each site. Suppose the SA supports both encryption and authentication. What sorts of attacks could an outsider mount against the company under these circumstances? Does the attacker have more options if the SA is encryption only? How about authentication only?