The Australian National University College of Engineering and Computer Science School of Computer Science
[ANU][CECS][CS]

CS Student Information

Computer Networks Home page
Computer Networks Overview
Some useful links
Some acronyms

Computer Networks Lectures (2008) (requires authentication)
Computer Networks Labs (2008)
Assignment 1
Assignment 2		 

Computer Networks - Assignment 1 (2008)

Internet Protocol Security (IPSec)

IPSec is a facility invented for IPv6 that has, like most new IPv6 technologies, been "back-ported" to IPv4. It provides a security facility at the IP (Network) layer and so comes under the category of Virtual Private Networks (VPNs) - allowing secure data to travel across the otherwise insecure Internet.

You are required, in groups of two, to conduct your own research on the following questions and provide approximately 50 words per mark answers in a plain text file.

This assignment is worth 10% of the final assessment for your respective Computer/Telecommunications Networking course.

Question 1: describe the two protocol headers used by IPSec and explain why one of the headers is of limited value on it's own. 2 marks

Question 2: IPSec is normally used in one of two modes. Explain how IPSec can be used to provide secure connections from a "road warrior" (single machine) to an enterprise network, including "split routing" setup. 2 marks

Question 3: Now describe how a "branch office" might use IPSec to give the appearance of a single corporate LAN back to the "central office". Discuss address ranges that might be used and routing setup. 2 marks

Question 4: Briefly compare how IPSec works compared with either OpenVPN, or Point-to-Point Tunneling Protocol (PPTP). 1 mark

Question 5: Choose any random network routing device that you can find details for on the web that implements IPSec - it can be "consumer-grade" (eg. for home/small office) or "enterprise grade". Describe which encryption schemes it supports, which IPSec modes it can be used in and how many IPSec end-points it can handle. Describe any other interesting features of the device. Include the URL(s) to the documentation you are using for these details. 3 marks.

Extra Details for Masters Students (COMP6331/ENGN6535)

Masters level students need to complete the following question, worth 4 marks. Your assignments will be marked out of 14 and scaled to be worth 10%.

Additional Question: What is a replay attack? What service does IPSec provide to counter such an attack? Describe how does it works.

Submission Details

Your submission should include references to all material used in formulating your responses.

  • You should all have indicated to your lab tutor who your partner is (or have permission from Ramesh to work on your own)
  • Only one of you should submit the assignment, but clearly indicate who your partner is on your assignment submission
  • submit the assignment from the CSIT labs, or from the remote login server partch using the submit command:
    • submit comp3310 Assign1 assign1.txt
  • Of course, if you are enrolled in comp6331, engn4535 or engn6535, substitute that as appropriate
  • note: your file must be called "assign1.txt" or it will not be accepted for submission
  • it must be formatted with Unix/Linux newline characters (no DOS newlines, please! - check it with cat or less first!)
  • Submissions after 5pm on Friday, April 11, 2008, will automatically be flagged as "LATE"
top of page
Author: R. Edwards: Phone: +61 2 612 54090; Fax +61 2 612 50010
Feedback: Please direct comments about this page to: Bob.Edwards@cs.anu.edu.au		 Last Modified: