SóProvas


ID
2757349
Banca
FAURGS
Órgão
BANRISUL
Ano
2018
Provas
Disciplina
Redes de Computadores
Assuntos

Qual dos protocolos abaixo NÃO permite sua utilização em redes que utilizam NAT, mesmo com o uso de mecanismos de NAT-Traversal ou com encapsulamento em protocolos de transporte?

Alternativas
Comentários
  • Alternativa correta: A.


    "Though AH provides very strong protection of a packet's contents because it covers everything that can be possibly considered immutable, this protection comes at a cost: AH is incompatible with NAT (Network Address Translation)."


    Resumindo: como o cabeçalho AH faz a autenticidade e integridade do cabeçalho, modificá-lo durante a transmissão fazendo NAT não é possível. (ESP agrande apenas os dados)

  • Questão sinistra... Está no limiar de ser questionada.. Segue texto:


    "The AH protocol provides a mechanism for authentication only. AH provides data integrity, data origin authentication, and an optional replay protection service. Data integrity is ensured by using a message digest that is generated by an algorithm such as HMAC-MD5 or HMAC-SHA. Data origin authentication is ensured by using a shared secret key to create the message digest. Replay protection is provided by using a sequence number field with the AH header. AH authenticates IP headers and their payloads, with the exception of certain header fields that can be legitimately changed in transit, such as the Time To Live (TTL) field.

    The ESP protocol provides data confidentiality (encryption) and authentication (data integrity, data origin authentication, and replay protection). ESP can be used with confidentiality only, authentication only, or both confidentiality and authentication. When ESP provides authentication functions, it uses the same algorithms as AH, but the coverage is different. AH-style authentication authenticates the entire IP packet, including the outer IP header, while the ESP authentication mechanism authenticates only the IP datagram portion of the IP packet."

    Fonte: https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.3.0/com.ibm.zos.v2r3.halz002/ipsecurity_ipsec_ah_esp.htm


    Resumindo:


    O ESP pode fornecer apenas confidencialidade ou confidencialidade e autenticidade. Caso ofereça os dois, acredito fortemente que cairá na mesma situação do AH.


    Alguém comenta??