46 %
54 %
Information about IPSec

Published on September 24, 2007

Author: Misree

Source: authorstream.com

IPsec:  IPsec Shu Zhang IPsec:  IPsec Definition: (Webopedia) Short for IP Security, a set of protocols developed by the IETF to support secure exchange of packets at the IP layer. IPsec has been deployed widely to implement Virtual Private Networks (VPNs) Virtual Private Network (VPN):  Virtual Private Network (VPN) More and more across-country or worldwide companies due to global market there is a problem for all of them how to maintain fast, secure and reliable communications wherever their offices are Leased lines very expensive Virtual Private Network (VPN):  Virtual Private Network (VPN) VPN: using public wires, usually Internet to connect company’s private network, remote sites and users together, instead of using a dedicate, real-world connection. Virtual Private Network (VPN):  Virtual Private Network (VPN) Features of VPN: Security Reliability Scalability Network management Policy management VPN Security:  VPN Security Several Methods: Firewall Encryption IPsec AAA server Goal of IPsec:  Goal of IPsec Provides security services at IP layer Access control Integrity Data origin Authentication Rejection of replayed packets Confidentiality IPsec Architecture:  IPsec Architecture Components Security Protocols Security Associations Key Management Algorithms for authentication and encryption Security Protocols:  Security Protocols Authentication Header (AH) Data Origin Authentication Anti-replay service Data Integrity Encapsulating Security Payload (ESP) Confidentiality Data Origin Authentication Anti-replay service Connectionless Integrity AH:  AH AH provides authentication for as much of the IP header as possible, as well as for upper level protocol data Tow modes: transport mode/tunnel mode AH Location:  AH Location AH Algorithms:  AH Algorithms Keyed Message Authentication Codes (MAC) based on Symmetric Key Encryption( DES) One-way hash function (MD5/SHA-1) ESP:  ESP Provides Data Confidentiality to IP payload using Encryption It can provides Data Integrity and connectionless Integrity, but the coverage is different from AH Two: transport Mode/Tunnel Mode ESP Format:  ESP Format ESP Algorithms:  ESP Algorithms Encryption Algorithms Symmetric Encryption Algorithms Authentication Algorithms The same as AH Security Associations (SA):  Security Associations (SA) A management Component used to enforce a security policy in the IPsec environment A simplex 'connection' that affords security services to the traffic it carries The set of security services depends on: Protocol selected SA mode Endpoints of the SA SA’s Mode:  SA’s Mode Transport Mode Between 2 hosts Transport Mode AH The protection is to selected portions of IP header and higher layer protocol header Transport Mode ESP The protection is only for the higher layer SA’s Mode:  SA’s Mode Tunnel Mode Applied to an IP tunnel Tunnel Mode AH Portions of 'outer' IP header, as well as all of 'inner' IP packet Tunnel Mode ESP Only to the tunneled packet DataBases in IPsec:  DataBases in IPsec Two databases are maintained in each IPsec implementation: Security Policy Database (SPD) Security Association Database (SAD) SPD:  SPD Contains an ordered list of policy entries keyed by selectors Destination/Source IP Address Transport Layer protocol Destination/Source Port Each entry includes: SA specification IPsec protocol Modes algorithms SPD:  SPD An administrative interface must be provided to user or system administrator Must be consulted during the all the traffic processing, including non-IPsec traffic SAD:  SAD Each entry defines the parameters associated with one SA Sequence Number Counter Anti_replay window AH Authentication algorithm, keys ESP Encryption algorithm, keys ESP Authentication algorithm, keys Lifetime of SA IPsec Protocol Mode IPsec Processing:  IPsec Processing Differentiate inbound/outbound traffic For outbound Entries are pointed to by entries in SPD If not, create a new SA For inbound A triple is used to uniquely identify a SA andlt;Destination IP address, IPsec Protocol, Security Parameters Indexandgt; Security Parameter Index:  Security Parameter Index 32-bit value Selected by destination system when a new SA is established SA Management Protocol:  SA Management Protocol Internet Security Association and Key Management Protocol (ISAKMP) is the framework for SA management It defines: Procedure and Packet format to establish, negotiate, modify and delete SAs Payloads for exchanging key generation and authentication data ISAKMP:  ISAKMP ISAKMP has 3 main functions Security Associations and Management Negotiation: authentication mechanism cryptographic algorithm algorithm mode key length nitialization Vector (IV) …… Establishment ISAKMP:  ISAKMP Authentication Authenticate the entity at the other end of Communication Strong Authentication must be provided Digital signature Public Key Encryption obtain shared secrets and session keys Key Establishment: Key generation/Key transport Key Exchange Authentication ISAKMP Negotiation:  ISAKMP Negotiation Offer 2-phase negotiation Phase 1: establish an ISAKMP SA to protect further negotiation Phase 2: establish real protocol SAs Higher start-up cost Benefit: Multiple Protocol SAs can be established Allow to use simpler second phase exchanges ISAKMP SA reduces ISAKMP management activities ISAKMP Protection:  ISAKMP Protection Denial-of-service A anti-clogging token (ACT) Man-in-the-middle attack Authentication and Encryption Algorithms:  Algorithms Not bounded to any specific cryptographic algorithm, key generation technique, or security mechanism Supports the dynamic communications environment Provides a forward migration path to better mechanisms and algorithms

Add a comment

Related presentations

Related pages

IPsec – Wikipedia

IPsec (Kurzform für Internet Protocol Security) ist eine Protokoll-Suite, die eine gesicherte Kommunikation über potentiell unsichere IP-Netze wie das ...
Read more

IPsec - Security Architecture for IP (VPN)

Elektronik-Kompendium.de > Netzwerktechnik. IPsec - Security Architecture for IP. IPsec ist eine Erweiterung des Internet-Protokolls (IP) um ...
Read more

IPsec - Wikipedia, the free encyclopedia

Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications that works by authenticating and encrypting each IP ...
Read more

Sichere Netzwerke mit IPSec - ping.de

IPSec - Architektur •IP-Pakete enthalten dabei die Sender- und Empfänger-Adressen im Header •Diese Pakete werden von den Routern unverschlüsselt ...
Read more

An Introduction to IP Security (IPSec) Encryption - Cisco

This document introduces IPsec to users in a rapid, but concise format. This document contains basic configurations of Internet Key Exchange (IKE) with pre ...
Read more

IPsec VPN Client für Windows 10 8.x-7, Android, OS X ...

Professionelle IPsec VPN Client Suite (VPN Client, Personal Firewall, Dialer) für Laptop, Tablet, Smartphone und Desktop. Für Windows, Android, OS X ...
Read more

IPsec- NCP

Universelle VPN Clients. One Click IPsec VPN Client Solution für verschiedene Betriebssysteme. Mehr erfahren!
Read more

What Is IPSec?: Security Policy; Security Services

Internet Protocol security (IPSec) is a framework of open standards for helping to ensure private, secure communications over Internet Protocol ...
Read more

ZyWALL IPSec VPN Client VPN Client Software | ZyXEL

The ZyWALL IPSec VPN Client is designed for mobile users to establish a secure connection to corporate networks over the Internet. With a 3-step ...
Read more

IPSEC Protokoll - Einsatz, Aufbau, benötigte Ports und ...

IPSEC nutzt fast jede Firma - doch kaum einer weiss was es damit auf sich hat. Erklärungen gibt es dazu viele, doch leider auch zu viele unverständliche ...
Read more