0 Bewertungen0% fanden dieses Dokument nützlich (0 Abstimmungen)
84 Ansichten18 Seiten
IPSec is a network security protocol that can provide integrity, authentication and confidentiality of IP packets. It operates in two modes - transport mode for host-to-host communication and tunnel mode for gateway-to-gateway communication. IPSec uses the Authentication Header protocol to provide data authentication and integrity and the Encapsulating Security Payload protocol to provide encryption in addition to authentication. It establishes Security Associations between nodes using identifiers such as Security Parameter Index and IP addresses.
IPSec is a network security protocol that can provide integrity, authentication and confidentiality of IP packets. It operates in two modes - transport mode for host-to-host communication and tunnel mode for gateway-to-gateway communication. IPSec uses the Authentication Header protocol to provide data authentication and integrity and the Encapsulating Security Payload protocol to provide encryption in addition to authentication. It establishes Security Associations between nodes using identifiers such as Security Parameter Index and IP addresses.
IPSec is a network security protocol that can provide integrity, authentication and confidentiality of IP packets. It operates in two modes - transport mode for host-to-host communication and tunnel mode for gateway-to-gateway communication. IPSec uses the Authentication Header protocol to provide data authentication and integrity and the Encapsulating Security Payload protocol to provide encryption in addition to authentication. It establishes Security Associations between nodes using identifiers such as Security Parameter Index and IP addresses.
INTRODUCTION COMPONENTS OF IPSEC IPSEC MODES SECURITY ASSOCIATIONS OF IPSEC AUTHENTICATION HEADER ENCAPSULATING SECURITY PAYLOAD PROS AND CONS IP protocol was designed in the late 70s and early 80s Part of DARPA( Defence Advanced Research Projects Agency) internet project. Very small network, all hosts are known so security was not an issue.
Security Flaws in IP?
No data integrity and authentication No encryption to protect payload and replay attacks are possible It protects IP and upper layer protocols (TCP,UDP) Can be transparent to end users Can provide security for end users It is used to provide integrity, confidentiality and authentication of packets Mandatory in IPv6, optional in IPv4 An authentication protocol:Authentication header (AH) RFC 2402 A combination of encryption and authentication protocol:Encapsulating Security Payload(ESP) Key Management and Exchange Protocols (ISAKMP/OAKLEY ) It operates in two modes transport mode and tunnel mode Transport mode End-to-end, host-to-gateway communication Is used mainly between end-stations Tunnel mode gateway-to-gateway or host to gateway It is most commonly used between gateway-to- gateway. Transport :All fields of IP header will not be used in authentication Tunnel : Entire original IP packet can be encrypted and authenticated Security Parameter Index (SPI) Used to select the protocols at sender and receiver end. IP destination address Sequence numbers These are stored in SAD(Security Association Database) Protocols used for security associations are Authentication Header and Encapsulating security payload(Encapsulating) It can be used in either tunnel or transport mode Provide data authentication and integrity using MAC Protect against reply attacks using sequence number NO protection for confidentiality Keyed Message authentication code(MAC) is calculated over IP header except mutable fields like TTL, checksum etc. IPSec header except ICV field Provides data integrity and authentication In addition provides data confidentiality Uses symmentric key encryption Pros Provides secure channel Provides cost effective channels compared to private dedicated lines
Cons Symmetric key is used which can be compromised