IPSec

Views:
 
     
 

Presentation Description

The basic concepts of IPSec

Comments

By: ajmalibm (77 month(s) ago)

Very informative

By: pn.marimuthu (100 month(s) ago)

thanks

Presentation Transcript

IPSec : 

IPSec By Maggie Zhou Oct, 2008

Basic concepts : 

2 Basic concepts a suite of protocols for securing network connections network layer, layer 3 IPsec supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection

AH versus ESP : 

3 AH versus ESP "Authentication Header" (AH) "Encapsulating Security Payload" (ESP) two main wire-level protocols used by IPsec, authenticate (AH) encrypt+authenticate (ESP) the data flowing over that connection. They are typically used independently, though it's possible (but uncommon) to use them both together

Tunnel mode versus Transport mode : 

4 Tunnel mode versus Transport mode Transport Mode provides a secure connection between two endpoints as it encapsulates IP's payload Tunnel Mode encapsulates the entire IP packet to provide a virtual "secure hop" between two gateways is used to form a traditional VPN, where the tunnel generally creates a secure tunnel across an untrusted Internet

crypto choices : 

5 crypto choices Setting up an IPsec connection involves all kinds of crypto choices This is simplified substantially by the fact that any given connection can use at most two or (rarely) three at a time MD5 versus SHA-1 versus DES versus 3DES versus AES versus blah blah

IKE versus manual keys : 

6 IKE versus manual keys how the key data is exchanged. Since both sides of the conversation need to know the secret values used in hashing or encryption, Manual keys require manual entry of the secret values on both ends, presumably conveyed by some out-of-band mechanism IKE (Internet Key Exchange) is a sophisticated mechanism for doing this online

Main mode versus aggressive mode : 

7 Main mode versus aggressive mode These modes control an efficiency-versus-security tradeoff during initial IKE key exchange. "Main mode" requires six packets back and forth, but affords complete security during the establishment of an IPsec connection Aggressive mode uses half the exchanges providing a bit less security because some information is transmitted in cleartext.

Slide 8: 

8

AH: Authentication Only : 

9 AH: Authentication Only

Slide 10: 

10

Slide 11: 

11

Slide 12: 

12

Slide 13: 

13

Slide 14: 

14

Slide 15: 

15

Slide 16: 

16

Slide 17: 

17

authorStream Live Help