1 / 16

IPsec: Internet Protocol Security

IPsec: Internet Protocol Security. Chong, Luon, Prins, Trotter. What is IPsec?. A collection of protocols for securing Internet Protocol (IP) communications by encrypting and authenticating all IP packets 1 Progressive standard Defined in RFC 2401 thru 2409 Purpose:

druce
Download Presentation

IPsec: Internet Protocol Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter

  2. What is IPsec? • A collection of protocols for securing Internet Protocol (IP) communications by encrypting and authenticating all IP packets1 • Progressive standard • Defined in RFC 2401 thru 2409 • Purpose: • To protect IP packets • To provide defense against network attacks 1: From wikipedia.org

  3. What is IPsec? (cont) • Created November 1998 • Created by the Internet Engineering Task Force (IETF) • Deployable on all platforms • Windows • Unix • Etc.. • Can be implemented and deployed on: • End hosts • Gateways • Routers • Firewalls

  4. Protection Against Attacks • Layer 3 (network) protection • Protects from: • sniffers by encrypting data • data modifications by using cryptography based checksums • identity spoofing, denial of service, application layer, and password based attacks through mutual authentication • man in the middle attacks by mutual authentication and cryptography based keys

  5. How IPsec Works • Services • Protocol Types • Key Protection • Components • Policy Based Security • Model Example

  6. How IPsec Works: Services • Security Properties • Non-repudiation & Authentication • Public key certificate based authentication • Pre-shared key authentication • Anti-replay • Key management • Diffie-Hellman Algorithm, Internet Key Exchange (IKE) • Integrity • Hash message authentication codes (HMAC) • Confidentiality • Public key cryptography

  7. How IPsec Works: Protocol Types • Authentication header (AH) • Authentication, integrity, and anti-replay • Placed between the IP layer and the transport layer

  8. Header Fields Protection

  9. How IPsec Works: Protocol Types (cont.) • Encapsulating security payload (ESP) • Provides confidentiality in addition to what AH provides • Has: • Header • Trailer • Authentication Trailer

  10. Header Fields Protection

  11. How IPsec Works: Components • IPsec Policy Agent Service • Diffie-Hellman Algorithm • Internet Key Exchange (IKE) • Security Association (SA) • Phase 1 SA • Phase 2 SA • IPsec Driver

  12. How IPsec Works: Key Protection • Key lifetimes • Session key refresh limit • Perfect forward security (PFS)

  13. How IPsec Works: Policy Based Security • Rules • Filter list • Filter actions • Policy Inheritance • Authentication

  14. How IPsec Works: Model Example

  15. Practical Implementations • LANs, WANs, and remote connections • VPNs for remote access • Dial-up setting to private networks • Where data security is critical • Example: Hospital with patient data • Businesses with multiple sites

  16. Suggested Readings • http://en.wikipedia.org/wiki/IPSEC • http://www.ietf.org/rfc/rfc2401.txt • http://www.webopedia.com/TERM/I/IPsec.html • http://www.microsoft.com/windows2000/techinfo/planning/security/ipsecsteps.asp • Microsoft Windows 2000 Server TCP/IP Core Networking Guide

More Related