11-08-2012, 02:53 PM
IP Security
IP Security.pptx (Size: 268.2 KB / Downloads: 24)
What is IP Security
Framework of open standards to ensure secure communications over the Internet
In short: It is the network layer Internet Security Protocol
IPSec
general IP Security mechanisms
provides
authentication
confidentiality
key management
applicable to use over LANs, across public & private WANs, & for the Internet
IP sec Application
IPSec provides the capability to secure communications across a LAN, across private and public WANs, and across the Internet.
Secure branch office connectivity over the Internet
Secure remote access over the Internet
Establishing extranet and intranet connectivity with partners
Enhancing electronic commerce security
Security Associations
One of the most important concepts in IPSec is called a Security Association (SA). Defined in RFC 1825.
SAs are the combination of a given Security Parameter Index (SPI) and Destination Address.
SAs are one way. A minimum of two SAs are required for a single IPSec connection.
SAs contain parameters including:
Authentication algorithm and algorithm mode
Encryption algorithm and algorithm mode
Key(s) used with the authentication/encryption algorithm(s)
Lifetime of the key
Lifetime of the SA
Source Address(es) of the SA
Sensitivity level (ie Secret or Unclassified)
Benefits of IPSec
In a firewall/router provides strong security to all traffic crossing the perimeter
In a firewall/router is resistant to bypass
Is below transport layer,hence transparent to applications
Can be transparent to end users
Can provide security for individual users
Secures routing architecture
How IPSec works: Communication
Once Phase 2 has established an SA for a particular connection, all traffic on that connection is communicated using the SA.
IKE Phase 1 exchange uses UDP Port 500.
AH uses IP protocol 51.
ESP uses IP protocol 50.
IP Security.pptx (Size: 268.2 KB / Downloads: 24)
What is IP Security
Framework of open standards to ensure secure communications over the Internet
In short: It is the network layer Internet Security Protocol
IPSec
general IP Security mechanisms
provides
authentication
confidentiality
key management
applicable to use over LANs, across public & private WANs, & for the Internet
IP sec Application
IPSec provides the capability to secure communications across a LAN, across private and public WANs, and across the Internet.
Secure branch office connectivity over the Internet
Secure remote access over the Internet
Establishing extranet and intranet connectivity with partners
Enhancing electronic commerce security
Security Associations
One of the most important concepts in IPSec is called a Security Association (SA). Defined in RFC 1825.
SAs are the combination of a given Security Parameter Index (SPI) and Destination Address.
SAs are one way. A minimum of two SAs are required for a single IPSec connection.
SAs contain parameters including:
Authentication algorithm and algorithm mode
Encryption algorithm and algorithm mode
Key(s) used with the authentication/encryption algorithm(s)
Lifetime of the key
Lifetime of the SA
Source Address(es) of the SA
Sensitivity level (ie Secret or Unclassified)
Benefits of IPSec
In a firewall/router provides strong security to all traffic crossing the perimeter
In a firewall/router is resistant to bypass
Is below transport layer,hence transparent to applications
Can be transparent to end users
Can provide security for individual users
Secures routing architecture
How IPSec works: Communication
Once Phase 2 has established an SA for a particular connection, all traffic on that connection is communicated using the SA.
IKE Phase 1 exchange uses UDP Port 500.
AH uses IP protocol 51.
ESP uses IP protocol 50.