Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
Internet Protocol Security (IPsec)
Transcript of Internet Protocol Security (IPsec)
real form of protection for tcp/ip due
to that data on the internet was sent accross
the network as unprotected text, thus the need
for a solution to fixing this problem was needed Ipsec Internet protocol security or
commonly known ipsec is one of
the solutions offered to fix this problem
that tcp/ip faced Purpose Ipsec purpose is to encapsulate and encrypt data
using protocols and aglorithms to protect the user from
malicious attacks for example two people are
exchanging encrypted information
to each other, only they can read the
information because they are only
able to decrypt it, anyone else who
obtains the information will not be able
to decrypt it Example protcol Ipsec protocols are used to sure the ip communication between
client to Server
server to server
network to network Reasons
prevents replay attacks
prevents data tampering
integrated with firewalls types of protocols here is a list used for ipsec
security assciation (SA)
Internet key exchange (IKE)
authentication header (AH)
encapsulating security payload (ESP) authentication header (AH) - integrity based used to providing connectionless integrity and
origin authentication and also protects
against replay attacks
appropriate to use when confidentiality is not required
but be aware of that AH does not provide data confidentiality, this means that all of the data is sent in the clear Encapsulation security payload (ESP) offers the same features as AH
but supports encryption
used to provide confidentiality, data origin authentication, connectionless integrity, an anti-replay service, and traffic flow confidentiality. Security association (SA) group of security parameters
this contains the algorithms used
and the key sizes used
Hosts need common SA to
properly run ipsec
consist of the security protocol (AH or ESP). Internet key exchange (IKE) protocol used to set up security association (SA)
uses X.509 certificates for authentication that are usually pre-shared or distributed using dns
IKE consists of two phases establishes a secure authenticated communication channel by using the Diffie–Hellman key exchange algorithm to generate a shared secret key to encrypt IKE communications uses the secureed channel in Phase 1 to negotiate Security Associations Authentication methods
preshared key kerberos only works on the computer in the domain so it authenticates by verfiying the computer or the computer and user, NOT just the user Certificates trust the certificate authority that is issuing to make the ipsec connection created on trust-relationship used when computer or user is out of domain preshared key "password" method
weak-method, not recommended
used when computer does not support other methods
Modes there are two types of IPsec modes
main mode - ensures each party is valide ( acts as authentication)
quick mode - used to communmicate with the party main mode and quick mode protocol main mode is often used with the AH
while quick mode is the ESP Next header 8 bits
Specifies the next encapsulated protocol.
Length 8 bits
Size of the AH header in 32 bit words
SPI, Security Parameters Index 32 bits
Contains a pseudo random value used to identify. THe Values in the range 1 to 255 are reserved.
Sequence number 32 bits
Authentication Data. Variable length.
This field must contain a multiple of 32 bit words <http://www.networksorcery.com/enp/protocol/ah.htm> SPI, Security Parameters Index. 32 bits.
An arbitrary value that, in combination with the destination IP address and security protocol (ESP)
Sequence number. 32 bits, unsigned.
This field contains an increasing counter value.
Payload data. Variable length.
Contains the data in the next header, this area specifies on what algorithm is used for the esp protocol
Pad length. 8 bits.
size of the Padding field
Next header. 8 bits.
Iprotocol number describing format of the Payload data
Authentication data. Variable length.