Download IPSEC Presentation

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
Document related concepts

One-time pad wikipedia , lookup

Information privacy law wikipedia , lookup

Information security wikipedia , lookup

Unix security wikipedia , lookup

Cyber-security regulation wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Web of trust wikipedia , lookup

Deep packet inspection wikipedia , lookup

Secure multi-party computation wikipedia , lookup

Microsoft Security Essentials wikipedia , lookup

Quantum key distribution wikipedia , lookup

Next-Generation Secure Computing Base wikipedia , lookup

Certificate authority wikipedia , lookup

Computer security wikipedia , lookup

Mobile security wikipedia , lookup

Wireless security wikipedia , lookup

Cryptography wikipedia , lookup

Cryptanalysis wikipedia , lookup

Security and safety features new to Windows Vista wikipedia , lookup

Security-focused operating system wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Distributed firewall wikipedia , lookup

History of cryptography wikipedia , lookup

Diffie–Hellman key exchange wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Post-quantum cryptography wikipedia , lookup

Authentication wikipedia , lookup

3-D Secure wikipedia , lookup

Transcript 
IPsec: Internet Protocol Security
Chong, Luon, Prins, Trotter
What is IPsec?
• A collection of protocols for securing
Internet Protocol (IP) communications
by encrypting and authenticating all IP
packets1
• Progressive standard
• Defined in RFC 2401 thru 2409
• Purpose:
– To protect IP packets
– To provide defense against network attacks
1: From wikipedia.org
What is IPsec? (cont)
• Created November 1998
• Created by the Internet Engineering Task
Force (IETF)
• Deployable on all platforms
– Windows
– Unix
– Etc..
• Can be implemented and deployed on:
–
–
–
–
End hosts
Gateways
Routers
Firewalls
Protection Against Attacks
• Layer 3 (network) protection
• Protects from:
– sniffers by encrypting data
– data modifications by using cryptography
based checksums
– identity spoofing, denial of service,
application layer, and password based
attacks through mutual authentication
– man in the middle attacks by mutual
authentication and cryptography based keys
How IPsec Works
•
•
•
•
•
•
Services
Protocol Types
Key Protection
Components
Policy Based Security
Model Example
How IPsec Works: Services
• Security Properties
– Non-repudiation & Authentication
• Public key certificate based authentication
• Pre-shared key authentication
– Anti-replay
• Key management
• Diffie-Hellman Algorithm, Internet Key Exchange (IKE)
– Integrity
• Hash message authentication codes (HMAC)
– Confidentiality
• Public key cryptography
How IPsec Works: Protocol Types
• Authentication header (AH)
– Authentication, integrity, and anti-replay
– Placed between the IP layer and the
transport layer
Header Fields
Protection
How IPsec Works: Protocol Types (cont.)
• Encapsulating security payload (ESP)
– Provides confidentiality in addition to what
AH provides
– Has:
• Header
• Trailer
• Authentication Trailer
Header Fields
Protection
How IPsec Works: Components
•
•
•
•
IPsec Policy Agent Service
Diffie-Hellman Algorithm
Internet Key Exchange (IKE)
Security Association (SA)
– Phase 1 SA
– Phase 2 SA
• IPsec Driver
How IPsec Works: Key Protection
• Key lifetimes
• Session key refresh limit
• Perfect forward security (PFS)
How IPsec Works: Policy Based Security
•
•
•
•
•
Rules
Filter list
Filter actions
Policy Inheritance
Authentication
How IPsec Works: Model Example
Practical Implementations
• LANs, WANs, and remote connections
– VPNs for remote access
– Dial-up setting to private networks
– Where data security is critical
• Example: Hospital with patient data
• Businesses with multiple sites
Suggested Readings
• http://en.wikipedia.org/wiki/IPSEC
• http://www.ietf.org/rfc/rfc2401.txt
• http://www.webopedia.com/TERM/I/IPsec.html
• http://www.microsoft.com/windows2000/techinfo/p
lanning/security/ipsecsteps.asp
• Microsoft Windows 2000 Server TCP/IP Core
Networking Guide
Related documents
William Stallings, Cryptography and Network Security 3/e
William Stallings, Cryptography and Network Security 3/e
William Stallings, Cryptography and Network Security 3/e
William Stallings, Cryptography and Network Security 3/e
Chapter 9
Chapter 9
Network Layer Security
Network Layer Security
Slide 1
Slide 1
IPSec (IP Security)
IPSec (IP Security)
Web Security
Web Security
Secure Mobile IP Communication - Department of Computer Science
Secure Mobile IP Communication - Department of Computer Science
Secure Mobility - Grand Rapids ISSA
Secure Mobility - Grand Rapids ISSA
Mullvad Barnprogram
Mullvad Barnprogram
Security Issues in Mobile Ad
Security Issues in Mobile Ad
William Stallings, Cryptography and Network Security 4/e
William Stallings, Cryptography and Network Security 4/e