IP SECURITY (VPN)

BySyed Ubaid Ali Jafri

Table Of Contents

• Introduction

• Protocols

• Advantages/Disadvantages

• Why IPSEC?

• IPSEC Header Information

• Configuration

INTRODUCTION• IPsec (Internet Protocol Security) is a framework for a set

of protocols for security at the network or packet processing layer of network communication

PROTOCOLS

• – PPTP point-to-point tunneling protocol• – L2TP layer 2 tunneling protocol• – IPSEC IP security protocols• • IKE• authentication• • AH• integrity• • ESP• confidentiality, integrity

Advantages/DisadvantagesAdvantages DisadvantagesIPsec is that security arrangements can be handled without requiring changes to individual user computers.

IPSec is not limited to specific applications.  There is no way to predict what applications will traverse a network  However, it is guaranteed that they will be routed with IP, making them IPSec compatible

Small Packets - When transmitting small packets, the encryption process of IPSec generates a large overhead.  This diminishes the performance of the network.

Through IP, IPSec can be applied in networks of all sizes including LAN's to global networks. 

Complexity - Because IPSec has a great number of features and options, it is very complex.  Complexity increases the probability of the presence of a weakness or hole.  For example, IPSec is weak against replay attacks

IPSec functions at a low network level, factors such as users, applications, lower level data carrying protocols, and transport technology will not affect the performance of it.

Firewall - The implementation of IPSec defeats the purpose of a firewall.  This is because firewalls are based on preconfigured rules, which IPSec encrypts.  This problem, however, can be avoided if the firewall is used along with the IPSec gateway, which is a decryption method.

WHY IP SECURITY

• The Internet Protocol (IP) has enormous advantages in the use of packets. Each packet contains data that is small, easily handled and maintained. However with these advantages of IP come the disadvantages.  The routing of these packets through the Internet as well as other large networks makes them open to security risks such as:

• Spoofing: a machine on the network acts as another• Sniffing: another person is listening in on another's activity• Session Hijacking: an attacker completely takes over another users

activities• Current Internet protocols do not protect data sufficiently enough

during transfer.  In order to ensure the integrity and security of the data, a set of standard security Internet Protocols knows as IP Security (IPSec) have been developed.

IPSEC HEADER INFORMATION

CONFIGURATION OF IPSEC IN WINDOWS SERVER 2003

• Creating IP Sec Policy• Click Start RUN > Secpol.msc to Start IP Security Policy Management

• Right Click on IP Security Local Policies on Computer, Click Create IP Security Policy

• Click Next , And then Enter Name of your policy “ Microsoft IPSec Policy”

• Building a Filter List from Host A to Host B• In the new policy properties Click “Add to Create a New Rule”

• Click IP Filter List tab, then Lick Next

• Type an Appropriate name for the Filter list, and then click Next

• In the Source Address Box, Click A Specific IP Subnet And Then Type the “IP Address and the Subnet Mask”

• In the destination Address Box, Click A Specific IP Subnet And Then Type the “IP Address and the Subnet Mask”.

Cont….

BUILDING A FILTER LIST FROM HOST B – HOST A

• Click the IP Filter List tab, and then Click Add

• Type a Name for Filter List, Click to Clear the Use Add Wizard Check Box,And then Click Add.

• In the Source Address box, Click A Specific IP Subnet, and then type the IP Address and the Subnet Mask for HOST B .

• In the Destination Box, Click A Specific IP Subnet , and then IP Address and the subnet Mask for HOST A.

• Click to Clear Mirrored Check Box

• Click Ok