ipsec: internet protocol security chong, luon, prins, trotter
Post on 18-Dec-2015
229 views
TRANSCRIPT
![Page 1: IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649d225503460f949f8c1c/html5/thumbnails/1.jpg)
IPsec: Internet Protocol Security
Chong, Luon, Prins, Trotter
![Page 2: IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649d225503460f949f8c1c/html5/thumbnails/2.jpg)
What is IPsec?
• A collection of protocols for securing Internet Protocol (IP) communications by encrypting and authenticating all IP packets1
• Progressive standard• Defined in RFC 2401 thru 2409• Purpose:
– To protect IP packets– To provide defense against network
attacks1: From wikipedia.org
![Page 3: IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649d225503460f949f8c1c/html5/thumbnails/3.jpg)
What is IPsec? (cont)
• Created November 1998• Created by the Internet Engineering Task
Force (IETF)• Deployable on all platforms
– Windows– Unix– Etc..
• Can be implemented and deployed on:– End hosts– Gateways– Routers– Firewalls
![Page 4: IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649d225503460f949f8c1c/html5/thumbnails/4.jpg)
Protection Against Attacks
• Layer 3 (network) protection• Protects from:
– sniffers by encrypting data– data modifications by using
cryptography based checksums– identity spoofing, denial of service,
application layer, and password based attacks through mutual authentication
– man in the middle attacks by mutual authentication and cryptography based keys
![Page 5: IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649d225503460f949f8c1c/html5/thumbnails/5.jpg)
How IPsec Works
• Services• Protocol Types• Key Protection• Components• Policy Based Security• Model Example
![Page 6: IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649d225503460f949f8c1c/html5/thumbnails/6.jpg)
How IPsec Works: Services
• Security Properties– Non-repudiation & Authentication
• Public key certificate based authentication• Pre-shared key authentication
– Anti-replay• Key management• Diffie-Hellman Algorithm, Internet Key Exchange
(IKE)
– Integrity• Hash message authentication codes (HMAC)
– Confidentiality• Public key cryptography
![Page 7: IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649d225503460f949f8c1c/html5/thumbnails/7.jpg)
How IPsec Works: Protocol Types
• Authentication header (AH)– Authentication, integrity, and anti-
replay– Placed between the IP layer and the
transport layer
![Page 8: IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649d225503460f949f8c1c/html5/thumbnails/8.jpg)
Header Fields
Protection
![Page 9: IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649d225503460f949f8c1c/html5/thumbnails/9.jpg)
How IPsec Works: Protocol Types (cont.)
• Encapsulating security payload (ESP)– Provides confidentiality in addition to
what AH provides– Has:
• Header• Trailer• Authentication Trailer
![Page 10: IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649d225503460f949f8c1c/html5/thumbnails/10.jpg)
Header Fields
Protection
![Page 11: IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649d225503460f949f8c1c/html5/thumbnails/11.jpg)
How IPsec Works: Components
• IPsec Policy Agent Service• Diffie-Hellman Algorithm• Internet Key Exchange (IKE)• Security Association (SA)
– Phase 1 SA– Phase 2 SA
• IPsec Driver
![Page 12: IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649d225503460f949f8c1c/html5/thumbnails/12.jpg)
How IPsec Works: Key Protection
• Key lifetimes• Session key refresh limit• Perfect forward security (PFS)
![Page 13: IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649d225503460f949f8c1c/html5/thumbnails/13.jpg)
How IPsec Works: Policy Based Security
• Rules• Filter list• Filter actions• Policy Inheritance• Authentication
![Page 14: IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649d225503460f949f8c1c/html5/thumbnails/14.jpg)
How IPsec Works: Model Example
![Page 15: IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649d225503460f949f8c1c/html5/thumbnails/15.jpg)
Practical Implementations
• LANs, WANs, and remote connections– VPNs for remote access– Dial-up setting to private networks– Where data security is critical
• Example: Hospital with patient data• Businesses with multiple sites
![Page 16: IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter](https://reader035.vdocuments.net/reader035/viewer/2022062216/56649d225503460f949f8c1c/html5/thumbnails/16.jpg)
Suggested Readings
• http://en.wikipedia.org/wiki/IPSEC• http://www.ietf.org/rfc/rfc2401.txt• http://www.webopedia.com/TERM/I/IPsec.html• http://www.microsoft.com/windows2000/techinf
o/planning/security/ipsecsteps.asp
• Microsoft Windows 2000 Server TCP/IP Core Networking Guide