VPNs and IPSec Review VPN concepts Encryption IPSec Lab.

Slides:



Advertisements
Similar presentations
IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
Advertisements

Internet Protocol Security (IP Sec)
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Internet Security CSCE 813 IPsec
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Security at the Network Layer: IPSec
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
CSCE 715: Network Systems Security
Information management 1 Groep T Leuven – Information department 1/26 IPSec IP Security (IPSec)
Karlstad University IP security Ge Zhang
Network Security David Lazăr.
IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.
IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.
IPSec ● IP Security ● Layer 3 security architecture ● Enables VPN ● Delivers authentication, integrity and secrecy ● Implemented in Linux, Cisco, Windows.
IP Security: Security Across the Protocol Stack. IP Security There are some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.
1 CMPT 471 Networking II Authentication and Encryption © Janice Regan,
Virtual Private Network. ATHENA Main Function of VPN  Privacy  Authenticating  Data Integrity  Antireplay.
IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Virtual Private Network Chapter 4. Lecturer : Trần Thị Ngọc Hoa2 Objectives  VPN Overview  Tunneling Protocol  Deployment models  Lab Demo.
V IRTUAL P RIVATE N ETWORKS K ARTHIK M OHANASUNDARAM W RIGHT S TATE U NIVERSITY.
Cryptography and Network Security (CS435) Part Thirteen (IP Security)
IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
Network Layer Security Network Systems Security Mort Anvari.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
K. Salah1 Security Protocols in the Internet IPSec.
8-1Network Security Virtual Private Networks (VPNs) motivation:  institutions often want private networks for security.  costly: separate routers, links,
Provided By: Saeed Darvish Pazoki – MCSE, CCNA Wikipedia VPNs Illustrated: Tunnels, VPNs, and IPsec - By Jon C. Snader SSL and TLS Essentials – By Stephen.
第六章 IP 安全. Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
IP Security
VPNs & IPsec Dr. X Slides adopted by Prof. William Enck, NCSU.
Module 4: Configuring Site to Site VPN with Pre-shared keys
VPNs and IPSec Review VPN concepts Encryption IPSec Lab.
IPSec Detailed Description and VPN
Chapter 5 Network Security Protocols in Practice Part I
UNIT 7- IP Security 1.IP SEC 2.IP Security Architecture
IPSecurity.
Reviews Rocky K. C. Chang 20 April 2007.
Version B.00 H7076S Module 3 Slides
CSE 4905 IPsec.
Encryption and Network Security
Chapter 16 – IP Security If a secret piece of news is divulged by a spy before the time is ripe, he must be put to death, together with the man to whom.
Chapter 18 IP Security  IP Security (IPSec)
Somesh Jha University of Wisconsin
Internet and Intranet Fundamentals
CSE 4905 IPsec II.
UNIT.4 IP Security.
Chapter 8 Network Security.
IPSec IPSec is communication security provided at the network layer.
CSE565: Computer Security Lecture 23 IP Security
No.9: IP Security Network Information Security 网络信息安全
Cryptography and Network Security
Slides have been taken from:
Network Security (contd.)
Sheila Frankel Systems and Network Security Group, ITL
Virtual Private Networks (VPNs)
NET 536 Network Security Lecture 5: IPSec and VPN
Virtual Private Networks (VPNs)
Chapter 6 IP Security.
Lecture 36.
CSE 5/7349 – February 15th 2006 IPSec.
Lecture 36.
Cryptography and Network Security
Presentation transcript:

VPNs and IPSec Review VPN concepts Encryption IPSec Lab

VPN concepts Tunneling Encryption

Tunneling Encapsulation of a packet within another packet Encapsulated packet may be another protocol IPX packet may be encapsulated in IP to transport IPX across an IP network Encapsulated packet may be encrypted  

What is Encryption Converting clear or plain text into some other form – called ciphertext Transposition Substitution Encryption and decryption is performed by an algorithm using a key

Encryption History Dates back to early history 1 2 3 4 5 a b c d e f g Greek system – Polybius square – each message letter replaced by two letters in grid. 1 2 3 4 5 a b c d e f g h I j k l m n o p q r s t u v w x y

Encryption History Ceasar Cipher Simply shift each letter

Encryption Symmetric key encryption Shared key – same on both ends Encryption is fast Key management is issue DES, 3DES, AES, IDEA Used by IPSec for data encryption

Data Encryption Standard Block cipher 56 bit key Now considered insecure 3DES is more secure but slower – DES is applied three times

Advanced Encryption Standard Block cipher (128 bit block) Key sizes of 128, 192, 256 Became a standard in 2002

Asymmetric Encryption Two different keys - private key & public key Encrypt with one, decrypt with the other More complex – slower encryption Pretty Good Privacy (PGP), Diffie-Hellman For confidentiality encrypt with public- only private key can decrypt For authentication encrypt with private – public can decrypt and verify

Hash Algorithm Mathematical function that coverts variable length input into constant length output When two inputs result in same output it is called a collision Hashes have many uses In CHAP, for example, used for authentication SHA-1 and MD5 are hash algorithms

IPSec Standard protocol Purpose is to provide either a tamper-free and/or confidential transfer service Tamper-free means you can be sure it wasn’t altered in transit Confidential means no one else could read it May invoke both services Includes anti-replay service through use of sequence numbers IPSec is a protocol suite - consists of multiple protocols IKE - Internet Key Exchange ESP - Encapsulation security Protocol – confidential transfer AH - Authentication header – tamper-free transfer

IPSec implementation modes Tunnel mode Usually formed between 2 routers (gateways). Can be host to host or host to gateway. Encrypted tunnel provided by ESP. Entire packet is encrypted and a new header is attached. DIP is peer address. Transparent to end user Frame makeup – IP header IPSec header IP datagram

IPSec implementation modes Transport mode Original IP header used- encrypts payload only Suited for host to host on internal network Frame makeup IP header IPSec header TCP header/data

IKE Authentication and negotiation protocol. Verifies the identity of each peer to the other Exchanges public keys; manages keys Negotiates which encryption method will be used Negotiates which protocol – ESP or AH Operates in 2 phases Uses SKEME, Oakley and ISAKMP protocols SKEME – key exchange protocol Oakley – allows different exchange modes ISAKMP – Defines how peers communicate

IKE phase 1 Remote user must first be authenticated Pre-shared key can be used Digital certificates - covered below Kerberos – Windows with Active Directory Negotiates the parameters that will be used in phase 2. Phase 1 can be accomplished by 2 different modes - main mode and aggressive mode. Aggressive mode uses fewer packets and is less secure. Not supported by all vendors.

IKE phase 2 Negotiates the parameters of the IPSec SA. Only uses quick mode - 3 packets All exchanges are encrypted

Security Association (SA) Formed before any data is exchanged Agreement between 2 IPSec peers/endpoints as to parameters of data exchange such as- Encryption and hash algorithm to be used Protocols being used Communication modes Each IPSec peer may be communicating with other peers and have multiple SAs. SAs are maintained in an SA database. (SAD)

Authentication Header (AH) Protocol ID 51 Provides authentication and integrity checking but not confidentiality Adds header to existing IP packet. Header contains digital signature verifying that packet hasn't been changed. Digital signature in this case is termed the Intergrity Check Value (ICV) and is a hash value. What is a digital signature? What is a hash?

Configuring IPSec Cisco Define traffic to protect with acl Configure IPSec transform set Set peer address

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.