Presentation is loading. Please wait.

Presentation is loading. Please wait.

11 SECURING NETWORK TRAFFIC WITH IPSEC Chapter 6.

Published byArchibald Morgan Modified over 8 years ago

Similar presentations

Presentation on theme: "11 SECURING NETWORK TRAFFIC WITH IPSEC Chapter 6."— Presentation transcript:

1 11 SECURING NETWORK TRAFFIC WITH IPSEC Chapter 6

2 Chapter 6: SECURING NETWORK TRAFFIC WITH IPSEC2 GOALS OF IPSEC  Protects the contents of IP packets  Provides defense against network attacks  Protects the contents of IP packets  Provides defense against network attacks

3 Chapter 6: SECURING NETWORK TRAFFIC WITH IPSEC3 PROTECTING AGAINST SECURITY ATTACKS

4 Chapter 6: SECURING NETWORK TRAFFIC WITH IPSEC4 WHAT IS IPSEC? IPSec is an architectural framework that provides cryptographic security services for IP packets.

5 Chapter 6: SECURING NETWORK TRAFFIC WITH IPSEC5 IPSEC SECURITY FEATURES  Automatic security association (SA)  IP packet filtering  Network layer security  Peer authentication  Data origin authentication  Data integrity  Data confidentiality  Anti-replay  Key management  Automatic security association (SA)  IP packet filtering  Network layer security  Peer authentication  Data origin authentication  Data integrity  Data confidentiality  Anti-replay  Key management

6 Chapter 6: SECURING NETWORK TRAFFIC WITH IPSEC6 NEW IPSEC FEATURES IN MICROSOFT WINDOWS SERVER 2003  The IP Security Monitor snap-in  Stronger cryptographic master key  The Netsh command-line tool  Computer startup security  Persistent policies  Improved IPSec functionality over Network Address Translation (NAT)  Improved load balancing  Resultant Set of Policies (RSoP)  The IP Security Monitor snap-in  Stronger cryptographic master key  The Netsh command-line tool  Computer startup security  Persistent policies  Improved IPSec functionality over Network Address Translation (NAT)  Improved load balancing  Resultant Set of Policies (RSoP)

7 Chapter 6: SECURING NETWORK TRAFFIC WITH IPSEC7 IPSEC PROTOCOLS  Authentication Header (AH)  Encapsulating Security Payload (ESP)  Authentication Header (AH)  Encapsulating Security Payload (ESP)

8 Chapter 6: SECURING NETWORK TRAFFIC WITH IPSEC8 IPSEC MODES  Transport mode  Tunnel mode  Transport mode  Tunnel mode

9 Chapter 6: SECURING NETWORK TRAFFIC WITH IPSEC9 SECURITY ASSOCIATIONS (SAs)  Internet Security Association and Key Management Protocol (ISAKMP)  IPSec  Security Parameters Index (SPI)  Internet Security Association and Key Management Protocol (ISAKMP)  IPSec  Security Parameters Index (SPI)

10 Chapter 6: SECURING NETWORK TRAFFIC WITH IPSEC10 INTERNET KEY EXCHANGE (IKE)  Oakley Key Determination Protocol  Diffie-Hellman key exchange  Dynamic rekeying  Oakley Key Determination Protocol  Diffie-Hellman key exchange  Dynamic rekeying

11 Chapter 6: SECURING NETWORK TRAFFIC WITH IPSEC11 IPSEC POLICY AGENT SERVICE

12 Chapter 6: SECURING NETWORK TRAFFIC WITH IPSEC12 IPSEC DRIVER

13 Chapter 6: SECURING NETWORK TRAFFIC WITH IPSEC13 SECURITY NEGOTIATION PROCESS

14 Chapter 6: SECURING NETWORK TRAFFIC WITH IPSEC14 IPSEC SECURITY POLICIES

15 Chapter 6: SECURING NETWORK TRAFFIC WITH IPSEC15 COMPONENTS OF IPSEC POLICIES

16 Chapter 6: SECURING NETWORK TRAFFIC WITH IPSEC16 DEFAULT IPSEC SECURITY POLICIES  Server (Request Security)  Client (Respond Only)  Secure Server (Require Security)  Server (Request Security)  Client (Respond Only)  Secure Server (Require Security)

17 Chapter 6: SECURING NETWORK TRAFFIC WITH IPSEC17 DEPLOYING IPSEC POLICIES  Using local policies  Using the Active Directory directory service  Mixed-mode environment  Persistent policies  Using local policies  Using the Active Directory directory service  Mixed-mode environment  Persistent policies

18 Chapter 6: SECURING NETWORK TRAFFIC WITH IPSEC18 IMPLEMENTING IPSEC USING CERTIFICATES  X.509 certificates  Role of a certification authority (CA)  X.509 certificates  Role of a certification authority (CA)

19 Chapter 6: SECURING NETWORK TRAFFIC WITH IPSEC19 CONFIGURING IPSEC TO USE A CERTIFICATE

20 Chapter 6: SECURING NETWORK TRAFFIC WITH IPSEC20 IPSEC AND NAT  Problems associated with IPSec and NAT  IKE over NAT  Problems associated with IPSec and NAT  IKE over NAT

21 Chapter 6: SECURING NETWORK TRAFFIC WITH IPSEC21 MONITORING IPSEC USING IP SECURITY MONITOR

22 Chapter 6: SECURING NETWORK TRAFFIC WITH IPSEC22 IPSEC-RELATED EVENTS IN EVENT VIEWER

23 Chapter 6: SECURING NETWORK TRAFFIC WITH IPSEC23 USING NETSH AND NETDIAG TO MANAGE AND MONITOR IPSEC

24 Chapter 6: SECURING NETWORK TRAFFIC WITH IPSEC24 SUMMARY  The purpose and features of IPSec in a Windows Server 2003 environment  IPSec protocols—AH and ESP  IPSec modes—transport and tunnel  SAs  IKE  IPSec Policy Agent  The purpose and features of IPSec in a Windows Server 2003 environment  IPSec protocols—AH and ESP  IPSec modes—transport and tunnel  SAs  IKE  IPSec Policy Agent

25 Chapter 6: SECURING NETWORK TRAFFIC WITH IPSEC25 SUMMARY (continued)  IPSec security policies  Deploying IPSec security policies  IPSec and NAT  Tools for managing and monitoring IPSec  IPSec security policies  Deploying IPSec security policies  IPSec and NAT  Tools for managing and monitoring IPSec

Download ppt "11 SECURING NETWORK TRAFFIC WITH IPSEC Chapter 6."

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Internet Security CS457 Seminar Zhao Cheng. Security attacks interruption, interception, modification, fabrication passive attack, active attack.

Internet Security CS457 Seminar Zhao Cheng. Security attacks interruption, interception, modification, fabrication passive attack, active attack.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
IPSec In Depth. Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication.

IPSec In Depth. Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.

Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.
Security at the Network Layer: IPSec

Security at the Network Layer: IPSec
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT 09.11.2005.

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)
Security Data Transmission and Authentication

Security Data Transmission and Authentication
What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.

What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.
Chapter 6 Configuring, Monitoring & Troubleshooting IPsec

Chapter 6 Configuring, Monitoring & Troubleshooting IPsec
Protocol Basics. IPSec Provides two modes of protection –Tunnel Mode –Transport Mode Authentication and Integrity Confidentiality Replay Protection.

Protocol Basics. IPSec Provides two modes of protection –Tunnel Mode –Transport Mode Authentication and Integrity Confidentiality Replay Protection.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 9: Securing Network Traffic Using IPSec.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 9: Securing Network Traffic Using IPSec.
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.

32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.

Similar presentations

Ads by Google