Download presentation
Presentation is loading. Please wait.
Published byAmanda Beasley Modified over 9 years ago
1
Protocol Basics
2
IPSec Provides two modes of protection –Tunnel Mode –Transport Mode Authentication and Integrity Confidentiality Replay Protection
3
Tunnel Mode Encapsulates the entire IP packet within IPSec protection Tunnels can be created between several different node types –Gateway to gateway –Host to gateway –Host to host
4
Three Types of Tunnels Host to Host Host to Gateway Gateway to Gateway
5
Transport Mode Encapsulates only the transport layer information within IPSec protection Can only be created between host nodes
6
Authentication and Integrity Verification of the origin of data Assurance that data sent is the data received Assurance that the network headers have not changed since the data was sent
7
Confidentiality Encrypts data to protect against eavesdropping Can hide data source when encryption is used over a tunnel
8
Replay Prevention Causes retransmitted packets to be dropped.
9
IPSec Protection Protocols Authentication Header –Authenticates payload data –Authenticates network header –Gives anti-replay protection Encapsulated Security Payload –Encrypts payload data –Authenticates payload data –Gives anti-replay protection
10
IPSec AH in Transport Mode Data TCP Hdr Orig IP Hdr Data TCP Hdr AH Hdr Orig IP Hdr Integrity hash coverage (except for mutable fields in IP hdr) Insert © 2000 Microsoft Corporation
11
IPSec AH in Tunnel ModeData TCP Hdr Orig IP Hdr Integrity hash coverage (except for mutable new IP hdr fields) IP Hdr AH Hdr AH HdrData TCP Hdr Orig IP Hdr New IP header with source & destination IP address © 2000 Microsoft Corporation
12
IPSec ESP in Transport Mode Data TCP Hdr Orig IP Hdr Data TCP Hdr ESP Hdr Orig IP Hdr ESP Trailer ESP Auth Usually encrypted integrity hash coverage Insert Append © 2000 Microsoft Corporation
13
IPSec ESP Tunnel ModeData TCP Hdr Orig IP Hdr ESP Trailer ESP Auth Usually encrypted integrity hash coverage Data TCP Hdr ESP Hdr IP Hdr IP HdrIPHdr New IP header with source & destination IP address © 2000 Microsoft Corporation
14
IPSec Basic Architecture IPSec Driver Policy Agent Internet Key Exchange (IKE) Policy Agent IKE IPSec Driver TCP/IP Driver
15
IPSec Driver Monitors and Secures IP traffic –Encryption and Authentication of outbound packets –Decryption and Authentication of inbound packets –Prompts IKE to negotiate secure channels as needed Maintains secure channel state information
16
Policy Agent Maintains IPSec policy and state information Distributes filter rule sets to the IPSec Driver Distributes authentication and security settings to IKE
17
IKE Negotiates secure channels based on settings received from the Policy Agent Distributes secure channel information to the IPSec driver
18
How It All Fits Together Tunnel Transport
19
Sending in Transport Mode Application Transport IP Physical IPSec PhysicalIPIPSecTCPApplicationData
20
Sending in Tunnel Mode PhysicalIPIPSecTCPApplicationData IPIPSecTCPApplicationData InnerIPIPSecTCPApplicationDataIPSecOuterIPPhysical IP Physical IPSecIP Physical IPSec
21
Receiving in Tunnel Mode PhysicalIPIPSecTCPApplicationData IPIPSecTCPApplicationData InnerIPIPSecTCPApplicationDataIPSecOuterIPPhysical IP Physical IPSecIP Physical IPSec
22
Receiving in Transport Mode Application Transport IP Physical IPSec PhysicalIPIPSecTCPApplicationData
23
Layer Two Tunneling Protocol (L2TP) Provides –Provides PPP encapsulation over IP –VPN services Doesn’t Provide –A method of encryption for it’s traffic –Protection against injection of packets into an open L2TP session
24
How L2TP Works Application L2TP PPP Driver Layer TCP, UDP NIC IPSec IP L2TP/IPSec 4 3 5 IKE Service 2 1 control
25
Kerberos Provides authentication of network server and client
26
What Kerberos Provides Mutual authentication of parties
27
How Kerberos Works KDC ClientApplicationServer ASTGS Authorization Request Ticket Granting Ticket Ticket Request Ticket Ticket
28
Public Key Infrastructure Basics
29
How Public Keys Are Used for Authentication
30
What’s In a Certificate?
31
How PKI Works
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.