Presentation is loading. Please wait.

Presentation is loading. Please wait.

Protocol Basics. IPSec Provides two modes of protection –Tunnel Mode –Transport Mode Authentication and Integrity Confidentiality Replay Protection.

Similar presentations


Presentation on theme: "Protocol Basics. IPSec Provides two modes of protection –Tunnel Mode –Transport Mode Authentication and Integrity Confidentiality Replay Protection."— Presentation transcript:

1 Protocol Basics

2 IPSec Provides two modes of protection –Tunnel Mode –Transport Mode Authentication and Integrity Confidentiality Replay Protection

3 Tunnel Mode Encapsulates the entire IP packet within IPSec protection Tunnels can be created between several different node types –Gateway to gateway –Host to gateway –Host to host

4 Three Types of Tunnels Host to Host Host to Gateway Gateway to Gateway

5 Transport Mode Encapsulates only the transport layer information within IPSec protection Can only be created between host nodes

6 Authentication and Integrity Verification of the origin of data Assurance that data sent is the data received Assurance that the network headers have not changed since the data was sent

7 Confidentiality Encrypts data to protect against eavesdropping Can hide data source when encryption is used over a tunnel

8 Replay Prevention Causes retransmitted packets to be dropped.

9 IPSec Protection Protocols Authentication Header –Authenticates payload data –Authenticates network header –Gives anti-replay protection Encapsulated Security Payload –Encrypts payload data –Authenticates payload data –Gives anti-replay protection

10 IPSec AH in Transport Mode Data TCP Hdr Orig IP Hdr Data TCP Hdr AH Hdr Orig IP Hdr Integrity hash coverage (except for mutable fields in IP hdr) Insert © 2000 Microsoft Corporation

11 IPSec AH in Tunnel ModeData TCP Hdr Orig IP Hdr Integrity hash coverage (except for mutable new IP hdr fields) IP Hdr AH Hdr AH HdrData TCP Hdr Orig IP Hdr New IP header with source & destination IP address © 2000 Microsoft Corporation

12 IPSec ESP in Transport Mode Data TCP Hdr Orig IP Hdr Data TCP Hdr ESP Hdr Orig IP Hdr ESP Trailer ESP Auth Usually encrypted integrity hash coverage Insert Append © 2000 Microsoft Corporation

13 IPSec ESP Tunnel ModeData TCP Hdr Orig IP Hdr ESP Trailer ESP Auth Usually encrypted integrity hash coverage Data TCP Hdr ESP Hdr IP Hdr IP HdrIPHdr New IP header with source & destination IP address © 2000 Microsoft Corporation

14 IPSec Basic Architecture IPSec Driver Policy Agent Internet Key Exchange (IKE) Policy Agent IKE IPSec Driver TCP/IP Driver

15 IPSec Driver Monitors and Secures IP traffic –Encryption and Authentication of outbound packets –Decryption and Authentication of inbound packets –Prompts IKE to negotiate secure channels as needed Maintains secure channel state information

16 Policy Agent Maintains IPSec policy and state information Distributes filter rule sets to the IPSec Driver Distributes authentication and security settings to IKE

17 IKE Negotiates secure channels based on settings received from the Policy Agent Distributes secure channel information to the IPSec driver

18 How It All Fits Together Tunnel Transport

19 Sending in Transport Mode Application Transport IP Physical IPSec PhysicalIPIPSecTCPApplicationData

20 Sending in Tunnel Mode PhysicalIPIPSecTCPApplicationData IPIPSecTCPApplicationData InnerIPIPSecTCPApplicationDataIPSecOuterIPPhysical IP Physical IPSecIP Physical IPSec

21 Receiving in Tunnel Mode PhysicalIPIPSecTCPApplicationData IPIPSecTCPApplicationData InnerIPIPSecTCPApplicationDataIPSecOuterIPPhysical IP Physical IPSecIP Physical IPSec

22 Receiving in Transport Mode Application Transport IP Physical IPSec PhysicalIPIPSecTCPApplicationData

23 Layer Two Tunneling Protocol (L2TP) Provides –Provides PPP encapsulation over IP –VPN services Doesn’t Provide –A method of encryption for it’s traffic –Protection against injection of packets into an open L2TP session

24 How L2TP Works Application L2TP PPP Driver Layer TCP, UDP NIC IPSec IP L2TP/IPSec 4 3 5 IKE Service 2 1 control

25 Kerberos Provides authentication of network server and client

26 What Kerberos Provides Mutual authentication of parties

27 How Kerberos Works KDC ClientApplicationServer ASTGS Authorization Request Ticket Granting Ticket Ticket Request Ticket Ticket

28 Public Key Infrastructure Basics

29 How Public Keys Are Used for Authentication

30 What’s In a Certificate?

31 How PKI Works


Download ppt "Protocol Basics. IPSec Provides two modes of protection –Tunnel Mode –Transport Mode Authentication and Integrity Confidentiality Replay Protection."

Similar presentations


Ads by Google