Presentation is loading. Please wait.

Presentation is loading. Please wait.

IPSec in a Multi-OS Environment. What is IPSec? IPSec stands for Internet Protocol Security It is at a most basic level a way of adding security to your.

Published byMarlene Fisher Modified over 9 years ago

Similar presentations

Presentation on theme: "IPSec in a Multi-OS Environment. What is IPSec? IPSec stands for Internet Protocol Security It is at a most basic level a way of adding security to your."— Presentation transcript:

1 IPSec in a Multi-OS Environment

2 What is IPSec? IPSec stands for Internet Protocol Security It is at a most basic level a way of adding security to your network traffic without having to modify the applications that are using IP

3 Why is IPSec needed? IPSec is needed to make sure that no one is reading your private data. It makes sure that the sender of the information is really who they say they are. To protect us from the bad guys (l33t h4X0r5 and 5cr1pt K1d135).

4 Where is IPSec Used? Wireless nets Virtual Private Networks (VPNs) Non-trusted Local Area Networks (LANs)

5 IP Overview How IP Works –Basics –Parts of a Packet What is Insecure About it

6 IP Basics The IP protocol breaks down information that is to be sent out into small manageable pieces called packets Packets are reassembled at the receiving side

7 Parts of an IP Packet Two Major Parts –Header –Data Section

8 Parts of the Header Source Address Destination Address Protocol Fragment Flag Total Length Type of Service And more…

9 Data Section This portion holds all of the data that you are trying to transmit

10 What is insecure about IP Traffic in many cases is in plain text. No verification the the sender is who they say they are. No way of knowing if you packet was modified in the middle.

11 What IPSec does. Authentication Encryption With Two Major modes –Tunnel –Transport AH + ESP AH ESP

12 Authentication An Authentication Headers (AH) portion is added to the IP Packet The AH contains fields –Next Header –AH payload length –Security Parameters Index (SPI) –Anti-Replay Sequence number –Authentication Data field (Information dependent on the cipher used)

13 Encryption The encryption part of IPSec is know as Encapsulating Security Payload (ESP) The ESP portion of the packet contains –A SPI Number –Sequence Number –Payload Data field –Padding –Pad length –Next Header

14 Tunnel mode IP Header AH Header SPI and Sequence Number IP Header Upper Protocol Headers and Packet Data ESP Trailer ESP Authentication Data Note: Fields in Green are Encrypted

15 Transport mode IP Header AH Header SPI and Sequence Number Upper Protocol headers and Packet Data ESP Trailer ESP Authentication Data Note: Fields in Green are Encrypted

16 Keying The Encryption algorithms that IPSec uses rely on keys Methods for Getting Keys –Manual Keying –Internet Security Association and Key Management Protocol (ISAKMP) –Certificates

17 Why Doesn’t Everyone Use It? Implementations for different operating systems are not fully compatible Takes time and energy to setup Not needed in most environments

18 Multiple Operating Systems Solaris – Only supports Manual Keying –Does not ship with Enc. Algs. Linux – No native IPSec –FreeSWA/N – Manual, ISAKMP, and Certs OpenBSD – Manual, ISAKMP, and Certs Windows 2000 - ISAKMP, and Certs

19 IPSec Graph

20 Questions?

Download ppt "IPSec in a Multi-OS Environment. What is IPSec? IPSec stands for Internet Protocol Security It is at a most basic level a way of adding security to your."

Similar presentations

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Internet Security CSCE 813 IPsec

Internet Security CSCE 813 IPsec
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Network Security Essentials Chapter 8 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Network Security Essentials Chapter 8 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Network Layer Security: IPSec

Network Layer Security: IPSec
Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.

1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.

IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.

Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
THE USE OF IP ESP TO PROVIDE A MIX OF SECURITY SERVICES IN IP DATAGRAM SREEJITH SREEDHARAN CS843 PROJECT PRESENTATION 04/28/03.

THE USE OF IP ESP TO PROVIDE A MIX OF SECURITY SERVICES IN IP DATAGRAM SREEJITH SREEDHARAN CS843 PROJECT PRESENTATION 04/28/03.
Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.

Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.
IP Security. IPSEC Objectives n Band-aid for IPv4 u Spoofing a problem u Not designed with security or authentication in mind n IP layer mechanism for.

IP Security. IPSEC Objectives n Band-aid for IPv4 u Spoofing a problem u Not designed with security or authentication in mind n IP layer mechanism for.
K. Salah1 Security Protocols in the Internet IPSec.

K. Salah1 Security Protocols in the Internet IPSec.
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.

What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.

Similar presentations

Ads by Google