Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 IPSec IPSec provides the capability to secure communications across a LAN, across private and public wide area networks (WANs) and across the Internet.

Published byVincent Briggs Modified over 8 years ago

Similar presentations

Presentation on theme: "1 IPSec IPSec provides the capability to secure communications across a LAN, across private and public wide area networks (WANs) and across the Internet."— Presentation transcript:

1 1 IPSec IPSec provides the capability to secure communications across a LAN, across private and public wide area networks (WANs) and across the Internet

2 2 Services, Mechanisms, Algorithms zA typical security protocol provides one or more services zServices are built from mechanisms zMechanisms are implemented using algorithms

3 3 Security in the Internet Architecture zLack of security in the Internet Architecture zSecurity was left up to the applications zWith the passage of time it was realized that universal security at the IP level will become a need and not a luxury

4 4 Security Protocol Layers The further down you go, the more transparent it is The further up you go, the easier it is to deploy

5 5 What is IPSec? zExtensions to the basis Internet Protocol to provide security functions at the IP level zApplicable to both IP Version 4 and IP Version 6 zIPSec available in Windows 2000, Linux, Cisco Routers, etc.

6 6 How do you know IPSec is there? zAH/ESP new IP layer protocols (50/51) with either y1. an IP datagram encapsulated in them (tunnel mode) y2. TCP/UDP and the rest above them (transport mode) zEvery packet may have AH/ESP applied to them: yAH for authentication; yESP for encryption and authentication, this is bulk/per­packet encryption/authentication

7 7 IP Security Usage Scenario

8 8 Applications of IPSec zSecure Branch Office Connectivity Over the Internet zSecure Remote Access Over the Internet zEstablishing Extranet and Intranet Connectivity with Business partners zEnhancing Electronic Commerce Security

9 9 IP Security Architecture zDefined by IPSec Documents (RFCs) zIP Security Protocol Working Group of IETF zIP Security Evolving with the passage of time zIPSec provides security services at the IP layer by enabling a system to select required security protocols, determine the algorithms to use for the services, and put in place any cryptographic keys required.

10 10 IPSec Documents Overview zRelevant RFCs zRFC 1825: An overview of a security architecture zRFC 1826: Description of a packet authentication extension to IP zRFC 1828: A specific authentication mechanism zRFC 1827: Description of a packet encryption extension to IP zRFC 1829: A specific encryption mechanism

11 11 AH and ESP zAH yThe Authentication Header provides support for data integrity and authentication of IP packets zESP yThe Encapsulating Security Payload provides confidentiality services, including confidentiality of message contents and limited traffic flow confidentiality. As an optional feature, ESP can also provide the same authentication service as AH.

12 12 IPSec Services

13 13 Security Associations zWhat is a SA? yAn SA is a one way relationship between a sender and a received that affords security services to the traffic carried on it. zSA Parameters ySecurity Association Database stores parameters associated with each of the SAs zSA Selectors yEach SPD entry is defined by a set of IP and upper layer protocol field values called selectors.

14 14 Transport and Tunnel Modes zTunnel Mode means that one outgoing IP packet is encapsulated in another packet with typically a different IP destination zTunnels can be (1) Router to Router (2) Router to host or host to router (3) host to host

15 15 Transport and Tunnel Modes

16 16 Tunnel Mode and Transport Mode Functionality

17 17 Authentication Header

18 18 Services Provided by AH zAnti-Replay Service zIntegrity Check Value

19 19 Transport and Tunnel Modes

20 20 Scope of Authentication Header

21 21 Scope of Authentication Header

22 22 Encapsulating Security Payload - ESP zESP Services yConfidentiality yAuthentication Services zESP Format ySPI ySN yPD yPadding yPad Length yNext Header yAuthentication Data

23 23 ESP

24 24 ESP Format

25 25 Key Management zInvolves the determination and distribution of secret keys zTypically four keys are used between two applications zTwo types of key management yManual yAutomated

26 26 ISAKMP The default automated key management protocol from IPSec is referred to as ISAKMP/Oakley Oakley is a refinement of Diffie Hellman Key Exchange Protocol

Download ppt "1 IPSec IPSec provides the capability to secure communications across a LAN, across private and public wide area networks (WANs) and across the Internet."

Similar presentations

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
Cryptography and Network Security

Cryptography and Network Security
Internet Security CSCE 813 IPsec

Internet Security CSCE 813 IPsec
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Henric Johnson1 Chapter 6 IP Security Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter 6 IP Security Henric Johnson Blekinge Institute of Technology, Sweden
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT 09.11.2005.

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Henric Johnson1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 IP Security.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
Henric Johnson1 Chapter 6 IP Security. Henric Johnson2 Outline Internetworking and Internet Protocols IP Security Overview IP Security Architecture Authentication.

Henric Johnson1 Chapter 6 IP Security. Henric Johnson2 Outline Internetworking and Internet Protocols IP Security Overview IP Security Architecture Authentication.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.

IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
Cryptography and Network Security

Cryptography and Network Security
1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.

Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.
VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.

VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.
1 Chapter 6 IP Security Henric Johnson Blekinge Institute of Technology, Sweden Revised by Andrew.

1 Chapter 6 IP Security Henric Johnson Blekinge Institute of Technology, Sweden Revised by Andrew.
IP Security: Security Across the Protocol Stack

IP Security: Security Across the Protocol Stack
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

Similar presentations

Ads by Google