P. 1


|Views: 9|Likes:
Published by Ziyad Basheer

More info:

Published by: Ziyad Basheer on Apr 14, 2011
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as DOCX, PDF, TXT or read online from Scribd
See more
See less





What is IPsec? IP security (IPsec) is a suite of security protocols that are used to secure IP.

It is used to establish private sessions between endpoints; these connections are either host-to-host or site-to-site connections. When implementing IPsec on a host-to-host connection, transport mode is used. In transport mode, the payload is encrypted and the IP header which contains the source and destination addresses (in addition to other optional parameters and flags) is not encrypted. On the other hand, when implementing IPsec on a site-to-site connection, tunnel mode is used, in which the entire packet, including the IP header, is encrypted and a new IP header is prefixed to the original encrypted packet. IPsec hasthreecore processes to perform its function; Confidentiality, integrity and authentication. The first process, confidentiality, prevents snooping of data, e.g. if someone gains access to the traffic, they won t be able to make any use out of the captured traffic; this is done using encryption. The second process is maintaining the integrity of the traffic; this is done using MD5 and SHA hashing algorithms. A hash of the packet is included in the IPsec header/trailer, the other party performs a hash on the received packets, if the hashes match then the traffic was not altered during transit, if the hashes do not match the traffic has been altered. The third process is authentication, which proves that the hosts are who they claim to be; it is performedusing either pre-shared keys or certificates. IPsec also uses sequence numbers to prevent the duplication of encrypted packets (protection against replays). All of these processes are performed using two security protocols, Authentication Header (AH) and Encapsulating Security Payload (ESP) which both utilize the respective encryption, hashing, authentication and other protocols. They can be thought of controllers of the various security protocols. The difference between AH and ESP is that AH provides the integrity, authentication and anti-replay protection it does not support encryption. AH is commonly used when the network being traversed is trusted, such as a private internal network i.e. host-to-host intranet connections in which traffic is safe from eavesdropping but the source and destination need to be identified. While ESP provides everything that AH does in addition to encryption, which is a core process when creating site-to-site IPsec tunnels over insecure networks such as the internet. Internet Security Association and Key Management Protocol (ISAKMP) as its name implies, associates security protocols with each process as required. For example, we have three protocol choices for performing encryption DES, 3DES and AES, for a connection to be established (known as a Security Association in this context) the protocols being used on both sides must match. Note however that Security Associations (SAs) are unidirectional; this means that hosts use a different SA for establishing incoming and outgoing sessions, i.e. each connection has two SAs on each device.

html .A ton of other relevant details such as IKE were overlooked as this was meant to be an introductory post.unixwiz. if you would like more information and details on IPsec s operation take a look at http://www.net/techtips/iguide-ipsec.

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->