NETWORK SECURITY

ASSIGNMENT 2
1. Transport and Tunnel Modes in IPsec
The IPsec standards define two distinct modes of IPsec operation, transport mode and
tunnel mode. The key difference between transport and tunnel mode is where policy is
applied. In tunnel mode, the original packet is encapsulated in another IP header. The
addresses in the other header can be different.
 In transport mode, the IP addresses in the outer header are used to determine the
IPsec policy that will be applied to the packet.
 In tunnel mode, two IP headers are sent. The inner IP packet determines the IPsec
policy that protects its contents.
In transport mode, the IP header, the next header, and any ports that the next header
supports can be used to determine IPsec policy.
Tunnel mode can be applied to any mix of end systems and intermediate systems, such as
security gateways.
Tunnel mode works only for IP-in-IP packets. In tunnel mode, IPsec policy is enforced on the
contents of the inner IP packet. Different IPsec policies can be enforced for different inner IP
addresses.
In Oracle Solaris, tunnel mode can be enforced only on an IP tunneling network interface.
For information about tunneling interfaces. IPsec policy provides a tunnel keyword to select
an IP tunneling network interface. When the tunnel keyword is present in a rule, all selectors
that are specified in that rule apply to the inner packet.
The following figure shows an IP header with an unprotected TCP packet.
  Unprotected IP Packet Carrying TCP Information

In transport mode, ESP protects the data as shown in the following figure. The shaded area
shows the encrypted part of the packet.
Protected IP Packet Carrying TCP Information

In tunnel mode, the entire packet is inside the ESP header. The packet is protected in
tunnel mode by an outer IPsec header and, in this case, ESP, as shown in the following
figure.
IPsec Packet Protected in Tunnel Mode
IPsec policy provides keywords for tunnel mode and transport mode.

2. AH AND ESP
IPSec uses two distinct protocols, Authentication Header (AH) and Encapsulating Security
Payload (ESP), which are defined by the IETF.
The AH protocol provides a mechanism for authentication only. AH provides data integrity,
data origin authentication, and an optional replay protection service. Data integrity is ensured
by using a message digest that is generated by an algorithm such as HMAC-MD5 or HMAC-
SHA. Data origin authentication is ensured by using a shared secret key to create the
message digest. Replay protection is provided by using a sequence number field with the
AH header. AH authenticates IP headers and their payloads, with the exception of certain
header fields that can be legitimately changed in transit, such as the Time To Live (TTL)
field.
The ESP protocol provides data confidentiality (encryption) and authentication (data
integrity, data origin authentication, and replay protection). ESP can be used with
confidentiality only, authentication only, or both confidentiality and authentication. When ESP
provides authentication functions, it uses the same algorithms as AH, but the coverage is
different. AH-style authentication authenticates the entire IP packet, including the outer IP
header, while the ESP authentication mechanism authenticates only the IP datagram portion
of the IP packet.
SECURITY POLICIES AND TYPES

Types of Security Policies

A security policy is a document that contains data about the way the company plans to
protect its data assets from known and unknown threats. These policies help to keep up the
confidentially, availability, and integrity of data. The four major forms of security policy are as
following:

 Promiscuous Policy:

This policy doesn’t impose any restrictions on the usage of system resources. for
example, with a promiscuous net policy, there’s no restriction on net access. A user
will access any web site, transfer any application, and access a laptop or a network
from a foreign location. whereas this may be helpful in company businesses
wherever people that travel or work branch offices need to access the structure
networks, several malware, virus, and Trojan threats are present on the internet and
because of free net access, this malware will return as attachments while not the
data of the user. Network directors should be very alert whereas selecting this kind of
policy.

 Permissive Policy:
Policy begins wide-open and only the known dangerous services/attacks or
behaviors are blocked. This policy ought to be updated often to be effective.

 Prudent Policy:
A prudent policy starts with all the services blocked. The administrator permits safe
and necessary services singly. It logs everything, like system and network activities.
It provides most security whereas permitting only proverbial however necessary
dangers.

 Paranoid Policy:
A paranoid policy forbids everything. There’s a strict restriction on all use of company
computers, whether or not it’s system usage or network usage.

 Examples of Security Policies:

Given below square measure samples of security policies that organizations use
worldwide to secure their assets and vital resources.

 Access management Policy:

Access management policy outlines procedures that facilitate in protective the
structure resources and also the rules that management access to them. It permits
organizations to trace their sets.

 Remote-Access Policy:
A remote-access policy contains a collection of rules that define authorized
connections. It defines who will have remote access, the access medium and remote
access security controls.
 Firewall-Management Policy:

A firewall-management policy defines a standard to handle application traffic, like net

or e-mail. This policy describes the way to manage, monitor, protect, and update
firewalls within the organization.

 Network-Connection Policy:
A network-connection policy defines the set of rules for secure network connectivity,
including standards for configuring and extending any part of the network, policies
related to private networks, and detailed information about the devices attached to
the network. It protects against unauthorized and unprotected connections that allow
hackers to enter into the organization’s network and affect data integrity and
system integrity. It permits only authorized persons and devices to connect to the
network.