Professional Documents
Culture Documents
Layers Security
Network Layer
Transport Layer
Application Layer
Network Layer
IP Security (IPSec) is a collection of protocols
designed by the Internet Engineering Task Force
(IETF) to provide security for a packet at the
network layer
IPSec helps create authenticated and confidential
packets for the IP layer.
Topics Discussed in the Section
✓ Two Modes
✓ Two Security Protocols
✓ Services Provided by IPSec
✓ Security Association
✓ Internet Key Exchange (IKE)
✓ Virtual Private Network (VPN)
Tunnel
14
Encapsulating Security Payload (ESP)
Encapsulating Security Payload(ESP), that provides
source authentication, integrity, and confidentiality
ESP adds a header and trailer
16 TCP/IP Protocol Suite
Security Association
IPSec requires a logical relationship, called a
Security Association (SA), between two hosts.
there are two Security Associations (SAs) between
Alice and Bob; one outbound SA and one inbound
SA. Each of them stores the value of the key in a
variable and the name of the
encryption/decryption algorithm in another
A Security Association is a contract between two
parties; it creates a secure channel between them
Figure 30.8 Simple SA
Internet Key Exchange (IKE)
The Internet Key Exchange (IKE) is a protocol
designed to create both inbound and outbound
Security Associations
Virtual private network
From From
From R1 to R2 R1 to R2 From
100 to 200 100 to 200
TRANSPORT LAYER SECURITY
25
Note
30
Figure 30.32 Firewall
31
Figure 30.33 Packet-filter firewall
32
Figure 30.34 Proxy firewall
Errors
All HTTP
packets
Accepted
packets
33
Note
34