0% found this document useful (0 votes)
25 views22 pages

IP Security

Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
25 views22 pages

IP Security

Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 22

IP Security

IP Header
IP Security
IP Security
• authentication, confidentiality, and key
management.
• network infrastructure from unauthorized
monitoring and control of network traffic
• secure enduser-to-end-user traffic using
authentication and encryption mechanisms
Applications of IPSec
• secure communications across a LAN, across
private and public WANs, and across the
Internet.
– Secure branch office connectivity over the
Internet
– Secure remote access over the Internet
– Establishing extranet and intranet connectivity
with partners
– Enhancing electronic commerce security
An IP Security Scenario
Benefits of IPsec
• IPSec in Firewall - provides strong security that
can be applied to all traffic
• resistant to bypass if all traffic from the outside
• There is no need to change software on a user
or server system
• IPsec can be transparent to end users
• IPsec can provide security for individual users if
needed
Routing Applications
• A router advertisement comes from an
authorized router.
• A neighbour advertisement comes from an
authorized router.
• A redirect message comes from the router to
which the initial IP packet was sent
• A routing update is not forged
IPsec Documents
• RFC 6071 [IP Security (IPsec) and Internet Key
Exchange (IKE) Document Roadmap
• Architecture: RFC 4301
• Authentication Header (AH): RFC 4302
• Encapsulating Security Payload (ESP): RFC
4303
• Internet Key Exchange (IKE): RFC 5996
IPsec Services
• Two Protocols:
– Authentication Header (AH)
– Encapsulating Security Payload (ESP).
• Access control
• Connectionless integrity
• Data origin authentication
• Rejection of replayed packets (a form of partial sequence
integrity)
• Confidentiality (encryption)
• Limited traffic flow confidentiality
Transport Mode and Tunnel Mode
IP Security Policy
• Security Association Database (SAD)
• Security Policy Database (SPD)
Security Associations
• Logical connection - affords security services
to the traffic carried on it
– Security Parameters Index (SPI)
– IP Destination Address
– Security Protocol Identifier
Security Association Database
• Security Parameter Index
• Sequence Number Counter
• Sequence Counter Overflow
• Anti-Replay Window
• AH Information
• ESP Information
• Lifetime of this Security Association
• IPsec Protocol Mode
• Path MTU
Security Policy Database

• Remote IP Address
• Local IP Address
• Next Layer Protocol
• Name
• Local and Remote Ports
Host SPD Example
Processing Model for Outbound Packets
Processing Model for Inbound Packets
Encapsulating Security Payload
Scope of ESP Encryption and Authentication
Protocol Operation for ESP

You might also like