IPsec Security Protocols


IPsec is protocol suite for securing IP communications which provides encryption, integrity, and authentication. IPsec spells out the messaging necessary to secure VPN communications, but relies on existing algorithms.
There are two main IPsec framework protocols.
Authentication Header (AH) - Use when confidentiality is not required or permitted. AH provides data authentication and integrity for IP packets passed between two systems. It verifies that any message passed from R1 to R2 has not been modified during transit. It also verifies that the origin of the data was either R1 or R2. AH does not provide data confidentiality (encryption) of packets. Used alone, the AH protocol provides weak protection. Consequently, it is used with the ESP protocol to provide data encryption and tamper-aware security features.
Encapsulating Security Payload (ESP) - Provides confidentiality and authentication by encrypting the IP packet. IP packet encryption conceals the data and the identities of the source and destination. ESP authenticates the inner IP packet and ESP header. Authentication provides data origin authentication and data integrity. Although both encryption and authentication are optional in ESP, at a minimum, one of them must be selected.
IPsec relies on existing algorithms to implement encryption, authentication, and key exchange. Some of the standard algorithms that IPsec uses are as follows:
DES - Encrypts and decrypts packet data.
3DES - Provides significant encryption strength over 56-bit DES.
AES - Provides stronger encryption, depending on the key length used, and faster throughput.
MD5 - Authenticates packet data, using a 128-bit shared secret key.
SHA-1 - Authenticates packet data, using a 160-bit shared secret key.
DH - Allows two parties to establish a shared secret key used by encryption and hash algorithms, for example, DES and MD5, over an insecure communications channel.
IPsec provides the framework, and the administrator chooses the algorithms used to implement the security services within that framework. There are four IPsec framework squares to be filled.
When configuring an IPsec gateway to provide security services, first choose an IPsec protocol. The choices are ESP or ESP with AH.
The second square is an encryption algorithm if IPsec is implemented with ESP. Choose the encryption algorithm that is appropriate for the desired level of security: DES, 3DES, or AES.
The third square is authentication. Choose an authentication algorithm to provide data integrity: MD5 or SHA.
The last square is the Diffie-Hellman (DH) algorithm group. Which establishes the sharing of key information between peers. Choose which group to use, DH1 or DH2.

0 comments:

Post a Comment

 

NBA Live Streaming. Copyright 2008 All Rights Reserved Revolution Two Church theme by Brian Gardner Converted into Blogger Template by Bloganol dot com | Distributed by Blogger Templates Blog