Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing Access to Data Using IPsec Josh Jones Cosc352.

Published byGabriel Hart Modified over 8 years ago

Similar presentations

Presentation on theme: "Securing Access to Data Using IPsec Josh Jones Cosc352."— Presentation transcript:

1 Securing Access to Data Using IPsec Josh Jones Cosc352

2 Introduction Internet was originally designed to link educational and government facilities together (Small Scale) – TCP/IP Protocols were not made with built in security – Data is being sent without any filters as clear text – Easily monitored by others

3 Introduction (Cont.) Rapidly increasing size of the the internet as well as private networks – Called for greater security measures IPsec (IP Security) SSL (Secure Sockets Layer) TLS (Transport Layer Security)

4 What Is IPsec (IP Security) A framework of open standards for helping to ensure private, secure communications over Internet Protocol (IP) networks. Based on cryptography, used to encrypt data so that it cannot be read or tampered with during its journey across an IP network. Operates at the network layer (Layer 3) of the OSI model.

5 What Is IPsec (IP Security) (Cont.) Designed to provide the following: – authentication (verification of the identity of the sender). – integrity (assurance that the data was not changed in transit). – confidentiality (encryption of the data so that it can ’ t be read by anyone who doesn ’ t have the correct key). Provides security for almost all protocols in the TCP/IP suite.

6 What Is IPsec (IP Security) (Cont.) IPsec is composed of three main protocols. – Authentication Header (AH). used to authenticate the identity of the sender, and to provide integrity of the data to ensure that it hasn ’ t been modified. – Encapsulating Security Payload (ESP). can provide confidentiality by encrypting the data itself, along with authentication and integrity. – Internet Key Exchange (IKE). the protocol used to set up a security association (SA) in the IPsec.

7 Benefits of IPsec Transparency of IPsec to users and applications. – IPsec is integrated at the Network layer (layer 3), there is no need to configure separate security for each application that uses TCP/IP.

8 Benefits of IPsec (Cont.) Defense-in-depth against vulnerabilities in upper-layer protocols and applications. – IPsec protects upper layer protocols, services, and applications. – With IPsec enabled, initial packets to access an application or service running on a server.

9 Benefits of IPsec (Cont.) Restricted access to servers. – Using IPsec policy, you can configure a server to only accept specific types of traffic. – For example, you can configure an email server to accept only secured email traffic from client computers. The email server discards all other traffic from client computers.

10 Benefits of IPsec (Cont.) Customizable security configuration. – Administrators can configure IPsec policies to meet the security requirements of an application, computer, group of computers, domain, site, or global organization. IPsec can be customized for use in a wide range of scenarios, including packet filtering, securing host-to-host traffic on specific paths, securing traffic to servers, Layer Two Tunneling Protocol (L2TP)/IPsec for virtual private network (VPN) connections, and site-to-site (also known as gateway-to-gateway) tunneling.

11 Modes of IPsec Tunnel Mode: – the entire IP packet (data plus the message headers) is encrypted and/or authenticated;provides gateway to gateway (or server to server) protection. Transportation Mode: – used to encrypt data inside a tunnel that is created by L2TP (the layer 2 tunneling protocol). Transport mode provides end-to-end security, all the way from the sending computer to the final destination.

12 Recommended Scenarios for IPsec Packet filtering End-to-end security between specific hosts End-to-end traffic through an ISA-secured NAT Secure server

13 Recommended Scenarios for IPsec (Cont.) Server isolation Domain isolation L2TP/IPsec for remote access and site-to-site VPN connections Gateway-to-gateway IPsec tunneling with third- party IPsec gateways

14 Packet Filtering IPsec provides limited stateless firewall capabilities for end systems. IPsec can be configured to permit or block specific types of traffic based on source and destination address combinations and specific protocols and specific ports.

15 Packet Filtering (Cont.) You can strengthen security by using IPsec filtering to control exactly the type of communication that is allowed between systems.

16 Secure Server Allows IPsec authentication and protection for traffic between specific sets of servers Secures communication in environments that are not secure Complements firewalls by requiring authentication of all traffic Reduces firewall exceptions to IPsec traffic

17 Domain Isolation Allows host to host communication to be limited to domain members (managed computers) Requires IPsec authentication and protection for any communication with domain members (managed computers) – Managed computers can initiate communication with managed and unmanaged computers – Unmanaged computers cannot initiate communication with managed computers

18 Server Isolation Requires IPsec authentication and protection for communications from hosts to specific servers – Managed computers can initiate communication with specific servers – Unmanaged computers cannot initiate communication with specific servers

19 Server Isolation (Cont.) Group-specific server isolation. – Only managed computers that are members of a specific security group can initiate communication with specific servers.

20 When NOT to Use IPsec. IPsec can reduce processing performance and increase network bandwidth consumption. Additionally, IPsec policies can be quite complex to configure and manage. Finally, the use of IPsec can introduce application compatibility issues

21 When NOT to Use IPsec. (Cont.) Securing traffic between domain controllers and domain members. – In addition to reduced network performance, using IPsec for this scenario is not recommended because of the complexity of the required IPsec policy configuration and management.

22 When NOT to Use IPsec. (Cont.) IPsec tunnel mode for remote access VPN connections. – IPsec tunnel mode is not a recommended technology for remote access VPN connections because there are no standard methods for user authentication, IP address assignment, and name server address assignment.

23 Creating IPsec Policies An IPsec policy is a collection of general settings and rules that are used to configure IPsec services and that determine behavior. – General IPsec policy settings. Settings that determine the name of the policy, its description, key exchange settings, and key exchange methods. General IPsec policy settings apply regardless of which rules are configured.

24 Creating IPsec Policies (Cont.) Rules. – One or more IPsec rules that determine which traffic IPsec examines, how that traffic is secured and encrypted, and how IPsec peers are authenticated. After the policies are created, they can be assigned to individual Active Directory domain system containers (domains, sites, organizational units). This allows the IPsec policy to be assigned at the domain, site, or organizational unit level, eliminating the administrative overhead of configuring each computer separately.

25 Defining IPsec Policy Rules Filter list. – A single filter list is selected that contains one or more predefined packet filters that describe the types of traffic to which the configured filter action for this rule is applied. Authentication methods. – One or more authentication methods are configured (in order of preference) and used for authentication of IPsec peers during main mode negotiations. The available authentication methods are the Kerberos V5 protocol (used in Active Directory environments), use of a certificate issued from a specified certification authority (CA), or a preshared key.

26 Defining IPsec Policy Rules (Cont.) Filter action. – A single filter action is selected that includes the type of action required (permit, block, or secure) for packets that match the filter list. – For the secure filter action, the negotiation data contains one or more security methods that are used (in order of preference) during IKE negotiations and other IPsec settings. Each security method determines the security protocol (such as AH or ESP), the specific cryptographic algorithms, and session key regeneration settings.

27 Conclusion IPsec is a versatile way of providing security for you network. Many different scenarios for in-depth defense are available from Microsoft. However, you are free to create and customize your own policies as well.

Download ppt "Securing Access to Data Using IPsec Josh Jones Cosc352."

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT 09.11.2005.

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
SCSC 455 Computer Security Virtual Private Network (VPN)

SCSC 455 Computer Security Virtual Private Network (VPN)
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 11 IPSec dan SSL Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.

VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.
Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)

Similar presentations

Ads by Google