IPSec services SA(Security Association): one way relationship, identified by SPI(Security Parameter Index). IP Destination Address. Security Protocol Identifier: AH(authentication Header) ESP(Encapsulation Security Payload)
Two modes Transport mode: protection for upper layer protocol. Tunnel mode: protection to entire IP packet.
Authentication header Header definition. Anti-Replay service Integrity check value
Encapsulating Security Payload Format. Encryption and authentication.
Key management Manual: configured by system administrator with its own keys and keys of other systems. Automated: on demand creation of keys for SAs, ISAKMP(Internet Security Association and Key Management Protocol) by default.
Benefit of IPSec Strong and easy security for group behind firewall. Transparent to applications. Transparent to end users. Security for individual users can be provided.
TLS(transport layer security) Object: reliable end to end security over TCP. Construction: two layers of protocols.
SSL Record Protocol Record Protocol Operation and format.
SSL Handshake Protocol Phases: 1.Establish Security Capabilities. 2.Server Authentication and Key Exchange. 3.Client Authentication and Key Exchange. 4.Finish.