Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internet Protocol Security (IPSec)

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Internet Protocol Security (IPSec)"— Presentation transcript:

1 Internet Protocol Security (IPSec)

2 Reviewing IPSec Understanding Vulnerabilities Threat Analysis
What Is IPSec? Microsoft IPSec Features Advantages and Disadvantages of IPSec IPSec Security Services Authentication Methods How IPSec Is Deployed

3 Threat Analysis Identify threats Prioritize threats based on:
Probability of occurrence Severity of potential damage Divide the number representing damage by the number representing probability to determine the threat level Address threats with the highest threat levels first

4 1. Threat A has been identified as having a high amount of damage
Example Assume that you have identified two potential threats to your enterprise: 1. Threat A has been identified as having a high amount of damage (Damage = 10) and a low probability of occurring (Probability = 10), so the threat level is 1 (10/10 = 1). 2. Threat B has been identified as having a high amount of damage (Damage = 8) and a fairly high probability of occurring (Probability = 3), so the threat level is 2.67 (8/3 = 2.67). Therefore, you would address Threat B first, because it has a higher threat level.

5 What Is IPSec? Can use security protocols to encrypt or digitally sign traffic Can use tunnel mode to secure traffic between two networks Router Tunnel Mode Can use transport mode to secure traffic between any two hosts Transport Mode Router

6 Internet Protocol Security (IPSec) is a set of extensions to the Internet Protocol (IP) family.
It provides cryptographic security services that allow for authentication, integrity, access control, and confidentiality. IPSec services are similar to Secure Sockets Layer (SSL), but at the network layer, in a way that is completely transparent to your applications and much more powerful. This is because your applications do not need to have any knowledge of IPSec to be able to use it. You can create encrypted tunnels, (virtual private networks [VPNs]), or simply perform encryption between computers. The many options offered by IPSec make it much more complex than SSL.

7 Microsoft IPSec Features
Implementation Description Policy-based configuration management Makes configuration, implementation, and administration easier IPSec functionality over NAT Automatically detects the presence of a NAT device and uses UDP-ESP encapsulation to allow IPSec traffic to pass through the NAT IPSec certificate-to-account mapping Allows you to set restrictions on which computers are allowed to connect Default traffic exemptions Exempts only Internet Key Exchange (IKE) traffic from IPSec filtering Command-line management Scripts and automates IPSec configuration Computer startup security Permits only the following traffic during computer startup Persistent policy for enhanced security Is applied before the local policy or the Active Directory–based policy

8 IPSec is based on an end-to-end security model that establishes trust and security from a source IP to a destination IP address. Any computers that only route data from source to destination are not required to support IPSec, unless firewall-type packet filtering or network address translation (NAT) is in place. This model allows for the successful deployment of IPSec in the following enterprise scenarios: Local area network (LAN): client/server and peer-to-peer Wide area network (WAN): router-to-router and gateway-to-gateway using IPSec tunnels Remote access: dial-up clients and Internet access from private networks IPSec tunnel mode When you use IPSec tunnel mode, IPSec encrypts the IP header and the payload. Tunnel mode provides the protection of an entire IP packet. IPSec transport mode Transport mode is the default mode IPSec encrypts only the IP payload.

9 Advantages and Disadvantages of IPSec
Flexible security protocols Transparent to users and applications Authentication Confidentiality Open industry (IETF) standards Data integrity Dynamic rekeying Secure end-to-end links Easy implementation and centralized management by using policies Disadvantages Administrative overhead Increased performance requirement Supportability Policy management Local policy configuration

10 IPSec Security Services
Feature Description Automatic key management IKE services dynamically exchange and manage keys between communicating computers Automatic security negotiation IKE services dynamically negotiate a common set of security settings using IKE services Public key infrastructure support IPSec supports the use of public key certificates for authentication Preshared key support IPSec can use a preshared key for authentication

11 Authentication Methods
Kerberos V5 The default authentication method for IPSec Public key certificates Using this authentication method, security credentials can be presented without being compromised in the process Preshared key authentication Both parties agree on a shared, secret key that is used for authentication in an IPSec policy

12 Using policy-based management
How IPSec Is Deployed Using policy-based management Easy management Easy implementation Eliminates administrative overhead Using local policies One local policy Group Policy settings can be stored on individual computers

13 Policy-based configuration management
You can assign IPSec policies through Group Policy configuration of Active Directory domains and organizational units. This allows the IPSec policy to be assigned at the site, domain, or organizational unit level, eliminating the administrative overhead of configuring each computer separately. IPSec Encapsulating Security Payload (ESP) packets can now pass through a NAT device that allows UDP traffic. The Internet Key Exchange (IKE) protocol automatically detects the presence of a NAT device and uses UDP. ESP encapsulation to allow IPSec traffic to pass through the NAT device. Refs:

Download ppt "Internet Protocol Security (IPSec)"

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Internet Security CS457 Seminar Zhao Cheng. Security attacks interruption, interception, modification, fabrication passive attack, active attack.

Internet Security CS457 Seminar Zhao Cheng. Security attacks interruption, interception, modification, fabrication passive attack, active attack.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Agenda Virtual Private Networks (VPNs) Motivation and Basics Deployment Topologies IPSEC (IP Security) Authentication Header (AH) Encapsulating Security.

Agenda Virtual Private Networks (VPNs) Motivation and Basics Deployment Topologies IPSEC (IP Security) Authentication Header (AH) Encapsulating Security.
1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT 09.11.2005.

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
SCSC 455 Computer Security Virtual Private Network (VPN)

SCSC 455 Computer Security Virtual Private Network (VPN)
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Virtual Private Networks and IPSec

Virtual Private Networks and IPSec
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Copyright Microsoft Corp. 2006 Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.

Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.
Chapter 11: Dial-Up Connectivity in Remote Access Designs

Chapter 11: Dial-Up Connectivity in Remote Access Designs

Similar presentations

Ads by Google