Presentation is loading. Please wait.

Presentation is loading. Please wait.

Protocol Basics. IPSec Provides two modes of protection –Tunnel Mode –Transport Mode Authentication and Integrity Confidentiality Replay Protection.

Published byAmanda Beasley Modified over 8 years ago

Similar presentations

Presentation on theme: "Protocol Basics. IPSec Provides two modes of protection –Tunnel Mode –Transport Mode Authentication and Integrity Confidentiality Replay Protection."— Presentation transcript:

1 Protocol Basics

2 IPSec Provides two modes of protection –Tunnel Mode –Transport Mode Authentication and Integrity Confidentiality Replay Protection

3 Tunnel Mode Encapsulates the entire IP packet within IPSec protection Tunnels can be created between several different node types –Gateway to gateway –Host to gateway –Host to host

4 Three Types of Tunnels Host to Host Host to Gateway Gateway to Gateway

5 Transport Mode Encapsulates only the transport layer information within IPSec protection Can only be created between host nodes

6 Authentication and Integrity Verification of the origin of data Assurance that data sent is the data received Assurance that the network headers have not changed since the data was sent

7 Confidentiality Encrypts data to protect against eavesdropping Can hide data source when encryption is used over a tunnel

8 Replay Prevention Causes retransmitted packets to be dropped.

9 IPSec Protection Protocols Authentication Header –Authenticates payload data –Authenticates network header –Gives anti-replay protection Encapsulated Security Payload –Encrypts payload data –Authenticates payload data –Gives anti-replay protection

10 IPSec AH in Transport Mode Data TCP Hdr Orig IP Hdr Data TCP Hdr AH Hdr Orig IP Hdr Integrity hash coverage (except for mutable fields in IP hdr) Insert © 2000 Microsoft Corporation

11 IPSec AH in Tunnel ModeData TCP Hdr Orig IP Hdr Integrity hash coverage (except for mutable new IP hdr fields) IP Hdr AH Hdr AH HdrData TCP Hdr Orig IP Hdr New IP header with source & destination IP address © 2000 Microsoft Corporation

12 IPSec ESP in Transport Mode Data TCP Hdr Orig IP Hdr Data TCP Hdr ESP Hdr Orig IP Hdr ESP Trailer ESP Auth Usually encrypted integrity hash coverage Insert Append © 2000 Microsoft Corporation

13 IPSec ESP Tunnel ModeData TCP Hdr Orig IP Hdr ESP Trailer ESP Auth Usually encrypted integrity hash coverage Data TCP Hdr ESP Hdr IP Hdr IP HdrIPHdr New IP header with source & destination IP address © 2000 Microsoft Corporation

14 IPSec Basic Architecture IPSec Driver Policy Agent Internet Key Exchange (IKE) Policy Agent IKE IPSec Driver TCP/IP Driver

15 IPSec Driver Monitors and Secures IP traffic –Encryption and Authentication of outbound packets –Decryption and Authentication of inbound packets –Prompts IKE to negotiate secure channels as needed Maintains secure channel state information

16 Policy Agent Maintains IPSec policy and state information Distributes filter rule sets to the IPSec Driver Distributes authentication and security settings to IKE

17 IKE Negotiates secure channels based on settings received from the Policy Agent Distributes secure channel information to the IPSec driver

18 How It All Fits Together Tunnel Transport

19 Sending in Transport Mode Application Transport IP Physical IPSec PhysicalIPIPSecTCPApplicationData

20 Sending in Tunnel Mode PhysicalIPIPSecTCPApplicationData IPIPSecTCPApplicationData InnerIPIPSecTCPApplicationDataIPSecOuterIPPhysical IP Physical IPSecIP Physical IPSec

21 Receiving in Tunnel Mode PhysicalIPIPSecTCPApplicationData IPIPSecTCPApplicationData InnerIPIPSecTCPApplicationDataIPSecOuterIPPhysical IP Physical IPSecIP Physical IPSec

22 Receiving in Transport Mode Application Transport IP Physical IPSec PhysicalIPIPSecTCPApplicationData

23 Layer Two Tunneling Protocol (L2TP) Provides –Provides PPP encapsulation over IP –VPN services Doesn’t Provide –A method of encryption for it’s traffic –Protection against injection of packets into an open L2TP session

24 How L2TP Works Application L2TP PPP Driver Layer TCP, UDP NIC IPSec IP L2TP/IPSec 4 3 5 IKE Service 2 1 control

25 Kerberos Provides authentication of network server and client

26 What Kerberos Provides Mutual authentication of parties

27 How Kerberos Works KDC ClientApplicationServer ASTGS Authorization Request Ticket Granting Ticket Ticket Request Ticket Ticket

28 Public Key Infrastructure Basics

29 How Public Keys Are Used for Authentication

30 What’s In a Certificate?

31 How PKI Works

Download ppt "Protocol Basics. IPSec Provides two modes of protection –Tunnel Mode –Transport Mode Authentication and Integrity Confidentiality Replay Protection."

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.2: IPsec.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.2: IPsec.
CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Internet Security CSCE 813 IPsec

Internet Security CSCE 813 IPsec
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
IPSec In Depth. Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication.

IPSec In Depth. Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206) 217-7048

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.

IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.
Security at the Network Layer: IPSec

Security at the Network Layer: IPSec
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT 09.11.2005.

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.

1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.

IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 

Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.

IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.
IP Security. IPSEC Objectives n Band-aid for IPv4 u Spoofing a problem u Not designed with security or authentication in mind n IP layer mechanism for.

IP Security. IPSEC Objectives n Band-aid for IPv4 u Spoofing a problem u Not designed with security or authentication in mind n IP layer mechanism for.

Similar presentations

Ads by Google