Abstract image of a woman sitting on books and studying on a laptop

IP Protocol Security

D
David Barker

- IPsec is an IETF standard that defines how to securely configure remote or site-to-site VPNs at the network layer. It provides data encryption and authentication for TCP/IP applications. - IPsec uses encryption and authentication mechanisms to encrypt all IP traffic, requiring certificates or pre-shared keys. It functions at the network layer and generally cannot be used with NAT proxies.

Internet
1 of 47
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
IP Protocol Security
IPsec is an IETF standard that defines how a remote or site-to- siteVPN can be configured at the Network Layer
IPsec is an IETF standard that defines how a remote or site-to- siteVPN can be configured at the Network Layer Provides Data Encryption to secureTCP/IP based Applications
Used with IP only!
Used with IP only! Encrypts any traffic using the IP Protocol!
Used with IP only! Both Encryption and Authentication Mechanisms! Encrypts any traffic using the IP Protocol!
Used with IP only! Both Encryption and Authentication Mechanisms! Encrypts any traffic using the IP Protocol! Requires Certificates of Pre Shared Keys!
Used with IP only! Both Encryption and Authentication Mechanisms! Encrypts any traffic using the IP Protocol! Requires Certificates of Pre Shared Keys! Functions at the Network Layer!
Used with IP only! Both Encryption and Authentication Mechanisms! Encrypts any traffic using the IP Protocol! Requires Certificates of Pre Shared Keys! Functions at the Network Layer! Generally can’t be used with a NAT proxy Deployment..
Used with IP only! Both Encryption and Authentication Mechanisms! Encrypts any traffic using the IP Protocol! Requires Certificates of Pre Shared Keys! Functions at the Network Layer! Generally can’t be used with a NAT proxy Deployment.. Can be used with L2TP or alone to protect data!
Used with IP only! Both Encryption and Authentication Mechanisms! Encrypts any traffic using the IP Protocol! Requires Certificates of Pre Shared Keys! Functions at the Network Layer! Generally can’t be used with a NAT proxy Deployment.. Uses UDP Port 500.. Can be used with L2TP or alone to protect data!
Used with IP only! Both Encryption and Authentication Mechanisms! Encrypts any traffic using the IP Protocol! Requires Certificates of Pre Shared Keys! Functions at the Network Layer! Generally can’t be used with a NAT proxy Deployment.. Uses UDP Port 500.. Can be used with L2TP or alone to protect data! Most secure configuration => Provides Confidentiality, Integrity, Authentication and Anti-Replay Attack.
VPNs and IPsec provide Essential Services for remote connectivity! Used with IP only! Both Encryption and Authentication Mechanisms! Encrypts any traffic using the IP Protocol! Requires Certificates of Pre Shared Keys! Functions at the Network Layer! Generally can’t be used with a NAT proxy Deployment.. Uses UDP Port 500.. Can be used with L2TP or alone to protect data! Most secure configuration => Provides Confidentiality, Integrity, Authentication and Anti-Replay Attack.
IP Protocol Security
• Services offered on a static topology are essential.
• Services offered on a static topology are essential. • Services offered on a dynamic topology are emerging.
• Services offered on a static topology are essential. • Services offered on a dynamic topology are emerging. • Today there’s a Gap to fill in mobile services.
• Services offered on a static topology are essential. • Services offered on a dynamic topology are emerging. • Today there’s a Gap to fill in mobile services. • Private  Public  Private data flow =VPN.
• Services offered on a static topology are essential. • Services offered on a dynamic topology are emerging. • Today there’s a Gap to fill in mobile services. • Private  Public  Private data flow =VPN. • Trending toward mobile nodes NOW!
• Services offered on a static topology are essential. • Services offered on a dynamic topology are emerging. • Today there’s a Gap to fill in mobile services. • Private  Public  Private data flow =VPN. • Trending toward mobile nodes NOW! • Mobile devices will have Layer 3 switching embedded.
• Services offered on a static topology are essential. • Services offered on a dynamic topology are emerging. • Today there’s a Gap to fill in mobile services. • Private  Public  Private data flow =VPN. • Trending toward mobile nodes NOW! • Mobile devices will have Layer 3 switching embedded. • Routers will become obselete.
• VPNs have become an essential service.
• VPNs have become an essential service. • Discretionary access rights for individual users allowed.
• VPNs have become an essential service. • Discretionary access rights for individual users allowed. • Role Based access rights for user groups allowed.
• VPNs have become an essential service. • Discretionary access rights for individual users allowed. • Role Based access rights for user groups allowed. • Users essential take their office with them.
• VPNs have become an essential service. • Discretionary access rights for individual users allowed. • Role Based access rights for user groups allowed. • Users essential take their office with them. • VPN method implemented based on access, policy and procedures of the organization.
• VPNs have become an essential service. • Discretionary access rights for individual users allowed. • Role Based access rights for user groups allowed. • Users essential take their office with them. • VPN method implemented based on access, policy and procedures of the organization. • Two primary protocols forVPN deployment.
• VPNs have become an essential service. • Discretionary access rights for individual users allowed. • Role Based access rights for user groups allowed. • Users essential take their office with them. • VPN method implemented based on access, policy and procedures of the organization. • Two primary protocols forVPN deployment. 1. IPSec for Site-to-Site.
• VPNs have become an essential service. • Discretionary access rights for individual users allowed. • Role Based access rights for user groups allowed. • Users essential take their office with them. • VPN method implemented based on access, policy and procedures of the organization. • Two primary protocols forVPN deployment. 1. IPSec for Site-to-Site. 2. SSL – Remote Access
1. If ease of Configuration and support is an issue.  Use SSL
1. If ease of Configuration and support is an issue.  Use SSL 2. If security is the issue. Use IPSec.
1. If ease of Configuration and support is an issue.  Use SSL 2. If security is the issue. Use IPSec. 3. If using IPv6.  Use IPSec.
1. If ease of Configuration and support is an issue.  Use SSL 2. If security is the issue. Use IPsec. 3. If using IPv6.  Use IPsec.
IPsec exceeds SSL in many significant ways: Number of applications that are supported Strength of encryption Strength of authentication Overall security When security is an issue, IPsec is the superior choice. If support and ease of deployment are the primary issues, consider SSL.
IP Protocol Security
Confidentiality • IPsec provides security features, such as strong encryption algorithms.
Symmetric Encryption • Symmetric algorithms such as AES required shared keys. • Each device requires the same key to decode information. • Knowledge of which devices interact must be known so the same key can be configured on each device.
Asymmetric Encryption • Asymmetric uses different keys. • One encrypts, the other decrypts. • Impossible to decode using the same keys.
Data Integrity • Diffe-Hellman is not an encryption mechanism • The algorithms allow two parties to establish a shared key. • This key is used by encryp0tion and hash algorithms.
Data Integrity and Authentication • Hashes provide Integrity and Authentication. • The hash (message digest) creates a unique value for set of data. • IFF hashes are equal, the data is not altered.
Data Integrity • PSK – Configured one each peer manually and used to authenticate each end. • PSK is combined with other information to form the authentication key.
Authentication • Authentication Header is used when confidentiality is not required or permitted. • Authentication and Integrity are established between each system. • All text is transported in clear text.
Authentication • Authentication Header is used when confidentiality is not required or permitted. • Authentication and Integrity are established between each system. • All text is transported in clear text. • Encapsulating Security Payload – Provides Confidentiality and Authentication by encryption. • IP packet encryption conceals the data and identities of the end devices. • In IPsec, at least one of these must be used.
IPsec framework protocol - When configuring an IPsec gateway to provide security services, an IPsec protocol must be selected.The choices are some combination of ESP and AH. Realistically, the ESP or ESP+AH options are almost always selected because AH itself does not provide encryption, as shown in Figure 3. Confidentiality (If IPsec is implemented with ESP) -The encryption algorithm chosen should best meet the desired level of security: DES, 3DES, or AES. AES is strongly recommended, with AES-GCM providing the greatest security. Integrity - Guarantees that the content has not been altered in transit. Implemented through the use of hash algorithms. Choices include MD5 and SHA. Authentication - Represents how devices on either end of theVPN tunnel are authenticated.The two methods are PSK or RSA. DH algorithm group - Represents how a shared secret key is established between peers.There are several options, but DH24 provides the greatest security. IP Protocol Framework
IPsec, an IETF standard, is a secure tunnel operating at Layer 3 of the OSI model that can protect and authenticate IP packets between IPsec peers. It can provide confidentiality by using encryption, data integrity, authentication, and anti- replay protection. Data integrity is provided by using a hash algorithm, such as MD5 or SHA.Authentication is provided by the PSK or RSA peer authentication method. The level of confidentiality provided by encryption depends on the algorithm used and the key length. Encryption can be symmetrical or asymmetrical. DH is a method used to securely exchange the keys to encrypt data. Summary
IP Protocol Security
IP Protocol Security

More Related Content

PPTX
Internet protocol security
farhan516
 
PPTX
Internet security protocol
Mousmi Pawar
 
PDF
8 Authentication Security Protocols
guestfbf635
 
PPTX
IP Security
Keshab Nath
 
PPTX
Cyber security
SAKSHIMAHADIK
 
PPT
Lecture 5 ip security
rajakhurram
 
PDF
Wireless Cracking using Kali
n|u - The Open Security Community
 
PDF
BAIT1103 Chapter 6
limsh
 
Internet protocol security
farhan516
 
Internet security protocol
Mousmi Pawar
 
8 Authentication Security Protocols
guestfbf635
 
IP Security
Keshab Nath
 
Cyber security
SAKSHIMAHADIK
 
Lecture 5 ip security
rajakhurram
 
Wireless Cracking using Kali
n|u - The Open Security Community
 
BAIT1103 Chapter 6
limsh
 

What's hot (19)

PPSX
WPA2
Mshari Alabdulkarim
 
PPT
Websecurity
Merve Bilgen
 
PPTX
Wpa vs Wpa2
Nzava Luwawa
 
PPS
Workshop on Wireless Security
amiable_indian
 
PPTX
Ip security
Naveen Dubey
 
PPT
5169 wireless network_security_amine_k
Rama Krishna M
 
PPT
Firewall
Amuthavalli Nachiyar
 
PPTX
Wireless Security null seminar
Nilesh Sapariya
 
PPTX
Wireless network security
Vishal Agarwal
 
PDF
Web Security
Dr.Florence Dayana
 
PPTX
ip security
Chirag Patel
 
PPT
Ipsec
Rupesh Mishra
 
PPTX
Keymanagement of ipsec
PACHIYAPPAN PACHIYAPPAS
 
PPTX
Wireless security using wpa2
Tushar Anand
 
PDF
IP Security
Ambo University
 
PPTX
Wireless network security
Shahid Beheshti University
 
PPTX
Virtual Private Network
Rajendra Dangwal
 
PPTX
Wpa2 psk security measure
Shivam Singh
 
PPTX
802.11i
akruthi k
 
WPA2
Mshari Alabdulkarim
 
Websecurity
Merve Bilgen
 
Wpa vs Wpa2
Nzava Luwawa
 
Workshop on Wireless Security
amiable_indian
 
Ip security
Naveen Dubey
 
5169 wireless network_security_amine_k
Rama Krishna M
 
Firewall
Amuthavalli Nachiyar
 
Wireless Security null seminar
Nilesh Sapariya
 
Wireless network security
Vishal Agarwal
 
Web Security
Dr.Florence Dayana
 
ip security
Chirag Patel
 
Ipsec
Rupesh Mishra
 
Keymanagement of ipsec
PACHIYAPPAN PACHIYAPPAS
 
Wireless security using wpa2
Tushar Anand
 
IP Security
Ambo University
 
Wireless network security
Shahid Beheshti University
 
Virtual Private Network
Rajendra Dangwal
 
Wpa2 psk security measure
Shivam Singh
 
802.11i
akruthi k
 
Ad

Viewers also liked (15)

PPTX
Secure Hash Algorithm (SHA-512)
DUET
 
PPTX
Message Authentication using Message Digests and the MD5 Algorithm
Ajay Karri
 
PPTX
Hash function
Harry Potter
 
PPTX
Hash Techniques in Cryptography
Basudev Saha
 
PPT
Network security and protocols
Online
 
PPT
Secure hashing algorithm
Karteek Paruchuri
 
PPT
Hash Function & Analysis
Pawandeep Kaur
 
PPTX
Hash Function
Siddharth Srivastava
 
PPT
Public Key Cryptography and RSA algorithm
Indra97065
 
PDF
RSA ALGORITHM
Dr. Shashank Shetty
 
PPT
NetworkSecurity.ppt
DreamMalar
 
PPTX
Secure Hash Algorithm
Vishakha Agarwal
 
PPTX
Network security
Madhumithah Ilango
 
PPT
Network security
Gichelle Amon
 
PPTX
RSA & MD5 algorithm
Siva Rushi
 
Secure Hash Algorithm (SHA-512)
DUET
 
Message Authentication using Message Digests and the MD5 Algorithm
Ajay Karri
 
Hash function
Harry Potter
 
Hash Techniques in Cryptography
Basudev Saha
 
Network security and protocols
Online
 
Secure hashing algorithm
Karteek Paruchuri
 
Hash Function & Analysis
Pawandeep Kaur
 
Hash Function
Siddharth Srivastava
 
Public Key Cryptography and RSA algorithm
Indra97065
 
RSA ALGORITHM
Dr. Shashank Shetty
 
NetworkSecurity.ppt
DreamMalar
 
Secure Hash Algorithm
Vishakha Agarwal
 
Network security
Madhumithah Ilango
 
Network security
Gichelle Amon
 
RSA & MD5 algorithm
Siva Rushi
 
Ad

Similar to IP Protocol Security (20)

PPTX
Module 8 - Ccna - Pre.pptx
AliMohamed855266
 
PDF
Cn36539543
IJERA Editor
 
PPTX
Network Security version Virtual Private Networks
Zaheer Parvez
 
DOCX
college assignment on Applications of ipsec
bigchill29
 
PPTX
Cryptography and Network security # Lecture 8
Kabul Education University
 
PPTX
PACE-IT: Networking Services and Applications (part 1) - N10 006
Pace IT at Edmonds Community College
 
PPTX
Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)
n|u - The Open Security Community
 
PPTX
IPSec VPN & IPSec Protocols
NetProtocol Xpert
 
PDF
VPN Theory
LJ PROJECTS
 
PPTX
chAPTER 19 INTERNET PROTOCOL SECURITY PRESENTATION
PragyanshuParadkar1
 
PDF
IP security and VPN presentation
KishoreTs3
 
PPTX
CryptoStandards and protocols for digital secure communications
bipinbhattarai12
 
PPT
Vpn
Kajal Thakkar
 
PPT
Unit 5.ppt
DHANABALSUBRAMANIAN
 
PPTX
Vpn(virtual private network)
sonangrai
 
PDF
A Comparative Research on SSL VPN and IPSec VPN
ijtsrd
 
PPT
Ip sec and ssl
Mohd Arif
 
PPT
Vp ns
Ayano Midakso
 
PDF
Curso: Redes y comunicaciones básicas: 03 VPN
Jack Daniel Cáceres Meza
 
PPT
Virtual Private Network
Greater Noida Institute Of Technology
 
Module 8 - Ccna - Pre.pptx
AliMohamed855266
 
Cn36539543
IJERA Editor
 
Network Security version Virtual Private Networks
Zaheer Parvez
 
college assignment on Applications of ipsec
bigchill29
 
Cryptography and Network security # Lecture 8
Kabul Education University
 
PACE-IT: Networking Services and Applications (part 1) - N10 006
Pace IT at Edmonds Community College
 
Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)
n|u - The Open Security Community
 
IPSec VPN & IPSec Protocols
NetProtocol Xpert
 
VPN Theory
LJ PROJECTS
 
chAPTER 19 INTERNET PROTOCOL SECURITY PRESENTATION
PragyanshuParadkar1
 
IP security and VPN presentation
KishoreTs3
 
CryptoStandards and protocols for digital secure communications
bipinbhattarai12
 
Vpn
Kajal Thakkar
 
Unit 5.ppt
DHANABALSUBRAMANIAN
 
Vpn(virtual private network)
sonangrai
 
A Comparative Research on SSL VPN and IPSec VPN
ijtsrd
 
Ip sec and ssl
Mohd Arif
 
Vp ns
Ayano Midakso
 
Curso: Redes y comunicaciones básicas: 03 VPN
Jack Daniel Cáceres Meza
 
Virtual Private Network
Greater Noida Institute Of Technology
 

Recently uploaded (20)

PDF
Buy Cash App Verified Accounts Instantly – Secure Crypto Deal.pdf
pvaonit
 
PDF
Course Overview and Agenda cloud security
ElsayedKowaydeh
 
PPTX
TITLE DEFENSE entitle the impact of social media on education
AgustoJerizMarfil
 
PDF
BIOCHEM CH2 OVERVIEW OF MICROBIOLOGY.pdf
tbasharababneh
 
PDF
Exploring VPS Hosting Trends for SMBs in 2025
Liquid Web
 
PDF
SlidesGDGoCxRAIS about Google Dialogflow and NotebookLM.pdf
minhtrietgect
 
PDF
simpleintnettestmetiaerl for the simple testint
sherlockholmes10009
 
PPTX
IPCNA VIRTUAL CLASSES INTERMEDIATE 6 PROJECT.pptx
AldoCharaRojas
 
PDF
Alethe Consulting Corporate Profile and Solution Aproach
debashisrakshit2025
 
PDF
mera desh ae watn.(a source of motivation and patriotism to the youth of the ...
DtMalhonSharma
 
PPTX
Top Website Bugs That Hurt User Experience – And How Expert Web Design Fixes
e-Definers Technology
 
PPTX
Layers_of_the_Earth_Grade7.pptx class by
varadhanvara05
 
PPTX
The-Importance-of-School-Sanitation.pptx
shinjanmandal111
 
PDF
Top 8 Trusted Sources to Buy Verified Cash App Accounts.pdf
How To Buy Verified Cash App Accounts
 
PPTX
t_and_OpenAI_Combined_two_pressentations
wuvjwfnaadbnzelauy
 
PDF
📍 LABUAN4D EXCLUSIVE SERVER STAR GAMING ASIA NO.1 TERPOPULER DI INDONESIA ! 🌟
alexiskandar061
 
PPTX
newyork.pptxirantrafgshenepalchinachinane
PrashantKoirala12
 
PPT
250152213-Excitation-SystemWERRT (1).ppt
woldemariamworku2
 
PDF
Lean-Manufacturing-Tools-Techniques-and-How-To-Use-Them.pdf
Turreteng
 
PPTX
Internet Safety for Seniors presentation
mwnorman1
 
Buy Cash App Verified Accounts Instantly – Secure Crypto Deal.pdf
pvaonit
 
Course Overview and Agenda cloud security
ElsayedKowaydeh
 
TITLE DEFENSE entitle the impact of social media on education
AgustoJerizMarfil
 
BIOCHEM CH2 OVERVIEW OF MICROBIOLOGY.pdf
tbasharababneh
 
Exploring VPS Hosting Trends for SMBs in 2025
Liquid Web
 
SlidesGDGoCxRAIS about Google Dialogflow and NotebookLM.pdf
minhtrietgect
 
simpleintnettestmetiaerl for the simple testint
sherlockholmes10009
 
IPCNA VIRTUAL CLASSES INTERMEDIATE 6 PROJECT.pptx
AldoCharaRojas
 
Alethe Consulting Corporate Profile and Solution Aproach
debashisrakshit2025
 
mera desh ae watn.(a source of motivation and patriotism to the youth of the ...
DtMalhonSharma
 
Top Website Bugs That Hurt User Experience – And How Expert Web Design Fixes
e-Definers Technology
 
Layers_of_the_Earth_Grade7.pptx class by
varadhanvara05
 
The-Importance-of-School-Sanitation.pptx
shinjanmandal111
 
Top 8 Trusted Sources to Buy Verified Cash App Accounts.pdf
How To Buy Verified Cash App Accounts
 
t_and_OpenAI_Combined_two_pressentations
wuvjwfnaadbnzelauy
 
📍 LABUAN4D EXCLUSIVE SERVER STAR GAMING ASIA NO.1 TERPOPULER DI INDONESIA ! 🌟
alexiskandar061
 
newyork.pptxirantrafgshenepalchinachinane
PrashantKoirala12
 
250152213-Excitation-SystemWERRT (1).ppt
woldemariamworku2
 
Lean-Manufacturing-Tools-Techniques-and-How-To-Use-Them.pdf
Turreteng
 
Internet Safety for Seniors presentation
mwnorman1
 

IP Protocol Security

  • 2. IPsec is an IETF standard that defines how a remote or site-to- siteVPN can be configured at the Network Layer
  • 3. IPsec is an IETF standard that defines how a remote or site-to- siteVPN can be configured at the Network Layer Provides Data Encryption to secureTCP/IP based Applications
  • 4. Used with IP only!
  • 5. Used with IP only! Encrypts any traffic using the IP Protocol!
  • 6. Used with IP only! Both Encryption and Authentication Mechanisms! Encrypts any traffic using the IP Protocol!
  • 7. Used with IP only! Both Encryption and Authentication Mechanisms! Encrypts any traffic using the IP Protocol! Requires Certificates of Pre Shared Keys!
  • 8. Used with IP only! Both Encryption and Authentication Mechanisms! Encrypts any traffic using the IP Protocol! Requires Certificates of Pre Shared Keys! Functions at the Network Layer!
  • 9. Used with IP only! Both Encryption and Authentication Mechanisms! Encrypts any traffic using the IP Protocol! Requires Certificates of Pre Shared Keys! Functions at the Network Layer! Generally can’t be used with a NAT proxy Deployment..
  • 10. Used with IP only! Both Encryption and Authentication Mechanisms! Encrypts any traffic using the IP Protocol! Requires Certificates of Pre Shared Keys! Functions at the Network Layer! Generally can’t be used with a NAT proxy Deployment.. Can be used with L2TP or alone to protect data!
  • 11. Used with IP only! Both Encryption and Authentication Mechanisms! Encrypts any traffic using the IP Protocol! Requires Certificates of Pre Shared Keys! Functions at the Network Layer! Generally can’t be used with a NAT proxy Deployment.. Uses UDP Port 500.. Can be used with L2TP or alone to protect data!
  • 12. Used with IP only! Both Encryption and Authentication Mechanisms! Encrypts any traffic using the IP Protocol! Requires Certificates of Pre Shared Keys! Functions at the Network Layer! Generally can’t be used with a NAT proxy Deployment.. Uses UDP Port 500.. Can be used with L2TP or alone to protect data! Most secure configuration => Provides Confidentiality, Integrity, Authentication and Anti-Replay Attack.
  • 13. VPNs and IPsec provide Essential Services for remote connectivity! Used with IP only! Both Encryption and Authentication Mechanisms! Encrypts any traffic using the IP Protocol! Requires Certificates of Pre Shared Keys! Functions at the Network Layer! Generally can’t be used with a NAT proxy Deployment.. Uses UDP Port 500.. Can be used with L2TP or alone to protect data! Most secure configuration => Provides Confidentiality, Integrity, Authentication and Anti-Replay Attack.
  • 15. • Services offered on a static topology are essential.
  • 16. • Services offered on a static topology are essential. • Services offered on a dynamic topology are emerging.
  • 17. • Services offered on a static topology are essential. • Services offered on a dynamic topology are emerging. • Today there’s a Gap to fill in mobile services.
  • 18. • Services offered on a static topology are essential. • Services offered on a dynamic topology are emerging. • Today there’s a Gap to fill in mobile services. • Private  Public  Private data flow =VPN.
  • 19. • Services offered on a static topology are essential. • Services offered on a dynamic topology are emerging. • Today there’s a Gap to fill in mobile services. • Private  Public  Private data flow =VPN. • Trending toward mobile nodes NOW!
  • 20. • Services offered on a static topology are essential. • Services offered on a dynamic topology are emerging. • Today there’s a Gap to fill in mobile services. • Private  Public  Private data flow =VPN. • Trending toward mobile nodes NOW! • Mobile devices will have Layer 3 switching embedded.
  • 21. • Services offered on a static topology are essential. • Services offered on a dynamic topology are emerging. • Today there’s a Gap to fill in mobile services. • Private  Public  Private data flow =VPN. • Trending toward mobile nodes NOW! • Mobile devices will have Layer 3 switching embedded. • Routers will become obselete.
  • 22. • VPNs have become an essential service.
  • 23. • VPNs have become an essential service. • Discretionary access rights for individual users allowed.
  • 24. • VPNs have become an essential service. • Discretionary access rights for individual users allowed. • Role Based access rights for user groups allowed.
  • 25. • VPNs have become an essential service. • Discretionary access rights for individual users allowed. • Role Based access rights for user groups allowed. • Users essential take their office with them.
  • 26. • VPNs have become an essential service. • Discretionary access rights for individual users allowed. • Role Based access rights for user groups allowed. • Users essential take their office with them. • VPN method implemented based on access, policy and procedures of the organization.
  • 27. • VPNs have become an essential service. • Discretionary access rights for individual users allowed. • Role Based access rights for user groups allowed. • Users essential take their office with them. • VPN method implemented based on access, policy and procedures of the organization. • Two primary protocols forVPN deployment.
  • 28. • VPNs have become an essential service. • Discretionary access rights for individual users allowed. • Role Based access rights for user groups allowed. • Users essential take their office with them. • VPN method implemented based on access, policy and procedures of the organization. • Two primary protocols forVPN deployment. 1. IPSec for Site-to-Site.
  • 29. • VPNs have become an essential service. • Discretionary access rights for individual users allowed. • Role Based access rights for user groups allowed. • Users essential take their office with them. • VPN method implemented based on access, policy and procedures of the organization. • Two primary protocols forVPN deployment. 1. IPSec for Site-to-Site. 2. SSL – Remote Access
  • 30. 1. If ease of Configuration and support is an issue.  Use SSL
  • 31. 1. If ease of Configuration and support is an issue.  Use SSL 2. If security is the issue. Use IPSec.
  • 32. 1. If ease of Configuration and support is an issue.  Use SSL 2. If security is the issue. Use IPSec. 3. If using IPv6.  Use IPSec.
  • 33. 1. If ease of Configuration and support is an issue.  Use SSL 2. If security is the issue. Use IPsec. 3. If using IPv6.  Use IPsec.
  • 34. IPsec exceeds SSL in many significant ways: Number of applications that are supported Strength of encryption Strength of authentication Overall security When security is an issue, IPsec is the superior choice. If support and ease of deployment are the primary issues, consider SSL.
  • 36. Confidentiality • IPsec provides security features, such as strong encryption algorithms.
  • 37. Symmetric Encryption • Symmetric algorithms such as AES required shared keys. • Each device requires the same key to decode information. • Knowledge of which devices interact must be known so the same key can be configured on each device.
  • 38. Asymmetric Encryption • Asymmetric uses different keys. • One encrypts, the other decrypts. • Impossible to decode using the same keys.
  • 39. Data Integrity • Diffe-Hellman is not an encryption mechanism • The algorithms allow two parties to establish a shared key. • This key is used by encryp0tion and hash algorithms.
  • 40. Data Integrity and Authentication • Hashes provide Integrity and Authentication. • The hash (message digest) creates a unique value for set of data. • IFF hashes are equal, the data is not altered.
  • 41. Data Integrity • PSK – Configured one each peer manually and used to authenticate each end. • PSK is combined with other information to form the authentication key.
  • 42. Authentication • Authentication Header is used when confidentiality is not required or permitted. • Authentication and Integrity are established between each system. • All text is transported in clear text.
  • 43. Authentication • Authentication Header is used when confidentiality is not required or permitted. • Authentication and Integrity are established between each system. • All text is transported in clear text. • Encapsulating Security Payload – Provides Confidentiality and Authentication by encryption. • IP packet encryption conceals the data and identities of the end devices. • In IPsec, at least one of these must be used.
  • 44. IPsec framework protocol - When configuring an IPsec gateway to provide security services, an IPsec protocol must be selected.The choices are some combination of ESP and AH. Realistically, the ESP or ESP+AH options are almost always selected because AH itself does not provide encryption, as shown in Figure 3. Confidentiality (If IPsec is implemented with ESP) -The encryption algorithm chosen should best meet the desired level of security: DES, 3DES, or AES. AES is strongly recommended, with AES-GCM providing the greatest security. Integrity - Guarantees that the content has not been altered in transit. Implemented through the use of hash algorithms. Choices include MD5 and SHA. Authentication - Represents how devices on either end of theVPN tunnel are authenticated.The two methods are PSK or RSA. DH algorithm group - Represents how a shared secret key is established between peers.There are several options, but DH24 provides the greatest security. IP Protocol Framework
  • 45. IPsec, an IETF standard, is a secure tunnel operating at Layer 3 of the OSI model that can protect and authenticate IP packets between IPsec peers. It can provide confidentiality by using encryption, data integrity, authentication, and anti- replay protection. Data integrity is provided by using a hash algorithm, such as MD5 or SHA.Authentication is provided by the PSK or RSA peer authentication method. The level of confidentiality provided by encryption depends on the algorithm used and the key length. Encryption can be symmetrical or asymmetrical. DH is a method used to securely exchange the keys to encrypt data. Summary

Editor's Notes