SlideShare a Scribd company logo

rooster-ipsecindepth.ppt

Download as PPT, PDF
I
ImXaib

Rs

Education
1 of 14
IPSec In Depth
Encapsulated Security Payload (ESP) • Must encrypt and/or authenticate in each packet • Encryption occurs before authentication • Authentication is applied to data in the IPSec header as well as the data contained as payload
IPSec Encapsulating Security Payload (ESP) in Transport Mode Data TCP Hdr Orig IP Hdr Data TCP Hdr ESP Hdr Orig IP Hdr ESP Trailer ESP Auth Usually encrypted integrity hash coverage SecParamIndex Padding PadLength NextHdr Seq# Keyed Hash 22-36 bytes total InitVector ESP is IP protocol 50 Insert Append © 2000 Microsoft Corporation
IPSec ESP Tunnel Mode Data TCP Hdr Orig IP Hdr ESP Auth Usually encrypted integrity hash coverage Data TCP Hdr ESP Hdr IP Hdr IPHdr New IP header with source & destination IP address © 2000 Microsoft Corporation ESP Trailer
Authentication Header (AH) • Authentication is applied to the entire packet, with the mutable fields in the IP header zeroed out • If both ESP and AH are applied to a packet, AH follows ESP
IPSec Authentication Header (AH) in Transport Mode Data TCP Hdr Orig IP Hdr Data TCP Hdr AH Hdr Orig IP Hdr Next Hdr Payload Len Rsrv SecParamIndex Keyed Hash Integrity hash coverage (except for mutable fields in IP hdr) Seq# 24 bytes total AH is IP protocol 51 Insert © 2000 Microsoft Corporation
IPSec AH Tunnel Mode Data TCP Hdr Orig IP Hdr Integrity hash coverage (except for mutable new IP hdr fields) IP Hdr AH Hdr Data TCP Hdr Orig IP Hdr New IP header with source & destination IP address © 2000 Microsoft Corporation
Internet Key Exchange (IKE) • Phase I – Establish a secure channel(ISAKMP SA) – Authenticate computer identity • Phase II – Establishes a secure channel between computers intended for the transmission of data (IPSec SA)
Main Mode • Main mode negotiates an ISAKMP SA which will be used to create IPSec Sas • Three steps – SA negotiation – Diffie-Hellman and nonce exchange – Authentication
Main Mode (Kerberos) Initiator Responder Header, SA Proposals Header, Selected SA Proposal Header, D-H Key Exchange, Noncei, Kerberos Tokeni Header, D-H Key Exchange, Noncer, Kerberos Tokenr Header, Idi, Hashi Header, Idr, Hashr Encrypted
Main Mode (Certificate) Initiator Responder Header, D-H Key Exchange, Noncei Header, Idi, Certificatei, Signaturei, Certificate Request Header, D-H Key Exchange, Noncer,Certificate Request Header, Idr, Certificater, Signaturer Encrypted Header, SA Proposals Header, Selected SA Proposal
Main Mode (Pre-shared Key) Initiator Responder Header, D-H Key Exchange, Noncei Header, Idi, Hashi Header, D-H Key Exchange, Noncer Header, Idr, Hashr Encrypted Header, SA Proposals Header, Selected SA Proposal
Quick Mode • All traffic is encrypted using the ISAKMP Security Association • Each quick mode negotiation results in two IPSec Security Associations (one inbound, one outbound)
Quick Mode Negotiation Header, Hash Header, Connected Notification Encrypted Initiator Responder Header, IPSec Selected SA Header, IPSec Proposed SA

Recommended

Rooster ipsecindepth
Rooster ipsecindepthRooster ipsecindepth
Rooster ipsecindepthdharajani
 
Ip security in i psec
Ip security in i psecIp security in i psec
Ip security in i psecMohd Arif
 
IP security Part 1
IP security Part 1IP security Part 1
IP security Part 1CAS
 
Ip sec talk
Ip sec talkIp sec talk
Ip sec talkanoean
 
Ipsec
IpsecIpsec
IpsecBaidyanath Dutta
 
05 06 ike
05 06 ike05 06 ike
05 06 ikeBabaa Naya
 
Ip sec and ssl
Ip sec and sslIp sec and ssl
Ip sec and sslMohd Arif
 
8.X Sec & I Pv6
8.X Sec & I Pv68.X Sec & I Pv6
8.X Sec & I Pv6phanleson
 

Recommended

Rooster ipsecindepth
Rooster ipsecindepthRooster ipsecindepth
Rooster ipsecindepthdharajani
 
Ip security in i psec
Ip security in i psecIp security in i psec
Ip security in i psecMohd Arif
 
IP security Part 1
IP security Part 1IP security Part 1
IP security Part 1CAS
 
Ip sec talk
Ip sec talkIp sec talk
Ip sec talkanoean
 
Ipsec
IpsecIpsec
IpsecBaidyanath Dutta
 
05 06 ike
05 06 ike05 06 ike
05 06 ikeBabaa Naya
 
Ip sec and ssl
Ip sec and sslIp sec and ssl
Ip sec and sslMohd Arif
 
8.X Sec & I Pv6
8.X Sec & I Pv68.X Sec & I Pv6
8.X Sec & I Pv6phanleson
 
Ip security
Ip securityIp security
Ip securityJithuK6
 
Ip Sec
Ip SecIp Sec
Ip SecRam Dutt Shukla
 
Ip Sec Rev1
Ip Sec Rev1Ip Sec Rev1
Ip Sec Rev1Ram Dutt Shukla
 
Computer network (4)
Computer network (4)Computer network (4)
Computer network (4)NYversity
 
Ip Sec
Ip SecIp Sec
Ip SecRam Dutt Shukla
 
I psec
I psecI psec
I psecahmad1986jor
 
IPsec for IMS
IPsec for IMSIPsec for IMS
IPsec for IMSHossein Yavari
 
I psec
I psecI psec
I psecnlekh
 
Ipsec 2
Ipsec 2Ipsec 2
Ipsec 2Sourabh Badve
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network SecurityKathirvel Ayyaswamy
 
IP SEC.ptx
IP SEC.ptxIP SEC.ptx
IP SEC.ptxMamoonKhan40
 
Lecture14..pdf
Lecture14..pdfLecture14..pdf
Lecture14..pdfAlaaElhaddad3
 
Phifer 3 30_04
Phifer 3 30_04Phifer 3 30_04
Phifer 3 30_04Ayano Midakso
 
IP security
IP securityIP security
IP securityshraddha mane
 
Cryptography
CryptographyCryptography
CryptographyTechprahlad
 
Cyber forensics
Cyber forensicsCyber forensics
Cyber forensicsGopal Karthik
 
IPSec (Internet Protocol Security) - PART 1
IPSec (Internet Protocol Security) - PART 1IPSec (Internet Protocol Security) - PART 1
IPSec (Internet Protocol Security) - PART 1Shobhit Sharma
 
Ipsec
IpsecIpsec
IpsecRupesh Mishra
 
The Security layer
The Security layerThe Security layer
The Security layerSwetha S
 
IPsec with AH
IPsec with AHIPsec with AH
IPsec with AHjtlevesque
 
ERD introduction in databases model.pptx
ERD introduction in databases model.pptxERD introduction in databases model.pptx
ERD introduction in databases model.pptxImXaib
 
SDA presentation the basics of computer science .pptx
SDA presentation the basics of computer science .pptxSDA presentation the basics of computer science .pptx
SDA presentation the basics of computer science .pptxImXaib
 

More Related Content

Similar to rooster-ipsecindepth.ppt

Ip security
Ip securityIp security
Ip securityJithuK6
 
Computer network (4)
Computer network (4)Computer network (4)
Computer network (4)NYversity
 
I psec
I psecI psec
I psecnlekh
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network SecurityKathirvel Ayyaswamy
 
IPSec (Internet Protocol Security) - PART 1
IPSec (Internet Protocol Security) - PART 1IPSec (Internet Protocol Security) - PART 1
IPSec (Internet Protocol Security) - PART 1Shobhit Sharma
 
The Security layer
The Security layerThe Security layer
The Security layerSwetha S
 

Similar to rooster-ipsecindepth.ppt (20)

Ip security
Ip securityIp security
Ip security
 
Ip Sec
Ip SecIp Sec
Ip Sec
 
Ip Sec Rev1
Ip Sec Rev1Ip Sec Rev1
Ip Sec Rev1
 
Computer network (4)
Computer network (4)Computer network (4)
Computer network (4)
 
Ip Sec
Ip SecIp Sec
Ip Sec
 
I psec
I psecI psec
I psec
 
IPsec for IMS
IPsec for IMSIPsec for IMS
IPsec for IMS
 
I psec
I psecI psec
I psec
 
Ipsec 2
Ipsec 2Ipsec 2
Ipsec 2
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security
 
IP SEC.ptx
IP SEC.ptxIP SEC.ptx
IP SEC.ptx
 
Lecture14..pdf
Lecture14..pdfLecture14..pdf
Lecture14..pdf
 
Phifer 3 30_04
Phifer 3 30_04Phifer 3 30_04
Phifer 3 30_04
 
IP security
IP securityIP security
IP security
 
Cryptography
CryptographyCryptography
Cryptography
 
Cyber forensics
Cyber forensicsCyber forensics
Cyber forensics
 
IPSec (Internet Protocol Security) - PART 1
IPSec (Internet Protocol Security) - PART 1IPSec (Internet Protocol Security) - PART 1
IPSec (Internet Protocol Security) - PART 1
 
Ipsec
IpsecIpsec
Ipsec
 
The Security layer
The Security layerThe Security layer
The Security layer
 
IPsec with AH
IPsec with AHIPsec with AH
IPsec with AH
 

More from ImXaib

ERD introduction in databases model.pptx
ERD introduction in databases model.pptxERD introduction in databases model.pptx
ERD introduction in databases model.pptxImXaib
 
SDA presentation the basics of computer science .pptx
SDA presentation the basics of computer science .pptxSDA presentation the basics of computer science .pptx
SDA presentation the basics of computer science .pptxImXaib
 
terminal a clear presentation on the topic.pptx
terminal a clear presentation on the topic.pptxterminal a clear presentation on the topic.pptx
terminal a clear presentation on the topic.pptxImXaib
 
What is Machine Learning_updated documents.pptx
What is Machine Learning_updated documents.pptxWhat is Machine Learning_updated documents.pptx
What is Machine Learning_updated documents.pptxImXaib
 
Grid Computing and it's applications.PPTX
Grid Computing and it's applications.PPTXGrid Computing and it's applications.PPTX
Grid Computing and it's applications.PPTXImXaib
 
Firewall.pdf
Firewall.pdfFirewall.pdf
Firewall.pdfImXaib
 
4966709.ppt
4966709.ppt4966709.ppt
4966709.pptImXaib
 
lecture2.ppt
lecture2.pptlecture2.ppt
lecture2.pptImXaib
 
Tools.pptx
Tools.pptxTools.pptx
Tools.pptxImXaib
 
lec3_10.ppt
lec3_10.pptlec3_10.ppt
lec3_10.pptImXaib
 
ch12.ppt
ch12.pptch12.ppt
ch12.pptImXaib
 
Fullandparavirtualization.ppt
Fullandparavirtualization.pptFullandparavirtualization.ppt
Fullandparavirtualization.pptImXaib
 
mis9_ch08_ppt.ppt
mis9_ch08_ppt.pptmis9_ch08_ppt.ppt
mis9_ch08_ppt.pptImXaib
 
Policy formation and enforcement.ppt
Policy formation and enforcement.pptPolicy formation and enforcement.ppt
Policy formation and enforcement.pptImXaib
 
Database schema architecture.ppt
Database schema architecture.pptDatabase schema architecture.ppt
Database schema architecture.pptImXaib
 
Transport layer security.ppt
Transport layer security.pptTransport layer security.ppt
Transport layer security.pptImXaib
 
Trends in DM.pptx
Trends in DM.pptxTrends in DM.pptx
Trends in DM.pptxImXaib
 
AleksandrDoroninSlides.ppt
AleksandrDoroninSlides.pptAleksandrDoroninSlides.ppt
AleksandrDoroninSlides.pptImXaib
 
dm15-visualization-data-mining.ppt
dm15-visualization-data-mining.pptdm15-visualization-data-mining.ppt
dm15-visualization-data-mining.pptImXaib
 
Cyber Crime.pptx
Cyber Crime.pptxCyber Crime.pptx
Cyber Crime.pptxImXaib
 

More from ImXaib (20)

ERD introduction in databases model.pptx
ERD introduction in databases model.pptxERD introduction in databases model.pptx
ERD introduction in databases model.pptx
 
SDA presentation the basics of computer science .pptx
SDA presentation the basics of computer science .pptxSDA presentation the basics of computer science .pptx
SDA presentation the basics of computer science .pptx
 
terminal a clear presentation on the topic.pptx
terminal a clear presentation on the topic.pptxterminal a clear presentation on the topic.pptx
terminal a clear presentation on the topic.pptx
 
What is Machine Learning_updated documents.pptx
What is Machine Learning_updated documents.pptxWhat is Machine Learning_updated documents.pptx
What is Machine Learning_updated documents.pptx
 
Grid Computing and it's applications.PPTX
Grid Computing and it's applications.PPTXGrid Computing and it's applications.PPTX
Grid Computing and it's applications.PPTX
 
Firewall.pdf
Firewall.pdfFirewall.pdf
Firewall.pdf
 
4966709.ppt
4966709.ppt4966709.ppt
4966709.ppt
 
lecture2.ppt
lecture2.pptlecture2.ppt
lecture2.ppt
 
Tools.pptx
Tools.pptxTools.pptx
Tools.pptx
 
lec3_10.ppt
lec3_10.pptlec3_10.ppt
lec3_10.ppt
 
ch12.ppt
ch12.pptch12.ppt
ch12.ppt
 
Fullandparavirtualization.ppt
Fullandparavirtualization.pptFullandparavirtualization.ppt
Fullandparavirtualization.ppt
 
mis9_ch08_ppt.ppt
mis9_ch08_ppt.pptmis9_ch08_ppt.ppt
mis9_ch08_ppt.ppt
 
Policy formation and enforcement.ppt
Policy formation and enforcement.pptPolicy formation and enforcement.ppt
Policy formation and enforcement.ppt
 
Database schema architecture.ppt
Database schema architecture.pptDatabase schema architecture.ppt
Database schema architecture.ppt
 
Transport layer security.ppt
Transport layer security.pptTransport layer security.ppt
Transport layer security.ppt
 
Trends in DM.pptx
Trends in DM.pptxTrends in DM.pptx
Trends in DM.pptx
 
AleksandrDoroninSlides.ppt
AleksandrDoroninSlides.pptAleksandrDoroninSlides.ppt
AleksandrDoroninSlides.ppt
 
dm15-visualization-data-mining.ppt
dm15-visualization-data-mining.pptdm15-visualization-data-mining.ppt
dm15-visualization-data-mining.ppt
 
Cyber Crime.pptx
Cyber Crime.pptxCyber Crime.pptx
Cyber Crime.pptx
 

Recently uploaded

Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementmkooblal
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...M56BOOKSTORE PRODUCT/SERVICE
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...jaredbarbolino94
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,Virag Sontakke
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentInMediaRes1
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxsocialsciencegdgrohi
 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxJiesonDelaCerna
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 

Recently uploaded (20)

Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of management
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media Component
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptx
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 

rooster-ipsecindepth.ppt

  • 2. Encapsulated Security Payload (ESP) • Must encrypt and/or authenticate in each packet • Encryption occurs before authentication • Authentication is applied to data in the IPSec header as well as the data contained as payload
  • 3. IPSec Encapsulating Security Payload (ESP) in Transport Mode Data TCP Hdr Orig IP Hdr Data TCP Hdr ESP Hdr Orig IP Hdr ESP Trailer ESP Auth Usually encrypted integrity hash coverage SecParamIndex Padding PadLength NextHdr Seq# Keyed Hash 22-36 bytes total InitVector ESP is IP protocol 50 Insert Append © 2000 Microsoft Corporation
  • 4. IPSec ESP Tunnel Mode Data TCP Hdr Orig IP Hdr ESP Auth Usually encrypted integrity hash coverage Data TCP Hdr ESP Hdr IP Hdr IPHdr New IP header with source & destination IP address © 2000 Microsoft Corporation ESP Trailer
  • 5. Authentication Header (AH) • Authentication is applied to the entire packet, with the mutable fields in the IP header zeroed out • If both ESP and AH are applied to a packet, AH follows ESP
  • 6. IPSec Authentication Header (AH) in Transport Mode Data TCP Hdr Orig IP Hdr Data TCP Hdr AH Hdr Orig IP Hdr Next Hdr Payload Len Rsrv SecParamIndex Keyed Hash Integrity hash coverage (except for mutable fields in IP hdr) Seq# 24 bytes total AH is IP protocol 51 Insert © 2000 Microsoft Corporation
  • 7. IPSec AH Tunnel Mode Data TCP Hdr Orig IP Hdr Integrity hash coverage (except for mutable new IP hdr fields) IP Hdr AH Hdr Data TCP Hdr Orig IP Hdr New IP header with source & destination IP address © 2000 Microsoft Corporation
  • 8. Internet Key Exchange (IKE) • Phase I – Establish a secure channel(ISAKMP SA) – Authenticate computer identity • Phase II – Establishes a secure channel between computers intended for the transmission of data (IPSec SA)
  • 9. Main Mode • Main mode negotiates an ISAKMP SA which will be used to create IPSec Sas • Three steps – SA negotiation – Diffie-Hellman and nonce exchange – Authentication
  • 10. Main Mode (Kerberos) Initiator Responder Header, SA Proposals Header, Selected SA Proposal Header, D-H Key Exchange, Noncei, Kerberos Tokeni Header, D-H Key Exchange, Noncer, Kerberos Tokenr Header, Idi, Hashi Header, Idr, Hashr Encrypted
  • 11. Main Mode (Certificate) Initiator Responder Header, D-H Key Exchange, Noncei Header, Idi, Certificatei, Signaturei, Certificate Request Header, D-H Key Exchange, Noncer,Certificate Request Header, Idr, Certificater, Signaturer Encrypted Header, SA Proposals Header, Selected SA Proposal
  • 12. Main Mode (Pre-shared Key) Initiator Responder Header, D-H Key Exchange, Noncei Header, Idi, Hashi Header, D-H Key Exchange, Noncer Header, Idr, Hashr Encrypted Header, SA Proposals Header, Selected SA Proposal
  • 13. Quick Mode • All traffic is encrypted using the ISAKMP Security Association • Each quick mode negotiation results in two IPSec Security Associations (one inbound, one outbound)
  • 14. Quick Mode Negotiation Header, Hash Header, Connected Notification Encrypted Initiator Responder Header, IPSec Selected SA Header, IPSec Proposed SA