Module 2 Lectures 4 hrs.
Cryptography and Cryptanalysis: Introduction to Cryptography, Symmetric key
Cryptography, Asymmetric key Cryptography, Message Authentication, Digital Signatures,
Applications of Cryptography. Overview of Firewalls- Types of Firewalls, User
Management, VPN Security, Security Protocols: - security at the Application Layer- PGP
and S/MIME, Security at Transport Layer- SSL and TLS, Security at Network Layer-IPSec.
Open Source/ Free/ Trial Tools: Implementation of Cryptographic techniques, OpenSSL,
Hash
Values Calculations MD5, SHA1, SHA256, SHA 512, Steganography (Stools)
1. Cyber Security [105713] – Notes
Module 2
Cryptography and Cryptanalysis: Introduction to Cryptography, Symmetric key Cryptography, Asymmetric key
Cryptography, Message Authentication, Digital Signatures, Applications of Cryptography. Overview of Firewalls-
Types of Firewalls, User Management, VPN Security, Security Protocols: - security at the Application Layer- PGP
and S/MIME, Security at Transport Layer- SSL and TLS, Security at Network Layer-IPSec.
Open Source/ Free/ Trial Tools: Implementation of Cryptographic techniques, OpenSSL, Hash Values Calculations
MD5, SHA1, SHA256, SHA 512, Steganography (Stools)
Introduction to Cryptography
Cryptography is an important aspect when we deal with network security. ‘Crypto’ means secret or hidden.
Cryptography is the science of secret writing with the intention of keeping the data secret.
Cryptanalysis, on the other hand, is the science or sometimes the art of breaking cryptosystems. These both
terms are a subset of what is called as Cryptology
Cryptography is classified into symmetric cryptography, asymmetric cryptography
and hashing.
Below are the description of these types:-
Symmetric key cryptography –
It involves usage of one secret key along with encryption and decryption algorithms which help in securing
the contents of the message. The strength of symmetric key cryptography depends upon the number of key
bits. It is relatively faster than asymmetric key cryptography. There arises a key distribution problem as the
key has to be transferred from the sender to receiver through a secure channel.
Asymmetric key cryptography –
It is also known as public key cryptography because it involves usage of a public key along with secret key. It
solves the problem of key distribution as both parties uses different keys for encryption/decryption. It is not
feasible to use for decrypting bulk messages as it is very slow compared to symmetric key cryptography.
2. Hashing –
It involves taking the plain-text and converting it to a hash value of fixed size by a hash function. This process
ensures integrity of the message as the hash value on both, sender’s and receiver’s side should match if
the message is unaltered.
Features Of Cryptography are as follows:
Confidentiality: Information can only be accessed by the person for whom it is intended and no other person
except him can access it.
Integrity: Information cannot be modified in storage or transition between sender and intended receiver
without any addition to information being detected.
Non-repudiation: The creator/sender of information cannot deny his or her intention to send information at
later stage.
Authentication: The identities of sender and receiver are confirmed. As well as destination/origin of
information is confirmed.
Message Authentication Code (MAC)
MAC algorithm is a symmetric key cryptographic technique to provide message authentication. For establishing MAC
process, the sender and receiver share a symmetric key K.
Essentially, a MAC is an encrypted checksum generated on the underlying message that is sent along with a message
to ensure message authentication.
The process of using MAC for authentication is depicted in the following illustration –
Let us now try to understand the entire process in detail −
3. The sender uses some publicly known MAC algorithm, inputs the message and the secret key K and produces
a MAC value.
Similar to hash, MAC function also compresses an arbitrary long input into a fixed length output. The major
difference between hash and MAC is that MAC uses secret key during the compression.
The sender forwards the message along with the MAC. Here, we assume that the message is sent in the clear,
as we are concerned of providing message origin authentication, not confidentiality. If confidentiality is
required then the message needs encryption.
On receipt of the message and the MAC, the receiver feeds the received message and the shared secret key
K into the MAC algorithm and re-computes the MAC value.
The receiver now checks equality of freshly computed MAC with the MAC received from the sender. If they
match, then the receiver accepts the message and assures himself that the message has been sent by the
intended sender.
If the computed MAC does not match the MAC sent by the sender, the receiver cannot determine whether
it is the message that has been altered or it is the origin that has been falsified. As a bottom- line, a receiver
safely assumes that the message is not the genuine.
Digital Signature:
Digital signatures are the public-key primitives of message authentication. In the physical world, it is common
to use handwritten signatures on handwritten or typed messages. They are used to bind signatory to the
message.
Similarly, a digital signature is a technique that binds a person/entity to the digital data. This binding can be
independently verified by receiver as well as any third party.
Digital signature is a cryptographic value that is calculated from the data and a secret key known only by the
signer.
In real world, the receiver of message needs assurance that the message belongs to the sender and he should
not be able to repudiate the origination of that message. This requirement is very crucial in business
applications, since likelihood of a dispute over exchanged data is very high.
Model of Digital Signature
As mentioned earlier, the digital signature scheme is based on public key cryptography. The model of digital signature
scheme is depicted in the following illustration −
The following points explain the entire process in detail −
Each person adopting this scheme has a public-private key pair.
Generally, the key pairs used for encryption/decryption and signing/verifying are different. The private key
used for signing is referred to as the signature key and the public key as the verification key.
Signer feeds data to the hash function and generates hash of data.
Hash value and signature key are then fed to the signature algorithm which produces the digital signature on
given hash. Signature is appended to the data and then both are sent to the verifier.
Verifier feeds the digital signature and the verification key into the verification algorithm. The verification
algorithm gives some value as output.
Verifier also runs same hash function on received data to generate hash value.
4. For verification, this hash value and output of verification algorithm are compared. Based on the comparison
result, verifier decides whether the digital signature is valid.
Since digital signature is created by ‘private’ key of signer and no one else can have this key; the signer cannot
repudiate signing the data in future.
Overview of Firewalls:
A firewall is a network security device, either hardware or software-based, which monitors all incoming and outgoing
traffic and based on a defined set of security rules it accepts, rejects or drops that specific traffic.
Accept: allow the traffic
Reject: block the traffic but reply with an “unreachable error”
Drop: block the traffic with no reply
A firewall establishes a barrier between secured internal networks and outside untrusted network, such as the
Internet.
Generation of Firewall
Firewalls can be categorized based on its generation.
First Generation- Packet Filtering Firewall : Packet filtering firewall is used to control network access by
monitoring outgoing and incoming packet and allowing them to pass or stop based on source and destination
IP address, protocols and ports. It analyses traffic at the transport protocol layer (but mainly uses first 3
layers).
Packet filtering firewall maintains a filtering table which decides whether the packet will be forwarded or
discarded. From the given filtering table, the packets will be Filtered according to following rules:
1. Incoming packets from network 192.168.21.0 are blocked.
2. Incoming packets destined for internal TELNET server (port 23) are blocked.
3. Incoming packets destined for host 192.168.21.3 are blocked.
4. All well-known services to the network 192.168.21.0 are allowed.
Second Generation- Stateful Inspection Firewall : Stateful firewalls (performs Stateful Packet Inspection) are
able to determine the connection state of packet, unlike Packet filtering firewall, which makes it more
efficient. It keeps track of the state of networks connection travelling across it, such as TCP streams. So the
filtering decisions would not only be based on defined rules, but also on packet’s history in the state table.
Third Generation- Application Layer Firewall : Application layer firewall can inspect and filter the packets on
any OSI layer, up to the application layer. It has the ability to block specific content, also recognize when
certain application and protocols (like HTTP, FTP) are being misused. In other words, Application
layer firewalls are hosts that run proxy servers. A proxy firewall prevents the direct connection between
either side of the firewall, each packet has to pass through the proxy. It can allow or block the traffic based
on predefined rules.
Note: Application layer firewalls can also be used as Network Address Translator(NAT).
5. Next Generation Firewalls (NGFW) : Next Generation Firewalls are being deployed these days to stop
modern security breaches like advance malware attacks and application-layer attacks. NGFW consists of
Deep Packet Inspection, Application Inspection, SSL/SSH inspection and many functionalities to protect the
network from these modern threats.
Types of Firewalls
Firewalls are generally of two types: Host-based and Network-based.
Host- based Firewalls: Host-based firewall is installed on each network node which controls each incoming
and outgoing packet. It is a software application or suite of applications, comes as a part of the operating
system. Host-based firewalls are needed because network firewalls cannot provide protection inside a
trusted network. Host firewall protects each host from attacks and unauthorized access.
Network-based Firewalls: Network firewall function on network level. In other words, these firewalls filter
all incoming and outgoing traffic across the network. It protects the internal network by filtering the traffic
using rules defined on the firewall. A Network firewall might have two or more network interface cards
(NICs). A network-based firewall is usually a dedicated system with proprietary software installed.
Network Firewalls are the devices that are used to prevent private networks from unauthorized access. A Firewall is
a security solution for the computers or devices that are connected to a network, they can be either in form of
hardware as well as in form of software.
Types of Network Firewall:
Packet Filters –
It is a technique used to control network access by monitoring outgoing and incoming packets and allowing
them to pass or halt based on the source and destination Internet Protocol (IP) addresses, protocols, and
ports. This firewall is also known as a static firewall.
Stateful Inspection Firewalls –
It is also a type of packet filtering which is used to control how data packets move through a firewall. It is also
called dynamic packet filtering. These firewalls can inspect that if the packet belongs to a particular session
or not. It only permits communication if and only if, the session is perfectly established between two
endpoints else it will block the communication.
Application Layer Firewalls –
These firewalls can examine application layer (of OSI model) information like an HTTP request. If finds some
suspicious application that can be responsible for harming our network or that is not safe for our network
then it gets blocked right away.
Next-generation Firewalls –
6. These firewalls are called intelligent firewalls. These firewalls can perform all the tasks that are performed
by the other types of firewalls that we learned previously but on top of that, it includes additional features
like application awareness and control, integrated intrusion prevention, and cloud- delivered threat
intelligence.
Circuit-level gateways –
A circuit-level gateway is a firewall that provides User Datagram Protocol (UDP) and Transmission Control
Protocol (TCP) connection security and works between an Open Systems Interconnection (OSI) network
model’s transport and application layers such as the session layer.
Software Firewall –
The software firewall is a type of computer software that runs on our computers. It protects our system from
any external attacks such as unauthorized access, malicious attacks, etc. by notifying us about the danger
that can occur if we open a particular mail or if we try to open a website that is not secure.
Hardware Firewall –
A hardware firewall is a physical appliance that is deployed to enforce a network boundary. All network links
crossing this boundary pass-through this firewall, which enables it to perform an inspection of both inbound
and outbound network traffic and enforce access controls and other security policies.
Cloud Firewall –
These are software-based, cloud-deployed network devices. This cloud-based firewall protects a private
network from any unwanted access. Unlike traditional firewalls, a cloud firewall filters data at the cloud level.
Advantages of Network Firewall:
Monitors network traffic –
A network firewall monitors and analyzes traffic by inspecting whether the traffic or packets passing through
our network is safe for our network or not. By doing so, it keeps our network away from any malicious content
that can harm our network.
Halt Hacking –
In a society where everyone is connected to technology, it becomes more important to keep firewalls in our
network and use the internet safely.
Stops viruses –
Viruses can come from anywhere, such as from an insecure website, from a spam message, or any threat, so
it becomes more important to have a strong defence system (i.e. firewall in this case), a virus attack can easily
shut off a whole network. In such a situation, a firewall plays a vital role.
Better security –
If it is about monitoring and analyzing the network from time to time and establishing a malware-free, virus-
free, spam-free environment so network firewall will provide better security to our network.
Increase privacy –
By protecting the network and providing better security, we get a network that can be trusted.
Disadvantages of Network Firewall:
Cost –
Depending on the type of firewall, it can be costly, usually, the hardware firewalls are more costly than the
software ones.
Restricts User –
Restricting users can be a disadvantage for large organizations, because of its tough security mechanism. A
firewall can restrict the employees to do a certain operation even though it’s a necessary operation.
Issues with the speed of the network –
Since the firewalls have to monitor every packet passing through the network, this can slow down operations
needed to be performed, or it can simply lead to slowing down the network.
Maintenance –
Firewalls require continuous updates and maintenance with every change in the networking technology. As
the development of new viruses is increasing continuously that can damage your system.
The Importance of Using a Firewall:
7. Feature-1 :
Monitoring Network Traffic –
Firewall security starts with effective monitoring of network traffic based on pre-established rules and filters to keep
the systems protected.
Feature-2 :
Stops Virus Attacks and spyware –
With cyber thieves creating hundreds of thousands of new threats every day, including spyware, viruses, and other
attacks like email bombs, denial of service, and malicious macros, it’s critical that you put protections in place to keep
your systems safe.
Feature-3 :
Preventing Hacks –
Cyber threats are evolving at a fast pace and are widespread. Firewalls keep hackers out of your data, emails, systems,
and other sensitive information.
Feature-4 :
Promotes Privacy –
Having a firewall keeps the data safe and builds an environment of privacy that is trustworthy and a system without
a firewall is accepting every connection into the network from anyone.
User Management:
User management (UM) is defined as the effective management of users and their accounts, giving them access to
various IT resources like devices, applications, systems, networks, SaaS services, storage systems, and more.
User management is a core part to any identity and access management (IAM) solution, in particular
directory services tools.
Controlling and managing user access to IT resources is a fundamental security essential for any organization.
User management enables admins to control user access and on-board and off-board users to and from IT
resources.
Subsequently a directory service will then authenticate, authorize, and audit user access to IT resources
based on what the IT admin had dictated.
Virtual Private Network (VPN):
VPN stands for the virtual private network. A virtual private network (VPN) is a technology that creates a safe
and encrypted connection over a less secure network, such as the internet.
A Virtual Private Network is a way to extend a private network using a public network such as the internet.
The name only suggests that it is a Virtual “private network” i.e. user can be part of a local network sitting at
a remote location. It makes use of tunneling protocols to establish a secure connection.
8. Features of VPN :
VPN provides plentiful Server location.
It also provides anonymous DNS servers.
VPNs are generally cost-effective.
VPN supports Router.
The VPN is highly encrypted and secure.
Along with VPN, we get secure VPN protocols.
It provides safety against DNS Leak.
The VPN providers also offer Cross-Platform Compatible Apps.
Applications of VPN:
VPN can easily bypass geographic restrictions on websites or streaming audio and video.
Using a VPN, we can protect ourselves from snooping from untrustworthy Wi-Fi hotspots.
One can gain privacy online by hiding one’s true location.
One can protect themselves from being logged while torrenting.
What does a VPN hide?
A VPN can hide a lot of information like –
User’s Browsing History
User’s IP address and location
User’s location for streaming
User’s device
User’s web activity — to preserve internet freedom
How to choose a VPN?
In order to choose the perfect VPN, one must ask the given questions from their VPN providers as follows.
How much privacy the VPN is providing to you?
Are you able to run all security protocols?
Do they set any limits on your data?
Where is the server of your VPN located?
Are all your devices able to access VPN?
What is the cost of a VPN?
Advantages of VPN :
It Provides you Anonymity.
It Avoid the Geo-restrictions.
It has security Protection from Cyberattacks.
It will Prevent Bandwidth Throttling.
It will help you to Improve Gaming Experience.
9. It has capability to Bypass Firewall.
Disadvantages of VPN :
It can Slow down the Internet Speed.
It has Privacy Issues.
It might be Connection droppings while you will be connected over VPN.
It might have Configuration difficulty.
It has Legality Issues.
Virtual Private Network (VPN) is basically of 2 types:
1. Remote Access VPN:
Remote Access VPN permits a user to connect to a private network and access all its services and resources
remotely. The connection between the user and the private network occurs through the Internet and the
connection is secure and private. Remote Access VPN is useful for home users and business users both.
An employee of a company, while he/she is out of station, uses a VPN to connect to his/her company’s private
network and remotely access files and resources on the private network.
2. Site to Site VPN:
A Site-to-Site VPN is also called as Router-to-Router VPN and is commonly used in the large companies.
Companies or organizations, with branch offices in different locations, use Site-to-site VPN to connect the
network of one office location to the network at another office location.
Intranet based VPN: When several offices of the same company are connected using Site-to- Site VPN
type, it is called as Intranet based VPN.
Extranet based VPN: When companies use Site-to-site VPN type to connect to the office of another
company, it is called as Extranet based VPN.
Types of Virtual Private Network (VPN) Protocols:
1. Internet Protocol Security (IPSec):
Internet Protocol Security, known as IPSec, is used to secure Internet communication across an IP network.
IPSec secures Internet Protocol communication by verifying the session and encrypts each data packet during
the connection.
IPSec runs in 2 modes:
i. Transport mode
ii. Tunneling mode
The work of transport mode is to encrypt the message in the data packet and the tunneling mode encrypts
the whole data packet. IPSec can also be used with other security protocols to improve the security system.
2. Layer 2 Tunneling Protocol (L2TP):
L2TP or Layer 2 Tunneling Protocol is a tunneling protocol that is often combined with another VPN security
protocol like IPSec to establish a highly secure VPN connection. L2TP generates a tunnel between two L2TP
connection points and IPSec protocol encrypts the data and maintains secure communication between the
tunnel.
3. Point–to–Point Tunneling Protocol (PPTP):
PPTP or Point-to-Point Tunneling Protocol generates a tunnel and confines the data packet. Point-to- Point
Protocol (PPP) is used to encrypt the data between the connection. PPTP is one of the most widely used VPN
protocol and has been in use since the early release of Windows. PPTP is also used on Mac and Linux apart
from Windows.
10. 4. SSL and TLS:
SSL (Secure Sockets Layer) and TLS (Transport Layer Security) generate a VPN connection where the web
browser acts as the client and user access is prohibited to specific applications instead of entire network.
Online shopping websites commonly uses SSL and TLS protocol. It is easy to switch to SSL by web browsers
and with almost no action required from the user as web browsers come integrated with SSL and TLS. SSL
connections have “https” in the initial of the URL instead of “http”.
5. OpenVPN:
OpenVPN is an open source VPN that is commonly used for creating Point-to-Point and Site-to-Site
connections. It uses a traditional security protocol based on SSL and TLS protocol.
6. Secure Shell (SSH):
Secure Shell or SSH generates the VPN tunnel through which the data transfer occurs and also ensures that
the tunnel is encrypted. SSH connections are generated by a SSH client and data is transferred from a local
port on to the remote server through the encrypted tunnel.
Security Protocols:
Security at the Application Layer- PGP and S/MIME
1. Pretty Good Privacy (PGP) :
PGP is an open source software package that is designed for the purpose of email security. Phil Zimmerman
developed it. It provides the basic or fundamental needs of cryptography. In this multiple steps such are
taken to secure the email, these are,
Confidentiality
Authentication
Compression
Resemble
Segmentation
E-mail compatibility
2. Secure/Multipurpose Internet Mail Extension (S/MIME) :
S/MIME is a security-enhanced version of Multipurpose Internet Mail Extension (MIME). In this, public key
cryptography is used for digital sign, encrypt or decrypt the email. User acquires a public-private key pair
with a trusted authority and then makes appropriate use of those keys with email applications.
Difference between PGP and S/MIME :
S.NO PGP S/MIME
1.
It is designed for processing
the plain texts
While it is designed to process email as well as
many multimedia files.
2.
PGP is less costly as
compared to S/MIME. While S/MIME is comparatively expensive.
3.
PGP is good for personal as
well as office use. While it is good for industrial use.
11. Security at Transport Layer- SSL and TLS
❖ Transport Layer Security (TLS)
Transport Layer Securities (TLS) are designed to provide security at the transport layer. TLS was derived from a
security protocol called Secure Socket Layer (SSL). TLS ensures that no third party may eavesdrop or tampers with
any message.
There are several benefits of TLS:
Encryption:
TLS/SSL can help to secure transmitted data using encryption.
Interoperability:
TLS/SSL works with most web browsers, including Microsoft Internet Explorer and on most operating systems
and web servers.
Algorithm flexibility:
TLS/SSL provides operations for authentication mechanism, encryption algorithms and hashing algorithm that
are used during the secure session.
Ease of Deployment:
Many applications TLS/SSL temporarily on a windows server 2003 operating systems.
Ease of Use:
Because we implement TLS/SSL beneath the application layer, most of its operations are completely invisible to
client.
4.
PGP is less efficient than
S/MIME. While it is more efficient than PGP.
5.
It depends on user key
exchange.
Whereas it relies on a hierarchically valid certificate
for key exchange.
6.
PGP is comparatively less
convenient.
While it is more convenient than PGP due to the
secure transformation of all the applications.
7.
PGP contains 4096 public
keys. While it contains only 1024 public keys.
8.
PGP is the standard for
strong encryption.
While it is also the standard for strong encryption
but has some drawbacks.
9. PGP is also be used in VPNs.
While it is not used in VPNs, it is only used in email
services.
10.
PGP uses Diffie hellman
digital signature. While it uses Elgamal digital signature.
12. Working of TLS:
The client connect to server (using TCP), the client will be something. The client sends number of specification:
i. Version of SSL/TLS.
ii. which cipher suites, compression method it wants to use.
The server checks what the highest SSL/TLS version is that is supported by them both, picks a cipher suite from one
of the clients option (if it supports one) and optionally picks a compression method. After this the basic setup is
done, the server provides its certificate. This certificate must be trusted either by the client itself or a party that the
client trusts. Having verified the certificate and being certain this server really is who he claims to be (and not a man
in the middle), a key is exchanged. This can be a public key, “PreMasterSecret” or simply nothing depending upon
cipher suite.
Both the server and client can now compute the key for symmetric encryption. The handshake is finished and the
two hosts can communicate securely. To close a connection by finishing. TCP connection both sides will know the
connection was improperly terminated. The connection cannot be compromised by this through, merely
interrupted.
❖ Secure Socket Layer (SSL)
Secure Socket Layer (SSL) provides security to the data that is transferred between web browser and server. SSL
encrypts the link between a web server and a browser which ensures that all data passed between them remain
private and free from attack.
Secure Socket Layer Protocols:
SSL record protocol
Handshake protocol
Change-cipher spec protocol
Alert protocol
SSL Protocol Stack:
SSL Record Protocol:
SSL Record provides two services to SSL connection.
Confidentiality
Message Integrity
In the SSL Record Protocol application data is divided into fragments. The fragment is compressed and then
encrypted MAC (Message Authentication Code) generated by algorithms like SHA (Secure Hash Protocol) and MD5
(Message Digest) is appended. After that encryption of the data is done and in last SSL header is appended to the
data.
13. Handshake Protocol:
Handshake Protocol is used to establish sessions. This protocol allows the client and server to authenticate each
other by sending a series of messages to each other. Handshake protocol uses four phases to complete its cycle.
Phase-1: In Phase-1 both Client and Server send hello-packets to each other. In this IP session, cipher suite
and protocol version are exchanged for security purposes.
Phase-2: Server sends his certificate and Server-key-exchange. The server end phase-2 by sending the
Server-hello-end packet.
Phase-3: In this phase Client reply to the server by sending his certificate and Client-exchange-key.
Phase-4: In Phase-4 Change-cipher suite occurred and after this Handshake Protocol ends.
Silent Features of Secure Socket Layer:
The advantage of this approach is that the service can be tailored to the specific needs of the given
application.
Secure Socket Layer was originated by Netscape.
SSL is designed to make use of TCP to provide reliable end-to-end secure service.
This is a two-layered protocol.
There are some differences between SSL and TLS which are given below:
S.NO SSL TLS
1. SSL stands for Secure Socket Layer. TLS stands for Transport Layer Security.
2.
SSL (Secure Socket Layer)
supports Fortezza algorithm.
TLS (Transport Layer Security) does not
support Fortezza algorithm.
3.
SSL (Secure Socket Layer) is the 3.0
version. TLS (Transport Layer Security) is the 1.0 version.
14. 4.
In SSL( Secure Socket Layer), Message
digest is used to create master secret.
In TLS(Transport Layer Security), Pseudo-random
function is used to create master secret.
5.
In SSL( Secure Socket Layer), Message
Authentication Code protocol is used.
In TLS(Transport Layer Security), Hashed Message
Authentication Code protocol is used.
6.
SSL (Secure Socket Layer) is complex than
TLS(Transport Layer Security). TLS (Transport Layer Security) is simple.
7.
SSL (Secure Socket Layer) is less secured as
compared to TLS(Transport Layer
Security).
TLS (Transport Layer Security) provides high
security.
Security at Network Layer-IPSec:
IPSec
IPSec stands for Internet Protocol Security.
It is a suite of protocols between two communication points across the IP network that provides data
authentication, data integrity, and confidentiality.
It was developed by Internet Engineering Task Force(IETF) in 1995.
It defines the architecture for security services for IP network traffic and gives a framework for providing
security at the IP layer, as well as the suite of protocols designed to provide security through
authentication and encryption of IP network packets.
IPsec includes the protocols that define the cryptographic algorithms used for encryption, decryption,
and authentication.
Characteristics of IPSec:
Anti-Replay Protection: IPSec assigns unique number to each packet when a packet with duplicate
sequence number is detected then it is replayed and dropped.
Data Authentication-The Hash Message Authentication Code (HMAC) verifies that the packets are not
changed.
Transparency: IPSec works below the transport layer so it is transparent to users and applications.
Confidentiality: Data packets are encrypted by the sender before transmission so the sensitive data will
only reach to intended recipient.
Dynamic Re-Keying: Re-Keying procedure at set intervals replaces manual reconfiguration of secret keys.
Advantages of IPSec:
IPSec operates at layer 3, that is the network layer, as a result it has no impact on higher network layers.
It provides transparency to application. The end-user need not to bother about the IPSec or its
configurations.
As it is implemented at the network layer, IPSec allows monitoring all the traffic that passes over the
network.
15. During any data exchange, IPSec uses a public key that helps in the safe transfer of confidential data, as
a result securing the keys ensures safe data transfer.
IPSec only requires modifications to the operating system, so IPSec based Virtual Private Networks do
not need to worry about the type of application.
Disadvantages of IPSec:
One of the greatest disadvantages of IPSec is its wide access range, giving access to a single device of
IPSec based network, can give privileges for other devices too.
IPSec causes some compatibility issues with software if software developers do not adhere to the
standards of IPSec.
IPSec has high C.P.U usage when the data packet size is small, the performance of the network diminishes
due to large overhead used by IPSec.
Security of certain algorithms used in IPSec is a concern, if someone uses broken algorithm, the server
will be at a greater risk of a hack.
Uses of IP Security –
IPsec can be used to do the following things:
To encrypt application layer data.
To provide security for routers sending routing data across the public internet.
To provide authentication without encryption, like to authenticate that the data originates from a known
sender.
To protect network data by setting up circuits using IPsec tunnelling in which all data is being sent
between the two endpoints is encrypted, as with a Virtual Private Network (VPN) connection.