BYSWAPNIL B. PATIL
 Internet Protocol Security (IPsec) is a protocol suite for

securing internet protocol communications by authentication
...
 IPsec is designed to provide interoperable, high

quality, cryptographically-based security for IPv4 and
IPv6.
 The set...
 The goal of this architecture is to provide various security services

for traffic at the IP layer, in both the IPv4 and...
 Link layer: WEP / 802.11i
 Application layer: PGP
 Transport layer: SSL

 Network layer: IPsec
 IP datagrams have no inherent security
 IP source address can be spoofed
 Content of IP datagrams can be sniffed, modi...
PROS

CONS

 Transparency to applications

 IPSec Remote-Access Approach

 Diffie-Hellman groups

 No Portable Transmi...
 Eavesdropping
 Data modification
 Identity spoofing (IP address spoofing)
 Denial-of-service attack

 Man-in-the-mid...
 ESP
 Checksum
 Mutual Verification
 Mutual Authentication

 Filtering Methodology
 http://docs.oracle.com/cd/E19683-01/817-2694/ipsec-ov-1/index.html
 http://technet.microsoft.com/en-us/library/cc700826...
Security architecture for the internet protocol(IPsec)
Security architecture for the internet protocol(IPsec)
Upcoming SlideShare
Loading in …5
×

Security architecture for the internet protocol(IPsec)

872 views

Published on

INTERNET PROTOCOL SECURITY ISSUES AND ATTACKS

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
872
On SlideShare
0
From Embeds
0
Number of Embeds
17
Actions
Shares
0
Downloads
42
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Security architecture for the internet protocol(IPsec)

  1. 1. BYSWAPNIL B. PATIL
  2. 2.  Internet Protocol Security (IPsec) is a protocol suite for securing internet protocol communications by authentication and encryption each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic key to be used during the session. IPsec can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host)
  3. 3.  IPsec is designed to provide interoperable, high quality, cryptographically-based security for IPv4 and IPv6.  The set of security services offered includes access control, connectionless layer protocols, integrity, data origin authentication, protection against replays, confidentiality and limited traffic flow confidentiality.  These objectives are met through the use of two traffic security protocols, the Authentication Header (AH) and the Encapsulating Security Payload (ESP), and through the use of cryptographic key management procedures and protocols.
  4. 4.  The goal of this architecture is to provide various security services for traffic at the IP layer, in both the IPv4 and IPv6 Environments.  IPSec security properties are critically depend on the underlying key exchange protocols, known as IKE (Internet Key Exchange).  The IP security protocols (IPsec) may be used via security gateways that apply cryptographic operations to provide security services to datagrams, and this mode of use is supported by an increasing number of commercial products. Goal that IPsec is capable of achieving, and we provide criteria that entail that a network with particular IPsec processing achieves its security goals.
  5. 5.  Link layer: WEP / 802.11i  Application layer: PGP  Transport layer: SSL  Network layer: IPsec
  6. 6.  IP datagrams have no inherent security  IP source address can be spoofed  Content of IP datagrams can be sniffed, modified and replayed.  IPSec is a method for protecting IP datagrams  Standardized by IETF: dozens of RFCs.  Only sender and receiver have to be IPsec compliant  Rest of network can be regular IP
  7. 7. PROS CONS  Transparency to applications  IPSec Remote-Access Approach  Diffie-Hellman groups  No Portable Transmission  Authentication method  Firewall packet filtering
  8. 8.  Eavesdropping  Data modification  Identity spoofing (IP address spoofing)  Denial-of-service attack  Man-in-the-middle attack  Sniffer attack
  9. 9.  ESP  Checksum  Mutual Verification  Mutual Authentication  Filtering Methodology
  10. 10.  http://docs.oracle.com/cd/E19683-01/817-2694/ipsec-ov-1/index.html  http://technet.microsoft.com/en-us/library/cc700826.aspx  http://en.wikipedia.org/wiki/IPsec  www.sans.org/.../vulnerabilitys-ipsec-discussion-weaknesses-ipsec-imple

×