SlideShare a Scribd company logo

IP Protocol Security

D
David Barker

- IPsec is an IETF standard that defines how to securely configure remote or site-to-site VPNs at the network layer. It provides data encryption and authentication for TCP/IP applications. - IPsec uses encryption and authentication mechanisms to encrypt all IP traffic, requiring certificates or pre-shared keys. It functions at the network layer and generally cannot be used with NAT proxies.

1 of 47
IPsec is an IETF standard that defines how a remote or site-to- siteVPN can be configured at the Network Layer
IPsec is an IETF standard that defines how a remote or site-to- siteVPN can be configured at the Network Layer Provides Data Encryption to secureTCP/IP based Applications
Used with IP only!
Used with IP only! Encrypts any traffic using the IP Protocol!
Used with IP only! Both Encryption and Authentication Mechanisms! Encrypts any traffic using the IP Protocol!
Used with IP only! Both Encryption and Authentication Mechanisms! Encrypts any traffic using the IP Protocol! Requires Certificates of Pre Shared Keys!
Used with IP only! Both Encryption and Authentication Mechanisms! Encrypts any traffic using the IP Protocol! Requires Certificates of Pre Shared Keys! Functions at the Network Layer!
Used with IP only! Both Encryption and Authentication Mechanisms! Encrypts any traffic using the IP Protocol! Requires Certificates of Pre Shared Keys! Functions at the Network Layer! Generally can’t be used with a NAT proxy Deployment..
Used with IP only! Both Encryption and Authentication Mechanisms! Encrypts any traffic using the IP Protocol! Requires Certificates of Pre Shared Keys! Functions at the Network Layer! Generally can’t be used with a NAT proxy Deployment.. Can be used with L2TP or alone to protect data!
Used with IP only! Both Encryption and Authentication Mechanisms! Encrypts any traffic using the IP Protocol! Requires Certificates of Pre Shared Keys! Functions at the Network Layer! Generally can’t be used with a NAT proxy Deployment.. Uses UDP Port 500.. Can be used with L2TP or alone to protect data!
Used with IP only! Both Encryption and Authentication Mechanisms! Encrypts any traffic using the IP Protocol! Requires Certificates of Pre Shared Keys! Functions at the Network Layer! Generally can’t be used with a NAT proxy Deployment.. Uses UDP Port 500.. Can be used with L2TP or alone to protect data! Most secure configuration => Provides Confidentiality, Integrity, Authentication and Anti-Replay Attack.
VPNs and IPsec provide Essential Services for remote connectivity! Used with IP only! Both Encryption and Authentication Mechanisms! Encrypts any traffic using the IP Protocol! Requires Certificates of Pre Shared Keys! Functions at the Network Layer! Generally can’t be used with a NAT proxy Deployment.. Uses UDP Port 500.. Can be used with L2TP or alone to protect data! Most secure configuration => Provides Confidentiality, Integrity, Authentication and Anti-Replay Attack.
• Services offered on a static topology are essential.
• Services offered on a static topology are essential. • Services offered on a dynamic topology are emerging.
• Services offered on a static topology are essential. • Services offered on a dynamic topology are emerging. • Today there’s a Gap to fill in mobile services.
• Services offered on a static topology are essential. • Services offered on a dynamic topology are emerging. • Today there’s a Gap to fill in mobile services. • Private  Public  Private data flow =VPN.
• Services offered on a static topology are essential. • Services offered on a dynamic topology are emerging. • Today there’s a Gap to fill in mobile services. • Private  Public  Private data flow =VPN. • Trending toward mobile nodes NOW!
• Services offered on a static topology are essential. • Services offered on a dynamic topology are emerging. • Today there’s a Gap to fill in mobile services. • Private  Public  Private data flow =VPN. • Trending toward mobile nodes NOW! • Mobile devices will have Layer 3 switching embedded.
• Services offered on a static topology are essential. • Services offered on a dynamic topology are emerging. • Today there’s a Gap to fill in mobile services. • Private  Public  Private data flow =VPN. • Trending toward mobile nodes NOW! • Mobile devices will have Layer 3 switching embedded. • Routers will become obselete.
• VPNs have become an essential service.
• VPNs have become an essential service. • Discretionary access rights for individual users allowed.
• VPNs have become an essential service. • Discretionary access rights for individual users allowed. • Role Based access rights for user groups allowed.
• VPNs have become an essential service. • Discretionary access rights for individual users allowed. • Role Based access rights for user groups allowed. • Users essential take their office with them.
• VPNs have become an essential service. • Discretionary access rights for individual users allowed. • Role Based access rights for user groups allowed. • Users essential take their office with them. • VPN method implemented based on access, policy and procedures of the organization.
• VPNs have become an essential service. • Discretionary access rights for individual users allowed. • Role Based access rights for user groups allowed. • Users essential take their office with them. • VPN method implemented based on access, policy and procedures of the organization. • Two primary protocols forVPN deployment.
• VPNs have become an essential service. • Discretionary access rights for individual users allowed. • Role Based access rights for user groups allowed. • Users essential take their office with them. • VPN method implemented based on access, policy and procedures of the organization. • Two primary protocols forVPN deployment. 1. IPSec for Site-to-Site.
• VPNs have become an essential service. • Discretionary access rights for individual users allowed. • Role Based access rights for user groups allowed. • Users essential take their office with them. • VPN method implemented based on access, policy and procedures of the organization. • Two primary protocols forVPN deployment. 1. IPSec for Site-to-Site. 2. SSL – Remote Access
1. If ease of Configuration and support is an issue.  Use SSL
1. If ease of Configuration and support is an issue.  Use SSL 2. If security is the issue. Use IPSec.
1. If ease of Configuration and support is an issue.  Use SSL 2. If security is the issue. Use IPSec. 3. If using IPv6.  Use IPSec.
1. If ease of Configuration and support is an issue.  Use SSL 2. If security is the issue. Use IPsec. 3. If using IPv6.  Use IPsec.
IPsec exceeds SSL in many significant ways: Number of applications that are supported Strength of encryption Strength of authentication Overall security When security is an issue, IPsec is the superior choice. If support and ease of deployment are the primary issues, consider SSL.
Confidentiality • IPsec provides security features, such as strong encryption algorithms.
Symmetric Encryption • Symmetric algorithms such as AES required shared keys. • Each device requires the same key to decode information. • Knowledge of which devices interact must be known so the same key can be configured on each device.
Asymmetric Encryption • Asymmetric uses different keys. • One encrypts, the other decrypts. • Impossible to decode using the same keys.
Data Integrity • Diffe-Hellman is not an encryption mechanism • The algorithms allow two parties to establish a shared key. • This key is used by encryp0tion and hash algorithms.
Data Integrity and Authentication • Hashes provide Integrity and Authentication. • The hash (message digest) creates a unique value for set of data. • IFF hashes are equal, the data is not altered.
Data Integrity • PSK – Configured one each peer manually and used to authenticate each end. • PSK is combined with other information to form the authentication key.
Authentication • Authentication Header is used when confidentiality is not required or permitted. • Authentication and Integrity are established between each system. • All text is transported in clear text.
Authentication • Authentication Header is used when confidentiality is not required or permitted. • Authentication and Integrity are established between each system. • All text is transported in clear text. • Encapsulating Security Payload – Provides Confidentiality and Authentication by encryption. • IP packet encryption conceals the data and identities of the end devices. • In IPsec, at least one of these must be used.
IPsec framework protocol - When configuring an IPsec gateway to provide security services, an IPsec protocol must be selected.The choices are some combination of ESP and AH. Realistically, the ESP or ESP+AH options are almost always selected because AH itself does not provide encryption, as shown in Figure 3. Confidentiality (If IPsec is implemented with ESP) -The encryption algorithm chosen should best meet the desired level of security: DES, 3DES, or AES. AES is strongly recommended, with AES-GCM providing the greatest security. Integrity - Guarantees that the content has not been altered in transit. Implemented through the use of hash algorithms. Choices include MD5 and SHA. Authentication - Represents how devices on either end of theVPN tunnel are authenticated.The two methods are PSK or RSA. DH algorithm group - Represents how a shared secret key is established between peers.There are several options, but DH24 provides the greatest security. IP Protocol Framework
IPsec, an IETF standard, is a secure tunnel operating at Layer 3 of the OSI model that can protect and authenticate IP packets between IPsec peers. It can provide confidentiality by using encryption, data integrity, authentication, and anti- replay protection. Data integrity is provided by using a hash algorithm, such as MD5 or SHA.Authentication is provided by the PSK or RSA peer authentication method. The level of confidentiality provided by encryption depends on the algorithm used and the key length. Encryption can be symmetrical or asymmetrical. DH is a method used to securely exchange the keys to encrypt data. Summary
IP Protocol Security
IP Protocol Security

Recommended

Internet protocol security
Internet protocol securityInternet protocol security
Internet protocol security
farhan516
 
Internet security protocol
Internet security protocolInternet security protocol
Internet security protocol
Mousmi Pawar
 
8 Authentication Security Protocols
8 Authentication Security Protocols8 Authentication Security Protocols
8 Authentication Security Protocols
guestfbf635
 
IP Security
IP SecurityIP Security
IP Security
Keshab Nath
 
Cyber security
Cyber securityCyber security
Cyber security
SAKSHIMAHADIK
 
Lecture 5 ip security
Lecture 5 ip securityLecture 5 ip security
Lecture 5 ip security
rajakhurram
 
Wireless Cracking using Kali
Wireless Cracking using KaliWireless Cracking using Kali
Wireless Cracking using Kali
n|u - The Open Security Community
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6
limsh
 

Recommended

Internet protocol security
Internet protocol securityInternet protocol security
Internet protocol security
farhan516
 
Internet security protocol
Internet security protocolInternet security protocol
Internet security protocol
Mousmi Pawar
 
8 Authentication Security Protocols
8 Authentication Security Protocols8 Authentication Security Protocols
8 Authentication Security Protocols
guestfbf635
 
IP Security
IP SecurityIP Security
IP Security
Keshab Nath
 
Cyber security
Cyber securityCyber security
Cyber security
SAKSHIMAHADIK
 
Lecture 5 ip security
Lecture 5 ip securityLecture 5 ip security
Lecture 5 ip security
rajakhurram
 
Wireless Cracking using Kali
Wireless Cracking using KaliWireless Cracking using Kali
Wireless Cracking using Kali
n|u - The Open Security Community
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6
limsh
 
WPA2
WPA2WPA2
WPA2
Mshari Alabdulkarim
 
Websecurity
Websecurity Websecurity
Websecurity
Merve Bilgen
 
Wpa vs Wpa2
Wpa vs Wpa2Wpa vs Wpa2
Wpa vs Wpa2
Nzava Luwawa
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Security
amiable_indian
 
Ip security
Ip security Ip security
Ip security
Naveen Dubey
 
5169 wireless network_security_amine_k
5169 wireless network_security_amine_k5169 wireless network_security_amine_k
5169 wireless network_security_amine_k
Rama Krishna M
 
Firewall
Firewall Firewall
Firewall
Amuthavalli Nachiyar
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminar
Nilesh Sapariya
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
Vishal Agarwal
 
Web Security
Web SecurityWeb Security
Web Security
Dr.Florence Dayana
 
ip security
ip securityip security
ip security
Chirag Patel
 
Ipsec
IpsecIpsec
Ipsec
Rupesh Mishra
 
Keymanagement of ipsec
Keymanagement of ipsecKeymanagement of ipsec
Keymanagement of ipsec
PACHIYAPPAN PACHIYAPPAS
 
Wireless security using wpa2
Wireless security using wpa2Wireless security using wpa2
Wireless security using wpa2
Tushar Anand
 
IP Security
IP SecurityIP Security
IP Security
Ambo University
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
Shahid Beheshti University
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
Rajendra Dangwal
 
Wpa2 psk security measure
Wpa2 psk security measureWpa2 psk security measure
Wpa2 psk security measure
Shivam Singh
 
802.11i
802.11i802.11i
802.11i
akruthi k
 
Secure Hash Algorithm (SHA-512)
Secure Hash Algorithm (SHA-512)Secure Hash Algorithm (SHA-512)
Secure Hash Algorithm (SHA-512)
DUET
 
Message Authentication using Message Digests and the MD5 Algorithm
Message Authentication using Message Digests and the MD5 AlgorithmMessage Authentication using Message Digests and the MD5 Algorithm
Message Authentication using Message Digests and the MD5 Algorithm
Ajay Karri
 
Hash function
Hash functionHash function
Hash function
Harry Potter
 

More Related Content

What's hot

WPA2
WPA2WPA2
WPA2
Mshari Alabdulkarim
 
Websecurity
Websecurity Websecurity
Websecurity
Merve Bilgen
 
Wpa vs Wpa2
Wpa vs Wpa2Wpa vs Wpa2
Wpa vs Wpa2
Nzava Luwawa
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Security
amiable_indian
 
Ip security
Ip security Ip security
Ip security
Naveen Dubey
 
5169 wireless network_security_amine_k
5169 wireless network_security_amine_k5169 wireless network_security_amine_k
5169 wireless network_security_amine_k
Rama Krishna M
 
Firewall
Firewall Firewall
Firewall
Amuthavalli Nachiyar
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminar
Nilesh Sapariya
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
Vishal Agarwal
 
Web Security
Web SecurityWeb Security
Web Security
Dr.Florence Dayana
 
ip security
ip securityip security
ip security
Chirag Patel
 
Ipsec
IpsecIpsec
Ipsec
Rupesh Mishra
 
Keymanagement of ipsec
Keymanagement of ipsecKeymanagement of ipsec
Keymanagement of ipsec
PACHIYAPPAN PACHIYAPPAS
 
Wireless security using wpa2
Wireless security using wpa2Wireless security using wpa2
Wireless security using wpa2
Tushar Anand
 
IP Security
IP SecurityIP Security
IP Security
Ambo University
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
Shahid Beheshti University
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
Rajendra Dangwal
 
Wpa2 psk security measure
Wpa2 psk security measureWpa2 psk security measure
Wpa2 psk security measure
Shivam Singh
 
802.11i
802.11i802.11i
802.11i
akruthi k
 

What's hot (19)

WPA2
WPA2WPA2
WPA2
 
Websecurity
Websecurity Websecurity
Websecurity
 
Wpa vs Wpa2
Wpa vs Wpa2Wpa vs Wpa2
Wpa vs Wpa2
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Security
 
Ip security
Ip security Ip security
Ip security
 
5169 wireless network_security_amine_k
5169 wireless network_security_amine_k5169 wireless network_security_amine_k
5169 wireless network_security_amine_k
 
Firewall
Firewall Firewall
Firewall
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminar
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
 
Web Security
Web SecurityWeb Security
Web Security
 
ip security
ip securityip security
ip security
 
Ipsec
IpsecIpsec
Ipsec
 
Keymanagement of ipsec
Keymanagement of ipsecKeymanagement of ipsec
Keymanagement of ipsec
 
Wireless security using wpa2
Wireless security using wpa2Wireless security using wpa2
Wireless security using wpa2
 
IP Security
IP SecurityIP Security
IP Security
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
 
Wpa2 psk security measure
Wpa2 psk security measureWpa2 psk security measure
Wpa2 psk security measure
 
802.11i
802.11i802.11i
802.11i
 

Viewers also liked

Secure Hash Algorithm (SHA-512)
Secure Hash Algorithm (SHA-512)Secure Hash Algorithm (SHA-512)
Secure Hash Algorithm (SHA-512)
DUET
 
Message Authentication using Message Digests and the MD5 Algorithm
Message Authentication using Message Digests and the MD5 AlgorithmMessage Authentication using Message Digests and the MD5 Algorithm
Message Authentication using Message Digests and the MD5 Algorithm
Ajay Karri
 
Hash function
Hash functionHash function
Hash function
Harry Potter
 
Hash Techniques in Cryptography
Hash Techniques in CryptographyHash Techniques in Cryptography
Hash Techniques in Cryptography
Basudev Saha
 
Network security and protocols
Network security and protocolsNetwork security and protocols
Network security and protocols
Online
 
Secure hashing algorithm
Secure hashing algorithmSecure hashing algorithm
Secure hashing algorithm
Karteek Paruchuri
 
Hash Function & Analysis
Hash Function & AnalysisHash Function & Analysis
Hash Function & Analysis
Pawandeep Kaur
 
Hash Function
Hash FunctionHash Function
Hash Function
Siddharth Srivastava
 
Public Key Cryptography and RSA algorithm
Public Key Cryptography and RSA algorithmPublic Key Cryptography and RSA algorithm
Public Key Cryptography and RSA algorithm
Indra97065
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHM
Shashank Shetty
 
NetworkSecurity.ppt
NetworkSecurity.pptNetworkSecurity.ppt
NetworkSecurity.ppt
DreamMalar
 
Secure Hash Algorithm
Secure Hash AlgorithmSecure Hash Algorithm
Secure Hash Algorithm
Vishakha Agarwal
 
Network security
Network security Network security
Network security
Madhumithah Ilango
 
Network security
Network securityNetwork security
Network security
Gichelle Amon
 
RSA & MD5 algorithm
RSA & MD5 algorithmRSA & MD5 algorithm
RSA & MD5 algorithm
Siva Rushi
 

Viewers also liked (15)

Secure Hash Algorithm (SHA-512)
Secure Hash Algorithm (SHA-512)Secure Hash Algorithm (SHA-512)
Secure Hash Algorithm (SHA-512)
 
Message Authentication using Message Digests and the MD5 Algorithm
Message Authentication using Message Digests and the MD5 AlgorithmMessage Authentication using Message Digests and the MD5 Algorithm
Message Authentication using Message Digests and the MD5 Algorithm
 
Hash function
Hash functionHash function
Hash function
 
Hash Techniques in Cryptography
Hash Techniques in CryptographyHash Techniques in Cryptography
Hash Techniques in Cryptography
 
Network security and protocols
Network security and protocolsNetwork security and protocols
Network security and protocols
 
Secure hashing algorithm
Secure hashing algorithmSecure hashing algorithm
Secure hashing algorithm
 
Hash Function & Analysis
Hash Function & AnalysisHash Function & Analysis
Hash Function & Analysis
 
Hash Function
Hash FunctionHash Function
Hash Function
 
Public Key Cryptography and RSA algorithm
Public Key Cryptography and RSA algorithmPublic Key Cryptography and RSA algorithm
Public Key Cryptography and RSA algorithm
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHM
 
NetworkSecurity.ppt
NetworkSecurity.pptNetworkSecurity.ppt
NetworkSecurity.ppt
 
Secure Hash Algorithm
Secure Hash AlgorithmSecure Hash Algorithm
Secure Hash Algorithm
 
Network security
Network security Network security
Network security
 
Network security
Network securityNetwork security
Network security
 
RSA & MD5 algorithm
RSA & MD5 algorithmRSA & MD5 algorithm
RSA & MD5 algorithm
 

Similar to IP Protocol Security

IP security and VPN presentation
IP security and VPN presentation IP security and VPN presentation
IP security and VPN presentation
KishoreTs3
 
Module 8 - Ccna - Pre.pptx
Module 8 - Ccna - Pre.pptxModule 8 - Ccna - Pre.pptx
Module 8 - Ccna - Pre.pptx
AliMohamed855266
 
Vpn(virtual private network)
Vpn(virtual private network)Vpn(virtual private network)
Vpn(virtual private network)
sonangrai
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
Greater Noida Institute Of Technology
 
VPN
VPNVPN
VPN
Ketan Paithankar
 
Vp ns
Vp nsVp ns
Vp ns
Ayano Midakso
 
Virtual Private Networks
Virtual Private NetworksVirtual Private Networks
Virtual Private Networks
primeteacher32
 
VPN Theory
VPN TheoryVPN Theory
VPN Theory
LJ PROJECTS
 
IPS NAT and VPN.pptx
IPS NAT and VPN.pptxIPS NAT and VPN.pptx
IPS NAT and VPN.pptx
karthikvcyber
 
Unit08
Unit08Unit08
Unit08
Nurul Nadirah
 
Cryptography and Network security # Lecture 8
Cryptography and Network security # Lecture 8Cryptography and Network security # Lecture 8
Cryptography and Network security # Lecture 8
Kabul Education University
 
IP SEC.ptx
IP SEC.ptxIP SEC.ptx
IP SEC.ptx
MamoonKhan40
 
Minimizing Information Transparency
Minimizing Information TransparencyMinimizing Information Transparency
Minimizing Information Transparency
Usman Arshad
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
HASHIR RAZA
 
WLAN:VPN Security
WLAN:VPN SecurityWLAN:VPN Security
WLAN:VPN Security
@zenafaris91
 
Telecommunications and Network Security Presentation
Telecommunications and Network Security PresentationTelecommunications and Network Security Presentation
Telecommunications and Network Security Presentation
Wajahat Rajab
 
Unit 5.ppt
Unit 5.pptUnit 5.ppt
Unit 5.ppt
DHANABALSUBRAMANIAN
 
Network Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. ShivashankarNetwork Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. Shivashankar
Dr. Shivashankar
 
IP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdfIP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdf
solimankellymattwe60
 
IP Security
IP SecurityIP Security
IP Security
Dr.Florence Dayana
 

Similar to IP Protocol Security (20)

IP security and VPN presentation
IP security and VPN presentation IP security and VPN presentation
IP security and VPN presentation
 
Module 8 - Ccna - Pre.pptx
Module 8 - Ccna - Pre.pptxModule 8 - Ccna - Pre.pptx
Module 8 - Ccna - Pre.pptx
 
Vpn(virtual private network)
Vpn(virtual private network)Vpn(virtual private network)
Vpn(virtual private network)
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
 
VPN
VPNVPN
VPN
 
Vp ns
Vp nsVp ns
Vp ns
 
Virtual Private Networks
Virtual Private NetworksVirtual Private Networks
Virtual Private Networks
 
VPN Theory
VPN TheoryVPN Theory
VPN Theory
 
IPS NAT and VPN.pptx
IPS NAT and VPN.pptxIPS NAT and VPN.pptx
IPS NAT and VPN.pptx
 
Unit08
Unit08Unit08
Unit08
 
Cryptography and Network security # Lecture 8
Cryptography and Network security # Lecture 8Cryptography and Network security # Lecture 8
Cryptography and Network security # Lecture 8
 
IP SEC.ptx
IP SEC.ptxIP SEC.ptx
IP SEC.ptx
 
Minimizing Information Transparency
Minimizing Information TransparencyMinimizing Information Transparency
Minimizing Information Transparency
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
 
WLAN:VPN Security
WLAN:VPN SecurityWLAN:VPN Security
WLAN:VPN Security
 
Telecommunications and Network Security Presentation
Telecommunications and Network Security PresentationTelecommunications and Network Security Presentation
Telecommunications and Network Security Presentation
 
Unit 5.ppt
Unit 5.pptUnit 5.ppt
Unit 5.ppt
 
Network Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. ShivashankarNetwork Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. Shivashankar
 
IP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdfIP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdf
 
IP Security
IP SecurityIP Security
IP Security
 

Recently uploaded

一比一原版(USYD毕业证)悉尼大学毕业证如何办理
一比一原版(USYD毕业证)悉尼大学毕业证如何办理一比一原版(USYD毕业证)悉尼大学毕业证如何办理
一比一原版(USYD毕业证)悉尼大学毕业证如何办理
k4ncd0z
 
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
3a0sd7z3
 
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
rtunex8r
 
Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?
Paul Walk
 
Discover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to IndiaDiscover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to India
davidjhones387
 
Bengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal BrandingBengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal Branding
Tarandeep Singh
 
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
3a0sd7z3
 
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
ysasp1
 
Ready to Unlock the Power of Blockchain!
Ready to Unlock the Power of Blockchain!Ready to Unlock the Power of Blockchain!
Ready to Unlock the Power of Blockchain!
Toptal Tech
 
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
xjq03c34
 
HijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process HollowingHijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process Hollowing
Donato Onofri
 
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
uehowe
 
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaalmanuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
wolfsoftcompanyco
 
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
uehowe
 
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
fovkoyb
 
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
uehowe
 

Recently uploaded (16)

一比一原版(USYD毕业证)悉尼大学毕业证如何办理
一比一原版(USYD毕业证)悉尼大学毕业证如何办理一比一原版(USYD毕业证)悉尼大学毕业证如何办理
一比一原版(USYD毕业证)悉尼大学毕业证如何办理
 
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
 
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
 
Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?
 
Discover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to IndiaDiscover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to India
 
Bengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal BrandingBengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal Branding
 
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
 
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
 
Ready to Unlock the Power of Blockchain!
Ready to Unlock the Power of Blockchain!Ready to Unlock the Power of Blockchain!
Ready to Unlock the Power of Blockchain!
 
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
 
HijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process HollowingHijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process Hollowing
 
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
 
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaalmanuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
 
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
 
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
 
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
 

IP Protocol Security

  • 1.
  • 2. IPsec is an IETF standard that defines how a remote or site-to- siteVPN can be configured at the Network Layer
  • 3. IPsec is an IETF standard that defines how a remote or site-to- siteVPN can be configured at the Network Layer Provides Data Encryption to secureTCP/IP based Applications
  • 4. Used with IP only!
  • 5. Used with IP only! Encrypts any traffic using the IP Protocol!
  • 6. Used with IP only! Both Encryption and Authentication Mechanisms! Encrypts any traffic using the IP Protocol!
  • 7. Used with IP only! Both Encryption and Authentication Mechanisms! Encrypts any traffic using the IP Protocol! Requires Certificates of Pre Shared Keys!
  • 8. Used with IP only! Both Encryption and Authentication Mechanisms! Encrypts any traffic using the IP Protocol! Requires Certificates of Pre Shared Keys! Functions at the Network Layer!
  • 9. Used with IP only! Both Encryption and Authentication Mechanisms! Encrypts any traffic using the IP Protocol! Requires Certificates of Pre Shared Keys! Functions at the Network Layer! Generally can’t be used with a NAT proxy Deployment..
  • 10. Used with IP only! Both Encryption and Authentication Mechanisms! Encrypts any traffic using the IP Protocol! Requires Certificates of Pre Shared Keys! Functions at the Network Layer! Generally can’t be used with a NAT proxy Deployment.. Can be used with L2TP or alone to protect data!
  • 11. Used with IP only! Both Encryption and Authentication Mechanisms! Encrypts any traffic using the IP Protocol! Requires Certificates of Pre Shared Keys! Functions at the Network Layer! Generally can’t be used with a NAT proxy Deployment.. Uses UDP Port 500.. Can be used with L2TP or alone to protect data!
  • 12. Used with IP only! Both Encryption and Authentication Mechanisms! Encrypts any traffic using the IP Protocol! Requires Certificates of Pre Shared Keys! Functions at the Network Layer! Generally can’t be used with a NAT proxy Deployment.. Uses UDP Port 500.. Can be used with L2TP or alone to protect data! Most secure configuration => Provides Confidentiality, Integrity, Authentication and Anti-Replay Attack.
  • 13. VPNs and IPsec provide Essential Services for remote connectivity! Used with IP only! Both Encryption and Authentication Mechanisms! Encrypts any traffic using the IP Protocol! Requires Certificates of Pre Shared Keys! Functions at the Network Layer! Generally can’t be used with a NAT proxy Deployment.. Uses UDP Port 500.. Can be used with L2TP or alone to protect data! Most secure configuration => Provides Confidentiality, Integrity, Authentication and Anti-Replay Attack.
  • 14.
  • 15. • Services offered on a static topology are essential.
  • 16. • Services offered on a static topology are essential. • Services offered on a dynamic topology are emerging.
  • 17. • Services offered on a static topology are essential. • Services offered on a dynamic topology are emerging. • Today there’s a Gap to fill in mobile services.
  • 18. • Services offered on a static topology are essential. • Services offered on a dynamic topology are emerging. • Today there’s a Gap to fill in mobile services. • Private  Public  Private data flow =VPN.
  • 19. • Services offered on a static topology are essential. • Services offered on a dynamic topology are emerging. • Today there’s a Gap to fill in mobile services. • Private  Public  Private data flow =VPN. • Trending toward mobile nodes NOW!
  • 20. • Services offered on a static topology are essential. • Services offered on a dynamic topology are emerging. • Today there’s a Gap to fill in mobile services. • Private  Public  Private data flow =VPN. • Trending toward mobile nodes NOW! • Mobile devices will have Layer 3 switching embedded.
  • 21. • Services offered on a static topology are essential. • Services offered on a dynamic topology are emerging. • Today there’s a Gap to fill in mobile services. • Private  Public  Private data flow =VPN. • Trending toward mobile nodes NOW! • Mobile devices will have Layer 3 switching embedded. • Routers will become obselete.
  • 22. • VPNs have become an essential service.
  • 23. • VPNs have become an essential service. • Discretionary access rights for individual users allowed.
  • 24. • VPNs have become an essential service. • Discretionary access rights for individual users allowed. • Role Based access rights for user groups allowed.
  • 25. • VPNs have become an essential service. • Discretionary access rights for individual users allowed. • Role Based access rights for user groups allowed. • Users essential take their office with them.
  • 26. • VPNs have become an essential service. • Discretionary access rights for individual users allowed. • Role Based access rights for user groups allowed. • Users essential take their office with them. • VPN method implemented based on access, policy and procedures of the organization.
  • 27. • VPNs have become an essential service. • Discretionary access rights for individual users allowed. • Role Based access rights for user groups allowed. • Users essential take their office with them. • VPN method implemented based on access, policy and procedures of the organization. • Two primary protocols forVPN deployment.
  • 28. • VPNs have become an essential service. • Discretionary access rights for individual users allowed. • Role Based access rights for user groups allowed. • Users essential take their office with them. • VPN method implemented based on access, policy and procedures of the organization. • Two primary protocols forVPN deployment. 1. IPSec for Site-to-Site.
  • 29. • VPNs have become an essential service. • Discretionary access rights for individual users allowed. • Role Based access rights for user groups allowed. • Users essential take their office with them. • VPN method implemented based on access, policy and procedures of the organization. • Two primary protocols forVPN deployment. 1. IPSec for Site-to-Site. 2. SSL – Remote Access
  • 30. 1. If ease of Configuration and support is an issue.  Use SSL
  • 31. 1. If ease of Configuration and support is an issue.  Use SSL 2. If security is the issue. Use IPSec.
  • 32. 1. If ease of Configuration and support is an issue.  Use SSL 2. If security is the issue. Use IPSec. 3. If using IPv6.  Use IPSec.
  • 33. 1. If ease of Configuration and support is an issue.  Use SSL 2. If security is the issue. Use IPsec. 3. If using IPv6.  Use IPsec.
  • 34. IPsec exceeds SSL in many significant ways: Number of applications that are supported Strength of encryption Strength of authentication Overall security When security is an issue, IPsec is the superior choice. If support and ease of deployment are the primary issues, consider SSL.
  • 35.
  • 36. Confidentiality • IPsec provides security features, such as strong encryption algorithms.
  • 37. Symmetric Encryption • Symmetric algorithms such as AES required shared keys. • Each device requires the same key to decode information. • Knowledge of which devices interact must be known so the same key can be configured on each device.
  • 38. Asymmetric Encryption • Asymmetric uses different keys. • One encrypts, the other decrypts. • Impossible to decode using the same keys.
  • 39. Data Integrity • Diffe-Hellman is not an encryption mechanism • The algorithms allow two parties to establish a shared key. • This key is used by encryp0tion and hash algorithms.
  • 40. Data Integrity and Authentication • Hashes provide Integrity and Authentication. • The hash (message digest) creates a unique value for set of data. • IFF hashes are equal, the data is not altered.
  • 41. Data Integrity • PSK – Configured one each peer manually and used to authenticate each end. • PSK is combined with other information to form the authentication key.
  • 42. Authentication • Authentication Header is used when confidentiality is not required or permitted. • Authentication and Integrity are established between each system. • All text is transported in clear text.
  • 43. Authentication • Authentication Header is used when confidentiality is not required or permitted. • Authentication and Integrity are established between each system. • All text is transported in clear text. • Encapsulating Security Payload – Provides Confidentiality and Authentication by encryption. • IP packet encryption conceals the data and identities of the end devices. • In IPsec, at least one of these must be used.
  • 44. IPsec framework protocol - When configuring an IPsec gateway to provide security services, an IPsec protocol must be selected.The choices are some combination of ESP and AH. Realistically, the ESP or ESP+AH options are almost always selected because AH itself does not provide encryption, as shown in Figure 3. Confidentiality (If IPsec is implemented with ESP) -The encryption algorithm chosen should best meet the desired level of security: DES, 3DES, or AES. AES is strongly recommended, with AES-GCM providing the greatest security. Integrity - Guarantees that the content has not been altered in transit. Implemented through the use of hash algorithms. Choices include MD5 and SHA. Authentication - Represents how devices on either end of theVPN tunnel are authenticated.The two methods are PSK or RSA. DH algorithm group - Represents how a shared secret key is established between peers.There are several options, but DH24 provides the greatest security. IP Protocol Framework
  • 45. IPsec, an IETF standard, is a secure tunnel operating at Layer 3 of the OSI model that can protect and authenticate IP packets between IPsec peers. It can provide confidentiality by using encryption, data integrity, authentication, and anti- replay protection. Data integrity is provided by using a hash algorithm, such as MD5 or SHA.Authentication is provided by the PSK or RSA peer authentication method. The level of confidentiality provided by encryption depends on the algorithm used and the key length. Encryption can be symmetrical or asymmetrical. DH is a method used to securely exchange the keys to encrypt data. Summary

Editor's Notes

  1. C
  2. C
  3. C
  4. C
  5. C
  6. C
  7. C
  8. C
  9. C