Upload
jerome-olson
View
31
Download
0
Embed Size (px)
DESCRIPTION
IP Security. ::: Semester : 8 ::: Year : 2009. Naeem Riaz. Maria Shakeel. P R E S E N T E D B Y. Aqsa. Nizam. INITIATIVE. - PowerPoint PPT Presentation
Citation preview
IP Security
P R E S E N T E D B YP R E S E N T E D B Y::: Semester : 8 ::: Year : 2009
Naeem Riaz
Maria Shakeel
Aqsa
Nizam
BEYOND FORWORD
COMPETITIVE ANALYSIS
FUCTIONAL FEATURES
INITIATIVE
BEYOND FORWORD
COMPETITIVE ANALYSIS
FEATURES
INITIATIVE
Overview at a glance
IPSecurity (IPSec)IPSecurity (IPSec)
IPSecurity (IPSec) is a collection of protocols designed by the IPSecurity (IPSec) is a collection of protocols designed by the Internet Engineering Task Force (IETF) to provide security for Internet Engineering Task Force (IETF) to provide security for a packet at the network level. a packet at the network level.
TCP/IP protocol suite and IPSec
IP Security Scenario
Benefits of IPSec
Strong security that can be applied to all traffic crossing the perimeter.Transparent to applications. No need to change software on a user or server system,
-When IPSec is implemented in a router or firewall.IPSec can be transparent to end users. There is no need to train users on security mechanismsIPSec can provide security for individual used if needed.
Cryptographic algorithms
Cryptographic algorithms defined for use with IPsec include:
HMAC-SHA1 for integrity protectionTripleDES-CBC for confidentialityAES-CBC for confidentiality
.
RFC : IP Sec Documents
RFC 2401: An overview of security architectureRFC 2402: Description of a packet encryption extension to IPv4 and IPv6RFC 2406: Description of a packet emcryption extension to IPv4 and IPv6RFC 2408: Specification of key managament capabilities
INITIATIVEBEYOND
FORWORD
COMPETITIVE ANALYSIS
FUNCTIONAL FEATURES
ModesProtocols
Modes of IPSec
IPSec operates in one of two different modes.
Transport mode.Tunnel mode
TRANSPORT MODE VS TUNNEL MODE
IPSec in the transport mode does not protect the IP header; it only protects the information coming from the transport layer.
IPSec in tunnel mode protects the original IP header.
Transport mode in action
Tunnel mode in action
**
Authentication Header (AH) Protocol & Encapsulating Security Payload (ESP) Protocol
The Authentication Header (AH) Protocol provides source authentication and data integrity but not privacy.Encapsulating Security Payload (ESP) provides confidentiality services (Must) and authentication services (optionally).ESP provides sources authentication, data integrity and privacy
BEYOND FORWORD
COMPETITVE ANALYSISINITIATIVE
FUNCTIONAL FEATURES
Key management IPSec services
Summarization of AH and ESP
**
Key Management
IPSec architecture support for two type of key management:
Manual: Particular for small, relatively static environments.
Automated: The use of this key in a large distributed system with an evolving configuration
Contd…
Oakley: Key Detemination Protocol: Three authentication methods can be used with Oakley:
-Digital signatures -Public-key encryption -Symmetric-key encryption
ISAKMP: Internet Security Association and Key Management Protocol: -Defines procedures and packet formats to establish, negotiate, modify and delete security associations.
IPSec Services
IPSec provided Services for:networking devices,
-such as a router or firewall Operates on the workstation or server.
-Workstation to Workstation Protection against data changes
-Accidental or Intentional Datagram’s Content can be hidden.
INITIATIVE
FUNCTIONAL FEATURES
COMPETITIVE ANALYSIS
BEYOND FOREWORD
THANK YOU
Software implementations
Real life examples
IPSec: Real Life Examples
IPSec provides the capability to secure communications across a LAN, across private and public WANs, and across the Internet. Examples of its use include: Secure branch office connectivity over the Internet Secure remote access over the Internet Establishment of extranet and intranet connectivity with partners Enhancement of electronic commerce security Encrypt or authenticate all traffic at the IP level
Contd…
Using IPSec all distributed applications can be secured, -Remote logon, -client/server, -e-mail, -file transfer,
-Web access
SOFTWARE IMPLEMENTATIONS
NRL IPsec, one of the original sources of IPsec code.OpenBSD, with its own code derived from a BSD/OS implementation written by John Ioannidis and Angelos D. Keromytis in 1996.The KAME stack, that is included in Mac OS X, NetBS and FreeBSD."IPsec" in Cisco IOS Software "IPsec" in Microsoft Windows, including Windows XP, Windows 2000, Windows 2003, Windows Vista, Windows Server 2008, and Windows 7.SafeNet QuickSec toolkitsIPsec in Solaris
Asking queries is your right!
Computers are useless, they can only give you answer.
T H A N K Y O UT H A N K Y O U