27
Internet Protocol Security (IPSec) Group name: grouppage

IPSec

  • Upload
    davisli

  • View
    637

  • Download
    1

Tags:

Embed Size (px)

DESCRIPTION

IPSec protocol. Overview of IKE in IPSec. A look at ESP packet. AH is excluded in this presentation.

Citation preview

Page 1: IPSec

Internet Protocol Security (IPSec)

Group name: grouppage

Page 2: IPSec

What to expect

• What is the difference between SSL and IPSec• And when to use it?• Go through the basics for IPSec• Explain IPSec’s key exchange • Look further into ESP, main protocol of IPSec

Page 3: IPSec

Internet Protocol (TCP/IP)

Has no inherent security

Man in the middle can read/write to:The TCP/IP headersThe payload data

SSL/TLS and IPSec can encrypt data

Page 4: IPSec

IPSec Compared To SSLIPSec

Application Independent

Authenticates IP headers

Encrypts TCP and Application layer

SSL Must be compiled in

Application Insecure IP headers Encrypts application

layer

Page 5: IPSec

Malory can: Create packets that have

A's IP as src address Read A's packets Can change A's packets

•Normal IP

Page 6: IPSec

IPSec Malroy can do nothing

Page 7: IPSec

When to use?

Reasons not to use NAT Support User authentication

Reasons to use: VPN Application doesn't support

TLS Don't want to use PKI Host authentication

Page 8: IPSec

IPSec basics for this presentation

Main protocol in IPSec:

–Encapsulating Security Payload (ESP)

Page 9: IPSec

Constructs that guide the operation of IPSec

Security Policy (SP)Security Association (SA)

IPSec basics for this presentation

Page 10: IPSec

Security Policies

Governs how IPSec process different

datagrams received by an IPSec device

Page 11: IPSec

SA describes a particular kind of secure connection between one device and

another.

AH

Security Associations

Page 12: IPSec

Security Associations are key to IPSEC’s

authentication and confidentiality mechanisms.

Security Associations

Page 13: IPSec

SAs are needed to negotiate in the exchange

of the “shared secret” process

Security Associations

Page 14: IPSec

Sharing the shared secret

Page 15: IPSec

Sharing the shared secret

IPSec, like many secure networking protocol sets, is based on the concept

of a “shared secret”.

Page 16: IPSec

Sharing the shared secret

Before ESP (IPSec protocols) can be used, any two devices must exchange the “secret”

that the ESP themselves will use.

Page 17: IPSec

Sharing the shared secret

So how does this happen?

Page 18: IPSec

Exchanging the secret

Internet Key Exchange (IKE).

Page 19: IPSec

Internet Key Exchange (IKE)

IPSec-capable devices to exchange security associations (SAs), Populate their security association databases (SADs).

Page 20: IPSec

Internet Key Exchange (IKE)

These established SAs are then being used for the actual

exchange of secured datagrams with the ESP protocols.

Page 21: IPSec

Sharing the shared secret

Source: http://technet.microsoft.com

Page 22: IPSec

IPSec Protocols

Encapsulating Security Payload

Page 23: IPSec

Encapsulating Security Payload (ESP)

Main function: Provide privacy for IP datagrams

by encrypting them.

Page 24: IPSec

ESP packet in transport mode

Page 25: IPSec

ESP packet in tunnel mode

New IP Header

Page 26: IPSec

Thank You!

The end and we hope you understand

Page 27: IPSec

References

• Understanding IPSEC - Server 2003 http://www.youtube.com/watch?v=DH1zI8QYi4A

• TCPIP Guide– http://www.tcpipguide.com/free/

t_IPSecurityIPSecProtocols.htm


Troubleshooting Cisco IOS and PIX Firewall-Based IPSec ... Cisco... · • Firewalling and IPSec • MTU Issues • GRE over IPSec

Troubleshooting Cisco IOS and PIX Firewall-Based IPSec ... Cisco... · • Firewalling and IPSec • MTU Issues • GRE over IPSec

Documents
IPsec - recompile.se · If IPsec is used for everything, you could turn off WPA etc, since IPsec is better anyway. ... /etc/ipsec-tools.conf

IPsec - recompile.se · If IPsec is used for everything, you could turn off WPA etc, since IPsec is better anyway. ... /etc/ipsec-tools.conf

Documents
Remote access VPN IPsec - TheGreenBo€¦ · TheGreenBowTM IPsec VPN Client Application Note Remote access VPN IPsec Accessing the MRD-3xx Indsutrial 3G router using TheGreenBow IPSec

Remote access VPN IPsec - TheGreenBo€¦ · TheGreenBowTM IPsec VPN Client Application Note Remote access VPN IPsec Accessing the MRD-3xx Indsutrial 3G router using TheGreenBow IPSec

Documents
Securing Data with Internet Protocol Security (IPSec) Designing IPSec Policies Planning IPSec Deployment

Securing Data with Internet Protocol Security (IPSec) Designing IPSec Policies Planning IPSec Deployment

Documents
Automatic multicast IPsec by using a proactive IPsec discovery

Automatic multicast IPsec by using a proactive IPsec discovery

Documents
Protocolo IPsec

Protocolo IPsec

Technology
IPSec Certificates · IPSec Certificates ThischapterdescribesanumberofStarOSfeaturesthatsupportIPSeccertificatemanagement. ThecommandsdescribedinthischapterappearintheCLIforthisrelease

IPSec Certificates · IPSec Certificates ThischapterdescribesanumberofStarOSfeaturesthatsupportIPSeccertificatemanagement. ThecommandsdescribedinthischapterappearintheCLIforthisrelease

Documents
Overview of IPsec - Cisco · Overview of IPsec IPsecisaframeworkofopenstandardsdevelopedbytheIETF.Itprovidessecurityforthetransmissionof sensitiveinformationoverunprotectednetworkssuchastheInternet.IPsecactsatthenetworklayer,protecting

Overview of IPsec - Cisco · Overview of IPsec IPsecisaframeworkofopenstandardsdevelopedbytheIETF.Itprovidessecurityforthetransmissionof sensitiveinformationoverunprotectednetworkssuchastheInternet.IPsecactsatthenetworklayer,protecting

Documents
(IPsec) - mrl.co.jp

(IPsec) - mrl.co.jp

Documents
6.1 Overview of IPsec Benefits of IPsec Recommended Uses of IPsec Tools Used to Configure IPsec What are Connection Security Rules ?

6.1 Overview of IPsec Benefits of IPsec Recommended Uses of IPsec Tools Used to Configure IPsec What are Connection Security Rules ?

Documents
Module 8: Planning and Troubleshooting IPSec. Overview Understanding Default Policy Rules Planning an IPSec Deployment Troubleshooting IPSec Communications

Module 8: Planning and Troubleshooting IPSec. Overview Understanding Default Policy Rules Planning an IPSec Deployment Troubleshooting IPSec Communications

Documents
IPsec - web.cse.msstate.edu

IPsec - web.cse.msstate.edu

Documents
Redes Ipsec

Redes Ipsec

Documents
Deployment of IPSec VPN VPN, IPSec, PKI, Smart Cards

Deployment of IPSec VPN VPN, IPSec, PKI, Smart Cards

Documents
Ipsec Howto

Ipsec Howto

Documents
Automatic multicast IPsec by using a proactive IPsec

Automatic multicast IPsec by using a proactive IPsec

Documents
IPSec - utc.edu

IPSec - utc.edu

Documents
Iguide Ipsec

Iguide Ipsec

Documents
Internet Protocol Security (IPSec). Reviewing IPSec Understanding Vulnerabilities Threat Analysis What Is IPSec? Microsoft IPSec Features Advantages and

Internet Protocol Security (IPSec). Reviewing IPSec Understanding Vulnerabilities Threat Analysis What Is IPSec? Microsoft IPSec Features Advantages and

Documents
IP Security (IPSec protocol) Introduction to IP IPSec Key Management in IPSEC

IP Security (IPSec protocol) Introduction to IP IPSec Key Management in IPSEC

Documents
Ipsec final

Ipsec final

Documents
IPSec Over

IPSec Over

Documents
Agenda Introducción Problemática del envío de datos Snnifing y Spoofing de Red IPSec IPSec en arquitecturas Windows IPSec con clave compartida IPSec con

Agenda Introducción Problemática del envío de datos Snnifing y Spoofing de Red IPSec IPSec en arquitecturas Windows IPSec con clave compartida IPSec con

Documents
IPsec , ipsecurity

IPsec , ipsecurity

Documents
8-1 IPSec IS511. 8-2 IPSEC TLS: transport layer IPSec: network layer Network Security

8-1 IPSec IS511. 8-2 IPSEC TLS: transport layer IPSec: network layer Network Security

Documents
Building scalable IPSec infrastructure with MikroTik · PDF fileBuilding scalable IPSec infrastructure with MikroTik IPSec, L2TP/IPSec, OSPF

Building scalable IPSec infrastructure with MikroTik · PDF fileBuilding scalable IPSec infrastructure with MikroTik IPSec, L2TP/IPSec, OSPF

Documents
IPSec - AH.ppt

IPSec - AH.ppt

Documents
IPSec VPN

IPSec VPN

Technology
IPsec - MikroTik

IPsec - MikroTik

Documents
IPSEC Problem

IPSEC Problem

Documents