SlideShare une entreprise Scribd logo

IP Protocol Security

D
David Barker
Internet
1  sur  47
IPsec is an IETF standard that defines how a remote or site-to- siteVPN can be configured at the Network Layer
IPsec is an IETF standard that defines how a remote or site-to- siteVPN can be configured at the Network Layer Provides Data Encryption to secureTCP/IP based Applications
Used with IP only!
Used with IP only! Encrypts any traffic using the IP Protocol!
Used with IP only! Both Encryption and Authentication Mechanisms! Encrypts any traffic using the IP Protocol!
Used with IP only! Both Encryption and Authentication Mechanisms! Encrypts any traffic using the IP Protocol! Requires Certificates of Pre Shared Keys!
Used with IP only! Both Encryption and Authentication Mechanisms! Encrypts any traffic using the IP Protocol! Requires Certificates of Pre Shared Keys! Functions at the Network Layer!
Used with IP only! Both Encryption and Authentication Mechanisms! Encrypts any traffic using the IP Protocol! Requires Certificates of Pre Shared Keys! Functions at the Network Layer! Generally can’t be used with a NAT proxy Deployment..
Used with IP only! Both Encryption and Authentication Mechanisms! Encrypts any traffic using the IP Protocol! Requires Certificates of Pre Shared Keys! Functions at the Network Layer! Generally can’t be used with a NAT proxy Deployment.. Can be used with L2TP or alone to protect data!
Used with IP only! Both Encryption and Authentication Mechanisms! Encrypts any traffic using the IP Protocol! Requires Certificates of Pre Shared Keys! Functions at the Network Layer! Generally can’t be used with a NAT proxy Deployment.. Uses UDP Port 500.. Can be used with L2TP or alone to protect data!
Used with IP only! Both Encryption and Authentication Mechanisms! Encrypts any traffic using the IP Protocol! Requires Certificates of Pre Shared Keys! Functions at the Network Layer! Generally can’t be used with a NAT proxy Deployment.. Uses UDP Port 500.. Can be used with L2TP or alone to protect data! Most secure configuration => Provides Confidentiality, Integrity, Authentication and Anti-Replay Attack.
VPNs and IPsec provide Essential Services for remote connectivity! Used with IP only! Both Encryption and Authentication Mechanisms! Encrypts any traffic using the IP Protocol! Requires Certificates of Pre Shared Keys! Functions at the Network Layer! Generally can’t be used with a NAT proxy Deployment.. Uses UDP Port 500.. Can be used with L2TP or alone to protect data! Most secure configuration => Provides Confidentiality, Integrity, Authentication and Anti-Replay Attack.
• Services offered on a static topology are essential.
• Services offered on a static topology are essential. • Services offered on a dynamic topology are emerging.
• Services offered on a static topology are essential. • Services offered on a dynamic topology are emerging. • Today there’s a Gap to fill in mobile services.
• Services offered on a static topology are essential. • Services offered on a dynamic topology are emerging. • Today there’s a Gap to fill in mobile services. • Private  Public  Private data flow =VPN.
• Services offered on a static topology are essential. • Services offered on a dynamic topology are emerging. • Today there’s a Gap to fill in mobile services. • Private  Public  Private data flow =VPN. • Trending toward mobile nodes NOW!
• Services offered on a static topology are essential. • Services offered on a dynamic topology are emerging. • Today there’s a Gap to fill in mobile services. • Private  Public  Private data flow =VPN. • Trending toward mobile nodes NOW! • Mobile devices will have Layer 3 switching embedded.
• Services offered on a static topology are essential. • Services offered on a dynamic topology are emerging. • Today there’s a Gap to fill in mobile services. • Private  Public  Private data flow =VPN. • Trending toward mobile nodes NOW! • Mobile devices will have Layer 3 switching embedded. • Routers will become obselete.
• VPNs have become an essential service.
• VPNs have become an essential service. • Discretionary access rights for individual users allowed.
• VPNs have become an essential service. • Discretionary access rights for individual users allowed. • Role Based access rights for user groups allowed.
• VPNs have become an essential service. • Discretionary access rights for individual users allowed. • Role Based access rights for user groups allowed. • Users essential take their office with them.
• VPNs have become an essential service. • Discretionary access rights for individual users allowed. • Role Based access rights for user groups allowed. • Users essential take their office with them. • VPN method implemented based on access, policy and procedures of the organization.
• VPNs have become an essential service. • Discretionary access rights for individual users allowed. • Role Based access rights for user groups allowed. • Users essential take their office with them. • VPN method implemented based on access, policy and procedures of the organization. • Two primary protocols forVPN deployment.
• VPNs have become an essential service. • Discretionary access rights for individual users allowed. • Role Based access rights for user groups allowed. • Users essential take their office with them. • VPN method implemented based on access, policy and procedures of the organization. • Two primary protocols forVPN deployment. 1. IPSec for Site-to-Site.
• VPNs have become an essential service. • Discretionary access rights for individual users allowed. • Role Based access rights for user groups allowed. • Users essential take their office with them. • VPN method implemented based on access, policy and procedures of the organization. • Two primary protocols forVPN deployment. 1. IPSec for Site-to-Site. 2. SSL – Remote Access
1. If ease of Configuration and support is an issue.  Use SSL
1. If ease of Configuration and support is an issue.  Use SSL 2. If security is the issue. Use IPSec.
1. If ease of Configuration and support is an issue.  Use SSL 2. If security is the issue. Use IPSec. 3. If using IPv6.  Use IPSec.
1. If ease of Configuration and support is an issue.  Use SSL 2. If security is the issue. Use IPsec. 3. If using IPv6.  Use IPsec.
IPsec exceeds SSL in many significant ways: Number of applications that are supported Strength of encryption Strength of authentication Overall security When security is an issue, IPsec is the superior choice. If support and ease of deployment are the primary issues, consider SSL.
Confidentiality • IPsec provides security features, such as strong encryption algorithms.
Symmetric Encryption • Symmetric algorithms such as AES required shared keys. • Each device requires the same key to decode information. • Knowledge of which devices interact must be known so the same key can be configured on each device.
Asymmetric Encryption • Asymmetric uses different keys. • One encrypts, the other decrypts. • Impossible to decode using the same keys.
Data Integrity • Diffe-Hellman is not an encryption mechanism • The algorithms allow two parties to establish a shared key. • This key is used by encryp0tion and hash algorithms.
Data Integrity and Authentication • Hashes provide Integrity and Authentication. • The hash (message digest) creates a unique value for set of data. • IFF hashes are equal, the data is not altered.
Data Integrity • PSK – Configured one each peer manually and used to authenticate each end. • PSK is combined with other information to form the authentication key.
Authentication • Authentication Header is used when confidentiality is not required or permitted. • Authentication and Integrity are established between each system. • All text is transported in clear text.
Authentication • Authentication Header is used when confidentiality is not required or permitted. • Authentication and Integrity are established between each system. • All text is transported in clear text. • Encapsulating Security Payload – Provides Confidentiality and Authentication by encryption. • IP packet encryption conceals the data and identities of the end devices. • In IPsec, at least one of these must be used.
IPsec framework protocol - When configuring an IPsec gateway to provide security services, an IPsec protocol must be selected.The choices are some combination of ESP and AH. Realistically, the ESP or ESP+AH options are almost always selected because AH itself does not provide encryption, as shown in Figure 3. Confidentiality (If IPsec is implemented with ESP) -The encryption algorithm chosen should best meet the desired level of security: DES, 3DES, or AES. AES is strongly recommended, with AES-GCM providing the greatest security. Integrity - Guarantees that the content has not been altered in transit. Implemented through the use of hash algorithms. Choices include MD5 and SHA. Authentication - Represents how devices on either end of theVPN tunnel are authenticated.The two methods are PSK or RSA. DH algorithm group - Represents how a shared secret key is established between peers.There are several options, but DH24 provides the greatest security. IP Protocol Framework
IPsec, an IETF standard, is a secure tunnel operating at Layer 3 of the OSI model that can protect and authenticate IP packets between IPsec peers. It can provide confidentiality by using encryption, data integrity, authentication, and anti- replay protection. Data integrity is provided by using a hash algorithm, such as MD5 or SHA.Authentication is provided by the PSK or RSA peer authentication method. The level of confidentiality provided by encryption depends on the algorithm used and the key length. Encryption can be symmetrical or asymmetrical. DH is a method used to securely exchange the keys to encrypt data. Summary
IP Protocol Security
IP Protocol Security

Recommandé

Internet protocol security
Internet protocol securityInternet protocol security
Internet protocol securityfarhan516
 
Internet security protocol
Internet security protocolInternet security protocol
Internet security protocolMousmi Pawar
 
8 Authentication Security Protocols
8 Authentication Security Protocols8 Authentication Security Protocols
8 Authentication Security Protocolsguestfbf635
 
IP Security
IP SecurityIP Security
IP SecurityKeshab Nath
 
Cyber security
Cyber securityCyber security
Cyber securitySAKSHIMAHADIK
 
Lecture 5 ip security
Lecture 5 ip securityLecture 5 ip security
Lecture 5 ip securityrajakhurram
 
Wireless Cracking using Kali
Wireless Cracking using KaliWireless Cracking using Kali
Wireless Cracking using Kalin|u - The Open Security Community
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6limsh
 

Recommandé

Internet protocol security
Internet protocol securityInternet protocol security
Internet protocol securityfarhan516
 
Internet security protocol
Internet security protocolInternet security protocol
Internet security protocolMousmi Pawar
 
8 Authentication Security Protocols
8 Authentication Security Protocols8 Authentication Security Protocols
8 Authentication Security Protocolsguestfbf635
 
IP Security
IP SecurityIP Security
IP SecurityKeshab Nath
 
Cyber security
Cyber securityCyber security
Cyber securitySAKSHIMAHADIK
 
Lecture 5 ip security
Lecture 5 ip securityLecture 5 ip security
Lecture 5 ip securityrajakhurram
 
Wireless Cracking using Kali
Wireless Cracking using KaliWireless Cracking using Kali
Wireless Cracking using Kalin|u - The Open Security Community
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6limsh
 
WPA2
WPA2WPA2
WPA2Mshari Alabdulkarim
 
Websecurity
Websecurity Websecurity
Websecurity Merve Bilgen
 
Wpa vs Wpa2
Wpa vs Wpa2Wpa vs Wpa2
Wpa vs Wpa2Nzava Luwawa
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Securityamiable_indian
 
Ip security
Ip security Ip security
Ip security Naveen Dubey
 
5169 wireless network_security_amine_k
5169 wireless network_security_amine_k5169 wireless network_security_amine_k
5169 wireless network_security_amine_kRama Krishna M
 
Firewall
Firewall Firewall
Firewall Amuthavalli Nachiyar
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminarNilesh Sapariya
 
Wireless network security
Wireless network securityWireless network security
Wireless network securityVishal Agarwal
 
Web Security
Web SecurityWeb Security
Web SecurityDr.Florence Dayana
 
ip security
ip securityip security
ip securityChirag Patel
 
Ipsec
IpsecIpsec
IpsecRupesh Mishra
 
Keymanagement of ipsec
Keymanagement of ipsecKeymanagement of ipsec
Keymanagement of ipsecPACHIYAPPAN PACHIYAPPAS
 
Wireless security using wpa2
Wireless security using wpa2Wireless security using wpa2
Wireless security using wpa2Tushar Anand
 
IP Security
IP SecurityIP Security
IP SecurityAmbo University
 
Wireless network security
Wireless network securityWireless network security
Wireless network securityShahid Beheshti University
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private NetworkRajendra Dangwal
 
Wpa2 psk security measure
Wpa2 psk security measureWpa2 psk security measure
Wpa2 psk security measureShivam Singh
 
802.11i
802.11i802.11i
802.11iakruthi k
 
Secure Hash Algorithm (SHA-512)
Secure Hash Algorithm (SHA-512)Secure Hash Algorithm (SHA-512)
Secure Hash Algorithm (SHA-512)DUET
 
Message Authentication using Message Digests and the MD5 Algorithm
Message Authentication using Message Digests and the MD5 AlgorithmMessage Authentication using Message Digests and the MD5 Algorithm
Message Authentication using Message Digests and the MD5 AlgorithmAjay Karri
 
Hash function
Hash functionHash function
Hash functionHarry Potter
 

Contenu connexe

Tendances

Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Securityamiable_indian
 
5169 wireless network_security_amine_k
5169 wireless network_security_amine_k5169 wireless network_security_amine_k
5169 wireless network_security_amine_kRama Krishna M
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminarNilesh Sapariya
 
Wireless network security
Wireless network securityWireless network security
Wireless network securityVishal Agarwal
 
Wireless security using wpa2
Wireless security using wpa2Wireless security using wpa2
Wireless security using wpa2Tushar Anand
 
Wpa2 psk security measure
Wpa2 psk security measureWpa2 psk security measure
Wpa2 psk security measureShivam Singh
 

Tendances (19)

WPA2
WPA2WPA2
WPA2
 
Websecurity
Websecurity Websecurity
Websecurity
 
Wpa vs Wpa2
Wpa vs Wpa2Wpa vs Wpa2
Wpa vs Wpa2
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Security
 
Ip security
Ip security Ip security
Ip security
 
5169 wireless network_security_amine_k
5169 wireless network_security_amine_k5169 wireless network_security_amine_k
5169 wireless network_security_amine_k
 
Firewall
Firewall Firewall
Firewall
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminar
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
 
Web Security
Web SecurityWeb Security
Web Security
 
ip security
ip securityip security
ip security
 
Ipsec
IpsecIpsec
Ipsec
 
Keymanagement of ipsec
Keymanagement of ipsecKeymanagement of ipsec
Keymanagement of ipsec
 
Wireless security using wpa2
Wireless security using wpa2Wireless security using wpa2
Wireless security using wpa2
 
IP Security
IP SecurityIP Security
IP Security
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
 
Wpa2 psk security measure
Wpa2 psk security measureWpa2 psk security measure
Wpa2 psk security measure
 
802.11i
802.11i802.11i
802.11i
 

En vedette

Secure Hash Algorithm (SHA-512)
Secure Hash Algorithm (SHA-512)Secure Hash Algorithm (SHA-512)
Secure Hash Algorithm (SHA-512)DUET
 
Message Authentication using Message Digests and the MD5 Algorithm
Message Authentication using Message Digests and the MD5 AlgorithmMessage Authentication using Message Digests and the MD5 Algorithm
Message Authentication using Message Digests and the MD5 AlgorithmAjay Karri
 
Hash Techniques in Cryptography
Hash Techniques in CryptographyHash Techniques in Cryptography
Hash Techniques in CryptographyBasudev Saha
 
Network security and protocols
Network security and protocolsNetwork security and protocols
Network security and protocolsOnline
 
Hash Function & Analysis
Hash Function & AnalysisHash Function & Analysis
Hash Function & AnalysisPawandeep Kaur
 
Public Key Cryptography and RSA algorithm
Public Key Cryptography and RSA algorithmPublic Key Cryptography and RSA algorithm
Public Key Cryptography and RSA algorithmIndra97065
 
NetworkSecurity.ppt
NetworkSecurity.pptNetworkSecurity.ppt
NetworkSecurity.pptDreamMalar
 
RSA & MD5 algorithm
RSA & MD5 algorithmRSA & MD5 algorithm
RSA & MD5 algorithmSiva Rushi
 

En vedette (15)

Secure Hash Algorithm (SHA-512)
Secure Hash Algorithm (SHA-512)Secure Hash Algorithm (SHA-512)
Secure Hash Algorithm (SHA-512)
 
Message Authentication using Message Digests and the MD5 Algorithm
Message Authentication using Message Digests and the MD5 AlgorithmMessage Authentication using Message Digests and the MD5 Algorithm
Message Authentication using Message Digests and the MD5 Algorithm
 
Hash function
Hash functionHash function
Hash function
 
Hash Techniques in Cryptography
Hash Techniques in CryptographyHash Techniques in Cryptography
Hash Techniques in Cryptography
 
Network security and protocols
Network security and protocolsNetwork security and protocols
Network security and protocols
 
Secure hashing algorithm
Secure hashing algorithmSecure hashing algorithm
Secure hashing algorithm
 
Hash Function & Analysis
Hash Function & AnalysisHash Function & Analysis
Hash Function & Analysis
 
Hash Function
Hash FunctionHash Function
Hash Function
 
Public Key Cryptography and RSA algorithm
Public Key Cryptography and RSA algorithmPublic Key Cryptography and RSA algorithm
Public Key Cryptography and RSA algorithm
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHM
 
NetworkSecurity.ppt
NetworkSecurity.pptNetworkSecurity.ppt
NetworkSecurity.ppt
 
Secure Hash Algorithm
Secure Hash AlgorithmSecure Hash Algorithm
Secure Hash Algorithm
 
Network security
Network security Network security
Network security
 
Network security
Network securityNetwork security
Network security
 
RSA & MD5 algorithm
RSA & MD5 algorithmRSA & MD5 algorithm
RSA & MD5 algorithm
 

Similaire à IP Protocol Security

IP security and VPN presentation
IP security and VPN presentation IP security and VPN presentation
IP security and VPN presentation KishoreTs3
 
Module 8 - Ccna - Pre.pptx
Module 8 - Ccna - Pre.pptxModule 8 - Ccna - Pre.pptx
Module 8 - Ccna - Pre.pptxAliMohamed855266
 
Vpn(virtual private network)
Vpn(virtual private network)Vpn(virtual private network)
Vpn(virtual private network)sonangrai
 
Virtual Private Networks
Virtual Private NetworksVirtual Private Networks
Virtual Private Networksprimeteacher32
 
IPS NAT and VPN.pptx
IPS NAT and VPN.pptxIPS NAT and VPN.pptx
IPS NAT and VPN.pptxkarthikvcyber
 
Minimizing Information Transparency
Minimizing Information TransparencyMinimizing Information Transparency
Minimizing Information TransparencyUsman Arshad
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private NetworkHASHIR RAZA
 
Telecommunications and Network Security Presentation
Telecommunications and Network Security PresentationTelecommunications and Network Security Presentation
Telecommunications and Network Security PresentationWajahat Rajab
 
Network Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. ShivashankarNetwork Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. ShivashankarDr. Shivashankar
 
IP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdfIP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdfsolimankellymattwe60
 

Similaire à IP Protocol Security (20)

IP security and VPN presentation
IP security and VPN presentation IP security and VPN presentation
IP security and VPN presentation
 
Module 8 - Ccna - Pre.pptx
Module 8 - Ccna - Pre.pptxModule 8 - Ccna - Pre.pptx
Module 8 - Ccna - Pre.pptx
 
Vpn(virtual private network)
Vpn(virtual private network)Vpn(virtual private network)
Vpn(virtual private network)
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
 
VPN
VPNVPN
VPN
 
Vp ns
Vp nsVp ns
Vp ns
 
Virtual Private Networks
Virtual Private NetworksVirtual Private Networks
Virtual Private Networks
 
VPN Theory
VPN TheoryVPN Theory
VPN Theory
 
IPS NAT and VPN.pptx
IPS NAT and VPN.pptxIPS NAT and VPN.pptx
IPS NAT and VPN.pptx
 
Unit08
Unit08Unit08
Unit08
 
Cryptography and Network security # Lecture 8
Cryptography and Network security # Lecture 8Cryptography and Network security # Lecture 8
Cryptography and Network security # Lecture 8
 
IP SEC.ptx
IP SEC.ptxIP SEC.ptx
IP SEC.ptx
 
Minimizing Information Transparency
Minimizing Information TransparencyMinimizing Information Transparency
Minimizing Information Transparency
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
 
WLAN:VPN Security
WLAN:VPN SecurityWLAN:VPN Security
WLAN:VPN Security
 
Telecommunications and Network Security Presentation
Telecommunications and Network Security PresentationTelecommunications and Network Security Presentation
Telecommunications and Network Security Presentation
 
Unit 5.ppt
Unit 5.pptUnit 5.ppt
Unit 5.ppt
 
Network Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. ShivashankarNetwork Security_3rd Module_Dr. Shivashankar
Network Security_3rd Module_Dr. Shivashankar
 
IP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdfIP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdf
 
IP Security
IP SecurityIP Security
IP Security
 

Dernier

Al Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiAl Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiEscorts Call Girls
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)Delhi Call girls
 
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Bookingdharasingh5698
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdfMatthew Sinclair
 
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort ServiceBusty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort ServiceDelhi Call girls
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftAanSulistiyo
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Call Girls in Nagpur High Profile
 
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...SUHANI PANDEY
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubaikojalkojal131
 
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...SUHANI PANDEY
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge GraphsEleniIlkou
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableSeo
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...tanu pandey
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"growthgrids
 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...tanu pandey
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirtrahman018755
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdfMatthew Sinclair
 
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋nirzagarg
 

Dernier (20)

Al Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiAl Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls Dubai
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
 
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
 
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort ServiceBusty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck Microsoft
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
 
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
 
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
 
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf
 
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
 

IP Protocol Security

  • 1.
  • 2. IPsec is an IETF standard that defines how a remote or site-to- siteVPN can be configured at the Network Layer
  • 3. IPsec is an IETF standard that defines how a remote or site-to- siteVPN can be configured at the Network Layer Provides Data Encryption to secureTCP/IP based Applications
  • 4. Used with IP only!
  • 5. Used with IP only! Encrypts any traffic using the IP Protocol!
  • 6. Used with IP only! Both Encryption and Authentication Mechanisms! Encrypts any traffic using the IP Protocol!
  • 7. Used with IP only! Both Encryption and Authentication Mechanisms! Encrypts any traffic using the IP Protocol! Requires Certificates of Pre Shared Keys!
  • 8. Used with IP only! Both Encryption and Authentication Mechanisms! Encrypts any traffic using the IP Protocol! Requires Certificates of Pre Shared Keys! Functions at the Network Layer!
  • 9. Used with IP only! Both Encryption and Authentication Mechanisms! Encrypts any traffic using the IP Protocol! Requires Certificates of Pre Shared Keys! Functions at the Network Layer! Generally can’t be used with a NAT proxy Deployment..
  • 10. Used with IP only! Both Encryption and Authentication Mechanisms! Encrypts any traffic using the IP Protocol! Requires Certificates of Pre Shared Keys! Functions at the Network Layer! Generally can’t be used with a NAT proxy Deployment.. Can be used with L2TP or alone to protect data!
  • 11. Used with IP only! Both Encryption and Authentication Mechanisms! Encrypts any traffic using the IP Protocol! Requires Certificates of Pre Shared Keys! Functions at the Network Layer! Generally can’t be used with a NAT proxy Deployment.. Uses UDP Port 500.. Can be used with L2TP or alone to protect data!
  • 12. Used with IP only! Both Encryption and Authentication Mechanisms! Encrypts any traffic using the IP Protocol! Requires Certificates of Pre Shared Keys! Functions at the Network Layer! Generally can’t be used with a NAT proxy Deployment.. Uses UDP Port 500.. Can be used with L2TP or alone to protect data! Most secure configuration => Provides Confidentiality, Integrity, Authentication and Anti-Replay Attack.
  • 13. VPNs and IPsec provide Essential Services for remote connectivity! Used with IP only! Both Encryption and Authentication Mechanisms! Encrypts any traffic using the IP Protocol! Requires Certificates of Pre Shared Keys! Functions at the Network Layer! Generally can’t be used with a NAT proxy Deployment.. Uses UDP Port 500.. Can be used with L2TP or alone to protect data! Most secure configuration => Provides Confidentiality, Integrity, Authentication and Anti-Replay Attack.
  • 14.
  • 15. • Services offered on a static topology are essential.
  • 16. • Services offered on a static topology are essential. • Services offered on a dynamic topology are emerging.
  • 17. • Services offered on a static topology are essential. • Services offered on a dynamic topology are emerging. • Today there’s a Gap to fill in mobile services.
  • 18. • Services offered on a static topology are essential. • Services offered on a dynamic topology are emerging. • Today there’s a Gap to fill in mobile services. • Private  Public  Private data flow =VPN.
  • 19. • Services offered on a static topology are essential. • Services offered on a dynamic topology are emerging. • Today there’s a Gap to fill in mobile services. • Private  Public  Private data flow =VPN. • Trending toward mobile nodes NOW!
  • 20. • Services offered on a static topology are essential. • Services offered on a dynamic topology are emerging. • Today there’s a Gap to fill in mobile services. • Private  Public  Private data flow =VPN. • Trending toward mobile nodes NOW! • Mobile devices will have Layer 3 switching embedded.
  • 21. • Services offered on a static topology are essential. • Services offered on a dynamic topology are emerging. • Today there’s a Gap to fill in mobile services. • Private  Public  Private data flow =VPN. • Trending toward mobile nodes NOW! • Mobile devices will have Layer 3 switching embedded. • Routers will become obselete.
  • 22. • VPNs have become an essential service.
  • 23. • VPNs have become an essential service. • Discretionary access rights for individual users allowed.
  • 24. • VPNs have become an essential service. • Discretionary access rights for individual users allowed. • Role Based access rights for user groups allowed.
  • 25. • VPNs have become an essential service. • Discretionary access rights for individual users allowed. • Role Based access rights for user groups allowed. • Users essential take their office with them.
  • 26. • VPNs have become an essential service. • Discretionary access rights for individual users allowed. • Role Based access rights for user groups allowed. • Users essential take their office with them. • VPN method implemented based on access, policy and procedures of the organization.
  • 27. • VPNs have become an essential service. • Discretionary access rights for individual users allowed. • Role Based access rights for user groups allowed. • Users essential take their office with them. • VPN method implemented based on access, policy and procedures of the organization. • Two primary protocols forVPN deployment.
  • 28. • VPNs have become an essential service. • Discretionary access rights for individual users allowed. • Role Based access rights for user groups allowed. • Users essential take their office with them. • VPN method implemented based on access, policy and procedures of the organization. • Two primary protocols forVPN deployment. 1. IPSec for Site-to-Site.
  • 29. • VPNs have become an essential service. • Discretionary access rights for individual users allowed. • Role Based access rights for user groups allowed. • Users essential take their office with them. • VPN method implemented based on access, policy and procedures of the organization. • Two primary protocols forVPN deployment. 1. IPSec for Site-to-Site. 2. SSL – Remote Access
  • 30. 1. If ease of Configuration and support is an issue.  Use SSL
  • 31. 1. If ease of Configuration and support is an issue.  Use SSL 2. If security is the issue. Use IPSec.
  • 32. 1. If ease of Configuration and support is an issue.  Use SSL 2. If security is the issue. Use IPSec. 3. If using IPv6.  Use IPSec.
  • 33. 1. If ease of Configuration and support is an issue.  Use SSL 2. If security is the issue. Use IPsec. 3. If using IPv6.  Use IPsec.
  • 34. IPsec exceeds SSL in many significant ways: Number of applications that are supported Strength of encryption Strength of authentication Overall security When security is an issue, IPsec is the superior choice. If support and ease of deployment are the primary issues, consider SSL.
  • 35.
  • 36. Confidentiality • IPsec provides security features, such as strong encryption algorithms.
  • 37. Symmetric Encryption • Symmetric algorithms such as AES required shared keys. • Each device requires the same key to decode information. • Knowledge of which devices interact must be known so the same key can be configured on each device.
  • 38. Asymmetric Encryption • Asymmetric uses different keys. • One encrypts, the other decrypts. • Impossible to decode using the same keys.
  • 39. Data Integrity • Diffe-Hellman is not an encryption mechanism • The algorithms allow two parties to establish a shared key. • This key is used by encryp0tion and hash algorithms.
  • 40. Data Integrity and Authentication • Hashes provide Integrity and Authentication. • The hash (message digest) creates a unique value for set of data. • IFF hashes are equal, the data is not altered.
  • 41. Data Integrity • PSK – Configured one each peer manually and used to authenticate each end. • PSK is combined with other information to form the authentication key.
  • 42. Authentication • Authentication Header is used when confidentiality is not required or permitted. • Authentication and Integrity are established between each system. • All text is transported in clear text.
  • 43. Authentication • Authentication Header is used when confidentiality is not required or permitted. • Authentication and Integrity are established between each system. • All text is transported in clear text. • Encapsulating Security Payload – Provides Confidentiality and Authentication by encryption. • IP packet encryption conceals the data and identities of the end devices. • In IPsec, at least one of these must be used.
  • 44. IPsec framework protocol - When configuring an IPsec gateway to provide security services, an IPsec protocol must be selected.The choices are some combination of ESP and AH. Realistically, the ESP or ESP+AH options are almost always selected because AH itself does not provide encryption, as shown in Figure 3. Confidentiality (If IPsec is implemented with ESP) -The encryption algorithm chosen should best meet the desired level of security: DES, 3DES, or AES. AES is strongly recommended, with AES-GCM providing the greatest security. Integrity - Guarantees that the content has not been altered in transit. Implemented through the use of hash algorithms. Choices include MD5 and SHA. Authentication - Represents how devices on either end of theVPN tunnel are authenticated.The two methods are PSK or RSA. DH algorithm group - Represents how a shared secret key is established between peers.There are several options, but DH24 provides the greatest security. IP Protocol Framework
  • 45. IPsec, an IETF standard, is a secure tunnel operating at Layer 3 of the OSI model that can protect and authenticate IP packets between IPsec peers. It can provide confidentiality by using encryption, data integrity, authentication, and anti- replay protection. Data integrity is provided by using a hash algorithm, such as MD5 or SHA.Authentication is provided by the PSK or RSA peer authentication method. The level of confidentiality provided by encryption depends on the algorithm used and the key length. Encryption can be symmetrical or asymmetrical. DH is a method used to securely exchange the keys to encrypt data. Summary

Notes de l'éditeur

  1. C
  2. C
  3. C
  4. C
  5. C
  6. C
  7. C
  8. C
  9. C