💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
IP Protocol Security
1.
2. IPsec is an IETF standard that defines how a remote or site-to-
siteVPN can be configured at the Network Layer
3. IPsec is an IETF standard that defines how a remote or site-to-
siteVPN can be configured at the Network Layer
Provides Data Encryption to secureTCP/IP based Applications
5. Used with IP only!
Encrypts any traffic using the IP Protocol!
6. Used with IP only!
Both Encryption and Authentication Mechanisms!
Encrypts any traffic using the IP Protocol!
7. Used with IP only!
Both Encryption and Authentication Mechanisms!
Encrypts any traffic using the IP Protocol!
Requires Certificates of Pre Shared Keys!
8. Used with IP only!
Both Encryption and Authentication Mechanisms!
Encrypts any traffic using the IP Protocol!
Requires Certificates of Pre Shared Keys!
Functions at the Network Layer!
9. Used with IP only!
Both Encryption and Authentication Mechanisms!
Encrypts any traffic using the IP Protocol!
Requires Certificates of Pre Shared Keys!
Functions at the Network Layer!
Generally can’t be used with a NAT proxy Deployment..
10. Used with IP only!
Both Encryption and Authentication Mechanisms!
Encrypts any traffic using the IP Protocol!
Requires Certificates of Pre Shared Keys!
Functions at the Network Layer!
Generally can’t be used with a NAT proxy Deployment..
Can be used with L2TP or alone to protect data!
11. Used with IP only!
Both Encryption and Authentication Mechanisms!
Encrypts any traffic using the IP Protocol!
Requires Certificates of Pre Shared Keys!
Functions at the Network Layer!
Generally can’t be used with a NAT proxy Deployment..
Uses UDP Port 500..
Can be used with L2TP or alone to protect data!
12. Used with IP only!
Both Encryption and Authentication Mechanisms!
Encrypts any traffic using the IP Protocol!
Requires Certificates of Pre Shared Keys!
Functions at the Network Layer!
Generally can’t be used with a NAT proxy Deployment..
Uses UDP Port 500..
Can be used with L2TP or alone to protect data!
Most secure configuration => Provides Confidentiality, Integrity, Authentication and Anti-Replay Attack.
13. VPNs and IPsec provide Essential Services for remote connectivity!
Used with IP only!
Both Encryption and Authentication Mechanisms!
Encrypts any traffic using the IP Protocol!
Requires Certificates of Pre Shared Keys!
Functions at the Network Layer!
Generally can’t be used with a NAT proxy Deployment..
Uses UDP Port 500..
Can be used with L2TP or alone to protect data!
Most secure configuration => Provides Confidentiality, Integrity, Authentication and Anti-Replay Attack.
16. • Services offered on a static topology are essential.
• Services offered on a dynamic topology are emerging.
17. • Services offered on a static topology are essential.
• Services offered on a dynamic topology are emerging.
• Today there’s a Gap to fill in mobile services.
18. • Services offered on a static topology are essential.
• Services offered on a dynamic topology are emerging.
• Today there’s a Gap to fill in mobile services.
• Private Public Private data flow =VPN.
19. • Services offered on a static topology are essential.
• Services offered on a dynamic topology are emerging.
• Today there’s a Gap to fill in mobile services.
• Private Public Private data flow =VPN.
• Trending toward mobile nodes NOW!
20. • Services offered on a static topology are essential.
• Services offered on a dynamic topology are emerging.
• Today there’s a Gap to fill in mobile services.
• Private Public Private data flow =VPN.
• Trending toward mobile nodes NOW!
• Mobile devices will have Layer 3 switching embedded.
21. • Services offered on a static topology are essential.
• Services offered on a dynamic topology are emerging.
• Today there’s a Gap to fill in mobile services.
• Private Public Private data flow =VPN.
• Trending toward mobile nodes NOW!
• Mobile devices will have Layer 3 switching embedded.
• Routers will become obselete.
23. • VPNs have become an essential service.
• Discretionary access rights for individual users allowed.
24. • VPNs have become an essential service.
• Discretionary access rights for individual users allowed.
• Role Based access rights for user groups allowed.
25. • VPNs have become an essential service.
• Discretionary access rights for individual users allowed.
• Role Based access rights for user groups allowed.
• Users essential take their office with them.
26. • VPNs have become an essential service.
• Discretionary access rights for individual users allowed.
• Role Based access rights for user groups allowed.
• Users essential take their office with them.
• VPN method implemented based on access, policy and
procedures of the organization.
27. • VPNs have become an essential service.
• Discretionary access rights for individual users allowed.
• Role Based access rights for user groups allowed.
• Users essential take their office with them.
• VPN method implemented based on access, policy and
procedures of the organization.
• Two primary protocols forVPN deployment.
28. • VPNs have become an essential service.
• Discretionary access rights for individual users allowed.
• Role Based access rights for user groups allowed.
• Users essential take their office with them.
• VPN method implemented based on access, policy and
procedures of the organization.
• Two primary protocols forVPN deployment.
1. IPSec for Site-to-Site.
29. • VPNs have become an essential service.
• Discretionary access rights for individual users allowed.
• Role Based access rights for user groups allowed.
• Users essential take their office with them.
• VPN method implemented based on access, policy and
procedures of the organization.
• Two primary protocols forVPN deployment.
1. IPSec for Site-to-Site.
2. SSL – Remote Access
30. 1. If ease of Configuration and support is an issue.
Use SSL
31. 1. If ease of Configuration and support is an issue.
Use SSL
2. If security is the issue.
Use IPSec.
32. 1. If ease of Configuration and support is an issue.
Use SSL
2. If security is the issue.
Use IPSec.
3. If using IPv6.
Use IPSec.
33. 1. If ease of Configuration and support is an issue.
Use SSL
2. If security is the issue.
Use IPsec.
3. If using IPv6.
Use IPsec.
34. IPsec exceeds SSL in many significant ways:
Number of applications that are supported
Strength of encryption
Strength of authentication
Overall security
When security is an issue, IPsec is the superior choice. If
support and ease of deployment are the primary issues,
consider SSL.
37. Symmetric Encryption
• Symmetric algorithms such as AES required shared keys.
• Each device requires the same key to decode information.
• Knowledge of which devices interact must be known so
the same key can be configured on each device.
39. Data Integrity
• Diffe-Hellman is not an encryption mechanism
• The algorithms allow two parties to establish a shared key.
• This key is used by encryp0tion and hash algorithms.
40. Data Integrity and Authentication
• Hashes provide Integrity and Authentication.
• The hash (message digest) creates a unique
value for set of data.
• IFF hashes are equal, the data is not altered.
41. Data Integrity
• PSK – Configured one each peer manually and used
to authenticate each end.
• PSK is combined with other information to form the
authentication key.
42. Authentication
•
Authentication Header is used when confidentiality is
not required or permitted.
• Authentication and Integrity are established between
each system.
• All text is transported in clear text.
43. Authentication
•
Authentication Header is used when confidentiality is
not required or permitted.
• Authentication and Integrity are established between
each system.
• All text is transported in clear text.
• Encapsulating Security Payload – Provides
Confidentiality and Authentication by encryption.
• IP packet encryption conceals the data and identities
of the end devices.
• In IPsec, at least one of these must be used.
44. IPsec framework protocol - When configuring an IPsec gateway to provide security services, an IPsec protocol must be
selected.The choices are some combination of ESP and AH. Realistically, the ESP or ESP+AH options are almost always
selected because AH itself does not provide encryption, as shown in Figure 3.
Confidentiality (If IPsec is implemented with ESP) -The encryption algorithm chosen should best meet the desired level
of security: DES, 3DES, or AES. AES is strongly recommended, with AES-GCM providing the greatest security.
Integrity - Guarantees that the content has not been altered in transit. Implemented through the use of hash algorithms.
Choices include MD5 and SHA.
Authentication - Represents how devices on either end of theVPN tunnel are authenticated.The two methods are PSK or
RSA.
DH algorithm group - Represents how a shared secret key is established between peers.There are several options, but
DH24 provides the greatest security.
IP Protocol Framework
45. IPsec, an IETF standard, is a secure tunnel operating at Layer 3 of the OSI model that can protect and authenticate IP
packets between IPsec peers. It can provide confidentiality by using encryption, data integrity, authentication, and anti-
replay protection. Data integrity is provided by using a hash algorithm, such as MD5 or SHA.Authentication is provided by
the PSK or RSA peer authentication method.
The level of confidentiality provided by encryption depends on the algorithm used and the key length. Encryption can be
symmetrical or asymmetrical. DH is a method used to securely exchange the keys to encrypt data.
Summary