IPSec Uses User system with IPSec Public(Internet) or Private Network Networking device with IPSec Networking device with IPSe 復大辱软件学院
6 IPSec Uses
Benefits of iPsec in a firewall/router provides strong security to all traffic crossing the perimeter in a firewall router is resistant to bypass is below transport layer, hence transparent to applications can be transparent to end users can provide security for individual users secures routing architecture 復大辱软件学院
7 Benefits of IPSec • in a firewall/router provides strong security to all traffic crossing the perimeter • in a firewall/router is resistant to bypass • is below transport layer, hence transparent to applications • can be transparent to end users • can provide security for individual users • secures routing architecture
o IP Security Architecture specification is quite complex defined in numerous rfCs -inc|.RFC2401/2402/2406/2408 many others, grouped by category mandatory in IPv6, optional in IPv4 have two security header extensions Authentication Header(ah) Encapsulating Security payload(EsP) 復大辱软件学院
8 IP Security Architecture • specification is quite complex • defined in numerous RFC’s – incl. RFC 2401/2402/2406/2408 – many others, grouped by category • mandatory in IPv6, optional in IPv4 • have two security header extensions: – Authentication Header (AH) – Encapsulating Security Payload (ESP)
PSec Services AH ESP (encryption ESP (encryption plus only) authentication) Access control Connectionless integrity Data origin authentication Rejection of replayed ackets Confidentiality Limited traffic flow confidentiality 復大辱软件学院
9 IPSec Services
IPSec Services Access control Connectionless integrity Data origin authentication Rejection of replayed packets a form of partial sequence integrity Confidentiality(encryption) Limited traffic flow confidentiality 復大辱软件学院
10 IPSec Services • Access control • Connectionless integrity • Data origin authentication • Rejection of replayed packets – a form of partial sequence integrity • Confidentiality (encryption) • Limited traffic flow confidentiality