1 / 27

IP Security

IP Security. ::: Semester :  8                          ::: Year : 2009. Naeem Riaz. Maria Shakeel. P R E S E N T E D B Y. Aqsa. Nizam. INITIATIVE.

jerome-olson
Télécharger la présentation

IP Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IP Security

  2. ::: Semester :  8                          ::: Year : 2009 Naeem Riaz Maria Shakeel P R E S E N T E D B Y Aqsa Nizam

  3. INITIATIVE COMPETITIVE ANALYSIS BEYOND FORWORD FUCTIONAL FEATURES

  4. FEATURES INITIATIVE BEYOND FORWORD COMPETITIVE ANALYSIS Overview at a glance

  5. IPSecurity (IPSec) IPSecurity (IPSec) is a collection of protocols designed by the Internet Engineering Task Force (IETF) to provide security for a packet at the network level.

  6. TCP/IP protocol suite and IPSec

  7. IP Security Scenario

  8. Benefits of IPSec • Strong security that can be applied to all traffic crossing the perimeter. • Transparent to applications. • No need to change software on a user or server system, -When IPSec is implemented in a router or firewall. • IPSec can be transparent to end users. • There is no need to train users on security mechanisms • IPSec can provide security for individual used if needed.

  9. Cryptographic algorithms • Cryptographic algorithms defined for use with IPsec include: • HMAC-SHA1 for integrity protection • TripleDES-CBC for confidentiality • AES-CBC for confidentiality • .

  10. RFC : IP Sec Documents • RFC 2401: An overview of security architecture • RFC 2402: Description of a packet encryption extension to IPv4 and IPv6 • RFC 2406: Description of a packet emcryption extension to IPv4 and IPv6 • RFC 2408: Specification of key managament capabilities

  11. FUNCTIONAL FEATURES INITIATIVE BEYOND FORWORD COMPETITIVE ANALYSIS Protocols Modes

  12. Modes of IPSec • IPSec operates in one of two different modes. • Transport mode. • Tunnel mode

  13. TRANSPORT MODE VS TUNNEL MODE • IPSec in the transport mode does not protect the IP header; it only protects the information coming from the transport layer. • IPSec in tunnel mode protects the original IP header.

  14. Transport mode in action

  15. Tunnel mode in action *

  16. Authentication Header (AH) Protocol & Encapsulating Security Payload (ESP) Protocol • The Authentication Header (AH) Protocol provides source authentication and data integrity but not privacy. • Encapsulating Security Payload (ESP) provides confidentiality services (Must) and authentication services (optionally). • ESP provides sources authentication, data integrity and privacy

  17. INITIATIVE COMPETITVE ANALYSIS BEYOND FORWORD FUNCTIONAL FEATURES IPSec services Key management

  18. Summarization of AH and ESP *

  19. Key Management • IPSec architecture support for two type of key management: • Manual: Particular for small, relatively static environments. • Automated: The use of this key in a large distributed system with an evolving configuration

  20. Contd… • Oakley: Key Detemination Protocol: • Three authentication methods can be used with Oakley: • -Digital signatures • -Public-key encryption • -Symmetric-key encryption • ISAKMP: Internet Security Association and Key Management Protocol: • -Defines procedures and packet formats to establish, negotiate, modify and delete security associations.

  21. IPSec Services • IPSec provided Services for: • networking devices, -such as a router or firewall • Operates on the workstation or server. -Workstation to Workstation • Protection against data changes -Accidental or Intentional • Datagram’s Content can be hidden.

  22. BEYOND FOREWORD INITIATIVE COMPETITIVE ANALYSIS FUNCTIONAL FEATURES Real life examples Software implementations THANK YOU

  23. IPSec: Real Life Examples • IPSec provides the capability to secure communications across a LAN, across private and public WANs, and across the Internet. Examples of its use include: • Secure branch office connectivity over the Internet • Secure remote access over the Internet • Establishment of extranet and intranet connectivity with partners • Enhancement of electronic commerce security • Encrypt or authenticate all traffic at the IP level

  24. Contd… • Using IPSec all distributed applications can be secured, • -Remote logon, • -client/server, • -e-mail, • -file transfer, • -Web access

  25. SOFTWARE IMPLEMENTATIONS • NRL IPsec, one of the original sources of IPsec code. • OpenBSD, with its own code derived from a BSD/OS implementation written by John Ioannidis and Angelos D. Keromytis in 1996. • The KAME stack, that is included in Mac OS X, NetBS and FreeBSD. • "IPsec" in Cisco IOS Software • "IPsec" in Microsoft Windows, including Windows XP, Windows 2000, Windows 2003, Windows Vista, Windows Server 2008, and Windows 7. • SafeNet QuickSec toolkits • IPsec in Solaris

  26. Asking queries is your right! Computers are useless, they can only give you answer.

  27. T H A N K Y O U

More Related