Hi,
What is a IPsec? I know the full for The IPSec is a Internet Protocol Security but I don't know much about it ??? Can you explain me in detail in simple words ???
Member
Hi,
What is a IPsec? I know the full for The IPSec is a Internet Protocol Security but I don't know much about it ??? Can you explain me in detail in simple words ???
Member
IPsec is a set of protocols for communications security in IP through the authentication and / or encryption of each packet IP. The IPsec protocols are located in the network layer or layer 3 of OSI model. Other security protocols like SSL and TLS, operating from the upward transport layer (layer 4 to 7). This makes IPsec more flexible, it can be used to protect both protocols based on TCP or UDP, but increases its complexity and processing. It was initially developed for use with the new standard IPv6 (where required), but subsequently adapted to IPv4 (which is optional).
Member
IPSec (Internet Protocol Security) is a collection of protocols that help protect data sent over a network using security services and digital certificates with public and private keys. (Using a digital certificate is a public key to an individual, a company or a site assigned.)
The sophisticated design of IPSec makes possible a much better security than previous security methods. Network administrators who use them, do not the security settings for each program to configure.
Member
IPSec is a protocol designed to provide various security services. It proposes several choices and options that enable it to respond appropriately to business needs, nomads, extranets, individuals, etc. ... However, his main interest is undoubtedly the method called tunneling, that is to say encapsulation of IP which allows among other things to create Virtual Private Networks (VPN ). This technology aims to establish a secure connection (tunnel) between remote entities, separated by an insecure network like the Internet public to see, and do so almost transparent if desired.
Member
From a practical perspective, IPSec is a protocol rather difficult to implement a share because of its intrinsic complexity (multiple sub-protocols ...) and partly because of its interactions with processes common network . If it has been designed with criteria such as operating compatibility in mind, IPSec is nevertheless a layer 3 protocol that does not support any modification or alteration to that level (or higher) once its package created. Thus, many issues remain problematic as interoperability with NAT (changes in level 3) or its integration into the host kernel. In this regard, there are 3 variants:
- Changing the IP stack of the kernel remains the most direct and probably the most complicated. This method is applied to all types of entities (hosts or gateways).
- The "Bump-In-The-Stack" (BITS) returns to separate the IPSec processing routines routines of normal IP stack (the code specific to IPSec is actually interposed between the network layer and link layer / physical , hence the name of the method). Some elements are still changing in the stack, such as fragmentation and reassembly of packets (a process highly sensitive for IPSec). However, the nucleus remains intact in this type of implementation. Again, this method is applied to all types of entities (hosts or gateways).
- The "Bump-In-The-Wire (BITW) returns to deport the processing of IPSec and therefore the code into a dedicated element placed upstream on the network (hence the name) outside the machine. This element can be either a "club" dedicated, a firewall, router, etc.. Next type, this method does not apply to any type of guests.
Member
The services offered by IPSec :
Returning now to the protocol itself. We have quoted above what the basic properties of encryption tunnels, regardless of protocol. Now include what are the security services offered by IPSec services, notably to ensure the properties of VPNs and tunnels mentioned above:
- Authentication ends: the mutual authentication allows anyone to verify the identity of the caller. Recall still IPSec is a protocol of level 3 and it therefore provides an authentication level equal, that is to say, an authentication engine implementing the protocol, rather than people actually using the machine. We will technically as authentication is performed in the following paragraphs.
- Confidentiality of data exchanged: IPSec can if you want to encrypt the contents of each IP packet to ensure that anyone can read.
- Authenticity of Data: IPSec ensures, for each packet exchanged, it has been issued by the good machine and it is destined for the second machine.
- Integrity of data exchanged: IPSec ensures no packet undergoes any change (called active attacks) during his trip.
- Protection against eavesdropping and traffic analysis: IPSec will encrypt the actual IP addresses of the source and destination, and the entire IP header match. This is the method of tunneling, which prevents any attacker to listen to infer information about the real identities of the end of the tunnel on the protocols used over IPsec, on the application using the tunnel (timing -attacks and other) ...
- Protection against replay: IPSec can protect themselves against the attacks of capturing one or more packages in order to send them again (without having deciphered) to enjoy the same benefits as the original sender.
Posting Permissions
Reply With Quote
Bookmarks