IP SecShubham Ghimire

What is IPSec?

• Framework for ensuring private, secure communications over Internet Protocol (IP) networks.

• provides authenticated and encrypted traffic between hosts at the IP protocol level

• Provides aggressive protection against private network and Internet attacks through end-to-end security.

• Protects communication between any two parties.

Services

Authentication & Verification• Authentication means that ensuring that data has come from authentic user only• Verification means that ensuring that data is not altered during the journey

Confidentiality• Ensures that data is not visible to third party – during the journey

IPSec Protocols

• Authentication Header (AH)

- Authenticates the data flowing over connection

• Encapsulating Security Payload (ESP)

- Encrypts+Authenticate the data flowing over connection

Modes of OperationTransport Mode Tunnel Mode

Provides a secure connection between two end-points Provides a secure connection between two gateways or either of the end is a gateway i.e. host-to-gateway communication & vice versa

Encapsulates IP Payload only Encapsulates complete IP packet (IP Header + Payload)

Simply a secured IP connection Primarily used for VPN

Transport vs Tunnel Mode

Why IPSec ?

• IPv4 not designed with security in mind• Attacks possible with IPv4

• Eavesdropping • Data modification• Identity spoofing (IP address spoofing)• Denial-of-service attack• Man-in-the-middle attack

• These can be avoided by use of IPSec

IPSec RFCs

• IPSec documents:• RFC 2401: An overview of security architecture• RFC 2402: Description of a packet authentication

extension to IPv4 and IPv6• RFC 2406: Description of a packet encryption

extension to IPv4 and IPv6• RFC 2408: Specification of key managament

capabilities