VPN Overview
• Provides Layer 3 security – Transparent to applications (no need for integrated IPSec support)
• A set of protocols and algorithms used to secure IP data at
the network layer
• Combines different components:– Security associations (SA)
– Authentication headers (AH)
– Encapsulating security payload (ESP)
– Internet Key Exchange (IKE)
• A security context for the VPN tunnel is established via the
ISAKMP
Why IPsec?
• Internet Protocol (IP) is not secure– IP protocol was designed in the early stages of the Internet where security was not an issue
– All hosts in the network are known
• Possible security issues– Source spoofing
– Replay packets
– No data integrity or confidentiality
Benefits of IPsec• Confidentiality– By encrypting data• Integrity– Routers at each end of a tunnel calculates the checksum or hash value of the data• Authentication– Signatures and certificates
– All these while still maintaining the ability to route through existing IP networks
IPsec is designed to provide interoperable, high quality, cryptographically based security for IPv4 and IPv6
- Creates a secure tunnel over a public network .It doesn't necessarily imply encryption .
- Uses the Internet as the public backbone to access a secure private network.
VPN Protocols
- PPTP (Point-to-Point tunneling Protocol)
- L2F (Layer 2 Forwarding Protocol)
- L2TP (Layer 2 Tunneling Protocol)
- IPSec (Internet Protocol Security)
IPsec
• Provides Layer 3 security – Transparent to applications (no need for integrated IPSec support)
• A set of protocols and algorithms used to secure IP data at
the network layer
• Combines different components:– Security associations (SA)
– Authentication headers (AH)
– Encapsulating security payload (ESP)
– Internet Key Exchange (IKE)
• A security context for the VPN tunnel is established via the
ISAKMP
Why IPsec?
• Internet Protocol (IP) is not secure– IP protocol was designed in the early stages of the Internet where security was not an issue
– All hosts in the network are known
• Possible security issues– Source spoofing
– Replay packets
– No data integrity or confidentiality
Benefits of IPsec• Confidentiality– By encrypting data• Integrity– Routers at each end of a tunnel calculates the checksum or hash value of the data• Authentication– Signatures and certificates
– All these while still maintaining the ability to route through existing IP networks
IPsec is designed to provide interoperable, high quality, cryptographically based security for IPv4 and IPv6
No comments:
Post a Comment