SlideShare a Scribd company logo

I psecurity

Download as PPTX, PDF
ZainabNoorGul
ZainabNoorGul

One of the best way to obtain security for IP Packets during communication session.

Technology
1 of 41
IPSEC Crypto Group presents:
 Definition Why IPSec?  Goals of IPSec Introduction
 Definition Internet Protocol Security (IPSec) is a Protocol suite for secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of communication session.
IP is not secure..! IP Protocol was designed in the late 70’s to early 80’s.  Part of DARPA Internet Project  Very Small Network  All hosts are known  So are the users  Therefore security was not an issue Why IPsec … ?
 Security Issues in IP  Fundamental Issue Networks are not fully Secure (and never will be)  DOS Attacks, Replay Attacks and Spying etc.  IP causes  Source Spoofing  Replay Packets  No data Integrity or Confidentiality Why IPsec … ? (Cont..)
 Authentication  To verify sources of IP packets  To prevent Replaying of Old Packets  To protect Integrity and/or Confidentiality of Packets  Data Integrity/ Data Encryption Goals of IPsec
 Wei Xu started in July 1994 the research on IP Security, enhanced the IP protocols, developed the IPSec product.  The assembly software encryption was unable to support even aT1 (1.544MBps) speed.  Wei further developed an automated device driver, known as plug-and-play.  After achieving the throughput higher than a T1s, in December 1994, he finally made the commercial product, that was released as Gauntlet firewalll History of IPsec
History (cont..)  In December 1993, Another IP Encapsulating Security Payload (ESP) was researched at the Naval Research Laboratory as DARPA project  ESP was derived from the US Department of Defense SP3D protocol.  The SecurityAuthentication Header (AH) is derived from previous IETF standard.  In 1995,The IPsec working group in the IETF was started to create Protocols.  IETF : Internet EngineeringTask Force
9 Secure Insecure IPsec Security Model
Router Router Transport Mode Tunnel Mode IPsec Architecture
 Transport Mode Transport Mode is used between end-stations supporting IPSec or between an end-station and a gateway, if the gateway is being treated as a host  Tunnel Mode Tunnel mode is used to encrypt traffic between secure IPSec gateways and it is also used to connect an end-station running IPSec Software. Modes of IPsec
Modes of IPsec (Diagram)
IP header IP header IP header TCP header TCP header TCP header data data data IPSec header IPSec header IP header Original Transport mode Tunnel mode Modes of IPsec (Diagram cont..)
PROTOCOLS
IPSec is broken into multiple protocols. These are:  Authentication Header (AH)  Encapsulated Security Payload (ESP)  Internet Key Exchange (IKE)  IP Payload Compression Protocols
Authentication header is defined as: Authentication Header (AH)
 Provides source authentication  Protects against source spoofing  Provides data integrity  Protects against replay attacks  Use monotonically increasing sequence numbers  Protects against denial of service attacks  NO protection for confidentiality! Authentication Header (Cont..)
The following AH packet diagram shows how an AH packet is constructed and interpreted. Authentication Header (Cont..)
 User and application transparent  Authentication  Integrity checking  Anti-replay  Protects entire packet Advantages of Authentication Header
 No confidentiality  Unable to use NATs or proxies  Only works with TCP/IP Disadvantages of Authentication Header
ESP is a member of the IPsec protocol suite. In IPsec it provides origin authenticity, integrity and confidentiality protection of packets. Encapsulating Security Payload (ESP)
The following ESP packet diagram show how an ESP packet is constructed and interpreted. ESP (Cont..)
 Does not protect entire packet  May not work with NATs or proxies  Only works with TCP/IP Disadvantages of ESP
 User and application  transparent  Authentication  Integrity checking  Confidentiality  Anti-replay Advantages of ESP
 Used for compression  Can be specified as part of the IPSec policy  Will not cover! IP Payload Compression
Internet Key Exchange(IKE)  The internet key exchange is a protocol to set up a security association in the IPsec protocol.  Before secured data can be exchanged, a security agreement is established between two computers. In this security agreement(SA) both peers agree on how to exchange and protect information.
IKE Modes
The IKE (Internet Key Exchange) of IPsec is of two phases: 1) IKE phase 1 2) IKE phase 2 IPSec Phases
IKE Phase 1 Diagram
IKE phase 2 does the following things:  Negotiates IPsec SA parameters protected by an existing IKE SA.  Establishes Ipsec security associations.  Periodically negotiates IPsec SAs to ensure security. IKE Phase 2
IKE Phase 2 Diagram
Benefits of IKE  Automatic negotiation.  Authentication.  Anti replay services.  Certification authority.
 Authentication  Integrity  Confidentiality IPSec Features
 IPsec policy is a set of rules that governs when and how Windows uses IPsec protocol to secure the communications.  The IPsec policy interacts directly with the Ipsec driver.  IPsec consists of some basic elements which includes:  IP filter list  Individual IP filters  Filter actions A brief description is as follows: IPSec Policy
 IP filter list contains the IP packets on which the action was applied.  Individual IP filters tells windows that on which IP packets actions should be performed.  Filter action is to secure the IP packets. IPSec Policy (Cont..)
The IPsec policy also requires some info about the network which includes:  Security method to use  Connection type  Tunnel settings IPSec Policy (Cont..)
 Security methods – which security algorithms to use for authentication and key exchanges.  Connection type – policy applied to remote access connections, LANs or all network connections.  Tunnel settings – IPsec use over a virtual private network. IPSec Policy (Cont..)
 IPsec policies can be created or edited.  In windows, 3 default policies are stored which are:  Client policy  Server policy  Secure server policy IPSec Policy (Cont..)
 IPsec policy to block PING traffic.  IPsec policy configuration through GPO. IPSec Policy Examples
References:  https://en.wikipedia.org/wiki/IPsec  http://www.webopedia.com/TERM/I/IPsec.ht ml  http://www.unixwiz.net/techtips/iguide- ipsec.html
I psecurity

Recommended

Ipsecurity
IpsecurityIpsecurity
IpsecurityChinmay Patel
 
IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols NetProtocol Xpert
 
I psec cisco
I psec ciscoI psec cisco
I psec ciscoDeepak296
 
IPSec Overview
IPSec OverviewIPSec Overview
IPSec Overviewdavisli
 
IP Sec by Amin Pathan
IP Sec by Amin PathanIP Sec by Amin Pathan
IP Sec by Amin Pathanaminpathan11
 
I psec
I psecI psec
I psecnlekh
 
Internet Key Exchange Protocol
Internet Key Exchange ProtocolInternet Key Exchange Protocol
Internet Key Exchange ProtocolPrateek Singh Bapna
 
Ipsec vpn v0.1
Ipsec vpn v0.1Ipsec vpn v0.1
Ipsec vpn v0.1Sankaranarayanan Subramanian
 

Recommended

Ipsecurity
IpsecurityIpsecurity
IpsecurityChinmay Patel
 
IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols NetProtocol Xpert
 
I psec cisco
I psec ciscoI psec cisco
I psec ciscoDeepak296
 
IPSec Overview
IPSec OverviewIPSec Overview
IPSec Overviewdavisli
 
IP Sec by Amin Pathan
IP Sec by Amin PathanIP Sec by Amin Pathan
IP Sec by Amin Pathanaminpathan11
 
I psec
I psecI psec
I psecnlekh
 
Internet Key Exchange Protocol
Internet Key Exchange ProtocolInternet Key Exchange Protocol
Internet Key Exchange ProtocolPrateek Singh Bapna
 
Ipsec vpn v0.1
Ipsec vpn v0.1Ipsec vpn v0.1
Ipsec vpn v0.1Sankaranarayanan Subramanian
 
IPSec VPN Tutorial Part1
IPSec VPN Tutorial Part1IPSec VPN Tutorial Part1
IPSec VPN Tutorial Part1Abdallah Abuouf
 
IP Security
IP SecurityIP Security
IP Securitysahilshah200
 
IPsec vpn
IPsec vpnIPsec vpn
IPsec vpnsharetech
 
college assignment on Applications of ipsec
college assignment on Applications of ipsec college assignment on Applications of ipsec
college assignment on Applications of ipsec bigchill29
 
Ipsec 2
Ipsec 2Ipsec 2
Ipsec 2Sourabh Badve
 
MIT EmTech TR35 India 2011
MIT EmTech TR35 India 2011MIT EmTech TR35 India 2011
MIT EmTech TR35 India 2011manav416
 
Ipsec (network security)
Ipsec (network security)Ipsec (network security)
Ipsec (network security)AhmadRahmanian1
 
Ip security
Ip securityIp security
Ip securityJernej Virag
 
Secure containers for trustworthy cloud services: business opportunities
Secure containers for trustworthy cloud services: business opportunities Secure containers for trustworthy cloud services: business opportunities
Secure containers for trustworthy cloud services: business opportunitiesATMOSPHERE .
 
IS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email SecurityIS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email SecuritySarthak Patel
 
IP Security
IP SecurityIP Security
IP SecurityAmbo University
 
IPsec
IPsecIPsec
IPsecabdullah roomi
 
IPSec VPN tunnel
IPSec VPN tunnelIPSec VPN tunnel
IPSec VPN tunnelArunKumar Subbiah
 
Ipsec
IpsecIpsec
IpsecBaidyanath Dutta
 
Ike
IkeIke
Ikeshashi712
 
Ip Sec
Ip SecIp Sec
Ip SecRam Dutt Shukla
 
Internet Key Exchange (ikev2) Protocol
Internet Key Exchange (ikev2) ProtocolInternet Key Exchange (ikev2) Protocol
Internet Key Exchange (ikev2) ProtocolNetwax Lab
 
Computer Security - CCNA Security - Lecture 1
Computer Security - CCNA Security - Lecture 1Computer Security - CCNA Security - Lecture 1
Computer Security - CCNA Security - Lecture 1Mohamed Loey
 
Iuwne10 S04 L05
Iuwne10 S04 L05Iuwne10 S04 L05
Iuwne10 S04 L05Ravi Ranjan
 
VPN presentation - moeshesh
VPN presentation - moesheshVPN presentation - moeshesh
VPN presentation - moesheshMohamed Shishtawy
 
Ip security
Ip security Ip security
Ip security Naveen Dubey
 
IP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdfIP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdfsolimankellymattwe60
 

More Related Content

What's hot

IPSec VPN Tutorial Part1
IPSec VPN Tutorial Part1IPSec VPN Tutorial Part1
IPSec VPN Tutorial Part1Abdallah Abuouf
 
college assignment on Applications of ipsec
college assignment on Applications of ipsec college assignment on Applications of ipsec
college assignment on Applications of ipsec bigchill29
 
MIT EmTech TR35 India 2011
MIT EmTech TR35 India 2011MIT EmTech TR35 India 2011
MIT EmTech TR35 India 2011manav416
 
Ipsec (network security)
Ipsec (network security)Ipsec (network security)
Ipsec (network security)AhmadRahmanian1
 
Secure containers for trustworthy cloud services: business opportunities
Secure containers for trustworthy cloud services: business opportunities Secure containers for trustworthy cloud services: business opportunities
Secure containers for trustworthy cloud services: business opportunitiesATMOSPHERE .
 
IS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email SecurityIS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email SecuritySarthak Patel
 
Internet Key Exchange (ikev2) Protocol
Internet Key Exchange (ikev2) ProtocolInternet Key Exchange (ikev2) Protocol
Internet Key Exchange (ikev2) ProtocolNetwax Lab
 
Computer Security - CCNA Security - Lecture 1
Computer Security - CCNA Security - Lecture 1Computer Security - CCNA Security - Lecture 1
Computer Security - CCNA Security - Lecture 1Mohamed Loey
 

What's hot (19)

IPSec VPN Tutorial Part1
IPSec VPN Tutorial Part1IPSec VPN Tutorial Part1
IPSec VPN Tutorial Part1
 
IP Security
IP SecurityIP Security
IP Security
 
IPsec vpn
IPsec vpnIPsec vpn
IPsec vpn
 
college assignment on Applications of ipsec
college assignment on Applications of ipsec college assignment on Applications of ipsec
college assignment on Applications of ipsec
 
Ipsec 2
Ipsec 2Ipsec 2
Ipsec 2
 
MIT EmTech TR35 India 2011
MIT EmTech TR35 India 2011MIT EmTech TR35 India 2011
MIT EmTech TR35 India 2011
 
Ipsec (network security)
Ipsec (network security)Ipsec (network security)
Ipsec (network security)
 
Ip security
Ip securityIp security
Ip security
 
Secure containers for trustworthy cloud services: business opportunities
Secure containers for trustworthy cloud services: business opportunities Secure containers for trustworthy cloud services: business opportunities
Secure containers for trustworthy cloud services: business opportunities
 
IS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email SecurityIS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email Security
 
IP Security
IP SecurityIP Security
IP Security
 
IPsec
IPsecIPsec
IPsec
 
IPSec VPN tunnel
IPSec VPN tunnelIPSec VPN tunnel
IPSec VPN tunnel
 
Ipsec
IpsecIpsec
Ipsec
 
Ike
IkeIke
Ike
 
Ip Sec
Ip SecIp Sec
Ip Sec
 
Internet Key Exchange (ikev2) Protocol
Internet Key Exchange (ikev2) ProtocolInternet Key Exchange (ikev2) Protocol
Internet Key Exchange (ikev2) Protocol
 
Computer Security - CCNA Security - Lecture 1
Computer Security - CCNA Security - Lecture 1Computer Security - CCNA Security - Lecture 1
Computer Security - CCNA Security - Lecture 1
 
Iuwne10 S04 L05
Iuwne10 S04 L05Iuwne10 S04 L05
Iuwne10 S04 L05
 

Similar to I psecurity

IP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdfIP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdfsolimankellymattwe60
 
Which of the following can be used to authenticate and encrypt IP (Int.docx
Which of the following can be used to authenticate and encrypt IP (Int.docxWhich of the following can be used to authenticate and encrypt IP (Int.docx
Which of the following can be used to authenticate and encrypt IP (Int.docxjbarbara1
 
The Security layer
The Security layerThe Security layer
The Security layerSwetha S
 
IP Security and its Components
IP Security and its ComponentsIP Security and its Components
IP Security and its ComponentsMohibullah Saail
 
Crypto map based IPsec VPN fundamentals - negotiation and configuration
Crypto map based IPsec VPN fundamentals - negotiation and configurationCrypto map based IPsec VPN fundamentals - negotiation and configuration
Crypto map based IPsec VPN fundamentals - negotiation and configurationdborsan
 
Working Survey of Authentication Header and Encapsulating Security Payload
Working Survey of Authentication Header and Encapsulating Security PayloadWorking Survey of Authentication Header and Encapsulating Security Payload
Working Survey of Authentication Header and Encapsulating Security Payloadijtsrd
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network securityPriyadharshiniVS
 
Web security
Web securityWeb security
Web securityLayla Tk
 

Similar to I psecurity (20)

VPN presentation - moeshesh
VPN presentation - moesheshVPN presentation - moeshesh
VPN presentation - moeshesh
 
Ip security
Ip security Ip security
Ip security
 
IP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdfIP Security One problem with Internet protocol (IP) is that it has.pdf
IP Security One problem with Internet protocol (IP) is that it has.pdf
 
Network IP Security.pdf
Network IP Security.pdfNetwork IP Security.pdf
Network IP Security.pdf
 
Which of the following can be used to authenticate and encrypt IP (Int.docx
Which of the following can be used to authenticate and encrypt IP (Int.docxWhich of the following can be used to authenticate and encrypt IP (Int.docx
Which of the following can be used to authenticate and encrypt IP (Int.docx
 
Unit 6
Unit 6Unit 6
Unit 6
 
I psec
I psecI psec
I psec
 
The Security layer
The Security layerThe Security layer
The Security layer
 
Lecture14..pdf
Lecture14..pdfLecture14..pdf
Lecture14..pdf
 
IP Security and its Components
IP Security and its ComponentsIP Security and its Components
IP Security and its Components
 
crypto.pptx
crypto.pptxcrypto.pptx
crypto.pptx
 
crypto.pptx
crypto.pptxcrypto.pptx
crypto.pptx
 
IPSec
IPSecIPSec
IPSec
 
Crypto map based IPsec VPN fundamentals - negotiation and configuration
Crypto map based IPsec VPN fundamentals - negotiation and configurationCrypto map based IPsec VPN fundamentals - negotiation and configuration
Crypto map based IPsec VPN fundamentals - negotiation and configuration
 
Working Survey of Authentication Header and Encapsulating Security Payload
Working Survey of Authentication Header and Encapsulating Security PayloadWorking Survey of Authentication Header and Encapsulating Security Payload
Working Survey of Authentication Header and Encapsulating Security Payload
 
Cryptography and network security
Cryptography and network securityCryptography and network security
Cryptography and network security
 
Web security
Web securityWeb security
Web security
 
Ip security
Ip security Ip security
Ip security
 
Unit 5
Unit 5Unit 5
Unit 5
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPN
 

Recently uploaded

SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 

Recently uploaded (20)

SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 

I psecurity

  • 2.  Definition Why IPSec?  Goals of IPSec Introduction
  • 3.  Definition Internet Protocol Security (IPSec) is a Protocol suite for secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of communication session.
  • 4. IP is not secure..! IP Protocol was designed in the late 70’s to early 80’s.  Part of DARPA Internet Project  Very Small Network  All hosts are known  So are the users  Therefore security was not an issue Why IPsec … ?
  • 5.  Security Issues in IP  Fundamental Issue Networks are not fully Secure (and never will be)  DOS Attacks, Replay Attacks and Spying etc.  IP causes  Source Spoofing  Replay Packets  No data Integrity or Confidentiality Why IPsec … ? (Cont..)
  • 6.  Authentication  To verify sources of IP packets  To prevent Replaying of Old Packets  To protect Integrity and/or Confidentiality of Packets  Data Integrity/ Data Encryption Goals of IPsec
  • 7.  Wei Xu started in July 1994 the research on IP Security, enhanced the IP protocols, developed the IPSec product.  The assembly software encryption was unable to support even aT1 (1.544MBps) speed.  Wei further developed an automated device driver, known as plug-and-play.  After achieving the throughput higher than a T1s, in December 1994, he finally made the commercial product, that was released as Gauntlet firewalll History of IPsec
  • 8. History (cont..)  In December 1993, Another IP Encapsulating Security Payload (ESP) was researched at the Naval Research Laboratory as DARPA project  ESP was derived from the US Department of Defense SP3D protocol.  The SecurityAuthentication Header (AH) is derived from previous IETF standard.  In 1995,The IPsec working group in the IETF was started to create Protocols.  IETF : Internet EngineeringTask Force
  • 10. Router Router Transport Mode Tunnel Mode IPsec Architecture
  • 11.  Transport Mode Transport Mode is used between end-stations supporting IPSec or between an end-station and a gateway, if the gateway is being treated as a host  Tunnel Mode Tunnel mode is used to encrypt traffic between secure IPSec gateways and it is also used to connect an end-station running IPSec Software. Modes of IPsec
  • 12. Modes of IPsec (Diagram)
  • 13. IP header IP header IP header TCP header TCP header TCP header data data data IPSec header IPSec header IP header Original Transport mode Tunnel mode Modes of IPsec (Diagram cont..)
  • 15. IPSec is broken into multiple protocols. These are:  Authentication Header (AH)  Encapsulated Security Payload (ESP)  Internet Key Exchange (IKE)  IP Payload Compression Protocols
  • 16. Authentication header is defined as: Authentication Header (AH)
  • 17.  Provides source authentication  Protects against source spoofing  Provides data integrity  Protects against replay attacks  Use monotonically increasing sequence numbers  Protects against denial of service attacks  NO protection for confidentiality! Authentication Header (Cont..)
  • 18. The following AH packet diagram shows how an AH packet is constructed and interpreted. Authentication Header (Cont..)
  • 19.  User and application transparent  Authentication  Integrity checking  Anti-replay  Protects entire packet Advantages of Authentication Header
  • 20.  No confidentiality  Unable to use NATs or proxies  Only works with TCP/IP Disadvantages of Authentication Header
  • 21. ESP is a member of the IPsec protocol suite. In IPsec it provides origin authenticity, integrity and confidentiality protection of packets. Encapsulating Security Payload (ESP)
  • 22. The following ESP packet diagram show how an ESP packet is constructed and interpreted. ESP (Cont..)
  • 23.  Does not protect entire packet  May not work with NATs or proxies  Only works with TCP/IP Disadvantages of ESP
  • 24.  User and application  transparent  Authentication  Integrity checking  Confidentiality  Anti-replay Advantages of ESP
  • 25.  Used for compression  Can be specified as part of the IPSec policy  Will not cover! IP Payload Compression
  • 26. Internet Key Exchange(IKE)  The internet key exchange is a protocol to set up a security association in the IPsec protocol.  Before secured data can be exchanged, a security agreement is established between two computers. In this security agreement(SA) both peers agree on how to exchange and protect information.
  • 28. The IKE (Internet Key Exchange) of IPsec is of two phases: 1) IKE phase 1 2) IKE phase 2 IPSec Phases
  • 29. IKE Phase 1 Diagram
  • 30. IKE phase 2 does the following things:  Negotiates IPsec SA parameters protected by an existing IKE SA.  Establishes Ipsec security associations.  Periodically negotiates IPsec SAs to ensure security. IKE Phase 2
  • 31. IKE Phase 2 Diagram
  • 32. Benefits of IKE  Automatic negotiation.  Authentication.  Anti replay services.  Certification authority.
  • 33.  Authentication  Integrity  Confidentiality IPSec Features
  • 34.  IPsec policy is a set of rules that governs when and how Windows uses IPsec protocol to secure the communications.  The IPsec policy interacts directly with the Ipsec driver.  IPsec consists of some basic elements which includes:  IP filter list  Individual IP filters  Filter actions A brief description is as follows: IPSec Policy
  • 35.  IP filter list contains the IP packets on which the action was applied.  Individual IP filters tells windows that on which IP packets actions should be performed.  Filter action is to secure the IP packets. IPSec Policy (Cont..)
  • 36. The IPsec policy also requires some info about the network which includes:  Security method to use  Connection type  Tunnel settings IPSec Policy (Cont..)
  • 37.  Security methods – which security algorithms to use for authentication and key exchanges.  Connection type – policy applied to remote access connections, LANs or all network connections.  Tunnel settings – IPsec use over a virtual private network. IPSec Policy (Cont..)
  • 38.  IPsec policies can be created or edited.  In windows, 3 default policies are stored which are:  Client policy  Server policy  Secure server policy IPSec Policy (Cont..)
  • 39.  IPsec policy to block PING traffic.  IPsec policy configuration through GPO. IPSec Policy Examples