3. Definition
Internet Protocol Security (IPSec)
is a Protocol suite for secure
Internet Protocol (IP) communications
by authenticating and encrypting
each IP packet of communication
session.
4. IP is not secure..!
IP Protocol was designed in the late
70’s to early 80’s.
Part of DARPA Internet Project
Very Small Network
All hosts are known
So are the users
Therefore security was not an issue
Why IPsec … ?
5. Security Issues in IP
Fundamental Issue
Networks are not fully Secure (and
never will be)
DOS Attacks, Replay Attacks and Spying
etc.
IP causes
Source Spoofing
Replay Packets
No data Integrity or Confidentiality
Why IPsec … ? (Cont..)
6. Authentication
To verify sources of IP packets
To prevent Replaying of Old Packets
To protect Integrity and/or
Confidentiality of Packets
Data Integrity/ Data Encryption
Goals of IPsec
7. Wei Xu started in July 1994 the research on IP
Security, enhanced the IP protocols, developed
the IPSec product.
The assembly software encryption was unable to
support even aT1 (1.544MBps) speed.
Wei further developed an automated device
driver, known as plug-and-play.
After achieving the throughput higher than a
T1s, in December 1994, he finally made the
commercial product, that was released as
Gauntlet firewalll
History of IPsec
8. History (cont..)
In December 1993, Another IP Encapsulating
Security Payload (ESP) was researched at the
Naval Research Laboratory as DARPA project
ESP was derived from the US Department of
Defense SP3D protocol.
The SecurityAuthentication Header (AH) is
derived from previous IETF standard.
In 1995,The IPsec working group in the IETF
was started to create Protocols.
IETF : Internet EngineeringTask Force
11. Transport Mode
Transport Mode is used between end-stations
supporting IPSec or between an end-station and
a gateway, if the gateway is being treated as
a host
Tunnel Mode
Tunnel mode is used to encrypt traffic between
secure IPSec gateways and it is also used to
connect an end-station running IPSec Software.
Modes of IPsec
13. IP header
IP header
IP header
TCP header
TCP header
TCP header
data
data
data
IPSec header
IPSec header IP header
Original
Transport
mode
Tunnel
mode
Modes of IPsec (Diagram cont..)
17. Provides source authentication
Protects against source spoofing
Provides data integrity
Protects against replay attacks
Use monotonically increasing sequence
numbers
Protects against denial of service
attacks
NO protection for confidentiality!
Authentication Header (Cont..)
18. The following AH packet diagram shows how an
AH packet is constructed and interpreted.
Authentication Header (Cont..)
19. User and application transparent
Authentication
Integrity checking
Anti-replay
Protects entire packet
Advantages of Authentication Header
20. No confidentiality
Unable to use NATs or proxies
Only works with TCP/IP
Disadvantages of Authentication Header
21. ESP is a member of the IPsec protocol suite. In
IPsec it provides origin authenticity, integrity
and confidentiality protection of packets.
Encapsulating Security Payload (ESP)
22. The following ESP packet diagram show how an
ESP packet is constructed and interpreted.
ESP (Cont..)
23. Does not protect entire packet
May not work with NATs or proxies
Only works with TCP/IP
Disadvantages of ESP
24. User and application
transparent
Authentication
Integrity checking
Confidentiality
Anti-replay
Advantages of ESP
25. Used for compression
Can be specified as part of the
IPSec policy
Will not cover!
IP Payload Compression
26. Internet Key Exchange(IKE)
The internet key exchange is a protocol to set
up a security association in the IPsec
protocol.
Before secured data can be exchanged, a
security agreement is established between
two computers. In this security
agreement(SA) both peers agree on how to
exchange and protect information.
30. IKE phase 2 does the following things:
Negotiates IPsec SA parameters
protected by an existing IKE SA.
Establishes Ipsec security
associations.
Periodically negotiates IPsec SAs to
ensure security.
IKE Phase 2
34. IPsec policy is a set of rules that governs
when and how Windows uses IPsec protocol to
secure the communications.
The IPsec policy interacts directly with the
Ipsec driver.
IPsec consists of some basic elements which
includes:
IP filter list
Individual IP filters
Filter actions
A brief description is as follows:
IPSec Policy
35. IP filter list contains the IP packets
on which the action was applied.
Individual IP filters tells windows
that on which IP packets actions should
be performed.
Filter action is to secure the IP
packets.
IPSec Policy (Cont..)
36. The IPsec policy also requires some
info about the network which includes:
Security method to use
Connection type
Tunnel settings
IPSec Policy (Cont..)
37. Security methods – which security
algorithms to use for authentication and
key exchanges.
Connection type – policy applied to
remote access connections, LANs or all
network connections.
Tunnel settings – IPsec use over a
virtual private network.
IPSec Policy (Cont..)
38. IPsec policies can be created or
edited.
In windows, 3 default policies are
stored which are:
Client policy
Server policy
Secure server policy
IPSec Policy (Cont..)
39. IPsec policy to block PING traffic.
IPsec policy configuration through
GPO.
IPSec Policy Examples