IPSec Protocols in Network Security

IPSec Protocols

• IPSec offers two main services: authentication and confidentiality
• IPSec defines two IP extension headers: one for authentication (AH) and another for confidentiality (ESP)

Authentication Header (AH) Protocol

• Provides authentication, integrity, and an optional anti-replay service
• AH is inserted between the IP header and any subsequent packet contents
• No changes are required to the data contents of the packet
• Security resides completely in the contents of the AH

Encapsulating Security Payload (ESP) Protocol

• Provides data confidentiality
• Defines a new header to be inserted into the IP packet
• ESP processing includes the transformation of the protected data into an unreadable, encrypted format
• ESP will be inside the AH, i.e., encryption happens first and then authentication

Virtual Private Networks (VPNs)

• A VPN employs encryption, authentication, and integrity protection to use a public network as a private network
• Offers high security without requiring special cabling
• Combines the advantages of a public network (cheap and easily available) with those of a private network (secure and reliable)

VPN Protocols

• Point to Point Tunneling Protocol (PPTP) is used on Windows NT systems
• Layer 2 Tunneling Protocol (L2TP) is an improvement over PPTP and is considered a secure open standard for VPN connections
• L2TP works for both user-to-LAN and LAN-to-LAN connections and can include IPsec functionality

Pretty Good Privacy (PGP)

• PGP allows for four security options when sending an email message
• PGP includes the identifiers of the algorithm used in the message, along with the value of the keys
• PGP allows for digital envelopes to be created

ARP Spoofing

• ARP spoofing is a man-in-the-middle attack against the Address Resolution Protocol (ARP)
• Prevention methods include restricting LAN access to trusted users, checking for multiple occurrences of the same MAC address, using static ARP tables, and software solutions that inspect ARP packets

Symmetric-key Generation

• Symmetric-key generation is used in encryption and decryption

SSL Record Protocol

• The protocol provides two services to an SSL connection: confidentiality and integrity
• The handshake protocol defines a shared secret key that is used for assuring message integrity

Alert Protocol

• When an error is detected, an alert message is sent to the other party
• If the error is fatal, both parties immediately close the SSL connection
• Both parties destroy the session identifiers, secrets, and keys associated with the connection before termination