IP (AH, ESP, DES, MD5, SHA, DH)
IP security is developed by the IETF to support secure exchange of packets at the IP layer. IPsec is mostly used for implementing Virtual Private Networks and remote user access through dial-up connection to private networks.
The advantage of using IPsec is that users may handle security arrangments without having to do any changes to individual user computers. Cisco has been a leader in proposing IPsec as a standard (or combination of standards and technologies) and has included support for it in its network routers.
IPsec provides two choices of security service:
A public key is needed for both sending and receiving device in order for IPsec to work. Internet Security Association and Key Management Protocol/Oakley is used to allow the receiver to obtain a public key and authenticate the sender by using digital certificates. Diffie Helman (DH), uses a public / private key algorithm to share symmetric keys.
Symmetric keying algorithms provide the capability to achieve greater
throughput when encrypting & decrypting data than that of asymetric keys.
IPsec supports two encryption modes:
The advantage of using IPsec is that users may handle security arrangments without having to do any changes to individual user computers. Cisco has been a leader in proposing IPsec as a standard (or combination of standards and technologies) and has included support for it in its network routers.
IPsec provides two choices of security service:
- Authentication Header (AH), which essentially allows authentication of the sender of data
- Encapsulating Security Payload (ESP), which supports both the authentication of the sender and encryption of data as well.
A public key is needed for both sending and receiving device in order for IPsec to work. Internet Security Association and Key Management Protocol/Oakley is used to allow the receiver to obtain a public key and authenticate the sender by using digital certificates. Diffie Helman (DH), uses a public / private key algorithm to share symmetric keys.
Symmetric keying algorithms provide the capability to achieve greater
throughput when encrypting & decrypting data than that of asymetric keys.
IPsec supports two encryption modes:
- Transport mode , which encrypts only the data portion (payload) of each packet, but does not encrypt the header.
- Tunnel mode, which is much more secure, encrypts both the header and the payload.
IPsec uses these cryptography algorithm:
- DES, for confidentiality
- SHA, for integrity protection and authenticity.
- MD5
Public Key Infrastructure (Digital Cert )
Examples of some typical Digital Certificate
Issuer: The entity that verified the information and issued the certificate.
Key-Usage: Purpose of the public key.
Public Key: The public key.
Serial Number: Used to uniquely identify the certificate.
Subject: The person, or entity identified.
Signature Algorithm: The algorithm used to create the signature.
Signature: The actual signature to verify that it came from the issuer.
Thumbprint Algorithm: The algorithm used to hash the public key.
Thumbprint: The hash itself, used as an abbreviated form of the public key.
Valid-From: The date the certificate is first valid from.
Valid-To: The expiration date.
Examples of some typical Digital Certificate
Issuer: The entity that verified the information and issued the certificate.
Key-Usage: Purpose of the public key.
Public Key: The public key.
Serial Number: Used to uniquely identify the certificate.
Subject: The person, or entity identified.
Signature Algorithm: The algorithm used to create the signature.
Signature: The actual signature to verify that it came from the issuer.
Thumbprint Algorithm: The algorithm used to hash the public key.
Thumbprint: The hash itself, used as an abbreviated form of the public key.
Valid-From: The date the certificate is first valid from.
Valid-To: The expiration date.
No comments:
Post a Comment