1 / 15

Email Security

Email Security. IPsec 1 * Essential Network Security Book Slides. IP Security. have a range of application specific security mechanisms eg . S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that cut across protocol layers

cornelius-welsh
Download Presentation

Email Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Email Security IPsec 1 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi

  2. IP Security • have a range of application specific security mechanisms • eg. S/MIME, PGP, Kerberos, SSL/HTTPS • however there are security concerns that cut across protocol layers • would like security implemented by the network for all applications

  3. IP Security • general IP Security mechanisms • provides • authentication • confidentiality • key management • applicable to use over LANs, across public & private WANs, & for the Internet

  4. IP Security Uses

  5. Benefits of IPSec • IPsec in a firewall/router provides strong security to all traffic crossing the perimeter • IPsec in a firewall/router is resistant to bypass • is below transport layer, hence transparent to applications • can be transparent to end users • can provide security for individual users

  6. IPSec Services • Access control • Connectionless integrity • Data origin authentication • Confidentiality (encryption) Two protocols are used to provide security: • an authentication protocol designated by the header of the protocol, Authentication Header (AH); • and a combined encryption/authentication protocol designated by the format of the packet for that protocol, Encapsulating Security Payload (ESP) • Both AH & ESP support two modes of use : Transport and Tunnel mode.

  7. Transport and Tunnel Modes • Transport Mode • to encrypt & optionally authenticate IP data (payload) . • When AH is used : IP payload and selected portion of the header will be authenticated. • When ESP is used : IP payload wil be encrypted. • When ESP with authentication is used : IP payload will be encrypted and authenticated.

  8. Transport and Tunnel Modes • Tunnel Mode • encrypts entire IP packet • add new header for next hop. • When AH is used : authenticate the entire inner header + inner payload + a selected portion of the outer header. • When ESP is used : entire inner IP packet will be encrypted. • When ESP with authentication is used : entire inner IP packet will be encrypted and authenticated

  9. IPSec Modes of Operation • Transport Mode: protect the upper layer protocols IP Header TCP Header Data Original IP Datagram Transport Mode protected packet IP Header IPSec Header TCP Header Data protected • Tunnel Mode: protect the entire IP payload New IP Header IPSec Header Original IP Header TCP Header Data Tunnel Mode protected packet protected

  10. Tunnel Mode • Host-to-Network, Network-to-Network Application Layer Protected Data Protected Data Application Layer Transport Layer Transport Layer Internet IP Layer IP Layer IPSec IPSec Host A Host B IP Layer IP Layer SG SG SG = Security Gateway

  11. Transport Mode • Host-to-Host Application Layer Application Layer Transport Layer Transport Layer IPSec IPSec IP Layer IP Layer Data Link Layer Data Link Layer Host A Host B

  12. Security Associations • a one-way relationship between sender & receiver that affords security for traffic flow • defined by 3 parameters: • Security Parameters Index (SPI) • IP Destination Address • Security Protocol Identifier • have a database of Security Associations

  13. Security Policy Database • relates IP traffic to specific SAs • match subset of IP traffic to relevant SA • use selectors to filter outgoing traffic to map • based on: local & remote IP addresses, next layer protocol, name, local & remote ports

  14. IP Traffic Processing IT352 | Network Security |Najwa AlGhamdi

  15. IP Traffic Processing IT352 | Network Security |Najwa AlGhamdi

More Related