1 / 31

Protocol Basics

Protocol Basics. IPSec. Provides two modes of protection Tunnel Mode Transport Mode Authentication and Integrity Confidentiality Replay Protection. Tunnel Mode. Encapsulates the entire IP packet within IPSec protection Tunnels can be created between several different node types

kylia
Download Presentation

Protocol Basics

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Protocol Basics

  2. IPSec • Provides two modes of protection • Tunnel Mode • Transport Mode • Authentication and Integrity • Confidentiality • Replay Protection

  3. Tunnel Mode • Encapsulates the entire IP packet within IPSec protection • Tunnels can be created between several different node types • Gateway to gateway • Host to gateway • Host to host

  4. Three Types of Tunnels Gateway to Gateway Host to Gateway Host to Host

  5. Transport Mode • Encapsulates only the transport layer information within IPSec protection • Can only be created between host nodes

  6. Authentication and Integrity • Verification of the origin of data • Assurance that data sent is the data received • Assurance that the network headers have not changed since the data was sent

  7. Confidentiality • Encrypts data to protect against eavesdropping • Can hide data source when encryption is used over a tunnel

  8. Replay Prevention • Causes retransmitted packets to be dropped.

  9. IPSec Protection Protocols • Authentication Header • Authenticates payload data • Authenticates network header • Gives anti-replay protection • Encapsulated Security Payload • Encrypts payload data • Authenticates payload data • Gives anti-replay protection

  10. Orig IP Hdr AH Hdr IPSec AH in Transport Mode Orig IP Hdr TCP Hdr Data Insert TCP Hdr Data Integrity hash coverage (except for mutable fields in IP hdr) © 2000 Microsoft Corporation

  11. Orig IP Hdr Orig IP Hdr TCP Hdr TCP Hdr Data Data IPSec AH in Tunnel Mode IP Hdr AH Hdr Integrity hash coverage (except for mutable new IP hdr fields) New IP header with source & destination IP address © 2000 Microsoft Corporation

  12. Orig IP Hdr Orig IP Hdr ESP Auth IPSec ESP in Transport Mode TCP Hdr Data Insert Append Data ESP Hdr TCP Hdr ESP Trailer Usually encrypted integrity hash coverage © 2000 Microsoft Corporation

  13. Orig IP Hdr TCP Hdr Data ESP Auth Data IPHdr ESP Hdr IP Hdr TCP Hdr IPSec ESP Tunnel Mode ESP Trailer Usually encrypted integrity hash coverage New IP header with source & destination IP address © 2000 Microsoft Corporation

  14. IPSec Basic Architecture • IPSec Driver • Policy Agent • Internet Key Exchange (IKE) Policy Agent IKE IPSec Driver TCP/IP Driver

  15. IPSec Driver • Monitors and Secures IP traffic • Encryption and Authentication of outbound packets • Decryption and Authentication of inbound packets • Prompts IKE to negotiate secure channels as needed • Maintains secure channel state information

  16. Policy Agent • Maintains IPSec policy and state information • Distributes filter rule sets to the IPSec Driver • Distributes authentication and security settings to IKE

  17. IKE • Negotiates secure channels based on settings received from the Policy Agent • Distributes secure channel information to the IPSec driver

  18. How It All Fits Together Transport Tunnel

  19. Sending in Transport Mode Application Transport IP IPSec Physical Physical IP IPSec TCP Application Data

  20. Sending in Tunnel Mode IPSec IP IP IPSec Physical Physical Physical IP IPSec TCP Application Data IP IPSec TCP Application Data Physical Outer IP IPSec Inner IP IPSec TCP Application Data

  21. Receiving in Tunnel Mode IPSec IP IP IPSec Physical Physical Physical Outer IP IPSec Inner IP IPSec TCP Application Data IP IPSec TCP Application Data Physical IP IPSec TCP Application Data

  22. Receiving in Transport Mode Application Transport IPSec IP Physical Physical IP IPSec TCP Application Data

  23. Layer Two Tunneling Protocol (L2TP) • Provides • Provides PPP encapsulation over IP • VPN services • Doesn’t Provide • A method of encryption for it’s traffic • Protection against injection of packets into an open L2TP session

  24. 2 1 5 4 control How L2TP Works L2TP/IPSec Application IKE Service TCP, UDP IP 3 IPSec Driver Layer NIC L2TP PPP

  25. Kerberos • Provides authentication of network server and client

  26. What Kerberos Provides • Mutual authentication of parties

  27. How Kerberos Works KDC AS TGS Ticket Request Authorization Request Ticket Granting Ticket Ticket Client Application Server Ticket

  28. Public Key Infrastructure Basics

  29. How Public Keys Are Used for Authentication

  30. What’s In a Certificate?

  31. How PKI Works

More Related