IPSec Communication
Internet Protocol Security (IPsec) is a protocol suite for securing IP communications by authenticating and/or encrypting each IP packet of a communication session.
Provided Features
A- Communication between
1-Client to Server
2-Server to Server
3- Network to Network
B- Data Authentication (only authenticated users are allowed to access data)
C- Data Tempering (prevent data modification during transmission)
Improvement in IPSec with Server 2008
1- Integrated with firewall
2- Support ipv6
3- Integrated with NAP
Protocols of IPSec
1-IKE: Transfer security parameter and generate key (uses diffie-helmon key process DH-1768, DH-2 1024, DH-5 1536 )
2-AH: Host to client authentication and data integrity
3-ESP: Same as AH but also support encryption and NAT
4-SA: Security Assocition logical grouping of security parameter that contains algorithm method and key size.
Mode of IPSec: There are two mode of IPSec -
1- Main Mode:
Establish a secure communication between each party to configure quick mode, Often AH protocol used in main mode.
2- Quick Mode:
Used to communicate with each party (data transfer), Often ESP used in quick mode.
Types Of IPsec connection
1-Isolation = (meat authentication criteria)
2-Authentication exemption = (do not authenticate)
3-Server to server = (authentication between specified computers)
4-Tunnel = (authentication between gateway computers)
Authentication Method
1-Kerberos (only in Domain based network)
2-Certificate (obtain by CA server )
3-NTLMv2 (basically for workgroup based network)
4-Preshared Key (very weak key authentication)
-----------------------------------------------------------------------------
SSTP Secure Socket Tunneling Protocol
When VPN is configured with SSL (Secure Socket Layer) protocol this is called SSTP method. SSL protocol encrypt the data transmitting between browser and authenticating user.
IPSec Encryption Protocols
1- DES Key length 56 bit
2-3DES Key length56*3 bit
3-AES Key length128or 256 bit
More Key length means More security for encryption.
No comments:
Post a Comment