HP UX IPSec Software manual Glossary

Page 47

glossary

3DES

Triple Data Encryption Standard. A symmetric key block encryption algorithm that encrypts

 

data three times, using a different 56-bit key each time (168 bits are used for keys). 3DES is

 

suitable for bulk data encryption.

AES

Advanced Encryption Standard. Uses a symmetric key block encryption. HP-UX IPSec supports

 

AES with a 128-bit key. AES is suitable for encrypting large amounts of data.

AH

The AH (Authentication Header) protocol provides data integrity, system-level authentication

 

for IP packets. It can also provide anti-replay protection. The AH protocol is part of the IPsec

 

protocol suite.

authentication

The process of verifying a user's identity or integrity of data, or the identity of the party that

 

sent data.

DES

Data Encryption Standard. Uses a 56-bit key for symmetric key block encryption. It is suitable

 

for encrypting large amounts of data.

 

DES has been cracked (data encoded using DES has been decoded by a third party).

Diffie-Hellman

Method to generate a symmetric key where two parties can publicly exchange values and

 

generate the same shared key. Start with prime p and generator g, which may be publicly

 

known (typically these numbers are from a well-known Diffie-Hellman Group). Each party

 

selects a private value (a and b) and generates a public value (g**a mod p) and (g**b mod p).

 

They exchange the public values. Each party then uses its private value and the other party's

 

public value to generate the same shared key, (g**a)**b mod p and (g**b)**a mod p, which both

 

evaluate to g**(a*b) mod p for future communication.

 

The Diffie-Hellman method must be combined with authentication to prevent man-in-the-middle

 

or third party attacks (spoofing) attacks. For example, Diffie-Hellman can be used with certificate

 

or preshared key authentication.

ESP

The ESP (Encapsulating Security Payload) protocol provides confidentiality (encryption), data

 

authentication, and an anti-replay service for IP packets. When used in tunnel mode, ESP also

 

provides limited traffic flow confidentiality. The ESP protocol is part of the IPsec protocol suite.

IKE

The Internet Key Exchange (IKE) protocol is used before the ESP or AH protocol exchanges to

 

determine which encryption and/or authentication services will be used. IKE also manages the

 

distribution and update of the symmetric (shared) encryption keys used by ESP and AH.

IKE

The method used by IKE peers to authenticate each party's identity. HP-UX IPSec supports two

authentication

IKE authentication methods: preshared keys and RSA signatures using certificates.

IKE SA

IKE Security Association. An IKE SA is a bi-directional, secure communication channel that

 

IKE uses to negotiate IPsec SAs. IKE can establish IKE SAs using either Main Mode or Aggressive

 

Mode negotiations. Also referred to as IKE Phase One SA, ISAKMP SA, ISAKMP/MM SA,

 

Aggressive Mode SA, Main Mode SA.

IPsec SA

IPsec Security Association. An IPsec SA is a uni-directional, secure communication channel.

 

The IPsec SA operating parameters include the IPsec protocol used (ESP or AH), the mode

 

(transport or tunnel), the cryptographic algorithms (such as AES and SHA-1), the cryptographic

 

keys, the SA lifetime, and the endpoints (IP addresses, protocol and port numbers). IKE

 

establishes IPsec SAs using Quick Mode negotiations. Also referred to as IKE Phase Two SA,

 

IPsec SA, Quick Mode SA.

Perfect Forward

With Perfect Forward Secrecy the exposure of one key permits access only to data protected

Secrecy (PFS)

by that key. HP-UX IPSec supports PFS for keys and all identities (the IKE daemon can be

 

configured to create a new IKE SA for each IPsec negotiation). HP-UX IPSec does not support

 

PFS for keys only (the IKE SA is re-used for multiple IPsec negotiations, with a new

 

Diffie-Hellman key exchange for each IPsec negotiation).

SA

See Security Association. A secure communication channel and its parameters, such as encryption

 

and authentication method, keys and lifetime..

SHA1

(Secure Hash Algorithm-1). Authentication algorithm that generates a 160-bit message digest

 

using a 160-bit key.

47

Page 46 Page 48
Image 47
Page 46 Page 48
Contents HP Part Number J4256-90025 Published June Edition Page Table of Contents Glossary List of Figures Page List of Tables Page Typographic Conventions About This DocumentPage Introduction Testing EnvironmentKnown Problem with Windows 2000 SP1 and SP2 Protocol Implementation Differences Rules Windows IP Security Configuration OverviewTunnel Settings Configuring a Windows Host-to-Host PolicyCreating a Policy IP Security Policy Wizard Adding a RuleRules Tab Creating an IP Filter List Creating the IP Filter List and Filters for the RuleClick OK to return to the Filter Properties dialog box Protocol Tab for Filter Properties Selecting the Filter List for a Rule Configuring Filter Actions for the RuleSecurity Methods for Filter Action Encryption and Integrity Click Apply Selecting the Filter Action Modifying IKE Parameters for the Policy Configuring the Connection Type for the RuleGeneral Policy Properties Dialog Box Master key perfect forward secrecy PFS IKE Security Algorithms Dialog Box Starting the IP Security ServiceAssigning the IP Security Policy Ipsec Services Properties Dialog BoxExample Verifying the ConfigurationWindows Configuration HP-UX Configuration Inbound Tunnel Rule Requirements Configuring a Windows End-to-End Tunnel PolicyConfiguring a Tunnel Rule Outbound Tunnel Rule RequirementsOutbound Rule Outbound Rule Filter Inbound Rule Filter HP-UX Configuration Using IKE Logging on Windows Systems Troubleshooting TipsUsing IKE Logging on HP-UX Systems Disable IKE logging. On Windows XP systems, set Additional Windows Troubleshooting ToolsIPsec Parameters on Windows and HP-UX Comparing HP-UX and Windows IPsec Configuration ParametersValues page 42 for Mirrored FiltersHP-UX IKE SA Lifetime Values Filter SelectionIKE Parameter Selection IKE SA Key Master Key Lifetime ValuesWindows IKE SA Lifetime Values Maximum Quick ModesPerfect Forward Secrecy PFS IPsec SA Key Session Key Lifetime ValuesWindows IPsec SA Lifetime Values Related Publications Page Glossary Transform
Related manuals
Manual 318 pages 32.64 Kb Manual 8 pages 43.6 Kb

UX IPSec Software specifications

HP-UX IPSec Software is an integral component of the HP-UX operating system, providing robust and secure communication capabilities for enterprise environments. As organizations increasingly rely on secure networking solutions, HP-UX IPSec stands out with its comprehensive set of features and technologies designed to safeguard sensitive data.

One of the core characteristics of HP-UX IPSec Software is its implementation of the Internet Protocol Security (IPSec) framework. This technology secures Internet Protocol (IP) communications through authentication and encryption, ensuring the integrity and confidentiality of data transmissions. By leveraging IPSec, HP-UX provides a secure method for connecting remote users and secure sites over untrusted networks, such as the internet.

A notable feature of the HP-UX IPSec Software is its support for both transport and tunnel modes. The transport mode encrypts only the payload of the IP packet, whereas the tunnel mode encapsulates the entire IP packet within a new packet, allowing for secure communications between entire networks. This flexibility enables organizations to tailor their security strategies based on specific use cases and requirements.

HP-UX IPSec also emphasizes interoperability and compliance with industry standards. The software supports various encryption algorithms and authentication methods, including those defined by the Internet Engineering Task Force (IETF). This commitment to open standards ensures that HP-UX can seamlessly integrate with a diverse range of networking infrastructures and security solutions.

In addition to its security features, HP-UX IPSec Software offers administration tools that simplify the configuration and management of IPSec policies. The software includes a user-friendly command-line interface, allowing system administrators to specify security associations and policies efficiently. Moreover, comprehensive logging and monitoring capabilities help organizations keep track of their security posture and detect potential vulnerabilities.

Another essential characteristic of HP-UX IPSec Software is its scalability. Designed to accommodate the needs of both small and large enterprises, it can handle increased loads and adapt to changing security demands without compromising performance.

In conclusion, HP-UX IPSec Software stands as a vital solution for organizations seeking to protect their data transmissions over IP networks. With its core technologies, such as transport and tunnel modes, adherence to industry standards, user-friendly administration tools, and scalability, it provides a formidable layer of security in an increasingly interconnected world. This makes it a preferred choice for enterprises aiming to enhance their network security frameworks.
Top Page Image Contents