Internet Protocol Security (IPSec) is a set of protocols and algorithms that provide data authentication, integrity, and confidentiality as data is transferred across IP networks. IPSec provides data security at the IP packet level, and protects against possible security risks by protecting data. IPSec is widely used to establish VPNs.

There are three major functions of IPSec:

-Confidentiality: Conceals data through encryption.

-Integrity: Ensures that contents did not change in transit.

-Authentication: Verifies that packets received are actually from the claimed sender.

E.2.1 IPSec Security Components

IPSec contains three major components:

-Authentication Header (AH): Provides authentication and integrity.

-Encapsulating Security Payload (ESP): Provides confidentiality, authentication, and integrity.

-Internet Key Exchange (IKE): Provides key management and Security Association (SA) management.

These components are discussed below.

E.2.1.1 Authentication Header (AH)

The Authentication Header (AH) is a protocol that provides authentication and integrity, protecting data from tampering. It provides authentication of either all or part of the contents of a datagram through the addition of a header that is calculated based on the values in the datagram.

The AH can also protect packets from unauthorized re-transmission with anti-replay functionality. The presence of the AH header allows us to verify the integrity of the message, but doesn't encrypt it. Thus, AH provides authentication but not privacy. ESP protects data confidentiality. Both AH and ESP can be used together for added protection.

141

Page 140 Page 142
Page 141
Image 141
Billion Electric Company BiGuard 10, BiGuard 2 user manual IPSec Security Components, Authentication Header AH
Page 140 Page 142
Top Page Image Contents