FVL328 Cable/DSL ProSafe
Page 3
addition, AH does not protect the data’s confidentiality. If data is intercepted and only AH is used, the message contents can be read. ESP protects data confidentiality. For added protection in certain cases, AH and ESP can be used together. In the following table, IP HDR represents the IP header and includes both source and destination IP addresses.
14.What is Encapsulating Security Payload (ESP)?
ESP provides authentication, integrity, and confidentiality, which protect against data tampering and, most importantly, provide message content protection.
IPSec provides an open framework for implementing industry standard algorithms, such as SHA and MD5. The algorithms IPSec uses produce a unique and unforgeable identifier for each packet, which is a data equivalent of a fingerprint. This fingerprint allows the device to determine if a packet has been tampered with. Furthermore, packets that are not authenticated are discarded and not delivered to the intended receiver.
ESP also provides all encryption services in IPSec. Encryption translates a readable message into an unreadable format to hide the message content. The opposite process, called decryption, translates the message content from an unreadable format to a readable message. Encryption/decryption allows only the sender and the authorized receiver to read the data. In addition, ESP has an option to perform authentication, called ESP authentication. Using ESP authentication, ESP provides authentication and integrity for the payload and not for the IP header.
The ESP header is inserted into the packet between the IP header and any subsequent packet contents. However, because ESP encrypts the data, the payload is changed. ESP does not encrypt the ESP header, nor does it encrypt the ESP authentication.
15.What is a Security Association?
A group of security settings related to a specific VPN tunnel. A Security Association (SA) groups together all the necessary settings needed to create a VPN tunnel. Different SAs may be created to connect branch offices, allow secure remote management, and pass unsupported traffic. All SAs require a specified encryption method, IPSec gateway address and destination network address.
16.What is PKI?
Public Key Infrastructure (PKI) is a method by which valid VPN users are authenticated through the use of certificate authorities.
17.What is a Certificate Authority (CA)?
A Certificate Authority is an organization that provides certificates and provides a mechanism for verifying
their authenticity. Certificate authentication is a method whereby the computer would have a
18.What is PPTP?