Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec also includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session.
The IPSec framework consists of the IPSec protocol (e.g. ESP, ESP+AH), encryption (e.g. DES, 3 DES), authentication (e.g. MD5, SHA), and the Defiie-Hellman options (e.g. DH1, DH2).
The IPsec has protocol has 5 basic steps. First, it will identify the interesting traffic meaning the network traffic which they network administrator wants to apply security on. They would then start the first phase of the IKE(Internet Key Exchange) with the router on the other end. They would negotiate the policy to check whether both sides are using the same IPsec policy as this is important. For example, is one side is using the DES encryption method which the other is using the 3 DES, the data sent over will only appear as garbage. They would then do the Diffie-Hellman Exchange and Verify the peer identity using for example, pre-shared keys, RSA signatures or RSA encrypted nonces. Next, the transform sets will be negotiates. A transform set is a combination of algorithms and protocols that enact a security policy for traffic. The SA(security Association) are exchanged between the peer routers. When the SA has reached a time-out, the IPsec SA will be removed and the and process will repeat to create another tunnel
Hi rong, your post is super informative. It can be better if you are able to paragraph it instead of copying one whole chunk of words; this really make reading hard. I really have not much comments on the information. =)
ReplyDelete