Disclaimer: All information stated in this post may not be purely correct or purely wrong, believing this is your own choice. You are free to reference to any sources of information online to cross-reference or even correct me in the Comments Section below.
Hello!~
Other people very fast, this week I very de slow...
SO NOW I GO DO!
IPSec!!
Whats that sia?
-Protocol suite (Collection of protocols)
-used for securing Internet Protocol communications
How does it secure IP communications?
-IPSec authenticates and encrypts each IP packet of a communication session
But wait! That's not all!
-IPSec also includes protocols for establishing mutual authentication between..
Between who??
-Between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session (Meaning between the computers before the session starts, and also when agreeing on the keys to be used once session start)
Okay, I shall stop talking to myself now..
---------------------------------------------------------------------------------------------------------------------
IPSec is a end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite. It is able to protect data flows between the following:
- a pair of hosts (host-to-host)
- a pair of security gateways (network-to-network, for example a network router to network router)
- a security gateway to host (gateway-to-host)
If you're wondering what are the acronyms within the brackets beside "IPSec" stated in the title, then wonder-no-more! This post shall explain a few of them now, without any payment whatsoever!
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
These 2 members of the protocol suite can be used interchangeably or together.
ESP(Encapsulating Security Payloads) provides the following:
- Confidentiality [Limiting information access and disclosure to authorized and unauthorized users. Basically it means something like a Need-To-Know basis. If you have no purpose of accessing this information, then you're restricted from doing so.]
- Data-origin authentication [Verifying the messages received have not been tampered with and that they were sent from the expected sender, as the messages may have passed through a lot of nodes to reach the destination and there is always a chance of someone tampering with it along the way]
- Connectionless integrity [Ensuring that received traffic has not been modified, tampered with or changed. Integrity also includes anti-reply defenses]
- Anti-replay service [It is a form of partial sequence integrity, helps to counter denial of service attacks]
- Limited traffic-flow confidentiality [Ensuring that the network traffic is not being examined or viewed by non-authorized parties]
AH(Authentication Header) provides the following:
-Connectionless integrity [read above if you have not done so]
-Data-origin authentication [read above if you have not done so]
- Anti-replay service [read above if you have not done so]
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
No comments:
Post a Comment