Networking Fundamentals, 3rd Edition page 460

Copyright Goodheart-Willcox Co., Inc. 460 Networking Fundamentals Internet Protocol Security (IPSec) Internet Protocol Security (IPSec) provides end-to-end security across the public Internet and private networks. It is one of the most widely used methods for con- fi guring a virtual private network (VPN). IPSec was developed by the Internet Engi- neering Task Force (IETF) and was incorporated into many diff erent vender security systems. IPSec is an optional security feature for IPv4, but it is not optional for IPv6. IPSec consists of a wide collection of security protocols, hashes, and algorithms. Hashing is a technique that relies on an algorithm or encryption device based on mathematical algorithms for guessing a password. Th e security protocols, hashes, and algorithms can be implemented in various combinations to make IPSec more unique for a given vender. Some of the more common software applications are fi re- walls, VPNs, and authentication software. Th ere are two standard modes of IPSec implementation: transport mode and tunnel mode. In tunnel mode, the payload and the header, which contains rout- ing information, is encrypted. In transport mode, only the payload is encrypted, as demonstrated in Figure 15-14. Transport mode is typically used for a host-to-host connection that already provides another form of security so that only the payload needs protection. Tunnel mode provides a greater degree of security and is commonly used for VPN applications. 3.4 NET Figure 15-14 Transport mode encrypts only the packet data. Tunnel mode encrypts both the IP header information and the data. Tunnel mode requires a gateway or router IP header address, which accounts for the additional IP header at the front of the packet. IP header Data Original IP packet IP header Data Transport mode IP header IP header Data Tunnel mode Encrypted Gateway/router Encrypted Goodheart-Willcox Publisher Some of the more common security technologies that can be implemented with IPSec are ESP, IKE, AH, MDS, SHA-1, 3DES, AES, and more. Th e two common protocols associated with IPSec are Encapsulated Security Payload (ESP) and Authentication Header (AH). Authentication can also be verifi ed using Kerberos a preshared key, which is a key shared in advance of information exchanges or digital certifi cate. IP- Sec VPNs typically use public and private keys for encryption. IPSec works at the network layer and is transparent to the user. Microsoft fi rst started incorporating IPSec into Windows Server 2003. Secure Shell (SSH) Secure Shell (SSH) is a protocol that provides secure network services over an inse- cure network medium such as the Internet. SSH was originally designed for Unix sys- tems to replace Remote Login (rlogin), Remote Shell (rsh), and Remote Copy (rcp). Th ese utilities are known as r commands by Unix and Linux users. Th e r commands do not directly support encryption, which means fi les and commands are sent in plain text and can be intercepted and read by a protocol sniff er or analyzer. SSH is as- 4.3 NET 1.1, 3.4 NET

Previous Page Next Page

Networking Fundamentals, 3rd Edition Page 460 (482 of 720)

Resources and Downloads

Help