ip security. p r e s e n t e d b y ::: semester : 8 ::: year : 2009 naeem riaz maria shakeel aqsa...
TRANSCRIPT
![Page 1: IP Security. P R E S E N T E D B Y ::: Semester : 8 ::: Year : 2009 Naeem Riaz Maria Shakeel Aqsa Nizam](https://reader035.vdocuments.us/reader035/viewer/2022070410/56649f175503460f94c2eb1f/html5/thumbnails/1.jpg)
IP Security
![Page 2: IP Security. P R E S E N T E D B Y ::: Semester : 8 ::: Year : 2009 Naeem Riaz Maria Shakeel Aqsa Nizam](https://reader035.vdocuments.us/reader035/viewer/2022070410/56649f175503460f94c2eb1f/html5/thumbnails/2.jpg)
P R E S E N T E D B YP R E S E N T E D B Y::: Semester : 8 ::: Year : 2009
Naeem Riaz
Maria Shakeel
Aqsa
Nizam
![Page 3: IP Security. P R E S E N T E D B Y ::: Semester : 8 ::: Year : 2009 Naeem Riaz Maria Shakeel Aqsa Nizam](https://reader035.vdocuments.us/reader035/viewer/2022070410/56649f175503460f94c2eb1f/html5/thumbnails/3.jpg)
BEYOND FORWORD
COMPETITIVE ANALYSIS
FUCTIONAL FEATURES
INITIATIVE
![Page 4: IP Security. P R E S E N T E D B Y ::: Semester : 8 ::: Year : 2009 Naeem Riaz Maria Shakeel Aqsa Nizam](https://reader035.vdocuments.us/reader035/viewer/2022070410/56649f175503460f94c2eb1f/html5/thumbnails/4.jpg)
BEYOND FORWORD
COMPETITIVE ANALYSIS
FEATURES
INITIATIVE
Overview at a glance
![Page 5: IP Security. P R E S E N T E D B Y ::: Semester : 8 ::: Year : 2009 Naeem Riaz Maria Shakeel Aqsa Nizam](https://reader035.vdocuments.us/reader035/viewer/2022070410/56649f175503460f94c2eb1f/html5/thumbnails/5.jpg)
IPSecurity (IPSec)IPSecurity (IPSec)
IPSecurity (IPSec) is a collection of protocols designed by the IPSecurity (IPSec) is a collection of protocols designed by the Internet Engineering Task Force (IETF) to provide security for Internet Engineering Task Force (IETF) to provide security for a packet at the network level. a packet at the network level.
![Page 6: IP Security. P R E S E N T E D B Y ::: Semester : 8 ::: Year : 2009 Naeem Riaz Maria Shakeel Aqsa Nizam](https://reader035.vdocuments.us/reader035/viewer/2022070410/56649f175503460f94c2eb1f/html5/thumbnails/6.jpg)
TCP/IP protocol suite and IPSec
![Page 7: IP Security. P R E S E N T E D B Y ::: Semester : 8 ::: Year : 2009 Naeem Riaz Maria Shakeel Aqsa Nizam](https://reader035.vdocuments.us/reader035/viewer/2022070410/56649f175503460f94c2eb1f/html5/thumbnails/7.jpg)
IP Security Scenario
![Page 8: IP Security. P R E S E N T E D B Y ::: Semester : 8 ::: Year : 2009 Naeem Riaz Maria Shakeel Aqsa Nizam](https://reader035.vdocuments.us/reader035/viewer/2022070410/56649f175503460f94c2eb1f/html5/thumbnails/8.jpg)
Benefits of IPSec
Strong security that can be applied to all traffic crossing the perimeter.Transparent to applications. No need to change software on a user or server system,
-When IPSec is implemented in a router or firewall.IPSec can be transparent to end users. There is no need to train users on security mechanismsIPSec can provide security for individual used if needed.
![Page 9: IP Security. P R E S E N T E D B Y ::: Semester : 8 ::: Year : 2009 Naeem Riaz Maria Shakeel Aqsa Nizam](https://reader035.vdocuments.us/reader035/viewer/2022070410/56649f175503460f94c2eb1f/html5/thumbnails/9.jpg)
Cryptographic algorithms
Cryptographic algorithms defined for use with IPsec include:
HMAC-SHA1 for integrity protectionTripleDES-CBC for confidentialityAES-CBC for confidentiality
.
![Page 10: IP Security. P R E S E N T E D B Y ::: Semester : 8 ::: Year : 2009 Naeem Riaz Maria Shakeel Aqsa Nizam](https://reader035.vdocuments.us/reader035/viewer/2022070410/56649f175503460f94c2eb1f/html5/thumbnails/10.jpg)
RFC : IP Sec Documents
RFC 2401: An overview of security architectureRFC 2402: Description of a packet encryption extension to IPv4 and IPv6RFC 2406: Description of a packet emcryption extension to IPv4 and IPv6RFC 2408: Specification of key managament capabilities
![Page 11: IP Security. P R E S E N T E D B Y ::: Semester : 8 ::: Year : 2009 Naeem Riaz Maria Shakeel Aqsa Nizam](https://reader035.vdocuments.us/reader035/viewer/2022070410/56649f175503460f94c2eb1f/html5/thumbnails/11.jpg)
INITIATIVEBEYOND
FORWORD
COMPETITIVE ANALYSIS
FUNCTIONAL FEATURES
ModesProtocols
![Page 12: IP Security. P R E S E N T E D B Y ::: Semester : 8 ::: Year : 2009 Naeem Riaz Maria Shakeel Aqsa Nizam](https://reader035.vdocuments.us/reader035/viewer/2022070410/56649f175503460f94c2eb1f/html5/thumbnails/12.jpg)
Modes of IPSec
IPSec operates in one of two different modes.
Transport mode.Tunnel mode
![Page 13: IP Security. P R E S E N T E D B Y ::: Semester : 8 ::: Year : 2009 Naeem Riaz Maria Shakeel Aqsa Nizam](https://reader035.vdocuments.us/reader035/viewer/2022070410/56649f175503460f94c2eb1f/html5/thumbnails/13.jpg)
TRANSPORT MODE VS TUNNEL MODE
IPSec in the transport mode does not protect the IP header; it only protects the information coming from the transport layer.
IPSec in tunnel mode protects the original IP header.
![Page 14: IP Security. P R E S E N T E D B Y ::: Semester : 8 ::: Year : 2009 Naeem Riaz Maria Shakeel Aqsa Nizam](https://reader035.vdocuments.us/reader035/viewer/2022070410/56649f175503460f94c2eb1f/html5/thumbnails/14.jpg)
Transport mode in action
![Page 15: IP Security. P R E S E N T E D B Y ::: Semester : 8 ::: Year : 2009 Naeem Riaz Maria Shakeel Aqsa Nizam](https://reader035.vdocuments.us/reader035/viewer/2022070410/56649f175503460f94c2eb1f/html5/thumbnails/15.jpg)
Tunnel mode in action
**
![Page 16: IP Security. P R E S E N T E D B Y ::: Semester : 8 ::: Year : 2009 Naeem Riaz Maria Shakeel Aqsa Nizam](https://reader035.vdocuments.us/reader035/viewer/2022070410/56649f175503460f94c2eb1f/html5/thumbnails/16.jpg)
Authentication Header (AH) Protocol & Encapsulating Security Payload (ESP) Protocol
The Authentication Header (AH) Protocol provides source authentication and data integrity but not privacy.Encapsulating Security Payload (ESP) provides confidentiality services (Must) and authentication services (optionally).ESP provides sources authentication, data integrity and privacy
![Page 17: IP Security. P R E S E N T E D B Y ::: Semester : 8 ::: Year : 2009 Naeem Riaz Maria Shakeel Aqsa Nizam](https://reader035.vdocuments.us/reader035/viewer/2022070410/56649f175503460f94c2eb1f/html5/thumbnails/17.jpg)
BEYOND FORWORD
COMPETITVE ANALYSISINITIATIVE
FUNCTIONAL FEATURES
Key management IPSec services
![Page 18: IP Security. P R E S E N T E D B Y ::: Semester : 8 ::: Year : 2009 Naeem Riaz Maria Shakeel Aqsa Nizam](https://reader035.vdocuments.us/reader035/viewer/2022070410/56649f175503460f94c2eb1f/html5/thumbnails/18.jpg)
Summarization of AH and ESP
**
![Page 19: IP Security. P R E S E N T E D B Y ::: Semester : 8 ::: Year : 2009 Naeem Riaz Maria Shakeel Aqsa Nizam](https://reader035.vdocuments.us/reader035/viewer/2022070410/56649f175503460f94c2eb1f/html5/thumbnails/19.jpg)
Key Management
IPSec architecture support for two type of key management:
Manual: Particular for small, relatively static environments.
Automated: The use of this key in a large distributed system with an evolving configuration
![Page 20: IP Security. P R E S E N T E D B Y ::: Semester : 8 ::: Year : 2009 Naeem Riaz Maria Shakeel Aqsa Nizam](https://reader035.vdocuments.us/reader035/viewer/2022070410/56649f175503460f94c2eb1f/html5/thumbnails/20.jpg)
Contd…
Oakley: Key Detemination Protocol: Three authentication methods can be used with Oakley:
-Digital signatures -Public-key encryption -Symmetric-key encryption
ISAKMP: Internet Security Association and Key Management Protocol: -Defines procedures and packet formats to establish, negotiate, modify and delete security associations.
![Page 21: IP Security. P R E S E N T E D B Y ::: Semester : 8 ::: Year : 2009 Naeem Riaz Maria Shakeel Aqsa Nizam](https://reader035.vdocuments.us/reader035/viewer/2022070410/56649f175503460f94c2eb1f/html5/thumbnails/21.jpg)
IPSec Services
IPSec provided Services for:networking devices,
-such as a router or firewall Operates on the workstation or server.
-Workstation to Workstation Protection against data changes
-Accidental or Intentional Datagram’s Content can be hidden.
![Page 22: IP Security. P R E S E N T E D B Y ::: Semester : 8 ::: Year : 2009 Naeem Riaz Maria Shakeel Aqsa Nizam](https://reader035.vdocuments.us/reader035/viewer/2022070410/56649f175503460f94c2eb1f/html5/thumbnails/22.jpg)
INITIATIVE
FUNCTIONAL FEATURES
COMPETITIVE ANALYSIS
BEYOND FOREWORD
THANK YOU
Software implementations
Real life examples
![Page 23: IP Security. P R E S E N T E D B Y ::: Semester : 8 ::: Year : 2009 Naeem Riaz Maria Shakeel Aqsa Nizam](https://reader035.vdocuments.us/reader035/viewer/2022070410/56649f175503460f94c2eb1f/html5/thumbnails/23.jpg)
IPSec: Real Life Examples
IPSec provides the capability to secure communications across a LAN, across private and public WANs, and across the Internet. Examples of its use include: Secure branch office connectivity over the Internet Secure remote access over the Internet Establishment of extranet and intranet connectivity with partners Enhancement of electronic commerce security Encrypt or authenticate all traffic at the IP level
![Page 24: IP Security. P R E S E N T E D B Y ::: Semester : 8 ::: Year : 2009 Naeem Riaz Maria Shakeel Aqsa Nizam](https://reader035.vdocuments.us/reader035/viewer/2022070410/56649f175503460f94c2eb1f/html5/thumbnails/24.jpg)
Contd…
Using IPSec all distributed applications can be secured, -Remote logon, -client/server, -e-mail, -file transfer,
-Web access
![Page 25: IP Security. P R E S E N T E D B Y ::: Semester : 8 ::: Year : 2009 Naeem Riaz Maria Shakeel Aqsa Nizam](https://reader035.vdocuments.us/reader035/viewer/2022070410/56649f175503460f94c2eb1f/html5/thumbnails/25.jpg)
SOFTWARE IMPLEMENTATIONS
NRL IPsec, one of the original sources of IPsec code.OpenBSD, with its own code derived from a BSD/OS implementation written by John Ioannidis and Angelos D. Keromytis in 1996.The KAME stack, that is included in Mac OS X, NetBS and FreeBSD."IPsec" in Cisco IOS Software "IPsec" in Microsoft Windows, including Windows XP, Windows 2000, Windows 2003, Windows Vista, Windows Server 2008, and Windows 7.SafeNet QuickSec toolkitsIPsec in Solaris
![Page 26: IP Security. P R E S E N T E D B Y ::: Semester : 8 ::: Year : 2009 Naeem Riaz Maria Shakeel Aqsa Nizam](https://reader035.vdocuments.us/reader035/viewer/2022070410/56649f175503460f94c2eb1f/html5/thumbnails/26.jpg)
Asking queries is your right!
Computers are useless, they can only give you answer.
![Page 27: IP Security. P R E S E N T E D B Y ::: Semester : 8 ::: Year : 2009 Naeem Riaz Maria Shakeel Aqsa Nizam](https://reader035.vdocuments.us/reader035/viewer/2022070410/56649f175503460f94c2eb1f/html5/thumbnails/27.jpg)
T H A N K Y O UT H A N K Y O U