 |
|
|
|
The industry standard for establishing VPN's, IPSec comprises a group of
protocols and algorithms to provide authentication and encryption of data across
IP-based networks. There are three main components to IPSec: Key Management
IPSec uses the internet key exchange (IKE) to securely establish and pass shared
keys between sites. Keys and security associations may also be passed manually.
Authentication Header (HA) protocol defines methods of establishing the identity
of the message originator and ensuring that the transmitted data has not been
tampered with. Encapsulating Security Payload (ESP) protocol provides the same
functions as the Authentication header protocol but additionally defines
encryption methods for the data. All three components are modular and designed
to incorporate new algorithms and schemas, ensuring forward compatibility as new
advancements in encryption or key exchange mechanisms are made. However, IPSec
defines lowest level denominators to enable at least minimal interoperability
between different vendors’ implementations of an IPSec VPN. For instance, all
IPSec VPN's must include the DES encryption algorithm for data encryption.
|
|
|
 |
|
|
- IP Security (IPSec)
- Overview
- IPSec Advantages
- IPSec modes
- IPSec Architecture
- IPSec security functions (ESP, AH)
- IPSec SA
- Internet Key Exchange (IKE)
- Overview
- IKE evolution
- IKE phases
- IKE modes
- Perfect Forward Secrecy (PFS)
- ISAKMP and IKE
|
|
- SSL / TLS
- IPSec Systems
- IPSec based VPN
- IPSec based VPN
- IPSec interoperability
- Security considerations
- Bibliography
- Conclusion
|
|
|
|
|
 |
 |
 |
- R&D managers and software engineers willing to integrate IPSec in their
solutions.
- IT security staff who wish to understand IPSec in more depth.
- Other personnel (Support, QA, Marketing etc.) dealing with IPSec based systems.
|
|
|
 |
|
|
- Knowledge in TCP/IP, Applied cryptography
|
 |
 |
|
|
|
|
|
|
|
|
|
|
|