Wednesday, May 20, 2009

IPSEC Basics

The IPsec standard provides a method to manage authentication and data
protection between multiple
crypto peers engaging in secure data transfer.
IPsec includes the Internet Security Association and Key
Management Protocol
(ISAKMP)/Oakley and two IPsec IP protocols: Encapsulating Security Protocol
(ESP) and Authentication Header (AH).

IPsec uses symmetrical encryption algorithms for data protection. Symmetrical
encryption algorithms
are more efficient and easier to implement in hardware.
These algorithms need a secure method of key
exchange to ensure data protection.
Internet Key Exchange (IKE) ISAKMP/Oakley protocols provide
this capability.

This solution requires a standards-based way to secure data from eavesdropping
and modification. IPsec
provides such a method. IPsec provides a choice of
transform sets so that a user can choose the strength
of their data protection.
IPsec also has several Hashed Message Authentication Codes (HMAC) from

which to choose, each giving different levels of protection for attacks such as
man-in-the-middle, packet
replay (anti-replay), and data integrity attacks.

Best Regards,
Deepak Arora

No comments: