|
Welcome to
NetworkCert.NET
IP Security (IPSec) Basics back to top IP Security Architecture (TechNet) Authentication Header (AH) and Encapsulating Security Payload (ESP) provide security for lower level IP communications. Upper level communications are handled by SChannel services. These would include protocols such as Secure Sockets Layer (SSL) or Transport Layer Security (TLS). Encryption Techniques Diffie-Hellman (DH)--Public key algorithm allowing two communicating principles to negotiate the sharing of a secret key over unsecured namespace. Hash Message Authentication Code (HMAC)--Authenication using this algorithm produces a digital signature for packet delivery that the receiver can verify. If the message changes and the hash value is different, the packet is discarded. MD5 (Message Digest 5) and SHA (Secure Hash Algorithm) are examples of this type of code. MD5 uses a 128 bit encryption. SHA uses 160 bit encryption. DES-CBC (Data Encryption Standard Cipher Block Chaining) uses a secret key algorithm for confidentiality. AH provides integrity using HMAC. ESP offers integrity and confidentiality using DES-CBC. Integrity ensures that the computer initiating the connection is the one continuing the session. All use key management protocols. Either ISAKMP (Internet Security and Key Management Protocol) or Oakley Key determination protocol.
|