IP Security Flashcards
What are the areas that IP security try to combat?
Eavesdropping, Modification of packets in transit, Identity spoofing, Denial of Service.
Where is IPsec implemented? What is one consequence of this?
In the Operating System’s Kernel. This means that it is relatively transparent to the user.
What are the three parts of IPSec?
Authentication Header, Encapsulating Security Protocol, Internet Key Exchange.
What does the Authentication Header provide in IPSec?
Authenticity and Integrity
What does ESP provide in IPSec?
Encapsulating Security Protocol provides confidentiality.
What is the consequence of IKE getting compromised?
AH and ESP provide no security.
What is the difference between transport mode and tunnel mode in IPSec?
Transport mode delivers from host to host (end to end) and is usually used within the same network. It requires both hosts to use IPSec.
Tunnel mode delivers from gateway to gateway. Internal traffic behind the gateway is not protected, but only the gateways need to support IPSec. Used in VPNs.
What is a Security Association?
In IPSec, the SA is a one-way sender recipient relationship, which determines how a packet from a particular source should be processed (e.g. what algorithms are used, what keys, which mode etc.)
So, when a new packet arrives, the system must check an IPSec database to decide which SA should be used to process this message.
What is the process of sending an IPSec packet?
1) check if it needs to use IPSec on the SPD.
2) If it does, check the database to see which Security Association is needed for this recipient.
3) Use this SA to process the packet, and then send it. If no SA exists, then one needs to be established.
What is the process of receiving an IPSec packet?
1) Check if the packet is IPSec. If it is, look up its SA.
2) If the SA exists, use this to process the packet. Then take away the IP header, and deliver it up the protocol stack.
3) If no SA exists, discard.
4) If the packet was not IPSec, then look it up in the SPD to see whether it should be discarded or allowed through.
How do we set up a Security Association?
Through Internet Key Exchange.
What is an SPI?
Security Parameter Index. It is used to identify which SA should be used in IPSec.
What is an SPD in IPSec?
Security Policy Database. It is where we check whether a particular packet needs to be protected with IPSec or not.
True or false, IPSec does not send the SPI with the packet?
False, we need to send the SPI so that the receiver can locate the Security Association in the Security Association Database.
True or false, IPSec is not required in IPv6?
False, it is mandatory.