IPSec Process Flashcards
Stage 1
- Host recognition: A host system recognizes that a packet needs protection and should be transmitted using IPsec policies.
Such packets are considered “interesting traffic” for IPsec purposes, and they trigger security policies.
For outgoing packets, this means the appropriate encryption and authentication are applied. When an incoming packet is determined to be interesting, the host system verifies that it has been properly encrypted and authenticated.
Stage 2
Negotiation, or IKE Phase 1: Hosts use IPsec to negotiate the set of policies they will use for a secured circuit.
They also authenticate themselves to each other and set up a secure channel between them that is used to negotiate the way the IPsec circuit will encrypt or authenticate data sent across it. This negotiation process occurs using either Main mode or Aggressive mode.
MODES
With main mode, the host initiating the session sends proposals indicating its preferred encryption and authentication algorithms. The negotiation continues until both hosts agree and set up an IKE SA that defines the IPsec circuit they will use. This method is more secure than aggressive mode because it creates a secure tunnel for exchanging data.
In aggressive mode, the initiating host does not allow for negotiation and specifies the IKE SA to be used. The responding host’s acceptance authenticates the session. With this method, the hosts can set up an IPsec circuit faster.
Stage 3
IPsec circuit, or IKE Phase 2. Step three sets up an IPsec circuit over the secure channel established in IKE Phase 1. The IPsec hosts negotiate the algorithms that will be used during the data transmission. The hosts also agree upon and exchange the encryption and decryption keys they plan to use for traffic to and from the protected network. The hosts also exchange cryptographic nonces, which are random numbers used to authenticate sessions.
Stage 4
IPsec transmission. In the fourth step, the hosts exchange the actual data across the secure tunnel they’ve established. The IPsec SAs set up earlier are used to encrypt and decrypt the packets.
Stage 5
IPsec termination. Finally, the IPsec tunnel is terminated. Usually, this happens after a previously specified number of bytes have passed through the IPsec tunnel or the session times out. When either of those events happens, the hosts communicate, and termination occurs. After termination, the hosts dispose of the private keys used during data transmission.