Lecture 19: IPSec and VPN Flashcards
What is IPsec a framework for?
ensuring secure communications over IP (internet protocol) networks
What does IPsec stand for?
IP security
What does IPsec provide?
Security services similar as TLS, but at a lower layer in the communications protocol stack
What is the security in the application layer in the TCP/IP stack?
SSH, S-MIME, PGP
What is the security in the transport layer in the TCP/IP stack?
SSL, TLS
What is the security in the network layer in the TCP/IP stack?
IPsec
What is the security in the data-link layer in the TCP/IP stack?
WEP, WPA, WPA2, etc
Give the diagram for cryptography in the TCP/IP stack
See slide 5 in set 19
What does IP layer security provide?
protection for any higher layer protocol, including arbitrary TCP and UDP sessions
commonly used to provide virtual private networks (VPNs)
What does the IP layer security use?
encryption
authentication
key management algorithms
What are the 5 security services that the IP layer security has?
1) message confidentiality
2) message integrity
3) limited traffic analysis protection
4) message replay protection
5) peer authentication
What is the security service of message confidentiality i.t.o IP layer security?
Protecting against unauthorized data disclosure
–> By using encryption mechanisms
What is the security service of message integrity i.t.o IP layer security?
Determining if data has been changed(either intentionally or unintentionally)
–> By using message authentication codes (MACs)
What is the security service of limited traffic analysis protection i.t.o IP layer security?
Possibly difficult to know which parties are communicating, how often, or how much data is being sent when monitoring network traffic
–> By concealing IP datagram details such as source and destination addresses
What is the security service of message replay protection i.t.o IP layer security?
Data not delivered multiple times, and not delivered badly out of order
What is the security service of peer authentication i.t.o IP layer security?
Ensuring network traffic to be sent from the expected host
–> Each IPsec endpoint confirms its identity of the other IPsec endpoint with which it wishes to communicate
What does gateway-to-gateway security provide?
secure communications between 2 networks
Where is network traffic routed through in gateway-to-gateway architecture?
through IPsec connection, protecting it appropriately
Where does gataway-to-gateway architecture protect data?
IMPORTANT
only between 2 gateways
When is gateway-to-gateway architecture used?
Often used when connecting 2 secured networks
e.g. Linking a branch office to headquarters over the Internet
Is gateway-to-gateway architecture more or less costly than private wide area network (WAN) circuits?
less costly
What is host-to-gateway architecture commonly used to provide?
secure remote access
–> e.g. organization deploys a VPN gateway onto its network
What does each remote access user establish and between what in a host-to-gateway architecture
Each remote access user establishes a VPN connection between the local computer (host) and the gateway
In a host-to-gateway architecture, what are the two options for a VPN gateway to be?
1) dedicated device
2) part of another network device
When is a host-to-gateway architecture often used?
when connecting hosts on unsecured networks to resources on secured networks
What is host-to-host architecture typically used for?
special purpose needs
e.g. System administrators performing remote management of a single server
In a host-to-host architecture, where does it provide data protection?
IMPORTANT
throughout its transit(end-to-end)
Is a host-to-host architecture resource-intensive to implement and maintain in terms of user and host management?
yes!
What do all user systems and servers participating in VPNS in a host-to-host architecture need to have?
VPN software installed and/or configured
Comment on host-to-host architectures key management process
through a manual process
What are the 3 types of IP layer security protocols?
1) ESP
2) AH
3) IKE
What does ESP stand for i.t.o IP layer security protocols?
Encapsulating security payload
What does AH stand for i.t.o IP layer security protocols?
Authentication header
What does IKE stand for i.t.o IP layer security protocols?
Internet key exchange
What does the EPS protocol provide?
Providing confidentiality, authentication, integrity and replay protection