Technology News latest news,cricket news,indian news,daily news,live news,business news,bollywood news,news website

Internet Protocol Security

internet protocol security

Internet protocol security definition

The Internet Security Protocol, IPsec, incorporates security for network transmission into the Internet Protocol (IP) directly. IPsec is integrated into the new IPv6 protocol (Internet Protocol version 6). It can also be used with the older IPv4 protocol.

IPsec is made up of several protocols that provide authentication (AH), encryption (ESP), and the secure exchange of encryption keys (IKE). The Authentication Header protocol (AH) confirms that the packet was sent by the sender, and not by someone else. IPsec also includes an integrity check to detect any tampering in transit. Packets are encrypted using the Encapsulating Security Payload (ESP). Encryption and decryption are performed using secret keys shared by the sender and the receiver. These keys are themselves transmitted using the Internet Key Exchange protocol, which provides a secure exchange.

Internet protocol security (ipsec) vpn

IPsec provides methods for both encrypting data and authenticating the host or network it is sent to. The process can be handled manually or automated using the IPsec racoon key exchange tool. With IPsec, the kernel can automatically detect and decrypt incoming transmissions, as well as encrypt outgoing ones. You can also use IPsec to implement virtual private networks, encrypting data sent over the Internet from one local network to another. Though IPsec is a relatively new security method, its integration into the Internet Protocol will eventually provide it wide acceptance.

You can use IPsec capabilities for either normal transport or for packet tunneling. With normal transport, packets are encrypted and sent to the next destination. The normal transport mode is used to implement direct host-to-host encryption, where each host handles the IPsec encryption process.

Internet protocol security and architecture

The packets you choose to encrypt are designated by the IPsec Security Policy Database (SPD). The method you use to encrypt them is determined by the IPsec Security Association Database (SAD). The SAD associates an encryption method and key with a particular connection or kind of connection. The connections to be encrypted are designated in the Security Policy Database.

Configuring IPsec
The redhat-config-network tool now provides the support for implementing IPsec connections. On the redhat-config-networkwork tool, select the IPsec panel.You are first asked to enter a nickname for the connection and to specify if you want it started automatically. You then choose the connection type. This can be either a direct host-to-host connection or a connection between two networks. A network connection implements a virtual private network (VPN) and runs IPsec in tunnel mode. (Both the host and VPN connections are described in detail in the following sections.) You then select the kind of encryption you want to use. This can either be manual or use IKE, letting racoon automatically manage the encryption and authentication process.

internet protocol security config

internet protocol security config

You then will configure both your local and remote connections, starting with the local settings. For a host-to-host connection, you need only enter the IP address for the remote host. For a VPN, you will have to enter corresponding addresses for the local and remote networks. For the local network, you will need to enter the IP addresses for the local network, the local network’s gateway computer, and the local network’s netmask. For the remote VPN connection, you will need the remote IP address, the remote network’s address, its netmask, and its gateway address. Finally, you enter the authentication key. Click the Generate button to create one.

A final screen will display your entries. Click Apply to save them. Your connection will appear in the IPsec panel, showing its type, destination, and nickname. To establish a connection, select the IPsec connection and click Activate. This will run the ifup-ipsec script in the /etc/sysconfig/network-scripts directory, which will execute IPsec tools such as setkey and racoon to establish your connection. Configuration data will be kept in the /etc/sysconfig/ networking/devices directory, using the name of the IPsec connections. For example, configuration information on the myipsec IPsec connection is kept in the ifcfg-myipsec file. Corresponding keys for each connection are kept in the keys files, including keys-myipsec. A sample configuration for a VPN is shown here.


Comments to Internet Protocol Security

  • I have not checked in here for some time since I thought it was getting boring, but the last several posts are good quality so I guess I?¦ll add you back to my everyday bloglist. You deserve it my friend :)

    navigate to this site July 10, 2016 12:45 pm

Leave a Comment

Menu Title
web counter
web counter