Documente Academic
Documente Profesional
Documente Cultură
Sender Receiver
Synchronizing
Acknowledgement, Synchronizing
Acknowledgement
Connection Established
Data Transmission
Networking Devices
• Hub
• Switch/Bridge
• Router
A hub in an network
CSMA/CD
A Switch in an network
Routers in a network
Router
•Packet switching
•Packet filtering
•Internetwork communication
•Path selection
Site to Site VPN
IPsec (Internet Protocol Security)
Provides data security at the IP packet level. It is designed to provide the
following security features when transferring packets across networks:
• Authentication : Verifies that the packet received is actually from the claimed sender
• Integrity : Ensures that the contents of the packet did not change in transit
• Confidentiality : Conceals the message content through encryption.
IPsec Security Association
Security Association (SA) is a logical connection between two devices
transferring data. An SA provides data protection for unidirectional
traffic by using the defined IPsec protocols.
SAs operate using modes.
• Transport Mode : IPsec implementation encapsulates only the packet's
payload.
• Tunnel Mode : IPsec implementation encapsulates the entire IP packet.
Ipsec SA Modes
Transport Mode – Security for Transport layer and above. Leaves the original IP header.
Tunnel Mode – Encapsulate the original IP header and creates a new IP header that is sent encrypted.
IPsec Phase
• Phase 1 – Two peers perform the initial negotiation of SA. Phase 1 generate
ISAKMP SA, used for management tunnel
• Phase 2 – Used to build IPsec SAs which are to security the actual traffic.
IPsec Components
Ipsec contains the following elements:
(1) Encapsulating Security Payload (ESP)
Provides confidentiality, authentication, and integrity.
(2) Authentication Header (AH)
Provides authentication and integrity.
(2) Internet Key Exchange (IKE)
Provides key management and Security Association (SA)
management.