A Critical Analysis of Computer Network Security Methods - Essay Example

Salient components of IPsec are AH (Authentication Header) and ESP (Encapsulating security payload). AH consists of next header information (8 bits), payload length information (8 bits), identification for security association (32 bits), sequence number (ordering sequence of datagrams, 32 bits), variable authentication data containing ICV ( Integrity check value) or MAC and reserved 16 bits for future expansion (Stallings, William, 494 and Forouzan, Behrouz A., 999). ESP contains SPI (Security parameters index) for security association, sequence number, variable payload data (segment or encrypted IP packet), padding for alignment and concealing actual payload length (0-255 bytes), pad length (8 bits), next header information (8 bits) and variable authentication data (integral of 32 bits) (Stallings, William, 498).

IPsec realizes its functions by operating in two different modes – Transport mode and Tunnel mode.In transport mode, protection is provided to the IP payload (TCP or UDP segment or an ICMP packet) between host to host connection that may be server-client or two workstations. ESP performs the function of encryption and authentication of IP payload (optional) (Stallings, William, 492). However, the IP header is not encrypted. AH authenticates the IP payload and the selected portions of the IP header.

Tunnel mode ensures the security of the complete IP packet. Once the AH and ESP fields are added to the IP packets, the whole packet is treated as a new payload of fresh header and packet (Stallings, William, 492). These packets are now encapsulated within another IP packet and addressed at the ends of the IPsec tunnel. At the end of the tunnel, the packets are unencapsulated and decrypted to get the original packet, which is then despatched to the destination (McCabe, James D., 368). The tunneling mode of IPsec is used in Virtual Private Networks (VPNs) for isolating and protecting information.

A secure socket layer (SSL) is a mechanism used as a security protocol on the net. The main functions of SSL include authentication of the party’s digital identity through RSA and encryption-decryption using RC-4 (McCabe, James D., 371). Encryption/decryption results in reduced network performance in terms of capacity and delay but provides security. TLS (Transport layer security) is the standard version of SSL and is compatible with SSL ver3.