StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Site to Site Internet Protocol Security - Essay Example

Cite this document
Summary
The following essay "Site to Site Internet Protocol Security" is focused on the issue of information security. As the text has it, Internet Protocol Security (IPSec) happens to be the prime technique that works with all forms of internet traffic in attempts to achieve a secured internetwork system…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER96.8% of users find it useful
Site to Site Internet Protocol Security
Read Text Preview

Extract of sample "Site to Site Internet Protocol Security"

Site to Site Internet Protocol Security Table of Contents 1.0 Introduction………………………………………………………………………..3 2.0 Tunnel Model……………………………………………………………………....3 3.0 Architecture………………………………………………………………………...4 3.1 The IPSec Roadmap……………………………………………………………….5 4.0 Authentication and Confidentiality………………………………………………....6 4.1 Authentication Goals………………………………………………………………7 4.2 Confidentiality Goals………………………………………………………………7 4.3 IPv4 vs. IPv6 Authentication……………………………………………………...7 5.0 IPSec Implementation………………………………………………………………8 6.0 Conclusion…………………………………………………………………………..8 Site to Site Internet Protocol Security 1.0 Introduction Security is a pivotal factor when it comes to internet advancements. Internet Protocol Security (IPSec) happens to be the prime technique that works with all forms of internet traffic in attempts to achieve a secured internetwork system. This encompasses both the current version of internet addressing, IPv4, and the next generation version, IPv6. IPSec protocol is a set of protocols that enable secure exchange of packets at the Internet Protocol layer. It is developed by the Internet Engineering Task Force (IETF) and has been deployed widely in the implementation of Virtual Private Networks (VPN). With a secured IP layer, any application can take full advantage of its functionality (Doraswamy & Harkins 2003). In VPN Tunneling technology, all traffic is forced through a secured site. Furthermore, one network is able to send its data via the connection of another network. The implementation of IPSec can take place at the end host or in the routers or even in both depending on the security requirements of the users (Doraswamy & Harkins 2003). With IPSec any piece of information sent from one site to another remains secured due to the involved extensibility of the Internet Protocol layer. In this study therefore, we will discuss tunneling, architecture, authentication and the associated standards in attempts to describe IPSec protocol. 2.0 Tunnel Mode Of all VPNs Tunnel Mode is the most commonly used in IPSec implementations Tunneling is the transmission of data intended for use within a private network through public network. In this case therefore, data is conveyed by a public network, which is the internet, on behalf of private network. This is achieved through the protection of IP packets by the IPSec in such a way that the original packets get wrapped, encrypted and a new header added before being sent to the other side of the VPN tunnel (Tiller 2000). Configurations of IPSec VPN tunneling can also be done using Generic Routing Encapsulation (GRE) Tunnels with IPSec. The GRE is an encapsulation protocol of an arbitrary network layer protocol over another different arbitrary network layer protocol (Javin Technologies 2005). In this protocol, packets known as payloads need to be encapsulated and delivered to some destination. First, the payload is encapsulated in a GRE packet then in some other protocol before being forwarded. The outer protocol is known as a delivery protocol. "Security in a network using GRE should be relatively similar to security in a normal IPv4 network, as routing using GRE follows the same routing that IPv4 uses natively." (Javin Technologies 2005). Unlike the route filtering which remains unchanged, packet filtering requires a firewall look inside the GRE packet, or, alternatively, the filtering can be done at the GRE tunnel endpoints. Javin Technologies (2005) further describes another protocol within the IPSec protocols, the Point-to-Point Tunneling Protocol (PPTP). This is a network technology that supports multiprotocol VPNs enabling remote users to access corporate networks through the internet. The PPTP is almost entirely only implemented by Private Network Systems (PNS) and uses extended version of GRE in carrying out user Point-to-Point Protocol (PPP) packets. These enhancements allow for low-level congestion, efficient use of bandwidth available for the tunnels and avoidance of unnecessary transmissions and buffer overruns. 3.0 Architecture The goal of the IPsec architecture lies in the provision of various security services for traffic. This happens at the IP layer in both the environment of IPv4 an IPv6 in a more standardized and universal way. The IPSec architecture basically describe system requirements for the implementation of the IPSec. It further focuses on the fundamental elements of the implementation systems and how they fit together into the IP environment. All the security services offered by IPSec protocols are covered in the architecture. In attempts to visualize the IPSec architecture, Doraswamy & Harkins (2014) discuss the IPSec Roadmap diagram. 3.1 The IPSec Roadmap IPSec protocols includes the following: AH, ESP, IKE, ISAKMP/Oakley and transforms. An understanding of how these components relate with each other gives a clear understanding, implementation and the ability to use IPSec. The IPSec Roadmap defines how these components interact with each other. Figure 3.0.The IPSec Architecture The standard associated with security architecture is RFC 4301, the standard associated with IP Encapsulating Security Payload (ESP) is RFC 4303 and the standard associated with IP Authenticatication Header (AH) is 4302 just to mention but a few. ESP and AH documents define the protocol as well as the services they provide and also define packet processing rules. Their only undoing is their inability to specify the transforms used in the provision of these capabilities. Another component of great concern is the Internet Key Exchange (IKE) which is responsible for the generation of keys for the IPSec protocols. Furthermore it also negotiates keys for other protocols that may require keys. In the IPSec network layer security, the above stated three components, that is the AH, ESP and IKE, are highly interconnected towards the achievement of IPSec. In this case, AH and ESP rely on an existing security association which is established by the IKE. This is therefore an implication that should IKE break then definitely there will be no protection provided by the AH and ESP. This relationship can simply be summarized in this form: IPSec = AH + ESP + IKE, and it should therefore be understood that the combination of AH and ESP protect the IP traffic while IKE sets up keys as well as algorithms for AH and ESP. Issues concerning policy within the IPSec encompass representation and implementation (Doraswamy & Harkins 2014). Representation deals with policy definition, storage and how it can be retrieved while implimentation addresses policy application. 4.0 Authentication and Confidentiality "The IPSec standards include protocols for ensuring confidentiality, integrity, and authentication of data communications in an IP network." (Guttman et al 2000). Confidentiality is achievable through encapsulation. Both authentication and confidentiality can be used together or separately. The associated standards (RFCs) are very flexible to the extent of attracting commercial interest; this has resulted to the availability of many IPSec products. For a better understanding of the IPSec protocol, let us focus on authentication and confidentiality as security goals. 4.1 Authentication Goals Guttman et al (2000) argues that the essence of authentication lies in allowing the recipient to take a packet at face value. The author further affirms this argument by an example which states that for a Packet p selected from protection by the authentication goal the following scenario will occur: Assuming A is the value found in the header field of the source of p as received by B, then this implies that p originated at A in the past meaning the payload has not been altered since. A packet is never to be regarded as properly received until it is proven that the 'mark' it contains matches the value computed from a shared secret. 4.2 Confidentiality Goals Carrell et al(2012) reveals that the RFC 2401 states that the goals of IPSec are to provide confidentiality. In this case therefore, unauthorized people are prevented by confidentiality from viewing information. The fact that IPSec supports the use of a variety of encryption tools makes it possible for confidentiality to be realized. Furthermore, the IPSec can hide true communication paths from partners, a technique achievable through specified tunneling. This is a type of confidentiality known as Limited Traffic Flow confidentiality which makes it hard for an adversary to know who is talking to who. 4.3 IPv4 vs. IPv6 Authentication In order to enable a client to connect to a database with either IPv4 or IPv6, two authentication methods are required with one from each address. An IP address is required by any authentication method that happens to use the host authentication. The IPv6 PPP session authentication is identical to Ipv4 (Minoli 2012). Minoli (2012) further reveals that IPv6 and IPv4 authentications can be singly authenticated to Remote Authentication Dial-In User Services (RADIUS). 5.0 IPSec Implementation In this section let us focus on how a packet travels from one user to another using the IPSec. In IPSec the transport mode only encrypts the payload of an IP packet and this is only applicable to the two parties or entities that both implement the IPSec. The only difference with the tunnel mode is that the entire packet is encrypted making it more secured. Before packets are released, router implementation is essential as it protects the packets over the internet. The encrypted packet moves through a VPN tunnel where it cannot be visible to other network users except to the recipient who is the end user. Based on the knowledge of VPN tunneling discussed above, the switched packets are able to reach the recipient unaltered. 6.0 Conclusion This discussion has equipped us with vital knowledge IPSec protocol through extensive explanations of security measures involved in Internet Protocol Security (IPSec). If used the right way, IPSec turns out very useful. Preferably, IPSec should be applied in point-to-point communication type. As much as IPSec is able to provide a nice way to secure data as it is transferred through public network, it if still prone to attacks due to the highly advanced technology. Generally, this study describes data transmission using IPSec. References Carrell, J., Chappeli, L., Tittel, E., & Pyles, J. (2012). Guide to TCP/IP (4th ed.). Boston: Cen-gage Learning. Doraswamy, N., & Harkins, D. (2003). IPSec: The New Security Standard for the Internet. New Jersey, NJ: Prentice Hall Professional. Doraswamy, N., & Harkins, D. (2014, June). IPSec Architecture. Retrieved from http://www.technet.microsoft.com/en-us/library/cc700826.aspx Guttman, J. D., Herzog, A. L., & Thayer, F. J. (2000). Authentication and Confidentiality via IPSec. The MITRE Corporation, 45(6), 1-18. Javin Technologies, Inc. (2013, June). Network Protocols Handbook. Retrieved from http://javintechnologies.com Minoli, D. (2012). Learner and Non-Learner Video and TV Applications: Using IPv6 and IPv6 Multicast. New Jersey, NJ: John Wiley & Sons. Tiller, J. S. (2000). A Technical Guide to IPSec Virtual Private Networks. Florida, FL: CRC Press. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Site to Site Internet Protocol Security Essay Example | Topics and Well Written Essays - 1500 words”, n.d.)
Site to Site Internet Protocol Security Essay Example | Topics and Well Written Essays - 1500 words. Retrieved from https://studentshare.org/information-technology/1671046-site-to-site-ipsec-vpn-tunneling
(Site to Site Internet Protocol Security Essay Example | Topics and Well Written Essays - 1500 Words)
Site to Site Internet Protocol Security Essay Example | Topics and Well Written Essays - 1500 Words. https://studentshare.org/information-technology/1671046-site-to-site-ipsec-vpn-tunneling.
“Site to Site Internet Protocol Security Essay Example | Topics and Well Written Essays - 1500 Words”, n.d. https://studentshare.org/information-technology/1671046-site-to-site-ipsec-vpn-tunneling.
  • Cited: 0 times

CHECK THESE SAMPLES OF Site to Site Internet Protocol Security

Hijacking, Cloud Security and Data Loss

This review ''Hijacking, Cloud security and Data Loss'' discusses that cloud computing entails saving and retrieving files from the cloud computing server sites.... The computer hijacking may cause security threats on the cloud computing clients' confidential data.... People using internet –capable cell phones, tablets, and computers can save their files in the cloud computing sites.... They can then access their files from the cloud server sites from any available computer, tablet, or internet- capable cell phones....
10 Pages (2500 words) Literature review

The Security Aspect and Hacking Techniques: the Usual Nature of Services

The various security concerns arose as a result of various individuals who passionately developed intelligent programs with negative and illicit attitude and make sure that all the various concerns are highlighted to its full extent.... To modify these resources one requires using the communication protocol (HTTP) client and server to exchange demonstration of the messages.... om (2008) mentions that SOAP stands as Simple Object Access protocol is an application level protocol as a transport level protocol....
10 Pages (2500 words) Research Paper

International Workshop on Security Protocols

This report "International Workshop on security Protocols" presents a sequence of operations that make sure data is protected.... Internet users associate their online security with the lock icon that often comes with a website secured using SSL or the green address bar that is found on the extended validation website secured using SSL.... It is commonly used in conjunction with the transfer layer protocol.... his is a crucial protocol that secures over a billion transactions every day to protect customers online, especially when transmitting confidential information....
8 Pages (2000 words) Report

BitTorrent Communication

In fact, BitTorrent protocol has been given a number of different descriptions such as a "crowded, throw, and collect" file transfer protocol (Rouse, 2009; Love, 2012).... he working of this protocol is simple, in fact, it does not transfer a target file to each client asking for it, in its place the file owner or distributor transfers it to one client who, sequentially, transfers it to other clients.... This protocol was written by Bram Cohen using the Python language....
8 Pages (2000 words) Essay

IP-SEC Site to Site VPN Connectivity

Virtual Private Network provides its users with security, functionality, and network management.... Today, they have been replaced by Virtual Private Networks based on Networks and MPLS (Multiple protocol Label Switching) networks.... … IntroductionA Virtual Private Network (VPN) refers to a network technology developed for creating a network connection that is secure over a public network such as service provider owned private networks and the internet....
11 Pages (2750 words) Article

Basic Concepts of Checksum or CRC Integrity Checks

… The paper “Basic Concepts of Checksum or CRC Integrity Checks, Checksum and CRC Checks Inadequacy for security” is an informative example of an assignment on logic and programming.... The paper “Basic Concepts of Checksum or CRC Integrity Checks, Checksum and CRC Checks Inadequacy for security” is an informative example of an assignment on logic and programming.... The likely causesThe new Wiki software has caused network intrusion leading to the breach of security....
6 Pages (1500 words) Assignment

Transmission Control Protocol in Wireless Networks

This abstraction is employed in both computer networking standard models, which are the OSI model (Open Systems Interconnection model) and TCP/IP (internet protocol Suite).... hellip; In terms of security, emails sent by the SMTP standard are not encrypted and no authentication is used.... The messages sent are prone to security threats such as interception and modification.... In order to overcome these security issues, an administrator can make use of client-side solutions like PGP (pretty good privacy) or secure MIME (S/MIME)....
9 Pages (2250 words) Coursework

Internet Protocol 4 (IPv4) vs Internet Protocol 6 (IPv6)

The essay "internet protocol 4 (IPv4) vs internet protocol 6 (IPv6)" focuses on the critical analysis of the main differences and similarities between internet protocol 4 (IPv4) and internet protocol 6 (IPv6).... nbsp;IPv4 fails to have the capacity to sustain the increasing demand for internet protocol addresses.... Concerning features, IPv6 is more advanced and it is nowadays being referred to as the next-generation internet protocol based on the fact that it has more enhanced extensibility and scalability, convergence, mobility, and security among others....
5 Pages (1250 words) Essay
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us