Lesson 5
Terms
undefined, object
copy deck
- Server
- The middle level of security (Request Security)
- IPSec
- provides anti-replay protection by using sequence numbers to protect the integrity of the data being transmitted
- Client
- The lowest level of security (Respond only)
- Secure Server
- The highest level of security (Require Security)
- IKE Master key
- no other computer can access the original private keys used to create the master key; the master key is ALWAYS secure.
- IPSec policy
- each computer that uses IPSec must have an assigned policy
- Secure Server
- The session fails if the client cannot negotiate security with the server
- IPSec policy
- set of security configuration settings that defines how an IPSec -enabled system will respond on IP network traffic
- IPSec
- creates message digests called hash method authentication codes (HMACs), by using either MD5 or SHA-1 as the hashing algorithm
- Security Association
- the negotiated relationship between two computers using IPSec
- IKE
- newer term for ISAKMP/Oakley
- IKE (Internet Key Exchange)
- IPSEC uses this protocol to create a master key , which in turn is used to generate bulk encryption keys
- IPSec Transport Protocol
- Authentication Header (AH) and Encapsulating Security Payload (ESP)
- Authentication Header
- protocol that provides data integrity through the use of MD5 and SHA
- Client
- negotiates security if the server requests it
- IPSec
- a set of OPEN, NON-PROPRIETARY standards that you can use to secure data as it travels across the network or the Internet
- IPSec
- protects against eavesdropping and sniffing by providing data encryption mechanisms to allow you to encrypt data as it travels across the network
- IPSec
- prevents repudiation by providing verification that a computer sending information is the computer it proports to be
- IPSec
- Data in transit
- IPSec
- provides confidentiality by encrypting message data with DES or 3DES
- Default IPSec Policies (3)
- Secure Server, Server, and Client
- Encapsulating Security Payload
- protocol that provides data integrity, as well as data confidentiality, using one of the two encryption algorithms, DES or 3DES
- IPSec computers
- never exhange the master key; instead they agree on a prime number and a public key
- IPSec policies composed of rules -
- each rule has 5 components
- IPSec
- can prevent IP spoofing and man-in-the-middle attacks
- IPSec
- Internet Protocol Security
- IPSec computers
- use Diffie-Hellman algorithm to calculate matching master keys.
- Encapsulating Security Payload
- includes the hash in the ESP authentication data at the end of the packet instead of in the ESP header, which contains the packet's sequence number and the SPI
- "client" and "server" in the IPSec policies
- refer to which node initiates the session
- IPSec
- provides data authenticity and integrity by verifying the identities of the computers that are transmitting data to one another
- Security Association - phase 2
- produces two one-way SAs on each computer : one inbound and one outbound; used for actual transmission of data
- IPSec
- industry standard; implemented differently in the various operating systems and devices (one may not be able to talk to the other)
- Security Association - phase 1
- the computers negotiate how communication will take place, and agree on authentication, encryption, and master key generation (bi-directional)
- Server
- the server requests a secure session if the client can support it, but will accept an open session