The
local device derives a hash and encrypts it with its private key. The encrypted hash
(digital signature) is attached to the message and forwarded to the remote end. At the
remote end, the encrypted hash is decrypted using the public key of the local end. If
the decrypted hash matches the recomputed hash, the signature is genuine.
Internet
Peer Authentication
HR
Servers
Corporate Office Remote Office
Introducing VPN Solutions 313
IPsec Protocol Framework
IPsec is a framework of open standards. IPsec spells out the messaging to secure the
communications but relies on existing algorithms. There are two main IPsec framework
protocols, Authentication Header (AH) and Encapsulating Security Payload (ESP). Details
are as follows:
?– AH: AH is the appropriate protocol to use when con?¬?dentiality is not required or
permitted. It provides data authentication and integrity for IP packets passed between
two systems. It is a means of verifying that any message passed from Router A to
Router B has not been modi?¬?ed during transit. It veri?¬?es that the origin of the data was
either Router A or Router B. AH does not provide data con?¬?dentiality (encryption) of
packets.
Pages:
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465