All text is transported in the clear. Used alone, the AH protocol provides weak
protection. Consequently, the AH protocol is used with the ESP protocol to provide
data encryption and tamper-aware security features.
?– ESP: A security protocol that can be used to provide con?¬?dentiality (encryption) and
authentication. ESP provides con?¬?dentiality by performing encryption on the IP
packet. IP packet encryption conceals the data payload and the identities of the
ultimate source and destination. ESP provides authentication for the inner IP packet
and ESP header. Authentication provides data origin authentication and data integrity.
Although both encryption and authentication are optional in ESP, at a minimum, one
of them must be selected.
IPsec is a framework of open standards that spells out the rules for secure communications.
IPsec, in turn, relies on existing algorithms to implement the encryption, authentication,
and key exchange. Figure 8-15 shows how the different components of security ?¬?t into the
IPsec framework, along with the choices of algorithms.
Some of the standard algorithms that IPsec uses are as follows:
?– DES: Encrypts and decrypts packet data
?– 3DES: Provides signi?¬?cant encryption strength over 56-bit DES
?– AES: Provides stronger encryption, depending on the key length used, and faster
throughput
?– MD5: Authenticates packet data, using a 128-bit shared secret key
?– SHA-1: Authenticates packet data, using a 160-bit shared secret key
?– DH (Dif?¬?e-Helman): Allows two parties to establish a shared secret key used by
encryption and hash algorithms, for example, DES and MD5, over an insecure
communications channel
314 Chapter 8: Extending the Network into the WAN
Figure 8-15 IPsec Framework Components
In Figure 8-15, four IPsec framework squares are to be ?¬?lled in.
Pages:
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466