Pentesting

IPSec

IPSec

  • Used to secure IP communication by providing encryption and authentication services to each packet

  • Two Modes

    • Transport Mode

      • The payload and ESP trailer are encrypted but the IP header of the original packet is not.

      • Can be used in network address translation (NAT) because the original packet is still routed in the same way it would be without IPSec

    • Tunnel Mode

      • Encrypts the whole thing, encapsulating the entire original packet in a new IPSec shell

      • Incompatible with NAT

Protocols

  • Authentication Header

    • Protocol within IPSec that guarantees the integrity and authentication of the IP packet sender

  • Encapsulating Security Payload

    • Protocol that also provides origin authenticity and integrity

    • Provides confidentiality through encryption

    • Does not provide integrity and authentication for the entire IP packet in transport mode

    • In tunnel mode protection is provided for the entire IP packet

  • Internet Key Exchange

    • Protocol that produces the keys for the encryption process

  • Oakley

    • Uses Diffie-Hellman to create master and session keys

  • Internet Security Association Key Management Protocol

    • Software that facilitates encrypted communication between two endpoints

PreviousHTTP ProtocolNextIPv6 Fundamentals

Last updated