What is IPSec and how does it work?
What is an IPSec article and how does it work? Get acquainted (gain, obtain) with present-day techniques that came from IPsec Protocols, which are used to set up encrypted connections between two or more devices. These types of protocols help keep data sent over public networks secure. You should know that IPsec is often used to set up V.P.N. VPN, which is done by encrypting IP packets and authenticating the packet source.
What is ip?
IP stands for Internet Protocol, which is the main routing protocol used in the Internet. This protocol specifies where the data should travel and which destination it should reach. But the IPSec protocol also adds encryption and authentication to the process.
Who made IpSec?
This protocol is a joint product of Microsoft and Cisco Cisco Systems works by authenticating and encrypting each data packet in a data stream.
What port does IPsec use?
The software port or network port is where the information is sent. In other words, a port is a place through which data enters or leaves a computer or server, and a number is assigned to each of these ports, which are between 0 and 65535. IPsec also typically uses port 500 to perform encryption and decryption algorithms.
What are the benefits of IPSec?
Replay attack protection: Assigns a unique number to each data packet (packet) which deletes the packet if that number is duplicate.
Confidentiality of information or encryption: VPN connection security is increased by PFS in this protocol, which is done by creating a unique key in each connection.
Information source authentication: Confirmed by the message authentication code (HMAC)
That message has not changed.
Transparency: Ipsec works at the network layer, which is actually transparent to applications and users. As a result, there is no need to change the routers and firewalls during use
Dynamic re-encryption: The security keys for decryption change at regular intervals. This prevents identity theft and hacker attacks.
Replay attack protection Any software can be compatible with this protocol Confidentiality of information (encryption) Having transport mode Having tunnel mode Authentication of the source and origin of information Layer 3 or Network Authentication.
Types of IPSec IPSec security protocols
IPsec is an open source standard and part of the IPv4 suite. IPsec can communicate between both transport mode and tunnel mode. IPsec is a global standard and can perform a variety of security processes using a set of protocols it uses, including the protocols used in IPsec. To give privacy to the data and finally Security Associations or SA to create the data used in AH and ESP.
1. IPSec AH protocol The Authentication Header (AH) protocol was developed in the early 1990s in the United States Naval Research Laboratory. This protocol ensures the security of the data source by authenticating IP packets. In this algorithm, using the sliding window method and deleting old packets and assigning a sequence number, the contents of the IPsec packet are protected against attacks such as replay attacks. In fact, with this technique, one can only be sure that the data packets have been sent from a reputable source and have not been tampered with.
In this case, both the upload and the header are encrypted. The term Tunnel is used instead of AH. All data is protected by HMAC. And only peer-to-peer points know the secret key made by HMAC and can decrypt it. And as mentioned, because headers are also encrypted and can not be changed in networks where NAT is done, the VPN service can not be used.
Integrity of submitted data Data source authentication Reject resended packages 2. IP Encapsulating Security Payload (ESP) The IP Encapsulating Security Payload (ESP) protocol was developed at the Naval Research Laboratory in 1992 as part of a DARPA-sponsored research project. The work of this protocol ensures data authentication through the source authentication algorithm, data integrity through the hash function, and confidentiality through IP packet encryption. ESP is used in settings and configurations that support either encryption only or authentication only. This is a weakness because it is unsafe to use encryption without authentication.
In this case, only the upload is encrypted and the headers remain the same without change. The term Transport is used instead of ESP. In this method, both parties must perform authentication operations and also the data is sent in encrypted form.
In fact, unlike the AH protocol, the ESP protocol in Transport mode does not provide integration and authentication for the entire IP packet. In Tunnel mode, where the entire original IP packet is located with a new packet header, ESP protects the entire internal IP packet (including the internal header) while the external header (including external IPv4 options or IPv6 extension) remains unprotected. They stay.
3. Security association IPsec protocols use a Security Association to create interconnected security features such as algorithms and keys. In fact, when the AH or ESP protocol is specified to be used, the Security Association provides a wide range of options. Before exchanging data, the two hosts agree on which algorithm to use to encrypt the IP packet. The hash function is used to ensure data integrity. These parameters are agreed in each session that has a specific life (time) and also a specific key must be specified for each session.
In how many modes can IPSec work? (Operation Modes)
IPsec AH and IPSec ESP protocols can be used in host-to-host transport mode as well as in network tunneling mode.
1. IPSec Transport Mode In transport mode, only the encrypted or verified IP packet and routing remain intact because the IP header is neither modified nor encrypted. However, when the authentication header is used, the hash value is invalidated and the IP addresses cannot be modified and translated with the Network address translation method. The Transport and Application layers are always secured with a hash, so they can not be modified in any way, even by translating port numbers.
2. Tunnel Mode or IPSec Tunnel Configuration In Tunnel mode, the entire IP packet is encrypted and authenticated. It is then categorized in a new IP packet with a new IP header. From tunnel mode to create virtual private networks for network-to-network communication (e.g. between routers to link sites), host-to-network communication (e.g. remote user access), and host-to-host communication (e.g. Private chat) is used.
Key management in IPSec protocol
IPSec is widely used in VPN technology for authentication, privacy, integrity and key management in IP-based networks.
IPSec establishes communication security within network equipment with the help of secure encryption services. For IPSec to function properly, both the sender and receiver must share a public key, which is achieved through the use of the "key management" protocol. This protocol allows the receiver to obtain a public key and authenticate the sender based on a digital signature.
















