Ipsec: Difference between revisions

From Hackepedia
Jump to navigationJump to search
Newer edit →
Frankk (talk | contribs)
136 edits
No edit summary
 
Frankk (talk | contribs)
136 edits
No edit summary
Line 1: Line 1:
=== IPsec ===
=== IPsec ===


[[IPsec]] (outlined in [[RFC]] 2401) is a security enhancement to the [[IP]] and [[IPv6]] protocols in [[Internet]] communication.  Since [[IPsec]] is a combination of hashing, symmetric cryptography as well as assymetric cryptography it's proper to make this a seperate section outlining all functions of the protocol here.
[[IPsec]] (outlined in [[RFC]] 2401) is a security enhancement to the [[IP]] and [[IPv6]] protocols in [[Internet]] communication.  Since [[IPsec]] is a combination of hashing, symmetric [[cryptography]] as well as assymetric cryptography it's proper to make this a seperate section outlining all functions of the protocol here.


[[IPsec]] has three protocols Authenticated Header ([[AH]]), Encapsulating Security Payload ([[ESP]]), and IP Compression ([[IPComp]]).  In a short explanation [[AH]] adds a [[One way hash]] to the header ensuring integrity of the payload.  [[ESP]] encrypts the payload following the [[IPsec]] header making it safer from [[sniffing]].
[[IPsec]] has three protocols Authenticated Header ([[AH]]), Encapsulating Security Payload ([[ESP]]), and IP Compression ([[IPComp]]).  In a short explanation [[AH]] adds a [[One way hash]] to the header ensuring integrity of the payload.  [[ESP]] encrypts the payload following the [[IPsec]] header making it safer from [[sniffing]].

Revision as of 23:01, 26 October 2005

IPsec

IPsec (outlined in RFC 2401) is a security enhancement to the IP and IPv6 protocols in Internet communication. Since IPsec is a combination of hashing, symmetric cryptography as well as assymetric cryptography it's proper to make this a seperate section outlining all functions of the protocol here.

IPsec has three protocols Authenticated Header (AH), Encapsulating Security Payload (ESP), and IP Compression (IPComp). In a short explanation AH adds a One way hash to the header ensuring integrity of the payload. ESP encrypts the payload following the IPsec header making it safer from sniffing.


OS Implementations

For GNU/Linux the popular implementation is openswan which is the result of the disbandment of freeswan.

FreeBSD IPsec requires you build it into your kernel, this will require: 

options         IPSEC
options         IPSEC_ESP

in /usr/src/sys/i386/conf/$YOUR_FIREWALL and a kernel recompile.

OpenBSD has a built-in IPsec stack. It has a daemon called isakmpd which speaks the ISAKMP/Oakley aka. IKE Key management protocol is used for establishing security associations (private encryption keys) between peers.

Microsoft WinXP Pro apparently has ipsec built in as well.

Retrieved from "https://hackepedia.org/index.php?title=Ipsec&oldid=438"