IP security
IP Security for a Communication System Abstract Privacy and confidentiality have become a pressing operational issue for businesses, and many companies have already begun re-engineering their information sharing systems and data-handling practices to deal with these issues effectively and efficiently. IP Security (IPSec) enhanced in Windows 2000 operating system provides a mechanism for securing data as it is transmitted across a communication system. The IP protocol is modified to provide security. ... With this, we can determine how IPSec can provide the desired security solutions. ... Introduction There are a number of security threats to computer networks. ... Nevertheless, protecting information from inside by using multiple security mechanisms is the base of defense. ... This approach uses the existing IP network as the medium for remote access. ... So, in order for a customer to benefit from the cost effectiveness and convenience of tunneling through the Internet, technologies need to be available and implemented that protect against security risks. ... The financial institution has objectives related to data security and availability to protect the confidential financial data that is maintained in a database and updated frequently by authorized individuals over the network. ... The Business Case for IP Security IP Security (IPSec) provides a model for securing data as it is transmitted across a network. ... As part of a comprehensive security plan using stringent controls, IPSec ensures protection of the transmitted data. ... Network security is a broad and oftentimes ambiguous term. ... IPSec Overview As the name implies, IPSec provides security for IP datagrams, and is based on the assumption that most networks are not secure, and thus require additional components to protect data as it travels over the wire. ... There are many different ways to provide data security. Some applications provide security services at the application layer including Secure Sockets Layer (SSL) or Transport Layer Security (TLS). In the case of these protocols, the application makes calls to the underlying security provider to provide these services. IPSec eliminates this requirement by moving security down to the network layer. This allows applications to remain independent of the underlying security infrastructure. IP datagrams are protected regardless of the application that initially generated the traffic. IPSec provides the ability to authenticate, secure, and optionally encrypt any data traveling over any IP network, including the Internet. IPSec provides end-to-end security between computers and networks [1, 2, 5]. It is end to end, implying that only the sender and the recipient need to be aware of the details concerning security. ... For customers this means that a high level of security can be implemented without enormous cost or a significant change to their network infrastructure. ... The protection of IP datagrams is provided by two protocols, Authentication Header (AH) and Encapsulating Security Payload (ESP). ... There are four main components to IPSec in Windows 2000: IPSec protocols, Security associations, Security policy, and IPSec driver. ... These protocols can be configured to protect the entire IP payload, or just the upper-layer protocols of the IP payload. ... Encapsulating Security Payload (ESP) is an Internet protocol defined in RFC 2406. ... In tunnel mode, the cryptographic endpoint is a security gateway providing security on behalf of another network. ... In transport mode, a header is placed between the IP portion of the datagram and the upper layer headers, while in tunnel mode, the entire IP packet is encapsulated in another IP datagram and an IPSec header is placed between the two IP headers [5, 3]. ... This provides the flexibility to define areas requiring low, medium, and high security and apply IPSec accordingly. For example, the financial institution may have determined that authentication and integrity are required in all areas, but that confidentiality is only necessary in certain high security environments. ... Security Associations Before two hosts can communicate using IPSec, they must first establish the guidelines for that session. Consider the security association (SA) as the agreement between the two parties regarding the specific security settings to employ. For example, if Host A wants to communicate with Host B, they must agree on certain security settings. ... Security Policy The basis of IP security is to identify specific types of traffic and to make sure that traffic is secure. ... Determining what traffic to secure and the level of security to be implemented is defined in the security policy. ... Policies should be defined based on the required or desired security of the financial institution. ... Rules govern how and when IPSec policy is invoked based on source, destination, and type of IP traffic.