This chapter covers the role and operational impact of IPsec’s main components and its modes of operation in various scenarios. It provides a detailed description of the phases of IPsec connectivity. It also provides an overview of IPv6 VPNs. | Chapter 13. IPsec Fundamentals 1 This chapter addresses the protocols and algorithms that IPsec uses and the different security services that IPsec provides. • Analyzes the architecture of the IPsec protocol • Details the role and operational impact of IPsec’s main components • Describes IPsec modes of operation in various scenarios • Describes the phases of IPsec connectivity • Describes the role and component of IKE • Provides an overview of the operations of IPv6 VPNs Contents An IP Security (IPsec) virtual private network (VPN) is an essential tool for providing a secure network for business communication. IPsec works at the network layer, protecting and authenticating IP packets between participating IPsec devices (peers). IPsec is not bound to any specific encryption, authentication, or security algorithms or keying technology. IPsec is a framework of open standards. IPsec Framework Confidentiality Integrity Authentication • Username and password • One-time password • Biometric | Chapter 13. IPsec Fundamentals 1 This chapter addresses the protocols and algorithms that IPsec uses and the different security services that IPsec provides. • Analyzes the architecture of the IPsec protocol • Details the role and operational impact of IPsec’s main components • Describes IPsec modes of operation in various scenarios • Describes the phases of IPsec connectivity • Describes the role and component of IKE • Provides an overview of the operations of IPv6 VPNs Contents An IP Security (IPsec) virtual private network (VPN) is an essential tool for providing a secure network for business communication. IPsec works at the network layer, protecting and authenticating IP packets between participating IPsec devices (peers). IPsec is not bound to any specific encryption, authentication, or security algorithms or keying technology. IPsec is a framework of open standards. IPsec Framework Confidentiality Integrity Authentication • Username and password • One-time password • Biometric • Preshared keys (PSK) • Digital certificates Antireplay protection IPsec Framework The following are some of the encryption algorithms and key lengths that VPNs use: Date Encryption Standard (DES) 3DES Advanced Encryption Standard (AES) Rivest, Shamir, and Adleman (RSA) Software-Optimized Encryption Algorithm (SEAL) algorithm Encryption Algorithms Encryption algorithms, such as DES and 3DES, require a symmetric shared-secret key to perform encryption and decryption. You can use email, courier, or overnight express to send the shared-secret keys to the administrators of the devices. But the easiest key-exchange method is a public-key exchange method between the encrypting and decrypting devices. The method has two variants: • The Diffie-Hellman (DH) key agreement • ECDH is a variant of the DH protocol using elliptic curve cryptography (ECC). It is part of the Suite B standards. Key Exchange: Diffie-Hellman • DH1: 768-bit key • DH2: 1024-bit key • DH5: 1536-bit key • DH7: 163-bit ECDH .
