Chapter 10. IP Security in Action

IPSec is a robust and extensible mechanism for securing IP datagrams. IPSec provides stateless security data confidentiality, data integrity, data source authentication, protection against traffic analysis, and antireplay protection and therefore does not make any requirements on the IP protocol to achieve security. As such it is ideal for protecting any type of traffic that can travel on top of IP basically any traffic.

By providing security at the IP layer, IPSec allows any application to take full advantage of its functionality. Security is done in one place, in the stack, instead of in each application that requires security. Authentication and access control are therefore done at the communications aggregation point in the stack. It is important to contrast this with socket-based security such as SSL in which every application that desires security must be modified. With IPSec, you just modify your stack and, voila, all applications can be secured.

Different modes of IPSec tunnel mode and transport mode allow it to be deployed anywhere an IP stack exists and to protect any type of traffic carried over IP. Transport mode is ideally suited for providing end-to-end security, while tunnel mode is ideally suited for providing protection to transient traffic.

By placing IPSec-enabled hardware at different points in the network routers, firewalls, hosts, and bump-in-the-wire (BITW) "crypto boxes" different security deployments can be realized. End-to-end security can be achieved by deploying IPSec-enabled stacks on hosts or by providing a bump-in-the-stack (BITS) solution as a "shim" inserted into the networking stack. A virtual private network (VPN) can be constructed by IPSec-enabled routers protecting traffic between protected subnets. Scenarios such as the roaming road warrior can be achieved by combining host-based and router-based IPSec solutions together.

Since IPSec-protected datagrams are themselves IP datagrams, IPSec can be applied serially or recursively, allowing for hub-and-spoke deployments, or end-to-end IPSec-secured packets being tunneled through an IPSec-protected VPN.

Top Previous page Table of content Next page IPSec (2nd Edition) ISBN: 013046189X EAN: 2147483647 Year: 2004 Pages: 76 Authors: Naganand Doraswamy, Dan Harkins BUY ON AMAZON MySQL Stored Procedure Programming A Quick Tour Some Words of Advice for Developers Date and Time Functions Conclusion Stored Programs and J2EE Applications Inside Network Security Assessment: Guarding Your IT Infrastructure What Security Is and Isnt Process for Assessing Risk Foundations and Principles of Security Vulnerability Management Procurement Best Practices The New Solution Selling: The Revolutionary Sales Process That Is Changing the Way People Sell [NEW SOLUTION SELLING 2/E] Chapter Eight Creating Visions Biased to Your Solution Chapter Ten Vision Re-engineering Chapter Eleven Gaining Access to People with Power Chapter Twelve Controlling the Buying Process Chapter Fourteen Getting Started with the Process Ruby Cookbook (Cookbooks (OReilly)) Finding and Changing the Current Working Directory Fixing Bugs in Someone Elses Class Integrating a Database with Your Rails Application Creating a Login System Extending Ruby with Other Languages Quartz Job Scheduling Framework: Building Open Source Enterprise Applications History of the Quartz Framework Hello, Quartz The Cron Expression Format The QuartzInitializerServlet to the Rescue Configuring Quartz Datasources MPLS Configuration on Cisco IOS Software Frame-Mode MPLS Command Reference Command Reference Local Switching VPLS Topology-Single PE or Direct Attachment flylib.com © 2008-2017. If you may any questions please contact us: flylib@qtcs.net Privacy policy This website uses cookies. Click here to find out more. Accept cookies