Demystifying the IPSec Puzzle

Free Download

Authors:

Series: Artech House Computer Security Series

ISBN: 1580530796, 9781580530798, 9781580533997

Size: 1 MB (1164148 bytes)

Pages: 292/292

File format:

Language:

Publishing Year:

Category:

Sheila Frankel1580530796, 9781580530798, 9781580533997

Now that the Internet has blossomed into the “Information Superhighway,” with its traffic (and drivers) becoming increasingly diverse, security has emerged as a primary concern. This innovative new book offers you a global, integrated approach to providing Internet Security at the network layer. You get a detailed presentation of the revolutionary IPsec technology used today to create Virtual Private Networks and, in the near future, to protect the infrastructure of the Internet itself.
The book addresses IPsec’s major aspects and components to help you evaluate and compare features of different implementations. It gives you a detailed understanding of this cutting-edge technology from the inside, which enables you to more effectively troubleshoot problems with specific products. Based on standards documents, discussion list archives, and practitioners’ lore, this one-of-a-kind resource collects all the current knowledge of IPsec and describes it in a literate, clear manner.

Table of contents :
Contents vii……Page 8
Preface xvii……Page 18
1 Introduction 1……Page 20
1.1 The TCP/IP Protocol Stack 5……Page 24
1.2 Introducing IPsec 12……Page 31
1.3 Summary 13……Page 32
References 14……Page 33
2.1 Protections Provided by AH 15……Page 34
2.2 Security Associations and the Security Parameters Index 16……Page 35
2.3 AH Format 19……Page 38
2.4 AH Location 20……Page 39
2.5 AH Modes 21……Page 40
2.6 Nested Headers 22……Page 41
2.7 Implementing IPsec Header Processing 23……Page 42
2.8 AH Processing for Outbound Messages 25……Page 44
2.9 AH Processing for Inbound Messages 30……Page 49
2.10 Complications 32……Page 51
2.11 Auditing 35……Page 54
2.13 Summary 37……Page 56
References 38……Page 57
3.1 Protections Provided by ESP 41……Page 60
3.2 Security Associations and the Security Parameters Index 42……Page 61
3.3 ESP Header Format 43……Page 62
3.4 ESP Header Location and Modes 45……Page 64
3.5 Nested and Adjacent Headers 46……Page 65
3.6 ESP Header Processing for Outbound Messages 48……Page 67
3.7 ESP Header Processing for Inbound Messages 49……Page 68
3.9 Criticisms and Counterclaims 52……Page 71
3.10 Threat Mitigation 54……Page 73
3.11 Why Two Security Headers? 55……Page 74
3.13 Further Reading 56……Page 75
References 57……Page 76
4 The Third Puzzle Piece: The Cryptographic Algorithms 59……Page 78
4.1 Underlying Principles 60……Page 79
4.2 Authentication Algorithms 62……Page 81
4.3 The ESP Header Encryption Algorithms 68……Page 87
4.4 Complications 78……Page 97
4.5 Public Key Cryptography 79……Page 98
4.7 Further Reading 82……Page 101
References 83……Page 102
5.1 The IKE Two-Step Dance 87……Page 106
5.3 Authentication Methods 88……Page 107
5.4 Proposals and Counterproposals 90……Page 109
5.5 Cookies 94……Page 113
5.7 The Proposal Payload 95……Page 114
5.9 Nonces 96……Page 115
5.10 Identities and Identity Protection 97……Page 116
5.11 Certificates and Certificate Requests 98……Page 117
5.12 Keys and Diffie-Hellman Exchanges 99……Page 118
5.13 Notifications 100……Page 119
5.16 The Phase 1 Negotiation 101……Page 120
5.17 The Phase 2 Negotiation 112……Page 131
5.18 New Group Mode 117……Page 136
5.19 Informational Exchanges 118……Page 137
5.20 The ISAKMP Header 119……Page 138
5.21 The Generic Payload Header 120……Page 139
5.22 The IKE State Machine 121……Page 140
5.24 An Example 122……Page 141
5.25 Criticisms and Counterclaims 123……Page 142
5.27 Summary 125……Page 144
5.28 Further Reading 126……Page 145
References 127……Page 146
6 The Fifth Puzzle Piece: IKE and the Road Warrior 129……Page 148
6.1 Legacy Authentication Methods 132……Page 151
6.2 ISAKMP Configuration Method 134……Page 153
6.3 Extended Authentication 139……Page 158
6.4 Hybrid Authentication 140……Page 159
6.5 Challenge-Response for Authenticated Cryptographic Keys 142……Page 161
6.7 Credential-Based Approaches 145……Page 164
6.8 Complications 150……Page 169
6.11 Further Reading 151……Page 170
References 152……Page 171
7 The Sixth Puzzle Piece: IKE Frills and Add-Ons 153……Page 172
7.1 Renegotiation 154……Page 173
7.2 Heartbeats 157……Page 176
7.3 Initial Contact 162……Page 181
7.4 Dangling SAs 163……Page 182
References 164……Page 183
8 The Glue: PF_KEY 165……Page 184
8.1 The PF_KEY Messages 166……Page 185
8.2 A Sample PF_KEY Exchange 171……Page 190
8.3 Composition of PF_KEY Messages 173……Page 192
Reference 177……Page 196
9 The Missing Puzzle Piece: Policy Setting and Enforcement 179……Page 198
9.1 The Security Policy Database 180……Page 199
9.2 The Policy Problem 187……Page 206
9.3 Revisiting the Road Warrior 193……Page 212
9.4 IPsec Policy Solutions 194……Page 213
References 204……Page 223
10 The Framework: Public Key 207……Page 226
10.1 PKI Functional Components 208……Page 227
10.2 The PKI World View 210……Page 229
10.3 The Life Cycle of a Certificate 211……Page 230
10.4 PKI Protocol-Related Components 212……Page 231
10.5 Certificates and CRLs 215……Page 234
10.6 Certificate Formats 216……Page 235
10.7 Certificate Contents 218……Page 237
10.8 IKE and IPsec Considerations 222……Page 241
10.10 Further Reading 225……Page 244
References 226……Page 245
11 The Unsolved Puzzle: Secure IP Multicast 229……Page 248
11.1 Some Examples 230……Page 249
11.2 Multicast Logistics 231……Page 250
11.3 Functional Requirements 232……Page 251
11.4 Security Requirements 233……Page 252
11.5 Whither IP Multicast Security? 239……Page 258
11.7 Further Reading 240……Page 259
References 241……Page 260
12 The Whole Puzzle: Is IPsec the Correct Solution? 243……Page 262
12.1 Advantages of IPsec 244……Page 263
12.3 Alternatives to IPsec 245……Page 264
12.5 The Future of IPsec 247……Page 266
References 249……Page 268
List of Acronyms and Abbreviations 251……Page 270
About the Author 261……Page 280
Index 263……Page 282

Reviews

There are no reviews yet.

Be the first to review “Demystifying the IPSec Puzzle”
Shopping Cart
Scroll to Top