Please Provide Correct solution.Thank you The following questions refer to IPSec
ID: 3867278 • Letter: P
Question
Please Provide Correct solution.Thank you
The following questions refer to IPSec. a. Explain what security services ESP, AH, and IKE provide, respectively. b. In what kind of circumstances should the tunnel mode or the transport mode be used? c. Assume that A and B are communicating with each other and use AH in the transport mode, while firewall F1 and F2 use ESP in the tunnel mode to protect all traffic between them. A --- Firewall F1 --- Internet --- Firewall F2 --- B Assume A wants to send a TCP packet to B. The structure of the packet is shown below. Show the structure of the packet sent out by A, sent out by F1, and received by B, respectively. Also show the source and destination fields (i.e., src and dst) of the IP headers in these packets. AH protects the integrity of some fields in the IP header, but not the Time-to-Live (TTL). Why?Explanation / Answer
a)Answer:
ESP:
->Encapsulating Security Payload (ESP) is a security protocol used to provide confidentiality (encryption), data origin authentication, integrity, optional antireplay service, and limited traffic flow confidentiality by defeating traffic flow analysis. Figure 1-5 shows that the data payload is encrypted with ESP.
->ESP provides confidentiality by performing encryption at the IP packet layer. It supports a variety of symmetric encryption algorithms. The default algorithm for IPSec is 56-bit DES. This cipher must be implemented to guarantee interoperability among IPSec products. Cisco products also support use of 3DES for strong encryption. Confidentiality can be selected independent of all other services.
Authentication Header (AH):
Authentication Header (AH) provides authentication and integrity to the datagrams passed between two systems.
Internet Key Exchange (IKE):
Internet Key Exchange (IKE) is a hybrid protocol that provides utility services for IPSec: authentication of the IPSec peers, negotiation of IKE and IPSec security associations, and establishment of keys for encryption algorithms used by IPSec.
b)circumstances:
IPSEC TUNNEL MODE:
IPSec tunnel mode is the default mode. With tunnel mode, the entire original IP packet is protected by IPSec. This means IPSec wraps the original packet, encrypts it, adds a new IP header and sends it to the other side of the VPN tunnel (IPSec peer).
Tunnel mode is most commonly used between gateways (Cisco routers or ASA firewalls), or at an end-station to a gateway, the gateway acting as a proxy for the hosts behind it.
Tunnel mode is used to encrypt traffic between secure IPSec Gateways, for example two Cisco routers connected over the Internet via IPSec VPN. Configuration and setup of this topology is extensively covered in our Site-to-Site IPSec VPN article. In this example, each router acts as an IPSec Gateway for their LAN, providing secure connectivity to the remote network.
IPSEC TRANSPORT MODE
IPSec Transport mode is used for end-to-end communications, for example, for communication between a client and a server or between a workstation and a gateway (if the gateway is being treated as a host). A good example would be an encrypted Telnet or Remote Desktop session from a workstation to a server.
Transport mode provides the protection of our data, also known as IP Payload, and consists of TCP/UDP header + Data, through an AH or ESP header. The payload is encapsulated by the IPSec headers and trailers. The original IP headers remain intact, except that the IP protocol field is changed to ESP (50) or AH (51), and the original protocol value is saved in the IPsec trailer to be restored when the packet is decrypted.
IPSec transport mode is usually used when another tunneling protocol (like GRE) is used to first encapsulate the IP data packet, then IPSec is used to protect the GRE tunnel packets. IPSec protects the GRE tunnel traffic in transport mode.