Security+ : Section 6 (IPsec)

Authentication Header (AH)

An IPsec protocol that authenticates that packets received were sent from the source identified in the header of the packet. IMPORTANT = the header ONLY Provides integrity by checking the data to be sent. Basically by adding doing an integrity check and adding the header we are creating an HMAC.

Encapsulating Security Payload (ESP)

An IPsec protocol that provides encryption (DES or AES) and includes a header. Data is encapsulated into an IPsec packet.

Tunnel Mode (IPSec)

Encrypts the entire IP packet (Used with VPNs) but swaps out the IP address for new IP address. Still contains a header. Tunnel mode is not used by itself. Usually used with ESP (see above).

ISAKMP

IPsec protocol suite. Protocol that creates a security association between 2 hosts. This is a negotiation protocol. Sets up initial authentication using things like certificates, preshared keys, key exchange, etc. This is really the protocol that gets 2 IPsec host going.

Where do we typically see IPsec being used?

VPNs (because of the tunneling aspect). Many times you will see IPsec with L2TP which creates a VPN tunnel within a tunnel. ALSO, IPsec is used with Radius and TACACS+ (b/c these 2 don't have native built-in encryption).

Transport mode

an IPSec mode in which only the IP data is encrypted, not the IP headers. Doesn't work very well in the real world because of so many differing protocols like NAT, IPv4, IPv6 which don't allow for usage of 1 continuous IP address. IMPORTANT = Keeps the original IP address. Since Transport mode doesn't really work in th real world, we use tunnel mode.

IPSec (Internet Protocol Security)

protocol within the TCP/IP suite tat encrypts and authenticates IP packets. Runs in 2 modes. Works at IP layer.