Академический Документы
Профессиональный Документы
Культура Документы
Introduction
Companies, research institutions, and government organizations have long maintained private networks between central offices and branch offices. Employees/contractors want to work from home or external offices. Road warriors, all the way from salesmen to CEOs, want to be mobile and connect to the home office for whatever purpose. There are fast, cheap, and plentiful connections to the Internet to be had in locations as varied as libraries, airports, and Starbucks. How do you go about securing what is basically an unsecured medium?
Enter VPNs
VPNs (Virtual Private Networks) provide secure tunneling of communications over insecure networks. Where physical private networks existed, VPNs are becoming commonplace not only among road warriors, branch offices, and central offices but also business-to-business partners exchanging data through a secure tunnel wrapped around the communications traffic.
VPN Topologies
Network-to-Network Host-to-Network Host-to-Host
Security Associations
Both AH and ESP rely on security associations (SAs) negotiating the properties of a secure connection using IKE. The SA holds the information negotiated between the two VPN participants.
ESP
ESP provides for encapsulation of the unprotected IP packet, its encryption, and authentication. Some newer IPSec implementations use stronger algorithms such AES, Blowfish, and Twofish.
AH
AH allows you to check the authenticity of the data and the header of the IP packet sent to you. It does not provide a mechanism for data encryption but does provide a hash that code that allows you to check whether the packet was tampered with along the way.
IP Compression
As you might guess, all this extra security comes at the price of extra encapsulation of the IP packet. This translates into decreased throughput. IPSec seeks to overcome this problem with a built-in IP compression protocol.
Conclusion
IPSec VPNs provide strong security for business-tobusiness and person-to-business needs. IPSec has two protocols, AH and ESP, that give confidentiality, integrity, and authentication. IPSec also has protocols and frameworks for key negotiation and data compression.