User`s guide

ManualsBrandsDigi ManualsComputer equipmentTransPort WR44v2

461

462

463

464

465

466

467

468

469

470

467

IPSEC AND VPNS

What is IPSec?

One inherent problem with the TCP protocol used to carry data over the vast majority of

LANs and the Internet is that it provides virtually no security features. This lack of security,

and recent publicity about “hackers” and “viruses”, prevent many people from even

considering using the Internet for any sensitive business application. IPSec provides a

remedy for these weaknesses adding a comprehensive security “layer” to protect data

carried over IP links.

IPSec (Internet Protocol Security) is a framework for a series of IETF standards designed to

authenticate users and data, and to secure data by encrypting it during transit. The

protocols defined within IPSec include:

• IKE – Internet Key Exchange protocol

• ISAKMP – Internet Security Association and Key Management Protocol

• AH – Authentication Header protocol

• ESP – Encapsulating Security Payload protocol

• HMAC – Hash Message Authentication Code

• MD5 – Message Digest 5

• SHA-1 – Security Hash Algorithm

and the cryptographic (encryption) techniques include:

• DES – Data Encryption Standard

• 3DES – Triple DES

• AES – Advanced Encryption Standard (also known as Rijndael)

Two key protocols within the framework are AH and ESP. AH is used to authenticate users,

and ESP applies cryptographic protection. The combination of these techniques is designed

to ensure the integrity and confidentiality of the data transmission. Put simply, IPSec is

about ensuring that:

• only authorised users can access a service and

• that no one else can see what data passes between one point and another.

There are two modes of operation for IPSec, transport mode and tunnel mode.

In transport mode, only the payload (i.e. the data content), of the message is encrypted. In

tunnel mode, the payload and the header and routing information are all encrypted thereby

by providing a higher degree of protection.

Data Encryption Methods

There are several different algorithms available for use in securing data whilst in transit

over IP links. Each encryption technique has its own strengths and weaknesses and this is

really, a personal selection made with regard to the sensitivity of the data you are trying to

protect. Some general statements may be made about the relative merits but users should

satisfy themselves as to suitability for any particular purpose.