Manualshelf

HP-UX IPSec version A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
31323334353637383940
HP-UX IPSec Overview
Introduction
Chapter 1 27
Introduction
The IP security (IPSec) protocol suite was defined by the Internet
Engineering Task Force (IETF) to provide security for IP networks. The
IPSec protocol suite provides the following security services for IP
networks:
Data Integrity
Guarantee data consistency; prevent unauthorized creation,
modification, or deletion of data between source and destination.
Authentication
Ensure that the data received is the same as the data sent and that
the claimed sender is the actual sender.
Confidentiality
Provide data privacy such that only the intended recipients of the
data know what is being sent. The sender encrypts (encodes) the
data using an encryption algorithm and key (bit string). The output
is ciphertext that is difficult to decode without knowing the key.
Application-transparent Security
IPSec security headers are inserted between the standard IP protocol
header and the upper-layer data (such as a TCP packet). Any
network service that uses IP (such as telnet, FTP or sendmail) or
user application that uses IP (TCP BSD Socket or XTI Streams
application) can use IPSec without modification.
IPSec traffic can also pass transparently through existing IP routers.
IPSec functionality can be divided into the following categories:
Authentication Header (AH) for data integrity and
authentication.
Encapsulating Security Payload (ESP) header for data
confidentiality, data integrity, and data authentication. The ESP
header also includes a sequence number that provides a form of
replay protection.