Manualshelf

HP-UX IPSec version A.02.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software
31323334353637383940
HP-UX IPSec Overview
Features
Chapter 1 33
Features
The IP security (IPsec) protocol suite was defined by the Internet
Engineering Task Force (IETF) to provide security for IP networks.
HP-UX IPSec is the HP implementation of IPsec. HP-UX IPSec provides
the following security services for IP networks:
Data integrity and authentication
The IPsec Authentication Header (AH) provides data integrity
and authentication to prevent unauthorized creation, modification,
or deletion of transmitted data. The AH header also includes a
sequence number for replay protection. HP-UX IPSec can also verify
that the claimed sender is the actual sender. The AH does not
provide privacy—the IP data is not encrypted.
Data Privacy
The IPsec Encapsulating Security Payload (ESP) encrypts IP
data to provide data privacy. ESP also provides data authentication
and integrity. The ESP header also includes a sequence number for
replay protection. On gateways, IPsec can also be used to
encapsulate and encrypt the original IP packet to protect the identity
of the end source and destination IP addresses.
Application-transparent security
You do not need to rewrite or reconfigure applications to use HP-UX
IPSec. IPsec security headers are inserted between the standard IP
protocol header and the upper-layer data (such as a TCP packet).
Any network service that uses IP (such as telnet, FTP, sendmail, or
IGMP) or user applications that use IP (BSD Socket or XTI Streams
applications) can use IPsec without modification.
IPsec traffic can also pass transparently through existing IP routers.
High-speed encryption
HP-UX IPSec uses assembly-language implementations of
encryption algorithms that are optimized specifically for PA-RISC
and Intel
Itanium 2 processors. For example, throughput for ESP
encryption using 128-bit Advanced Encryption Standard (AES) can
be as high as 91.95 Mb/s in a 100 Mbs network topology. In addition,
all HP-UX IPSec data processing (data encryption and decryption,
and data authentication) is performed by kernel components.