WARNING: This site is intended for online use only; mass-downloading of pages degrades the server and is prohibited.
If you attempt to use tools to mass-download the site, you may be blocked permanently by automated software.
If you want to read this CertiGuide offline, please use one of the links on the left to purchase a convenient PDF copy. Thank you.

Get this Security+ CertiGuide for your own computer.
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Also available: 300-question Security+ practice test!
Get It Here!

Google
Web CertiGuide






Table Of Contents  CertiGuide to Security+
 9  Chapter 2:  Communication Security (Domain 2.0; 20%)
      9  2.1  Remote Access
           9  2.1.7  IPSEC

Previous Topic/Section
IPSec Transport and Tunnel Modes
Previous Page
Pages in Current Topic/Section
1
Next Page
 IPSec versus DoS Attacks
Next Topic/Section

IPSec and Encryption

Specific encryption technologies used by IPSec include:

  • Diffie-Hellman key exchange between peers on a public network (this is discussed in more detail in chapter 4)

  • Public key cryptography for signing the Diffie-Hellman exchanges to guard against identity-spoofing and man-in-the-middle attacks

  • Standard algorithms such as DES for data encryption

  • Keyed (HMAC161) and non-keyed (MD5, SHA) hashing for packet authentication

  • Signed digital certificates used to provide proof of identity162

IPSec and Diffie-Hellman

IPSec uses Diffie-Hellman key exchange to communicate key data without requiring the actual keys to travel across the network, and public key cryptography to sign the key exchange transaction packets, to ensure their integrity and origin.



 __________________

161. http://www.ietf.org/rfc/rfc2104.txt

162. “White Paper – IPSec Executive Summary”, Cisco Systems, http://www.cisco.com/warp/public/cc/so/neso/sqso/eqso/IPSec_wp.htm

Previous Topic/Section
IPSec Transport and Tunnel Modes
Previous Page
Pages in Current Topic/Section
1
Next Page
 IPSec versus DoS Attacks
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $


Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.