521575
Beschreibung
Mindmap von Craig Parker, aktualisiert more than 1 year ago
|
Erstellt von Craig Parker
vor fast 11 Jahre
|
|
U5.10 Authentication Header
- Implemented in transport or tunnel mode
- In transport mode
- AH is placed between TCP and IP headers
- in this mode the comms endpoint and the IPSEC
endpoint must coincide, only 1 header is used
- MAC cover the application data, TCP header and most of the IP
header
- MAC cover the application data, TCP header and most of the IP
header
- in this mode the comms endpoint and the IPSEC
endpoint must coincide, only 1 header is used
- AH is placed between TCP and IP headers
- Tunnel Mode
- Comms endpoint and IPSEC endpoint do not coincide
- An additional IP header is added and separated
from the original IP header by the AH header
- Outer IP header contains the source
and dest for the IPSEC end points
- Inner IP header contains the potentially different source
and destination addresses of the comms endpoints
- Inner IP header contains the potentially different source
and destination addresses of the comms endpoints
- Outer IP header contains the source
and dest for the IPSEC end points
- An additional IP header is added and separated
from the original IP header by the AH header
- Comms endpoint and IPSEC endpoint do not coincide
- In transport mode
- Vital to authenticate the Source IP address so that recipient is certain
the comms received is genuine and forging of packets is prevented
- AH authenticates source IP address
- This prevents the initiator from covering their tracks
- This prevents the initiator from covering their tracks
- AH authenticates source IP address
- Using AH all of the payload is
authenticated and most of the header
- components not authenticated are
those modified on route
- components not authenticated are
those modified on route
- Protocol Steps
- An authentication header is
inserted into a datagram
- Header contains a Security Parameters Index
(SPI) to help locate the Security Association (SA)
with with the packet is processed
- Contains a sequence number to combat replay
- And a MAC to provide authentication protection
- And a MAC to provide authentication protection
- SPI & SA provide a link to the encryption
keys used to secure the comms
- Contains a sequence number to combat replay
- Header contains a Security Parameters Index
(SPI) to help locate the Security Association (SA)
with with the packet is processed
- An authentication header is
inserted into a datagram
Medienanhänge
Möchten Sie kostenlos Ihre eigenen Mindmaps mit GoConqr erstellen? Mehr erfahren.