Scribd Logo
Upload

Welcome to Scribd!

  • Hitkarni College of Engg. and Tech.: Internet Protocol Security

    Uploaded by

    ramujagirsingh
    35 views33 pages
    IP SECURITY

    Original Title

    Ip Security

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    IP SECURITY

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    35 views33 pages

    Hitkarni College of Engg. and Tech.: Internet Protocol Security

    Uploaded by

    ramujagirsingh
    IP SECURITY

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 33

    HITKARNI COLLEGE OF

    ENGG. AND TECH.


    Internet protocol security

    Submitted to
    Mr. Ashish Kumar Gupta
    (HOD)
    Information Technology Deptt.

    Mrs.Sarita patel(Lect.)
    Information Technology Deptt.

    Submitted By

    NINNI SINGH

    WHAT IS IP

    ???

    IP

    IS

    IP stand for internet protocol


    It is the set of technique used for
    transmitting data
    IP is unreliable and connectionless
    protocol--- Best effort delivery service
    Internet protocol mainly perform two
    basic function
    1) Host addressing and identification
    2) packet routing

    IP AddreSS.

    An IP (internet protocol) Address is a

    unique identifier for a node or host


    connection on an IP address
    An IP address is a 32 bit binary number
    usually represented by 4 decimal value..
    Each represented by 8 bit in the range of
    0 to 255(known as octets) separated by
    decimal point known as DOTTED DECIMAL
    NOTATION

    Example : 140.179.220.200

    It is sometimes useful to view


    the values in their binary
    form..
    140
    . 179
    .
    10001100 . 10110011 .

    220
    11011100

    .
    .

    200
    11001000

    We can assign IP Address by


    using these two method :--

    Dynamic IP Address :-- The DHCP


    grants IP address to a computer on
    lease time basic.

    Static IP Address :-- It assign to the


    computer by manually.

    IP STrUcTUre.

    Every IP address consist of three basic


    Portion : 1) Class address
    2) Network address
    3) Host address

    IP AddreSS clASSeS

    It is dividing into various classes :-1)Class A


    2)Class B
    3)Class C
    4)Class D
    5)Class E

    Class A IP Address

    Range of class A network IDs: 1127


    Number of available hosts: 16,777,214
    E.g. 10.0.0.1
    8-bit
    Network ID

    24-bit
    Host ID

    Class B IP Address

    Range of class B network IDs: 128-191


    Number of available hosts: 65,534
    E.g. 172.12.15.23
    16-bit
    Network ID

    16-bit
    Host ID

    Class C IP Address

    Range of class C network IDs: 192-223


    Number of available hosts: 254
    E.g.:192.168.1.1
    24-bit

    8-bit

    Network ID

    Host ID

    Class D IP Address

    It is designed for multicasting.


    Range of class D network IDs: 223-239

    Class E IP Address
    It is designed for Scientific research.
    Range of class E network IDs: 240-255

    IP Network Address
    Classes
    Class

    # Networks

    # Hosts

    Example

    126

    16,777,214

    01111111

    00000000

    00000000

    00000000

    16,384

    65,534

    10111111

    11111111

    00000000

    00000000

    2,097,152

    254

    11011111

    11111111

    11111111

    00000000

    Class A

    35.0.0.0

    Class B

    128.5.0.0

    Class C

    132.33.33.0

    Host Address Space

    Network Address Space

    Subnet Mask

    It is used to differentiate between the


    network ID and Host ID.
    Default mask :-- each class has a default
    subnet mask.

    Classless IP Addressing

    Ruled out fixed size network address


    Network address can vary from 0-bit to 31-bit
    Uses Classless Inter-Domain Routing (CIDR)
    addressing scheme
    CIDR address notation:
    154.201.179.42/18
    IP address

    First 18 bits represent


    network ID

    SECURITY

    IPSec

    General IP Security mechanisms


    Provides
    authentication
    confidentiality
    key management
    Applicable to use over LANs, across public
    & private WANs, & for the Internet

    IPSec Uses

    IP Security Architecture

    Specification is quite complex


    Defined in numerous RFCs
    incl. RFC 2401/2402/2406/2408
    many others, grouped by category
    Mandatory in IPv6, optional in IPv4
    Have two security header extensions:
    Authentication Header (AH)
    Encapsulating Security Payload (ESP)

    IPSec Services

    Access control
    Connectionless integrity
    Data origin authentication
    Rejection of replayed packets a form of
    partial sequence integrity
    Confidentiality (encryption)
    Limited traffic flow confidentiality

    IPSec documents overview

    AH and ESP

    Authentication Header (AH) provides:


    Data integrity
    Authentication of IP packets
    Prevents replay attacks
    Encapsulating Security Payload (ESP):
    Data confidentiality
    Some traffic flow confidentiality
    Authentication services of AH (optional)

    Authentication Header
    (AH)
    integrity &
    Provides support for data
    authentication of IP packets
    end system/router can authenticate user/app
    prevents address spoofing attacks by tracking
    sequence numbers
    Based on use of a MAC
    HMAC-MD5-96 or HMAC-SHA-1-96
    Parties must share a secret key

    Authentication Header

    Encapsulating Security Payload


    (ESP)
    Provides message content

    confidentiality &limited traffic flow


    confidentiality
    Can optionally provide the same
    authentication services as AH
    Supports many ciphers, modes,
    padding
    DES, Triple-DES, RC5, IDEA, CAST,
    others

    Encapsulating Security Payload

    Security Associations (SAs)

    A one-way relationship between sender &


    receiver that affords security for traffic flow
    Defined by 3 parameters:
    Security Parameters Index (local identifier)
    IP Destination Address
    Security Protocol Identifier (AH or ESP)
    Each implementation of IPsec must keep a
    database of SAs

    Benefits

    Benefits of IPsec

    If implemented in a firewall or router


    provides strong security to all traffic
    crossing the perimeter
    Resides below the transport layer, hence
    Transparent to application layer
    Can be transparent to end users

    APPLICATION

    Application of IPSec

    Secure branch office connectivity ver the


    network
    Secure remote access over the internet
    Establishing extranet and intranet
    connectivity with partners
    Enhancing electronic commerce security

    THANK U

    QQQ & A

    You might also like