blog posts

Ipsec Protocol

Introduction To Ipsec Protocol – How To Implement A Secure Network?

IPsec Protocol Internet Protocol Security Refers To A Set Of Special Purpose Protocols Used To Secure And Encrypt Communications Between Devices On A Network. 

IPsec Protocol, More precisely, the above protocol manages the authentication and encryption process in each packet. Based on this definition, IPsec is a set of protocols that can authenticate data and encrypt packets that are to be transmitted over a network.

What is IPsec Protocol?

Internet Protocol Security is a network security protocol that consists of various security protocols that aim to secure and encrypt data packets that are not supposed to be transmitted over the IP protocol on the network but are not seen by unauthorized persons. IPSec strives to provide a high level of security for Internet Protocols.

One of the most important advantages of this protocol is that it works in Layer 3, unlike security protocols such as SSH, TLS, and SSL, which work in the top-level transfer layer. Exactly the layer where the IP protocol is located, which makes it possible to protect Layer 4 protocols such as TCP and UDP and provide faster speeds when enabled.

Another advantage of IPsec over other security protocols such as SSL is that there is no need to design applications based on the above protocol.

AH Protocol:

This protocol is used when the user needs strong authentication.

In summary, the AH protocol provides important security services such as the integrity of the transmitted data, the authentication of the transmitted data source, and the rejection of retransmitted packets.

This protocol uses HMAC technology for the integrity of the transmitted data. It uses a private key to do this so that the packet data load and the immutable parts of the IP header look like the IP address.

After this process, the protocol adds its header to it. In the above protocol, the AH header is 24 bytes in size. The most important fields of the above protocol should mention:

Next Header: Specifies the next protocols. In tunnel mode, it encapsulates a complete IP diagram. This field is 4 bytes in size. When encapsulating a TCP datagram is in transport mode, the value of this field is 6.

Payload length: Specifies the size of the data load.
Reserved: It is two bytes and is reserved.

Security parameter Index: In most sources, the abbreviation SPI is used to describe it, and it has 32 bits. This field consists of SA, which is used to open encapsulated packages.

Finally, 96 bits are used to maintain hash message authentication (HMAC). HMAC is responsible for protecting the integrity of the transmitted data.

Note that the above protocol, Gave only the endpoints the hidden key details created and checked by HMAC. It should note that the AH protocol does not manage the network address translation process. NAT is used for this purpose

If they do not use IV, Symmetric encryption algorithms are exposed to a series of packet threats and inadvertently trigger a DoS attack. IV ensures that two different and encrypted pregnancies are used in this context.

The next field, the Next header, specifies the next header.

The HMAC protocol, like the HA protocol, protects the integrity and authenticity of transmitted data. Only this head can give credit to the pregnant woman.

NAT has nothing to do with ESP, and it may still be part of IPSec and integrate with it. NAT-Traversal Addressing is a solution for encapsulating ESP packets with UDP packets.

The next field, the Next header, specifies the next header. The HMAC protocol, like the HA protocol, protects the integrity and authenticity of transmitted data. Only this head can give credit to the pregnant woman.

NAT has nothing to do with ESP, and it may still be part of IPSec and integrate with it. NAT-Traversal Addressing is a solution for encapsulating ESP packets with UDP packets.

The next field, the Next header, specifies the next header.

The HMAC protocol, like the HA protocol, protects the integrity and authenticity of transmitted data. Only this head can give credit to the pregnant woman. NAT has nothing to do with ESP, and it may still be part of IPSec and integrate with it. NAT-Traversal Addressing is a solution for encapsulating ESP packets with UDP packets.

Operating modes

IPSEC can implement host-to-host mode in the network and tunnel mode as follows. In tunnel mode, all IP packets are encrypted and authenticated. They are then encapsulated in a new IP package with a new header.

Tunnel mode is used to create a virtual private network in network-to-network communications (for example, between a router and a site link), host-to-network communications (such as remote user access), and host-to-host communications (such as private chat).

In transfer mode, only packets of IP packets are sent encrypted. For example, it is possible that the IP header does not change and does not encrypt.

Then IPSEC implementations are typically performed by AH, ESP, and IKE V2. IPSEC implementations on Unix-like operating systems, such as Solaris or Linux, include PF-KEY V2.

IPsec configuration

There are two different locations for IPsec configuration in the Windows operating system environment. You can use the traditional IPsec Security Policy snap-in solution to configure the settings.

If all systems are using newer systems, it is best to use Windows Defender Firewall with Advanced Security to configure IPsec policies.

WFAS is one of the most flexible solutions available. As a first step, take a look at the IPsec policy console. We start at this point, as the various options in this section allow us to draw the IPsec baseline interacting with the two endpoints.

Here are three different IPsec policies to assign to the machines we will specify in this console. Let’s take a brief look at each of them, as the names of the policies are not very clear and may confuse you.