written 8.4 years ago by | modified 2.9 years ago by |
Subject: System Web Security
Topic: Network Security
Difficulty: Medium
written 8.4 years ago by | modified 2.9 years ago by |
Subject: System Web Security
Topic: Network Security
Difficulty: Medium
written 8.4 years ago by | • modified 8.4 years ago |
1. IP Sec Protocol
Basic Functions of IP sec are:
Authentication
With certain security mechanism, two communicating parties know that the data at destination is the same as when it's initially sent (data integrity) and that the sender is not impersonated by third party.(data origin authentication).
Integrity
Considered to be data integrity part of authentication (see above definition). Data is not allowed to be unmatched at source and at destination for two parties with certain security mechanism between them established.
Confidentiality
With certain security mechanism (so-called encryption/decryption), data is protected during transmission from third party’s knowing the content.
Security Association (SA)
An agreement between two communication parties on knowing and using certain combination of security mechanisms for data transmission between them. It's based on destination address and a certain index, called Security Parameters Index (SPI).
IPsec involves two security services:
There are two modes of IPsec:
Tunnel Mode: This will take the whole IP packet to form secure communication between two places, or gateways.
Transport Mode: This only encapsulates the IP payload (not the entire IP packet as in tunnel mode) to ensure a secure channel of communication.
2. SSL
Functions of SSL Protocol:
The lock is used to display the browsers connection is closed or opened on the secure channel of SSL or TLS.
Difference between SSL and IPsec Protocol
SSL | IPsec |
---|---|
SSL is used at socket layer i.e. transport | IPsec is used at Network layer |
SSL resides in user space | IPsec resides in operating system space |
It is simple and well-designed protocol | It is complex protocol |
For implementation, No changes are required to OS. Changes are required to application | For implementation, Changes are required to OS. NO Changes are required to application |
Application: SSL is used to secure web transactions. | Application: IPsec is used to secure a Virtual Private Network |