Internet Protocol Security Methods

**Symbian** · 10-06-2008, 11:31 AM

Internet Protocol Security Methods

If an IPsec rule requires the hosts to negotiate security, and it is using one or both of two methods: Encapsulated Security Payload (ESP) or Authentication Header (AH).

ESP can provide both confidentiality (via encryption) and integrity (via signatures). Both the encryption and signature include the payload and TPC/UDP header of each packet, but not the IP address, which means that with supporting technologies such as NAT Traversal (NAT-T), ESP traffic can be sent across NAT devices. It is also possible to use null encryption with ESP, which means that each packet is signed but not encrypted. Similar to AH, this means that you can be confident that the traffic has not been tampered with while en route between hosts. This is the default method when you select to authenticate sessions between two hosts.

AH ensures message integrity via digital signatures calculated on the entire packet, including the IP header (which includes the source and destination IP addresses). AH has two significant limitations: it provides no confidentiality because it does not support data encryption, and AH traffic cannot traverse NAT devices because these devices change the IP address of the internal host on each packet before forwarding them.

Internet Protocol Security Methods

LinkBack

Thread Tools

Internet Protocol Security Methods

Similar Threads

The Permissions tab of the Advanced Security Settings dialog box of ACL editor user interfaces

The Security tab of the Properties dialog box of ACL editor user interfaces

Security improvements in windows vista

Windows Vista Security

Understanding Windows Vista Security Permissions

Tags for this Thread

Bookmarks

Bookmarks

Posting Permissions