Like what you see? Get it in one document for easy printing!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Test yourself better with 300 extra Security+ questions!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 2:  Communication Security (Domain 2.0; 20%)
      9  2.1  Remote Access
           9  2.1.7  IPSEC

Previous Topic/Section
2.1.7  IPSEC
Previous Page
Pages in Current Topic/Section
1
Next Page
IPSec Transport and Tunnel Modes
Next Topic/Section

IPSec Packet Types

IPSec packet types include the authentication header (AH) for data integrity and the encapsulating security payload (ESP) for data confidentiality and integrity.

The authentication header (AH) protocol creates an envelope that provides integrity, data origin identification and protection against replay attacks. It authenticates every packet as a defense against session-stealing attacks. Although the IP header itself is outside the AH header, AH also provides limited verification of it by not allowing changes to the IP header after packet creation (note that this usually precludes the use of AH in NAT environments, which modify packet headers at the point of NAT). AH packets use IP protocol 51.

The encapsulating security payload (ESP) protocol provides the features of AH (except for IP header authentication), plus encryption. It can also be used in a null encryption mode that provides the AH protection against replay attacks and other such attacks, without encryption or IP header authentication. This can allow for achieving some of the benefits of IPSec in a NAT environment that would not ordinarily work well with IPSec. ESP packets use IP protocol 50.

IPSec Types

IPSec packet types include:

AH, Authentication Header, which provides integrity, data origin identification and replay attack protection, uses IP protocol 51.

ESP, Encapsulating Security Payload, which provides AH features except IP header verification, plus encryption. It can also be used with “null encryption” to protect against replay attacks, uses IP protocol 50.



Previous Topic/Section
2.1.7  IPSEC
Previous Page
Pages in Current Topic/Section
1
Next Page
IPSec Transport and Tunnel Modes
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.