Information Technology Reference
In-Depth Information
Internet Protocol Security
Internet Protocol Security (IPSec)
is an Internet layer protocol suite that uses authentica-
tion and encryption techniques for secure IP communications (
http://en.wikipedia.org
/wiki/IPsec
). IPSec protects data flows between two hosts across a network (host to host),
between gateways (network to network), or between a security gateway and a host (net-
work to host).
IPSec supports the following features:
■
Network-level peer authentication
■
Data origin authentication
■
Data integrity
■
Data confidentiality
■
Replay protection
Software applications can be secured by using IPSec at the IP layer. However, without
IPSec, TLS/SSL protocols must be used for each application for security.
Secure Sockets Layer/Transport Layer Security
Secure Sockets Layer (SSL)
and its current version
Transport Layer Security (TLS)
are
cryptographic protocols designed to provide communication security over the Internet.
http://en.wikipedia.org/wiki/Transport_Layer_Security
TLS works at the Application layer. It uses X.509 certificates and asymmetric cryptography
to authenticate the host with which a user is communicating.
Asymmetric, or public-key, cryptography uses two separate keys per user to identify and
authenticate each user securely.
http://en.wikipedia.org/wiki/Public-key_cryptography
Asymmetric
refers to the opposite nature of functions, one the inverse of the other, that are
used to create the keys:
■
One of the keys is public, which is uploaded to the host to which a user wants to
communicate.
■
The other is a private key, which is kept secret by the user.
The two keys are different but mathematically linked. A public key is used to encrypt
communication or to verify a digital signature. A private key is used to decrypt ciphertext
or create a digital signature.
Public-key cryptography uses a PKI to verify a certificate and its owner via a CA. A
PKI is also used to generate, sign, and administer the validity of certificates. When a PKI is
used, forward secrecy is maintained, which means that short-term session keys cannot be
derived from private keys. TLS is widely applied for web browsing, email, faxing over the
Internet, instant messaging (IM), and Voice over IP (VoIP).
Search WWH ::
Custom Search