This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Internet Protocol Security
Internet Protocol Security

Version management

Difference between version and

At line 1 added 29 lines
!!! Overview
[{$pagename}] ([IPsec]) is a [protocol] suite for secure [Internet Protocol] ([IP]) communications that works by [authenticating|Authentication] and [encrypting|Encryption] each [IP] packet of a communication session.
[{$pagename}] includes [protocols] for establishing [Mutual Authentication] between agents at the beginning of the session and negotiation of [Cryptographic Key] to be used during the session.
[{$pagename}] uses [cryptographic] security services to protect communications over Internet Protocol (IP) networks. IPsec supports network-level peer authentication, data origin [authentication], data [integrity], data [confidentiality] ([encryption]), and replay protection.
[{$pagename}] is an end-to-end security scheme operating in the [Internet Layer] of the [Internet Protocol Suite], while some other Internet security systems in widespread use, such as [Transport Layer Security] ([TLS]) and [Secure Shell] ([SSH]), operate in the upper layers at the [Transport Layer] (TLS) and the [Application Layer] (SSH).
[{$pagename}] protects all application traffic over an IP network. Applications can be automatically secured by IPsec at the IP layer.
The [DNC Decryption Flow] detects and decrypts selected communications tha t ar e encrypte d using
IPsec the n reinjects the unencrypte d packets back into TURMOIL Stage 1. TURMOIL Stag e 1 applications process th e
packets into sessions an d whe n appropriat e forwards the unencrypte d conten t to follow-on processing systems. The DNC
eventing (PPF) components in TURMOIL detec t all IKE/ISAKMP and ESP packets an d querie s KEYCARD for each unique
IKE exchang e session and each unique ESP session to determin e if the link should be selected for processing. Selection is
base d on IP address. Decryption is attempte d if eithe r th e sourc e or the destination IP address is targete d for decryption in
KEYCARD (the KEYCARD tasking action is labeled "TRANSFORM" so as not to us e the term "decrypt"). If KEYCARD return s
a hit for an IKE packet, then the IKE packe t is sen t to LONGHAUL wher e is is used to recove r keys. If KEYCARD return s a
hit for an ESP packet, a key request is sent to LONGHAUL. The IPsec Security Paramete r Index (SP1) correlate s IKE
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [IPsec|Wikipedia:IPsec|target='_blank'] - based on information obtained 2017-01-07-
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop