tailieunhanh - IPSec Network Security

Wireless networks are especially susceptible to unauthorized access. Wireless access points are being widely deployed in corporate LANs because they easily extend connectivity to corporate users without the time and expense of installing wiring. These wireless access points (APs) act as bridges and extend the network up to 300 yards. Many airports, hotels, and even coffee shops make wireless access available for free, and therefore most anyone with a wirelss card on his mobile device is an authorized user. However, many wireless networks only want to allow restricted access and may not be aware of how easily someone can gain. | IPSec Network Security Description IPSec is a framework of open standards developed by the Internet Engineering Task Force IETF . IPSec provides security for transmission of sensitive information over unprotected networks such as the Internet. IPSec acts at the network layer protecting and authenticating IP packets between participating IPSec devices peers such as Cisco routers. IPSec provides the following network security services. These services are optional. In general local security policy will dictate the use of one or more of these services Data Confidentiality The IPSec sender can encrypt packets before transmitting them across a network. Data Integrity The IPSec receiver can authenticate packets sent by the IPSec sender to ensure that the data has not been altered during transmission. Data Origin Authentication The IPSec receiver can authenticate the source of the IPSec packets sent. This service is dependent upon the data integrity service. Anti-Replay The IPSec receiver can detect and reject replayed packets. Note The term data authentication is generally used to mean data integrity and data origin authentication. Within this document it also includes anti-replay services unless otherwise specified. With IPSec data can be transmitted across a public network without fear of observation modification or spoofing. This enables applications such as virtual private networks VPNs including intranets extranets and remote user access. IPSec services are similar to those provided by Cisco Encryption Technology CET a proprietary security solution introduced in Cisco IOS Software Release . The IPSec standard was not yet available at Release . However IPSec provides a more robust security solution and is standards-based. IPSec also provides data authentication and anti-replay services in addition to data confidentiality services while CET provides only data confidentiality services. Benefits IPSec shares the same benefits as Cisco Encryption Technology both .