Internet Protocol Security Assignment


The internet was originated because of a decentralized network known as the APERNET. It was developed by the United States department of defense in the year 1969. The main underlying principle governing the internet’s origin was to enable communication services during the nuclear attack (Forouzan, 2003). The huge collection of insecurely linked network that is located worldwide is called Internet. Internet can be accessed on individual computers through various widely used methods (Jawadekar, 2004).


In 1994, the internet architecture board issued a report based on the security issues in the internet architecture. This report stated the need to secure the network infrastructure from unauthorized monitoring and control of network traffic and need to secure the end to end traffic using authentication and encryption mechanism (IAB Open Meeting, 1995). In response to these issues IAB included authentication and encryption as necessary security features in the IPv6. IPSec is an end to end security scheme operating in the internet layer of the internet protocol suite. It can be used in protecting data flows between a pair of hosts, between a pair of security gateways or between a security gateway and a host (Internet Protocol Security, 2009).


IPSec is the successor of ISO standard network layer security protocol. A big advantage of IPSec is that security arrangements can be handled without requiring changes to individual user computers. The IPsec suite is an open standard (Internet Protocol Security, 2009). IPsec uses the following protocols to perform various functions:


Authentication Header (AH) to provide connectionless integrity and data origin authentication for IP datagram and to provide protection against replay attacks (Understanding IPsec, 2008).


Encapsulating Security Payload (ESP) to provide confidentiality data origin authentication connectionless integrity an anti-replay service (a form of partial sequence integrity), and limited traffic flow confidentiality.


Internet Protocol Security


Two major changes have been occurred in the requirements of internet security within a particular organization for the last several years. When data processing equipments were not popular enough, physical and administrative means provided the required security information to an organization. Physical means were jagged filling cupboards with a lock that could be opened by turning dials in a special sequence (Magalhaes, 2008). The example of data processing equipments is the personnel screening procedures, which are used when the employees are being hired. Automated equipments have become mandatory to keep files and other information safe in a computer, especially in the case of a shared system where people can easily access it through a public telephone or a data network (Ezziyyani et al., 2006).


Stallings stated that these two forms of security cannot be distinguished very easily. For example, the most common assault on information system is supposed to be a computer virus. It can enter into a computer either through a diskette or the internet. In both cases, there is a need of computer security tools for the detection of the viruses, so that the computer can be recovered (Stallings, 2006). Some examples of security violations are as follows:


Ø Suppose a user named A transmits a file to a user named B. This file has some sensitive information (e.g. payroll records) that should not be revealed to the person other than A and B. A user named C, who has not got permission to read the file, can see the file and even get a copy of the particular file when the file is transmitted (Forouzan, 2003).


Ø A network management application named D Transmits a message to a computer named E, under its management. The massage instructs computer E to update an authorization, which will include the identities of the new users who are given an access to this computer, but a user named F interrupts this information and makes changes in the contents of this message by adding or deleting information, and ultimately sends this message to E. Now E thinks this message as if coming from manager D and takes his action accordingly (Jawadekar, 2004).


Ø Another example is of an employee, who is fired without any warning. The personnel manager, after this incident, sends server system a message for the purpose of invalidating the account of the particular employee. The server will send a notice confirming the action when the process is completed, but the employee can very easily interrupt the message and cause a long delay in this process (Ezziyyani et al., 2006).


Ø A customer sends a stockbroker a message giving him instructions for various transactions, but when the investment loses value, the customer abjures sending the message (Understanding IPsec, 2008).


Implementation of security by IPSec

IPsec can implement securities in two manners-:

Transport mode:

IPsec is basically used in internet layer of TCP/IP architecture. IPsec implementing in transport mode provides protection primarily for upper layer protocols

Ø ESP in transport mode encrypts and optionally authenticates the IP payload but not the IP header (Understanding IPsec, 2008).

Ø AH in transport mode authenticates the IP payload and selected fields of the IP header


Tunnel mode:


Before two devices can establish an IPSec VPN tunnel and communicate securely through it, they must agree on the security parameters to use during communication, establishing what is called a security association (SA). The SA specifies the authentication and encryption algorithms to be used, the encryption keys to be used during the session, and how long the keys and the security association it are maintained (Forouzan, 2003). The Internet Key Exchange (IKE) protocol is used to set up the security associations needed for secure communication through an IPSec VPN.


In the negotiation process, one IPSec endpoint acts as an initiator and the other as a responder. The initiator offers the set of authentication, encryption and other parameters that it is ready to use with the other endpoint. The responder tries to match this list against its own list of supported techniques. If there is any overlap, it responds with the common subset. The initiator chooses one combination of techniques from the responder and they proceed with the negotiated setting (Magalhaes, 2008). IKE negotiation has two phases:


Ø Phase 1 allows two security gateways to authenticate each other and establish communication parameters for Phase 2 communications. At the end of Phase 1, a Phase 1 Security Association (IKE SA) is established.


Ø Phase 2 allows two security gateways to agree on IPSec communications parameters on behalf of their respective hosts. At the end of Phase 2, an IPSec SA is established (Understanding IPsec, 2008).


Problems Associated with Network Securities


Large amount of information is transferred between communicating parties through network. Network should be secure enough so that nobody can access the confidential information which is flowing between systems through network (Ezziyyani et al., 2006). Network security does not only compromised by hackers, viruses and malware.


An unintentional human error also plays an important role which can be stated as a big threat for network security. Some problems related with network securities are as follows:


1. Piracy

2. Software attacks

3. Unauthorized access: The goal of these attacks is to access some resource that your machine should not provide the attacker. For example, a host might be a web server, and should provide anyone with requested web pages. However, that host should not provide command shell access without being sure that the person making such a request is someone who should get it, such as a local administrator (Jawadekar, 2004).


4. Denial of services: A hacker can simply send a large no. of request to the system and after an upper limit system is not able to manage all these requests and it stops immediately the services it’s provided.


5. Data Diddling: The data diddler is likely the worst sort, since the fact of a break-in might not be immediately obvious. An intruder is not looking to get your confidential data. In this kind of attack he simply changes the content of data. Maybe he’s changing the account numbers for the auto-deposit of certain paychecks. In any case, rare is the case when you’ll come in to work one day, and simply know that something is wrong (Forouzan, 2003).


6. Data Destruction: Some of those perpetrate attacks are simply twisted jerks who like to delete things. In these cases, the impact on your computing capability — and consequently your business — can be nothing less than if a fire or other disaster caused your computing equipment to be completely destroyed (Jawadekar, 2004).


Security features provided by IPsec


1. Authentication: A digital signature is used to verify the identity of the sender of the information. IPSec can use Kerberos, a preshared key, or digital certificates for authentication.


2. Data integrity: A hash algoritham is used to ensure that data is not tampered with. A checksum called a hash message authentication code (HMAC) is calculated for the data of the packet (Stallings, 2006).


3. Data privacy: Encryption algorithms are utilized to ensure that data being transmitted is undecipherable.


4. Anti-replay: Prevents an attacker from resending packets in an attempt to gain access to the private network.


5. Nonrepudiation: Public key digital signatures are used to prove message origin.


6. Dynamic rekeying: Keys can be created during data sending to protect segments of the communication with different keys.


7. Key generation: The Diffie-Hellman key agreement algorithm is used to enable two computers to exchange a shared encryption key.


8. IP Packet filtering: The packet filtering capability of IPSec can be used to filter and block specific types of traffic, based on either of the following elements or on a combination of them:


Ø IP addresses

Ø Protocols

Ø Ports

Scalability Issues

IPSec requires that tunnels be set up between sites or clients and gateways before data can be sent. The number of users or sites the IPSec VPN service can scale to depends on how many of these tunnels the gateway can support. The maximum number of tunnels supported, or tunnel capacity, is a crucial metric vendors use to differentiate their products from the competition (Ezziyyani et al., 2006). A related, but often-overlooked metric, is tunnel setup rate, or the number of tunnels per second a device can establish. Tunnel capacity and setup rate are particularly important for large carrier-grade IPSec gateways with many sites or users.


Limitation of IPSec


IPSec general limitations are as follows:


Ø IPSec is susceptible to replay attacks. Due to limitations of ISAKMP, Neils and Schneier have suggested that it is likely that IPSec is also susceptible to man-in-the-middle attacks.


Ø Security for multiple destination addresses (i.e. broadcast, subnet broadcast, multicast, and anycast addresses) is not supported. Because security agreement that is needed for communication can be established between two devices only.


Ø IPSec is used in transport mode, a hacker could potentially intercept a packet, change the fragmentation field introducing malicious data, and then insert the packet back into the data stream. In IPv6, intermediate routers are not supposed to allow packet fragmentation (Mitchell, 2008).


Ø IPSec systems cannot act as IPSec gateways (IP packets to be forwarded cannot be encrypted or authenticated).


Ø If an IPSec system crashes then the SA between two devices will fail the peer IPSec system(s) will not be able to use any existing ISAKMP and IPSec SAs to initiate communication with the rebooted IPSec system.


If the IPSec SA(s) are configured to be “Shared” (host-based), the peer system will not be able to initiate any communication with the re-booted system that would use the same IPSec SAs until the existing IPSec SAs expire (Stallings, 2006).


If the IPSec SA(s) are configured to be “Exclusive” (session-based), then the peer system will be able to initiate IPSec encrypted or authenticated communication with the rebooted system only if the ISAKMP SA(s) are configured to use PFS (Perfect Forward Secrecy) until the ISAKMP SA expires.


A user cannot selectively encrypt or authenticate services that use dynamic ports, such as NFS (Network File System) mounted, NFS locked, NIS (Network Information Service).


Interated tunneling is not supported because key exchange can be done between two communicating parties at one time.


Benefits of IPSec


Ø In a firewall/router IPSec provides strong security to all traffic crossing the perimeter (Personal Firewalls, 2006).

Ø IPSec is working in internet layer which is below transport layer, hence transparent to applications

Ø IPSec can be transparent to end users

Ø IPSec can provide security for individual users if desired

Ø Additionally in routing applications:

o Assure that router advertisements come from authorized routers

o neighbor advertisements come from authorized routers

o insure redirect messages come from the router to which initial packet was sent

o insure no forging of router updates

Best Practice for Configuration and management of IPSec

1. Establish an IPSec deployment plan:

First of all a deployment plan should be made which consist your security requirements ,which physical link you want to secure and also shows that How all the security policies should be implemented (Understanding IPsec, 2008). The deployment plan should focus on these points -:


a. Assessing the risks related to the security issues.


b. Defining security policies that use your risk management criteria and protect the identified information.


c. Ensuring that management and technology requirements are in place.All these policies is then tested in an realistic environment to make sure whether they are working according to our plan or not.


2. Policy configuration:


3. Do not use preshared keys: According to experts preshared key authentication is a comparatively weak method for authentication purpose. So Kerberos should be use for authentication purpose (Jawadekar, 2004).


4. for computers connected to the Internet, do not send the name of the certification authority (CA) with certificate request


When certificate authentication is used to establish trust between IPSec peers, each IPSec peer sends to the other peer a list of trusted root CAs from which it accepts a certificate for authentication. Each of these CA names is sent as a certificate request payload (CRP), and it must be sent before trust is established. Although transmitting this list aids in connectivity by facilitating the selection of a CA, it can expose sensitive information about the trust relationships of a computer, such as the name of the company that owns the computer and the domain membership of the computer (if an internal public key infrastructure is being used), to an attacker (Ezziyyani et al., 2006). Therefore, to secure computers that are connected to the Internet, enable the option to exclude the CA name from the certificate request.




On the basis of above discussion, it can be concluded that Internet Protocol security is in a good state. Understating the relationship between the users of the Internet security, the needs of the users and methodologies used to present data will help the business ventures effectively plan and implement the techniques of Internet security (Mitchell, 2008). According to this paper, there is a sufficient growth of the Internet Protocol Security according to the growth of the incidents of threats.