Encryption techniques are commonly used at all layers of the OSI reference model to ensure security of network communications.
IPsec (Internet Protocol Security) VPN is a standard defined by the IETF (Internet Engineering Task Force). IPsec is a popular framework used to secure communications over an insecure medium like the Internet at the network layer of the OSI reference model. IPsec uses a combination of various techniques to provcide the following security services:
- Peer authentication
- Data confidentiality
- Data integrity
IPsec has two methods of propagating the data across a network:
- Tunnel Mode: This IPsec mode is used in network-to-network or site-to-site scenarios. Tunnel mode encapsulates and protects the whole IP packet including the original IP header and payload. It then adds the IPsec header alongwith a new IP header as well.
- Transport Mode: This IPsec mode is used in host-to-host scenarios only. In transport mode, IPsec protects only the payload of the original IP packet by excluding the IP header and inserts the IPsec header between the original IP header and the payload. Transport mode is available only when the IPsec endpoints are themselves the source and destination of IP packets.
Both IPsec tunnel mode and transport mode can be deployed with Encapsulating Security Payload (ESP) or Authentication Header (AH) protocols.
SSL (Secure Sockets Layer) is a remote access VPN technology that provides secure connectivity from any computer through a standard web browser and its native SSL encryption.
SSL is an application layer (layer 7) cryptographic protocol that provides secure communications for web browsing, email, instant messaging, and other traffic over the Internet. By default, SSL makes use of TCP port 443.
The major advantage of SSL VPN is that it does not require a special client software to be installed on the system. SSL uses the native SSL encryption of a web browser enabling a user to connect from any computer, whether it is an official desktop or a personal laptop, tablet or smartphone.
The Cisco Remote Access VPN solutions offer both IPsec VPN and SSL VPN technologies on a single platform such as Cisco Integrated Services Routers (ISRs).
It was an introductory chapter that attempted to provide you a glimpse into the exciting world of network security. We started the chapter by talking about the CIA triad and how it can be used as a model to secure data and systems.
We also considered what information security threats are faced by enterprises today and what a typical secured enterprise looks like at a high level. We considered some layer 2 security techniques moving on to discusss a few examples of securing the managment and data planes.
IPsec and SSL were briefly touched though these topics would be covered in greater detail in a later chapter.