up

2020-02-19 - getting started with ipSec

An adversary can attack three things in a secure system:

• The crypto-scheme itself, the primitives (note: not the implementation).
  • for example, AES-256
  • This is very hard
• Protocols and policies
  • for example, HTTP
  • This is hard
• Implementation
  • for example, Apache

IPSec

Two Protocols

• AH
  • Authentication Header
  • for authenticating
  • secures Src/Dst IP, Incompatible with NAT
• ESP
  • Encrypts and authenticates

Two Modes

• Transport
• Tunnel