DistributedNetworks DistributedNetworks


TCP/IP Solution  «Prev 

IPSec Protection Protocols

IPsec provides two security protocols for protecting data:
  1. Authentication Header (AH)
  2. Encapsulating Security Payload (ESP)

AH provides data integrity by using an authentication algorithm. It does not encrypt the packet. ESP typically protects the packet with an encryption algorithm and provides data integrity with an authentication algorithm. Some encryption algorithms provide both encryption and authentication, such as AES GCM. The AH protocol cannot be used with network address translation (NAT).

IPSec supports Message Digest 5 (MD5) authentication protocols. The table row above lists the IPsec authentication protocols, their key length, and the reason to select these protocols in your design.

IPSec supports the (SHA-1) Secure Hash Algorithm authentication protocols. The table row above lists the IPSec authentication protocols, their key lengths, and the reason to select these protocols in your design.

IPSec supports the Data Encryption Standard (DES) encryption algortihms. 40-bit encryption offers a medium to low level of security and can be used when working internationally.

56-bit encryption offers a hig-level of security for working internationally, while not drastically affectinger performance.

128-bit encryption should be used in North America when you want to create a high-security environment. This encryption should be used when security takes precedence over performance.

The Diffie-Hellman group is configured as part of the key exchange settings and is considered a master key. Keys generated for data proection during key exchanged are derived from the Diffie-Hellman master key material.