| IPSec
training course contents
What is IPSec?
VPN review, IP review, fragmentation, authentication, encryption,
What is IPSec? AH, ESP. IPSec with IPv4, IPSec with IPv6.
Hands on: Simple analysis of "normal" IP packets.
IPSec architecture
The IPSec protocols, transport mode, tunnel mode, implementations:
Host tack, Bump in the Stack, Bump in the Wire. Hands on:
Configuring IPSec.
AH
What AH does, the stack, security associations, Security Parameters Index, The AH header,
AH in transport mode, AH in tunnel mode. Hands on: AH packet analysis.
ESP
What ESP does, the ESP header, ESP in transport mode, ESP in tunnel mode, ESP and SA,
ESP and SPI. Hands on: ESP packet analysis.
Algorithms
Authentication algorithms: MD5, keyed SHA-1, HMAC-MD5, HMAC-SHA-1, HMAC-RIPEMD, other
authentication algorithms. Encryption algorithms: DES, 3DES, Blowfish, AES, other
encryption algorithms. Hands on: Algorithm configuration.
IKE
Internet Key Exchange, the two phase negotiation, ISAKMP, ISAKMP header, pre shared keys, digital signatures, public key encryption, Diffie Hellman, proposals, counter proposals, nonces, identities, phase 1 negotiation: main mode, aggressive mode, base mode. Phase 2 negotiation: quick mode, new group mode. Hands on: IKE packet analysis.
More IKE
PFS, IKE and dynamic addresses, XAUTH, hybrid authentication, CRACK, ULA, PIC. User level authentication. IKE renegotiation, heartbeats. Hands on: Troubleshooting IPSec.
Security policies
PF_KEY, policy setting and enforcement, policy configuration, policy servers, policy exchange. Hands on: Policy configuration.
PKI
What is PKI?, CA, RA, VA, certificates, CA hierarchy, CRLs, certificate formats. Hands on: installing and configuring certificate servers.
Summary
IPSec strengths and weaknesses. Where to get further information.
|
