CISA Made Easy

                                           - easy CISA preparation

Wednesday, November 19, 2008

IP Security & Authentication Header (AH)

IP Security (IPSec) is a super set of protocols which to large extent ensure security of Internet Protocol (IP). Beside Internet Key Exchange (IKE) two other important protocol supported by IPSec are

1. Authentication Header (AH)
2. Encapsulating Security Payload (ESP)


This article intends to briefly discuss about Authentication Header (AH) part of IPSec. IKE and ESP will be discussed seperately.


Role and benefits of Authentication Header (AH)

Following are the functions/benefits of Authentication Header (AH):

1. Connectionless integrity protection
2. Datagram Authentication
3. Replay attack Protection


Architecture of Authentication Header:

Following diagram will explain the architecture of AH:





By the above diagram it is obvious that AH fits itself into datagram and with the help of Integrity check value (ICV) datagram integrity is ensured.Sequence number of AH provides protection against replay attack with the help of sliding window.



Implementation of Authentication Header (AH)
Authentication Header (AH) can be implemented in following ways:

1. Single implementation of AH
2. Implementation along with Encapsulating Security Payload (ESP)
3. In tunnel mode

Readers who visited this post also read :

2 comments:

May I ask a question about IPsec?
Which of the following VPN methods will transmit data across the local network in plain text
without encryption?
A. Secure Sockets Layer (SSL)
B. IPsec
C. Transport Layer Security (TLS)
D. Layer 2 Tunneling Protocol (L2TP)
The book answer is B, but why? IPsec does provide the encryption, dosen't it?

Reply to this has been posted at:




http://passcisa.blogspot.com/2008/12/ipsec-encryption.html

Thanks for your query

 

Home | | | | |

CISA made Easy - Easy CISA Preparation