IPsec
Az Internet Protocol Security (IPsec) egy protokoll csomag az Internet Protokoll (IP) alapú kommunikáció biztonságosabbá tételére a kommunikációs viszony minden egyes csomagja hitelesítésével és titkosításával.
Biztonsági architektúra
szerkesztésAz IPsec csomag egy nyílt szabvány. Az IPsec az alábbi protokollokat használja:
- Authentication Headers (AH)
- Encapsulating Security Payloads (ESP)
- Security Associations (SA)
Szoftver megvalósítás
szerkesztés- NRL IPsec, one of the original sources of IPsec code.
- OpenBSD
- "IPsec" a Juniper Operating Systems-ben
- "IPsec" a Cisco IOS Software-ben
- "IPsec" a Microsoft Windows-ban, nevezetesen a következőkben: Windows XP, Windows 2000, Windows 2003, Windows Vista, Windows Server 2008, és Windows 7
Szabványosítás állása
szerkesztésAz IPsec-et az IPv6-tal párhuzamosan fejlesztették ki. Az IPsec-nek rendelkezésre kell állnia az IPv6 minden szabványos megvalósításában.
Hivatkozások
szerkesztésTovábbi információk
szerkesztés- All IETF active security WGs
- IETF ipsecme WG ("IP Security Maintenance and Extensions" Working Group)
- IETF btns WG ("Better-Than-Nothing Security" Working Group) (chartered to work on unauthenticated IPsec, IPsec APIs, connection latching)]
- Securing Data in Transit with IPsec Archiválva 2008. október 13-i dátummal a Wayback Machine-ben WindowsSecurity.com article by Deb Shinder
- IPsec[halott link] at the Open Directory Project
- IPsec on Microsoft TechNet
- Microsoft IPsec Diagnostic Tool on Microsoft Download Center
- An Illustrated Guide to IPsec by Steve Friedl
- Security Architecture for IP (IPsec) Data Communication Lectures by Manfred Lindner Part IPsec
- Creating VPNs with IPsec and SSL/TLS Linux Journal article by Rami Rosen
Szabványok
szerkesztésAz alábbi RFC-kben foglalt szabványok vonatkoznak az IPsec-re:
- RFC 2367: PF_KEY Interface
- RFC 2401: Security Architecture for the Internet Protocol (IPsec overview) Obsolete by RFC 4301
- RFC 2403: The Use of HMAC-MD5-96 within ESP and AH
- RFC 2404: The Use of HMAC-SHA-1-96 within ESP and AH
- RFC 2405: The ESP DES-CBC Cipher Algorithm With Explicit IV
- RFC 2409: The Internet Key Exchange
- RFC 2410: The NULL Encryption Algorithm and Its Use With IPsec
- RFC 2412: The OAKLEY Key Determination Protocol
- RFC 2451: The ESP CBC-Mode Cipher Algorithms
- RFC 2857: The Use of HMAC-RIPEMD-160-96 within ESP and AH
- RFC 3526: More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)
- RFC 3706: A Traffic-Based Method of Detecting Dead Internet Key Exchange (IKE) Peers
- RFC 3715: IPsec-Network Address Translation (NAT) Compatibility Requirements
- RFC 3947: Negotiation of NAT-Traversal in the IKE
- RFC 3948: UDP Encapsulation of IPsec ESP Packets
- RFC 4106: The Use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP)
- RFC 4301: Security Architecture for the Internet Protocol
- RFC 4302: IP Authentication Header
- RFC 4303: IP Encapsulating Security Payload
- RFC 4304: Extended Sequence Number (ESN) Addendum to IPsec Domain of Interpretation (DOI) for Internet Security Association and Key Management Protocol (ISAKMP)
- RFC 4306: Internet Key Exchange (IKEv2) Protocol
- RFC 4307: Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (IKEv2)
- RFC 4308: Cryptographic Suites for IPsec
- RFC 4309: Using Advanced Encryption Standard (AES) CCM Mode with IPsec Encapsulating Security Payload (ESP)
- RFC 4478: Repeated Authentication in Internet Key Exchange (IKEv2) Protocol
- RFC 4543: The Use of Galois Message Authentication Code (GMAC) in IPsec ESP and AH
- RFC 4555: IKEv2 Mobility and Multihoming Protocol (MOBIKE)
- RFC 4621: Design of the IKEv2 Mobility and Multihoming (MOBIKE) Protocol
- RFC 4718: IKEv2 Clarifications and Implementation Guidelines
- RFC 4806: Online Certificate Status Protocol (OCSP) Extensions to IKEv2
- RFC 4809: Requirements for an IPsec Certificate Management Profile
- RFC 4835: Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH)
- RFC 4945: The Internet IP Security PKI Profile of IKEv1/ISAKMP, IKEv2, and PKIX
- RFC 6071: IPsec and IKE Document Roadmap