HP-UX Security Features - OpenMPE
HP-UX Security Features - OpenMPE
HP-UX Security Features - OpenMPE
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
IPSec: The Basics<br />
Authentication Header (AH)<br />
• Provides data/packet integrity. Also prevents address spoofing and<br />
replay attacks.<br />
• Authenticates the entire IP datagram using cryptographic hash<br />
algorithms (HMAC-SHA1 or HMAC-MD5).<br />
Encapsulating <strong>Security</strong> Payload (ESP)<br />
• Provides confidentiality via encryption. Can optionally provide the<br />
same authentication services that AH provides (also via HMAC-SHA1<br />
or HMAC-MD5).<br />
• Typical encryption algorithms: DES, 3DES, AES<br />
Modes of Operation<br />
• Transport mode: Used for end-end communication. Original IP<br />
header is not encrypted.<br />
• Tunnel mode: Used for communication with a VPN gateway. New IP<br />
header is added and entire original packet is encapsulated/encrypted.<br />
Network <strong>Security</strong> – Products and <strong>Features</strong><br />
August 26, 2004 62