The Encapsulating Security Payload header provides confidentiality and/or authentication and data integrity to the encapsulated payload. The ESP header also provides anti-replay protection. Note: During authentication in the ESP Header, the authentication algorithm is only applied to the data being encrypted. Therefore, the authentication algorithm does not protect the IP header fields unless those fields are encapsulated in “tunnel mode”.
In the ESP header, both the confidentiality and authentication services are optional, however, at least one of these services must be selected
The Encapsulating Security Payload Header also contains an SPI field containing the Security Parameters Index that is used to identify the Security Association. The Sequence Number field is used to provide anti-replay protection as described in the section on the Authentication Header. The encrypted data is placed in the “Payload Data” field, as seen in Figure
In the ESP header, both the confidentiality and authentication services are optional, however, at least one of these services must be selected
The Encapsulating Security Payload Header also contains an SPI field containing the Security Parameters Index that is used to identify the Security Association. The Sequence Number field is used to provide anti-replay protection as described in the section on the Authentication Header. The encrypted data is placed in the “Payload Data” field, as seen in Figure
ENCAPSULATING SECURITY PAYLOAD (ESP) HEADERThe Padding field contains any padding bytes that may be needed by the encryption algorithm. The Pad Length field contains the number of bytes in the Padding field. The Next Header Field describes the type of data contained in the Payload Data field.
The use of the ESP header, with the confidentiality service enabled, prevents use of a technique called “sniffing”. “Sniffing” is a process of getting network transmission either for the data itself or for providing valuable information, which may be used later in attacking other computers. Sniffers are one of the most common tools used by hackers.
The use of the ESP header, with the confidentiality service enabled, prevents use of a technique called “sniffing”. “Sniffing” is a process of getting network transmission either for the data itself or for providing valuable information, which may be used later in attacking other computers. Sniffers are one of the most common tools used by hackers.
No comments:
Post a Comment