Cyber and Network Security

UNIT-V

Network Access Control and Cloud Security: PDF

Transport Level Security:

Transport Layer Securities (TLS) are designed to provide security at the transport layer. TLS was
derived from a security protocol called Secure Socket Layer (SSL). TLS ensures that no third party
may eavesdrop or tampers with any message.
There are several benefits of TLS:
 Encryption:
TLS/SSL can help to secure transmitted data using encryption.
 Interoperability:
TLS/SSL works with most web browsers, including Microsoft Internet Explorer and on most
operating systems and web servers.
 Algorithm flexibility:
TLS/SSL provides operations for authentication mechanism, encryption algorithms and hashing
algorithm that are used during the secure session.
 Ease of Deployment:
Many applications TLS/SSL temporarily on a windows server 2003 operating systems.
 Ease of Use:
Because we implement TLS/SSL beneath the application layer, most of its operations are
completely invisible to client.

Working of TLS:

The client connect to server (using TCP), the client will be something. The client sends number of
specification:
1. Version of SSL/TLS.
2. which cipher suites, compression method it wants to use.

The server checks what the highest SSL/TLS version is that is supported by them both, picks a cipher
suite from one of the clients option (if it supports one) and optionally picks a compression method.
After this the basic setup is done, the server provides its certificate. This certificate must be trusted
either by the client itself or a party that the client trusts. Having verified the certifi cate and being
certain this server really is who he claims to be (and not a man in the middle), a key is exchanged.
This can be a public key, ―PreMasterSecret‖ or simply nothing depending upon cipher suite.
Both the server and client can now compute the key for symmetric encryption. The handshake is
finished and the two hosts can communicate securely. To close a connection by finishing. TCP
connection both sides will know the connection was improperly terminated. The connection cannot be
compromised by this through, merely interrupted.

Wireless Network Security:

BTIT 603 Page 1

 Cyber and Network Security

Wireless security is in essence, the prevention of unwanted users from accessing a particular wireless
network. More so, wireless security, also known as Wi-Fi security, aims to ensure that your data
remains only accessible to users you authorize.
How Does Wireless Security Work?
Wireless Security Protocols such as Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access
(WPA) is the authentication security protocols created by the Wireless Alliance used to ensure
wireless security. There are four wireless security protocols currently available.

 Wired Equivalent Privacy (WEP)

 Wi-Fi Protected Access (WPA)
 Wi-Fi Protected Access 2 (WPA 2)
 Wi-Fi Protected Access 3 (WPA 3)

WIRED EQUIVALENT PRIVACY (WEP)

Wired Equivalent Privacy (WEP) is the first security protocol ever put in practice. Designed in 1997,
it has become obsolete but is still used in modern times with older devices.

WEP uses a data encryption scheme that is based on a combination of user- and system-generated key
values. However, it is widely known that WEP is the least secure network type as hackers have
developed tactics of reverse-engineering and cracking the encryption system.

WI-FI PROTECTED ACCESS (WPA)

Wi-Fi Protected Access (WPA) was developed to deal with the flaws that were found with the WEP
protocol. WPA offers features such as the Temporal Key Integrity Protocol (TKIP) which was a
dynamic 128-bit key that was harder to break into than WEP’s static, unchanging key.

It also introduced the Message Integrity Check, which scanned for any altered packets sent by
hackers, the Temporal Key Integrity Protocol (TKIP), and the pre-shared key (PSK), among others,
for encryption.

WI-FI PROTECTED ACCESS 2 (WPA2)

In 2004, WPA2 brought significant changes and more features to the wireless security gambit. WPA2
replaced TKIP with the Counter Mode Cipher Block Chaining Message Authentication Code Protocol
(CCMP) which is a far superior encryption tool.

WPA2 has been the industry standard since its inception, on March 13, 2006, the Wi-Fi Alliance
stated that all future devices with the Wi-Fi trademark had to use WPA2.

BTIT 603 Page 2

 Cyber and Network Security

WPA2-PSK
WPA2-PSK (Pre-Shared Key) requires a single password to get on the wireless network. It’s generally
accepted that a single password to access Wi-Fi is safe but only as much as you trust those using it. A
major vulnerability comes from the potential damage done when login credentials get placed in the
wrong hands. That is why this protocol is most often used for a residential or open Wi-Fi network.

To encrypt a network with WPA2-PSK you provide your router not with an encryption key, but rather
with a plain-English passphrase between 8 and 63 characters long. Using CCMP, that passphrase,
along with the network SSID, is used to generate unique encryption keys for each wireless client. And
those encryption keys are constantly changed. Although WEP also supports passphrases, it does so
only as a way to more easily create static keys, which are usually composed of the hex characters 0 -9
and A-F.

WPA2-Enterprise
WPA2-Enterprise requires a RADIUS server, which handles the task of authenticating network user’s
access. The actual authentication process is based on the 802.1X policy and comes in several different
systems labeled EAP.

There are just a few components that are needed to make WPA2-Enterprise work. Realistically, if you
already have access points and some spare server space, you possess all the hardware needed to make
it happen.

Because each device is authenticated before it connects, a personal, encrypted tunnel is effectively
created between the device and the network. The security benefits of a properly configured WPA2 -
Enterprise grant a near-impenetrable network. This protocol is most often used by businesses and
governments due to its heightened security measures.

SecureW2 is an industry leader in WPA2-Enterprise security solutions – everything from certificate-

based authentication to device on boarding.

BTIT 603 Page 3

 Cyber and Network Security

WI-FI PROTECTED ACCESS 3 (WPA3)

WP3 is introducing the first major changes to wireless security in 14 years. Some notable additions
for the security protocol are:

Greater protection for passwords

Individualized encryption for personal and open networks
More security for enterprise networks.

WPA3-PSK

To improve the effectiveness of PSK updates to WPA3-PSK offer greater protection by improving the
authentication process.

A strategy to do this uses Simultaneous Authentication of Equals (SAE) to make brute-force

dictionary attacks far more difficult for a hacker. This protocol requires interaction from the user on
each authentication attempt, causing a significant slowdown for those attempting to brute-force
through the authentication process.

WPA3-Enterprise
WPA3-Enterprise offers some added benefits but overall little changes in terms of security with the
jump from WPA2-Enterprise.

A significant improvement that WPA3-Enterprise offers is a requirement for server certificate

validation to be configured to confirm the identity of the server to which the device is connecting.
However, due to the lack of major improvements, it’s not likely to be a quick transition to WPA3.
WPA2 became a standard in 2004, and even today organizations have a difficult time supporting it on
their network. That’s why we came up with a solution that provides everything you need for 802.1x.

What are the Main Threats to Wi-Fi Security?

As the internet is becoming more accessible, via mobile devices and gadgets, data security is
becoming a top concern from the public, as it should be. Data breaches and security malfunctions can
cost individuals and businesses thousands of dollars.

It is important to know the threats that are most prevalent in order to be able to implement the proper
security measures.

MAN-IN-THE-MIDDLE ATTACKS

A man-in-the-middle (MITM) attack is an incredibly dangerous type of cyber-attack that involves a

hacker infiltrating a private network by impersonating a rogue access point and acquiring login
credentials.

BTIT 603 Page 4

 Cyber and Network Security

The attacker sets up hardware pretending to be a trusted network, namely Wi-Fi, in order to trick
unsuspecting victims into connecting to it and sending over their credentials. MITM attacks can
happen anywhere, as devices connect to the network with the strongest signal, and will connect to any
SSID name they remember.

CRACKING AND DECRYPTING PASSWORDS

Cracking and decrypting passwords is an old method that consists of what is known as ―A brute force
attack.‖ This attack consists of using a trial and error approach and hoping to eventually guess
correctly. However, there are many tools that hackers can use to expedite the process.

Luckily, you can use these same tools to try and test your own network’s security. Software like John
the Ripper, Nessus, and Hydra are a good place to start.

PACKET SNIFFERS

Packet sniffers are computer programs that can monitor traffic on a wireless network. They can also
intercept some data packages and provide a user with their contents. They can be used to harmlessly
gather data about traffic, but in the wrong hands can introduce errors and break down a network.

What are the risks to your wireless network?

Whether it’s a home or business network, the risks to an unsecured wireless network are the same.
Some of the risks include:
Piggybacking
If you fail to secure your wireless network, anyone with a wireless-enabled computer in range of your
access point can use your connection. The typical indoor broadcast range of an access point is 150–
300 feet. Outdoors, this range may extend as far as 1,000 feet. So, if your neighbourhood is closely
settled, or if you live in an apartment or condominium, failure to secure your wireless network could
open your internet connection to many unintended users. These users may be able to conduct illegal
activity, monitor and capture your web traffic, or steal personal files.
Wardriving
War driving is a specific kind of piggybacking. The broadcast range of a wireless access point can
make internet connections available outside your home, even as far away as your street. Savvy
computer users know this, and some have made a hobby out of driving through cities and
neighbourhoods with a wireless-equipped computer—sometimes with a powerful antenna—searching
for unsecured wireless networks. This practice is known as ―wardriving.‖
Evil Twin Attacks
In an evil twin attack, an adversary gathers information about a public network access point, then sets
up their system to impersonate it. The adversary uses a broadcast signal stronger than the one
generated by the legitimate access point; then, unsuspecting users connect using the stronger signal.
Because the victim is connecting to the internet through the attacker’s system, it’s easy for the
attacker to use specialized tools to read any data the victim sends over the internet. This data may
BTIT 603 Page 5
 Cyber and Network Security

include credit card numbers, username and password combinations, and other personal information.
Always confirm the name and password of a public Wi-Fi hotspot prior to use. This will ensure you
are connecting to a trusted access point.
Wireless Sniffing
Many public access points are not secured and the traffic they carry is not encrypted. This can put
your sensitive communications or transactions at risk. Because your connection is being transmitted
―in the clear,‖ malicious actors could use sniffing tools to obtain sensitive information such as
passwords or credit card numbers. Ensure that all the access points you connect to use at least WPA2
encryption.
Unauthorized Computer Access
An unsecured public wireless network combined with unsecured file sharing could allow a malicious
user to access any directories and files you have unintentionally made available for sharing. Ensure
that when you connect your devices to public networks, you deny sharing files and folders. Only
allow sharing on recognized home networks and only while it is necessary to share items. When not
needed, ensure that file sharing is disabled. This will help prevent an unknown attacker from
accessing your device’s files.
Shoulder Surfing
In public areas malicious actors can simply glance over your shoulder as you type. By simply
watching you, they can steal sensitive or personal information. Screen protectors that prevent
shoulder-surfers from seeing your device screen can be purchased for little money. For smaller
devices, such as phones, be cognizant of your surroundings while viewing sensitive information or
entering passwords.
Theft of Mobile Devices
Not all attackers rely on gaining access to your data via wireless means. By physically stealing your
device, attackers could have unrestricted access to all of its data, as well as any connected cloud
accounts. Taking measures to protect your devices from loss or theft is important, but should the worst
happen, a little preparation may protect the data inside. Most mobile devices, including laptop
computers, now have the ability to fully encrypt their stored data—making devices useless to
attackers who cannot provide the proper password or personal identification number (PIN). In
addition to encrypting device content, it is also advisable to configure your device’s applications to
request login information before allowing access to any cloud-based information. Last, individually
encrypt or password-protect files that contain personal or sensitive information. This will afford yet
another layer of protection in the event an attacker is able to gain access to your device.

What can you do to minimize the risks to your wireless network?

 Change default passwords. Most network devices, including wireless access points, are pre-
configured with default administrator passwords to simplify setup. These default passwords
are easily available to obtain online, and so provide only marginal protection. Changing
default passwords makes it harder for attackers to access a device. Use and periodic changing
of complex passwords is your first line of defense in protecting your device. (See Choosing
and Protecting Passwords.)

BTIT 603 Page 6

 Cyber and Network Security

 Restrict access. Only allow authorized users to access your network. Each piece of hardware
connected to a network has a media access control (MAC) address. You can restrict access to
your network by filtering these MAC addresses. Consult your user documentation for specific
information about enabling these features. You can also utilize the ―guest‖ account, which is a
widely used feature on many wireless routers. This feature allows you to grant wireless access
to guests on a separate wireless channel with a separate password, while maintaining the
privacy of your primary credentials.
 Encrypt the data on your network. Encrypting your wireless data prevents anyone who
might be able to access your network from viewing it. There are several encryption protocols
available to provide this protection. Wi-Fi Protected Access (WPA), WPA2, and WPA3
encrypt information being transmitted between wireless routers and wireless devices. WPA3 is
currently the strongest encryption. WPA and WPA2 are still available; however, it is advisable
to use equipment that specifically supports WPA3, as using the other protocols could leave
your network open to exploitation.
 Protect your Service Set Identifier (SSID). To prevent outsiders from easily accessing your
network, avoid publicizing your SSID. All Wi-Fi routers allow users to protect their device’s
SSID, which makes it more difficult for attackers to find a network. At the very least, change
your SSID to something unique. Leaving it as the manufacturer’s default could allow a
potential attacker to identify the type of router and possibly exploit any known vulnerabilities.
 Install a firewall. Consider installing a firewall directly on your wireless devices (a host-
based firewall), as well as on your home network (a router- or modem-based firewall).
Attackers who can directly tap into your wireless network may be able to circumvent your
network firewall—a host-based firewall will add a layer of protection to the data on your
computer (see Understanding Firewalls for Home and Small Office Use).
 Maintain antivirus software. Install antivirus software and keep your virus definitions up to
date. Many antivirus programs also have additional features that detect or protect against
spyware and adware (see Protecting Against Malicious Code and What is Cybersecurity?).
 Use file sharing with caution. File sharing between devices should be disabled when not
needed. You should always choose to only allow file sharing over home or work networks,
never on public networks. You may want to consider creating a dedicated directory for file
sharing and restrict access to all other directories. In addition, you should password protect
anything you share. Never open an entire hard drive for file sharing (see Choosing and
Protecting Passwords).
 Keep your access point software patched and up to date. The manufacturer of your wireless
access point will periodically release updates to and patches for a device’s software and
firmware. Be sure to check the manufacturer’s website regularly for any updates or patches for
your device.
 Check your internet provider’s or router manufacturer’s wireless security options. Your
internet service provider and router manufacturer may provide information or resources to
assist in securing your wireless network. Check the customer support area of their websites for
specific suggestions or instructions.
 Connect using a Virtual Private Network (VPN). Many companies and organizations have a
VPN. VPNs allow employees to connect securely to their network when away from the office.
VPNs encrypt connections at the sending and receiving ends and keep out traffic that is not
properly encrypted. If a VPN is available to you, make sure you log onto it any time you need
to use a public wireless access point.

BTIT 603 Page 7

 Cyber and Network Security

The importance of wireless network security cannot be understated. With the proliferation of mobile
devices and the popularity of public Wi-Fi hotspots, the potential for data breaches and other cyber
security threats has increased exponentially.
1. Enabling Two-Factor Authentication (2FA)
Two-factor authentication adds an extra layer of security to the login process. It requires users to enter
a username and password, as well as a code that is generated by an authenticator app. This makes it
more difficult for someone to gain unauthorized access to the network.

To enable two-factor authentication, access the wireless router's configuration page and enable the
feature. Be sure to download an authenticator app such as Google Authenticator or Authy and have it
available when logging in.

You can also consider using password less authentication like cloud radius for even more robust
protection. This is an important best practice because if someone does manage to get a hold of your
password, they'll be able to access your network. By using a cloud-based solution, you can be sure
that only authorized users will be able to access your network.

2. Using a Strong Password

Using a strong password is one of the most important best practices for wireless network security. A
strong password is at least eight characters long and includes a mix of upper- and lower-case letters,
numbers, and symbols. Passwords should be changed regularly to ensure that they remain secure.

3. Encrypting Data

Encrypting data is another important best practice for wireless network security. Data encryption
scrambles data so that it can only be decrypted and read by authorized users. This helps to protect
sensitive information from being accessed by unauthorized individuals.

Encryption can be implemented in a number of ways, including through the use of encryption
software, hardware, or services. Make sure that employees are aware of the importance of encrypting
sensitive data and that they know how to properly encrypt files.

4. Disabling SSID Broadcast

Disabling SSID broadcast is another best practice for wireless network security. When SSID
broadcast is enabled, it allows anyone within range of the wireless network to see the network's name.
You can disable SSID broadcast by accessing the wireless router's configuration page and disabling
the SSID broadcast feature.

The goal is to make it more difficult for unauthorized individuals to connect to the network. The SSID
can still be seen if someone is within range of the network and uses a wireless network scanner, but it
will not be as easily accessible.

BTIT 603 Page 8

 Cyber and Network Security

5. Using MAC Filtering

Using MAC filtering is another best practice for wireless network security. MAC addresses are unique
identifiers assigned to devices that connect to a network.

By allowing only devices with specific MAC addresses to connect to the network, you can help to
prevent unauthorized access. MAC filtering can be implemented by accessing the wireless router's
configuration page and adding the MAC addresses of devices that are allowed to connect to the
network.

6. Enabling WPA3 Security

Enabling WPA3 security is another best practice for wireless network security. WPA3 is the most
recent and most secure wireless security protocol. It provides stronger protection than WPA2 and
should be used whenever possible.
When shopping around for a router, make sure to look for ones that support this most recent security
protocol. Earlier protocols were easier to compromise, so it is important to make sure that WPA3 is
enabled.

7. Using A VPN
Using a VPN is another best practice for wireless network security. A VPN encrypts all traffic
between a device and the VPN server, making it more difficult for someone to eavesdrop on the
connection. This is especially important when using public Wi-Fi networks, as they are often less
secure than private ones. Be sure to only use VPNs from trusted providers and make sure that
employees are aware of the importance of using a VPN when working remotely.

8. Disabling Remote Administration

Disabling remote administration is another best practice for wireless network security. When remote
administration is enabled, it allows anyone with the proper credentials to access the router's
configuration page and make changes to the network. This can be a security risk, as it allows
unauthorized individuals to potentially gain access to the network. To disable remote administration,
access the wireless router's configuration page and disable the feature. This will help to prevent
unauthorized access to the network.

9. Changing the Default Password

Changing the default password is another best practice for wireless network security. Many routers
come with a default password that is easy to guess. This can be a security risk, as it allows
unauthorized individuals to potentially gain access to the network.

To change the default password, access the wireless router's configuration page and change the
password to something that is more difficult to guess. Be sure to choose a strong password that is at
least 8 characters long and includes a mix of upper and lowercase letters, numbers, and symbols.

10. Using a Firewall

BTIT 603 Page 9

 Cyber and Network Security

Using a firewall is another best practice for wireless network security. A firewall helps to protect the
network by blocking incoming traffic that is not authorized. This can be especially important in
preventing attacks from malware and other malicious software.

To use a firewall, access the wireless router's configuration page and enable the feature. There are
typically two types of firewalls: network-based and host-based. Network-based firewalls are typically
used in business environments, while host-based firewalls can be used on individual devices.

11. Disabling UPnP

Universal Plug and Play (UPnP) is a protocol that allows devices to automatically discover and
connect to each other. This can be a security risk, as it allows unauthorized devices to potentially gain
access to the network. To disable UPnP, access the wireless router's configuration page and disable
the feature. You can also disable UPnP on individual devices by accessing the settings menu.

12. Disabling Unnecessary Services

You often find that routers come with a number of unnecessary services enabled. These can be a
security risk, as they can provide potential attackers with information about the network. To disable
unnecessary services, access the wireless router's configuration page and disable any services that are
not needed. This will help to reduce the attack surface of the network. Common unnecessary services
include things like telnet, SSH, and HTTP.

Electronic Mail Security:

Email security includes the techniques and technologies used to protect email accounts and
communications. Email, which is an organization’s largest attack surface, is the primary target of
phishing attacks and can be used to spread malware.

Email is a critical component of organizational communication because it enables users to

communicate quickly, easily, and with a variety of devices. Further, email can be used to send a
number of different types of media, and communications can be tracked, stored, and organized
according to attributes such as time and date stamps and size.

Email security is important because email contains sensitive information, is used by everyone in the
organization, and is therefore one of a company’s largest targets for attacks. The shift to cloud -based
email like Gmail and others comes with several benefits, but cloud-based email has become a
tempting attack surface for cyber criminals.
How Secure Is Email?

Email is a top threat vector because it is a ubiquitous tool that everyone in an organization uses. It is
in an open format that can be read on any device without decryption once it is intercepted.

BTIT 603 Page 10

 Cyber and Network Security

An email does not go straight to the recipient. Rather, it travels between networks and servers, some
vulnerable and unsecured, before landing in an inbox. Even though an individual’s computer may be
secure from an attacker, the network or server the email has to travel through may have been
compromised.

Also, cyber criminals can easily impersonate a sender or manipulate email content in the form of body
copy, attachments, Uniform Resource Locators (URLs), or a sender’s email address. This is fairly
straightforward for a hacker attacking an unsecured system because each email has fields that contain
metadata detailing information about the email, who it came from, where it is headed, etc. A hacker
only needs to access this metadata and change it, and it will look like the email came from someone or
someplace it did not.
Types of Email Attacks

Cyber criminals use many different tactics to hack email, and some methods can cause considerable
damage to an organization’s data and/or reputation. Malware, which is malicious software used to
harm or manipulate a device or its data, can be placed on a computer using each of the following
attacks.
Phishing

A phishing attack targets users by sending them a text, direct message, or email. The attacker pretends
to be a trusted individual or institution and then uses their relationship with the target to steal sensitive
data like account numbers, credit card details, or login information.

Phishing comes in several forms, such as spear phishing, regular phishing, and whaling. Spear
phishing targets a particular person, while a whaler targets someone high up in the organization by
pretending to be someone they trust.
Spam

A phishing attack targets users by sending them a text, direct message, or email. The attacker pretends
to be a trusted individual or institution and then uses their relationship with the target to steal sensitive
data like account numbers, credit card details, or login information.

Phishing comes in several forms, such as spear phishing, regular phishing, and whaling. Spear
phishing targets a particular person, while a whaler targets someone high up in the organization by
pretending to be someone they trust.
Spoofing

Spoofing is a dangerous email threat because it involves fooling the recipient into thinking the email
is coming from someone other than the apparent sender. This makes spoofing an effective business
email compromise (BEC) tool. The email platform cannot tell a faked email from a real one because it
merely reads the metadata—the same data the attacker has changed.

This makes the impersonation of a person the victim either knows or respects relatively easy for an
attacker.
Email Security Best Practices

BTIT 603 Page 11

 Cyber and Network Security

Email is a primary weapon for spreading ransomware, an advanced threat that can affect multiple
endpoints as well as steal sensitive data. Therefore, an email protection plan needs to include the
following best practices to protect email traffic in real time.

1. Spam filter: A spam filter can detect spam and keep it from either hitting your inbox or file it
as junk mail.
2. Email encryption: Email encryption can disguise corporate email by changing
communications into a garbled arrangement of letters, numbers, and symbols that someone who
intercepts it cannot read.
3. Antivirus protection: Antivirus protection screens emails and attachments for viruses,
providing the user with warnings if anything suspicious is detected.
4. Secure email gateway (SEG): An SEG filters out potentially dangerous emails according to
the settings of an IT administrator.
5. Multi-factor authentication (MFA): MFA is a key data loss protection and anti-hacking tool
because it requires a user to provide more than one authentication factor to prove they should be
granted access to a system.
6. Employee education: Employees can be educated to recognize social engineering, phishing,
and other types of attacks that are typically executed using email.

IP Security:

The IP security (IPSec) is an Internet Engineering Task Force (IETF) standard suite of protocols
between 2 communication points across the IP network that provide data authentication, integrity, and
confidentiality. It also defines the encrypted, decrypted and authenticated packets. The protocols
needed for secure key exchange and key management are defined in it.

Uses of IP Security –

IPsec can be used to do the following things:

 To encrypt application layer data.
 To provide security for routers sending routing data across the public internet.
 To provide authentication without encryption, like to authenticate that the data originates from a
known sender.
 To protect network data by setting up circuits using IPsec tunnelling in which all data is being sent
between the two endpoints is encrypted, as with a Virtual Private Network (VPN) connection.
Components of IP Security –
It has the following components:
1. Encapsulating Security Payload (ESP) –

It provides data integrity, encryption, authentication and anti-replay. It also provides

authentication for payload.
2. Authentication Header (AH) –

It also provides data integrity, authentication and anti-replay and it does not provide encryption.
The anti-replay protection protects against unauthorized transmission of packets. It does not
protect data’s confidentiality.

BTIT 603 Page 12

 Cyber and Network Security

3. Internet Key Exchange (IKE) –

It is a network security protocol designed to dynamically exchange encryption keys and find a way
over Security Association (SA) between 2 devices. The Security Association (SA) establishes shared
security attributes between 2 network entities to support secure communication. The Key
Management Protocol (ISAKMP) and Internet Security Association which provides a framework for
authentication and key exchange. ISAKMP tells how the set-up of the Security Associations (SAs)
and how direct connections between two hosts that are using IPsec.

Internet Key Exchange (IKE) provides message content protection and also an open frame for
implementing standard algorithms such as SHA and MD5. The algorithm’s IP sec user produces a
unique identifier for each packet. This identifier then allows a device to determine whether a packet
has been correct or not. Packets which are not authorized are discarded and not given to receiver.

Working of IP Security –
1. The host checks if the packet should be transmitted using IPsec or not. These packet traffic
triggers the security policy for them. This is done when the system sending the packet apply an
appropriate encryption. The incoming packets are also checked by the host that they are encrypted
properly or not.
2. Then the IKE Phase 1 starts in which the 2 hosts (using IPsec) authenticate themselves to each
other to start a secure channel. It has 2 modes. The Main mode which provides the greater security
and the Aggressive mode which enables the host to establish an IPsec circuit more quickly.
3. The channel created in the last step is then used to securely negotiate the way the IP circuit
will encrypt data across the IP circuit.

BTIT 603 Page 13

 Cyber and Network Security

4. Now, the IKE Phase 2 is conducted over the secure channel in which the two hosts negotiate
the type of cryptographic algorithms to use on the session and agreeing on secret keying material to be
used with those algorithms.
5. Then the data is exchanged across the newly created IPsec encrypted tunnel. These packets are
encrypted and decrypted by the hosts using IPsec SAs.
6. When the communication between the hosts is completed or the session times out then the
IPsec tunnel is terminated by discarding the keys by both the hosts.

BTIT 603 Page 14