No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE20E-S2 V800R010C10SPC500 Configuration Guide - Security 01

This is NE20E-S2 V800R010C10SPC500 Configuration Guide - Security
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Overview of IPsec

Overview of IPsec

Based on protocol packet encryption and authentication at the IP layer, Internet Protocol Security (IPsec) ensures the integrity, authenticity, and confidentiality of protocol packets transmitted over networks.

IPSec is an open network-layer framework protocol designed by Internet Engineering Task Force (IETF). It is not a single protocol, but a collection of protocols and services that provide security for IP networks, including security protocols such as Authentication Header (AH) and Encapsulating Security Payload (ESP), Internet Key Exchange (IKE), and certain algorithms used for authentication and encryption.

Before IPv4 was introduced, the Internet scale is small, and Internet security is ensured by physical isolation. Because explosive growth of the Internet was beyond expectation, IPv4 security protection means were not considered during IPv4 design and development.

Because IP does not provide any security, IP addresses are easily forged, contents in IP packets can be tampered with, and packets can be replayed or intercepted in transit. Therefore, the security of the received IP packets cannot be ensured. Application-layer methods resolve the problem, but are effective only on specific applications. Therefore, there is an urgent need in protocols that provide security services on the IP layer. The IPSec technology resolves this problem.

IPSec provides following security services for IP packets mainly through encryption and authentication:
  • User data encryption

    IPSec encrypts user data to ensure data confidentiality.

  • Data integrity authentication

    IPSec ensures that the data is not tampered during transmission using data integrity authentication.

  • Data origin authentication

    IPSec authenticates data origins to ensure that data comes from real senders.

  • Anti-replay

    IPSec prevents malicious users from sending captured packets, that is, the receiver discards duplicate packets.

IPsec has the following advantages:
  • All IP-capable applications and services can use IPsec without being modified.
  • Protocol packet encryption is based on individual protocol packets instead of packet flows, significantly enhancing protocol packet security and protecting against network attacks.
Translation
Download
Updated: 2019-01-02

Document ID: EDOC1100055397

Views: 19644

Downloads: 39

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next