Summary
In this chapter, you learned that IPSec is a suite of protocols used to secure sessions between two or more peers. IPSec's main goal is the creation of an encrypted session between VPN gateways. To achieve this goal, IPSec uses IKE Phase 1 to create a management tunnel between VPN peers. Over this management tunnel, a second tunnel (IPSec) is created during IKE Phase 2. To provide for integrity, IPSec defines the use of hash algorithms and digital signatures. To provide for confidentiality, IPSec defines the use of symmetric key encryption algorithms. Providing secure key agreement, IPSec during IKE Phase 1 uses the services of the D-H algorithm. D-H is subject to man-in-the-middle attacks and will use authentication to mitigate this ...
Get SECUR Exam Cram™ 2 (Exam 642-501) now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
