IPSec doubt

I was learning about IPSec and I'm pretty sure that I haven't understand the right thing , I'll write here what I understand , and please that experienced user's will explain me if I'm wrong , were I'm wrong.

I understand that IPSec is a whole of protocol's ( autentification , encryption , filter's and a lot more ) , use for sending secure trafic from one host to another over the network.
I mean I believe , IPSec is a method / group's of protocols mean to provide secure trafic over the netowrk.
There are some kind of filter's , per example , those filter's may say , that from computer 1 to computer 2 { when computer 1 telnet to computer 2 } telnet trafic should be send secure , no ? and in the filter list will be this line meaning computer 1 should transmit secure telnet trafic to computer 2 for some kind of administrative right's.Computer 2 will have a filter line meaning that it should accept secure trafic and { permit secure trafic , telent trafic from computer 1}.
IPSec will make some kind of negotiation , for both computer's to see what and how , and the send secure envrypted trafic from one and another , this trafic can be decrypted by IPsec driver and encrypted from both computer?

Is my understanding corect ? Coz I don't want to pass , and don't really understand some thing's.Maybe someone experienced could explain me about IKE or SPI .

Thank's in advance , Cheer's !

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

Danman32

Start with this: http://www.techexams.net/technotes/securityplus/ras.shtml#IPSec

If you want to go further, study the IPSec section of a 293 study guide.

For the Security test though, you won't have to go through knowing about setting up IPSec, such as configuring filters and the like. Do know the difference between AH and ESP (I suggest knowing the IP protocols they use respectively), when to configure IPSec in tunneling mode or transport mode, encryptions used, that sort of thing. Nothing terribly deep though.

PCHoldmann

http://www.microsoft.com/technet/itsolutions/network/ipsec/default.mspx

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a0080094203.shtml

http://en.wikipedia.org/wiki/IPSec

!30

Thank's for replay guy's , I read those information , let's say carefuly and I have one more doubt.

I understand that IPSec it's used in transport { mean , secure - encrypted -etc } trafic from node-to-node LAN device's and in tunnel mode , mean secure trafic from router-router / server-server around the publical internet , no ?
I mean , tunnel's are used by VPN , to create a secure connextion over the publical internet fromn a remote office to the principal center no ? This is what a tunnel mean { like a private tunnel } , but my question is , private IP addresses are routed { re-encapsulated , within a new encrypted IP protocol } to be routed over the publical internet within tunnels no ? I mean , over secure connextion , when IpSEC tunnel mode is in use ? Private Ip addresses pass over the tunnel ? and over the public internet no ? But why does the router forward's them and not drop them ? Because the entire pachet is encrypted ?and then encapsulated into a new pachet ? How does the rotuer know where to forward , over the tunnel ? if the entire Ip datagram is encrypted..

Maybe I become a little paranoic .. but

Danman32

IPSec tunnel enapsulates (or authenticates in the case of AH) the header as well as the payload, wheras in transport mode, only the payload is encapsulated/authenticated.

But go over the links others provided you. It describes all of this, including the headache encountered when trying to run an IPSec tunnel through NAT.