1 00:00:00,360 --> 00:00:07,740 So let us begin with another important clue to call in network security, and that is the IP protocol 2 00:00:07,770 --> 00:00:12,070 or the Internet Protocol Security Protocol, IP, SEC. 3 00:00:13,170 --> 00:00:21,020 On the other hand, IP security was designed by the IETF for providing authentication and encryption. 4 00:00:21,870 --> 00:00:29,520 Make sure that, you know, IP SEC works at the network layer of the oversight model and secures all 5 00:00:29,520 --> 00:00:35,700 the applications that operate in the layers above it, which means IP SEC will provide security for 6 00:00:35,700 --> 00:00:42,590 transport, layer four sessions, legal representation layer and for application layer as well. 7 00:00:42,900 --> 00:00:51,150 I hope you know the basics of the reference model, the USA model and the DCP model because it is sanctioned 8 00:00:51,150 --> 00:00:58,800 by the IETF, as I said earlier, and designed to work with IP V4 as well as IPv6. 9 00:00:59,040 --> 00:01:06,930 It has got a huge amount of industry support and it sends IP security protocol is a gold standard for 10 00:01:06,930 --> 00:01:10,350 the virtual private networks on the Internet in today's world. 11 00:01:11,550 --> 00:01:19,800 Now IP SOC has two major protocols working with it, which are the authentication header edge and the 12 00:01:19,800 --> 00:01:25,370 other one is encapsulating security protocol payload I'm sorry, E.S.P. 13 00:01:26,700 --> 00:01:30,000 Now this authentication header, I'll take my pen. 14 00:01:30,010 --> 00:01:35,070 This authentication header provides authentication. 15 00:01:35,070 --> 00:01:42,270 Services on the authentication services means they authenticate the user through different mechanisms 16 00:01:42,270 --> 00:01:48,930 like one time passwords, username, password login, anything but authentication header protocol, 17 00:01:48,930 --> 00:01:51,500 just Herbsaint authentication of the user. 18 00:01:52,530 --> 00:01:55,530 But on the contrary, E.S.P. 19 00:01:55,530 --> 00:02:03,630 That is encapsulating security protocol provides both authentication and encryption abilities as well. 20 00:02:04,530 --> 00:02:12,120 Now both of these protocols can be used with either Morde discussed in the Alaskas for the. 21 00:02:14,810 --> 00:02:23,570 Now, I, Piecyk, works in tumults transport, more and more, transport more, create a secure tunnel 22 00:02:23,570 --> 00:02:26,090 between the two end to end devices. 23 00:02:26,610 --> 00:02:34,010 Now this means that regardless of how many foreign networks, including the Internet the packet traverses, 24 00:02:34,010 --> 00:02:39,290 it is protected because it creates a tunnel between two end to end devices. 25 00:02:40,640 --> 00:02:47,180 Now the data is protected by authentication and our encryption, on the other hand. 26 00:02:47,490 --> 00:02:48,260 And then more. 27 00:02:48,650 --> 00:02:56,540 The panel is created between the two end points, such as two routers or two gateway servers protecting 28 00:02:56,540 --> 00:02:59,550 all the traffic that goes through the tunnel. 29 00:03:00,230 --> 00:03:07,190 It is commonly used between two offices to protect all the traffic going between the offices, regardless 30 00:03:07,190 --> 00:03:08,930 of the source and the destination. 31 00:03:10,610 --> 00:03:13,580 Now what is I as a gay MP? 32 00:03:13,580 --> 00:03:22,010 I as a gay MP, stands for Internet Security Association and Key Management Protocol, which defines 33 00:03:22,010 --> 00:03:32,120 the procedures and packet formats to establish, negotiate, modify and delete security associations. 34 00:03:33,200 --> 00:03:34,640 Security associations. 35 00:03:34,640 --> 00:03:44,010 Ethe contains information required to execute security services such as health authentication. 36 00:03:44,450 --> 00:03:50,950 We have seen in the last couple of minutes the authentication and paillard encapsulation. 37 00:03:51,770 --> 00:04:00,680 Now I see Campese real value is the ability to provide a framework for safely transferring keys and 38 00:04:00,680 --> 00:04:08,150 the authentication data independent of the key generation technical encryption algorithm and the authentication 39 00:04:08,150 --> 00:04:08,720 mechanism. 40 00:04:09,410 --> 00:04:15,590 So I seekamp is integrated into another security mechanisms, though we have already discussed, for 41 00:04:15,590 --> 00:04:17,120 example, the IP. 42 00:04:19,010 --> 00:04:27,350 Now here's a TCP IP packet in the IP segment with authentication header so you can see PKB payload, 43 00:04:27,500 --> 00:04:31,790 DCP Header, Destination Source, IP address and IP here. 44 00:04:31,840 --> 00:04:34,100 This is the standard PXP packet. 45 00:04:34,100 --> 00:04:41,930 Okay, but when it is combined with authentication header you have authentication header here and hence 46 00:04:41,930 --> 00:04:50,390 authenticated by all of this is encrypted and then sent into a tunnel using the IP protocol so that 47 00:04:50,390 --> 00:04:54,110 anyone who is trying to access this data will not be able to access it. 48 00:04:54,980 --> 00:05:03,140 And this is the tunnel where the header is encrypted, DCP payload is encrypted and E.S.P header is 49 00:05:03,140 --> 00:05:03,750 added here. 50 00:05:04,040 --> 00:05:05,330 This is more powerful. 51 00:05:05,630 --> 00:05:11,170 And actually, as I said earlier, there are two moonstone l'amore and transport more. 52 00:05:11,180 --> 00:05:17,090 So it depends upon those type of service or type of the devices into any devices which are going to. 53 00:05:18,650 --> 00:05:20,270 That is it for this lecture. 54 00:05:20,600 --> 00:05:26,630 Just remember, from the exams and interview points of view, what is the meaning of IP Slark and why 55 00:05:26,630 --> 00:05:27,750 do we use APIs? 56 00:05:28,160 --> 00:05:34,550 Basically, it's a standard protocol to provide more security by transmitting data over the network 57 00:05:34,550 --> 00:05:36,620 layer and delayers about it. 58 00:05:37,610 --> 00:05:39,340 I will see you in the next lecture.