The OpenNET Project / Index page

[ новости /+++ | форум | wiki | теги | ]

Интерактивная система просмотра системных руководств (man-ов)

 ТемаНаборКатегория 
 
 [Cписок руководств | Печать]

ipsecesp (7)
  • >> ipsecesp (7) ( Solaris man: Макропакеты и соглашения )
  •  

    NAME

    ipsecesp, ESP - IPsec Encapsulating Security Payload
     
    

    SYNOPSIS

    drv/ipsecesp
    

     

    DESCRIPTION

    The ipsecesp module provides confidentiality, integrity, authentication, and partial sequence integrity (replay protection) to IP datagrams. The encapsulating security payload (ESP) encapsulates its data, enabling it to protect data that follows in the datagram. For TCP packets, ESP encapsulates the TCP header and its data only. If the packet is an IP in IP datagram, ESP protects the inner IP datagram. Per-socket policy allows "self-encapsulation" so ESP can encapsulate IP options when necessary. See ipsec(7P).

    Unlike the authentication header (AH), ESP allows multiple varieties of datagram protection. (Using a single datagram protection form can expose vulnerabilities.) For example, only ESP can be used to provide confidentiality. But protecting confidentiality alone exposes vulnerabilities in both replay attacks and cut-and-paste attacks. Similarly, if ESP protects only integrity and does not fully protect against eavesdropping, it may provide weaker protection than AH. See ipsecah(7P).  

    ESP Device

    ESP is implemented as a module that is auto-pushed on top of IP. Use the /dev/ipsecesp entry to tune ESP with ndd(1M).  

    Algorithms

    ESPuses encryption and authentication algorithms. Authentication algorithms include HMAC-MD5 and HMAC-SHA-1. Encryption algorithms include DES, Triple-DES, Blowfish and AES. Each authentication and encryption algorithm contain key size and key format properties. You can obtain a list of authentication and encryption algorithms and their properties by using the ipsecalgs(1M) command. You can also use the functions described in the getipsecalgbyname(3NSL) man page to retrieve the properties of algorithms. Because of export laws in the United States, not all encryption algorithms are available outside of the United States.  

    Security Considerations

    ESP without authentication exposes vulnerabilities to cut-and-paste cryptographic attacks as well as eavesdropping attacks. Like AH, ESP is vulnerable to eavesdropping when used without confidentiality.  

    ATTRIBUTES

    See attributes(5) for descriptions of the following attributes:

    ATTRIBUTE TYPEATTRIBUTE VALUE

    AvailabilitySUNWcsr (32-bit)
    Interface Stability

     

    SEE ALSO

    ipsecalgs(1M), ipsecconf(1M), ndd(1M), attributes(5), getipsecalgbyname(3NSL), ip(7P), ipsec(7P), ipsecah(7P)

    Kent, S. and Atkinson, R.RFC 2406, IP Encapsulating Security Payload (ESP), The Internet Society, 1998.


     

    Index

    NAME
    SYNOPSIS
    DESCRIPTION
    ESP Device
    Algorithms
    Security Considerations
    ATTRIBUTES
    SEE ALSO


    Поиск по тексту MAN-ов: 




    Партнёры:
    PostgresPro
    Inferno Solutions
    Hosting by Hoster.ru
    Хостинг:

    Закладки на сайте
    Проследить за страницей
    Created 1996-2024 by Maxim Chirkov
    Добавить, Поддержать, Вебмастеру