+1 703 345-4375 1 (888) 364-6442 (USA) info@eogogics.com

Onsite or WebLiveTM. Worldwide!

All Courses

Advanced

Other

Quick Links

IP Security v3

Course Outline
Course Overview
Audience / Prerequisites
Related Courses

Eogogics Legacy Courses Still Available on Request

Course:IP Security v3
Course ID:IPSECWS Duration:2-3 days Where: Your Office (7+ Persons)

Available as a private, customized course for your group at your offices or ours and in some cases as a WebLive(TM) class.

Download Course Description (PDF)

FAQ

Call or email us now for a FREE 30-
min SME consultation >>

Course Outline

Introduction
- The Need for IPSec
- IPSec Alternatives
- IPSec Timeline: v1->v2->v3
  - IPSec
  - IPSec v2
  - IPsec v3
IPSec RFC Overview
- RFC 4301 Security Architecture for the Internet Protocol
- RFC 4302 IP Authentication Header
- RFC 4303 IP Encapsulating Security Payload
- RFC 4304 Extended Sequence Number Addendum
- RFC 4307 Cryptographic Algorithms for IKEv2
- RFC 4308 Cryptographic Suites for IPSec
- RFC 4309 Using Advanced Encryption Standard with ESP
- RFC 4478 Repeated Authentication in IKEv2
- RFC 4543 GMAC in IPSec ESP and AH
- RFC 4555 IKEv2 Mobility and Multihoming Protocol (MOBIKE)
- RFC 4621 Design of the IKEv2 Mobility and Multihoming (MOBIKE) Protocol
- RFC 4718 IKEv2 Clarifications and Implementation Guidelines
- RFC 4806 Online Certificate Status Protocol (OCSP) Extensions to IKEv2
- RFC 4809 Requirements for an IPSec Certificate Management Profile
- RFC 4945 PKI Profile of IKEv1/ISAKMP, IKEv2, and PKIX
IPSec v3: Security Architecture for the Internet Protocol
- Security Policy Database (SPD)
- Security Association Database (SAD)
- Peer Authorization Database (PAD)
- Security Associations
  - Key Management
  - Multicast
- IP Traffic Processing
- ICMP Processing
- Other Issues
- Differences from RFC 2401
Authentication Header (AH)
- Format and Structure
- Fields
- Galois Message Authentication Code (GMAC)
- GMAC Lab:
  - Study operation of Message Authentication Codes in general and attributes and operation of GMAC code used in IPSecv3 specifically
  - LAB debrief/group discussion
- IP Packet Processing
- Differences from RFC 2402
- AH Lab
  - View call traces of traffic that uses the Authentication Header with and without Encapsulating Security Payload. Lab includes hacks against and countermeasures to ESP and AH security vulnerabilities.
  - LAB debrief/group discussion
Encapsulating Security Payload (ESP)
- Format and Structure
- Fields
- Advanced Encryption Standard (AES) with ESP
- AES Lab
  - Step through AES encryption procedure as a paper exercise and review possible attacks and countermeasures
  - LAB debrief/group discussion
- IP Packet Processing
- Differences from RFC 2406
- ESP Lab
  - View call traces of encrypted network traffic using the Encapsulated Security Payload
  - Lab debrief/group discussion
IKEv2 and ISAKMP
- Extended Sequence Number Addendum
- Cryptographic Algorithms for IKEv2
- Repeated Authentication in IKEv2
- IKEv2 Mobility and Multihoming Protocol (MOBIKE)
- Design of the IKEv2 Mobility and Multihoming (MOBIKE) Protocol
- MOBIKE Lab
  - Sample design and security specification exercise with implementation checklist for MOBIKE system
  - Lab debrief and group discussions
- IKEv2 Clarifications and Implementation Guidelines
- Online Certificate Status Protocol (OCSP) Extensions to IKEv2
- Requirements for an IPsec Certificate Management Profile
- PKI Profile of IKEv1/ISAKMP, IKEv2, and PKIX
- IKEv1 and v2/ISAKMP Lab
  - View call traces of completed and aborted tunnel establishment and key exchange using IKE v1 and v2 and ISAKMP
  - Lab debrief and discussion
Cryptographic Suites for IPSec
- Suite “VPN-A”
  - ESP – RFC2406
  - TripleDES in CBC mode [RFC2451]
  - HMAC-SHA1-96 [RFC2404]
  - IKE and IKEv2:
  - Diffie-Hellman 1024-bit Modular Exponential (MODP) [RFC2409]
- Suite “VPN-B”
  - ESP [RFC2406]
  - AES with 128-bit Keys in CBC mode [AES-CBC]
  - AES-XCBC-MAC-96 [AES-XCBC-MAC]
  - AES-XCBC-MAC-96 [AES-XCBC-MAC]
  - IKE and IKEv2
  - Diffie-Hellman 2048-bit MODP [RFC3526]
- Cryptographic Suite Exercise
  - This exercise is a group exercise covering the pros, cons and trade-offs of standard and non-standard cryptographic suites and issues of security vs vulnerability that come with the large number of possible combinations of IPSec protocol options, ESP encryption and integrity and IKE and IKEv2 encryption, pseudo-random functions, integrity and Diffie-Hellman groups
  - Lab debrief/group discussion
Conclusion
- IPSec v4? and Future of IPSec

Course Overview

Course in a Nutshell

This is a hands-on workshop, about two-thirds of which is labs. It builds on your understanding of IPSecv2, IPv4, and IPv6 to emphasize the enhancements and improvements that IPSec v3 brings to securing IPv4 and IPv6 networks. The IPSec v1-v2-v3 timeline and suitability of IPSecv3 with both IPv4 and IPv6 will be considered, as will a variety of technical topics that will be reinforced with individual hands-on lab exercises and group debrief discussions.

Customize It!

Customize this course to your group’s requirements at little-to-no added cost. We can add or omit topics or labs, vary emphasis, and make the course more or less technical as required.

Audience / Prerequisites

Aimed At

Security and networking professionals who need a deep understanding of IPSec v3, its implementation, vulnerabilities, countermeasures, and similarities to and differences from IP Sec v2.

Prerequisites

IP Security v2 (IPSec v2) Architecture and Protocols (2-3 day(s), IPSEC)

You should have background in IPv4 and IPv6 and have taken the above course or possess equivalent knowledge/experience to fully benefit from this course.

Related Courses

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

All Courses

Other

Quick Links

Onsite or WebLiveTM. Worldwide!

All Courses

Other

Quick Links

IP Security v3

Course Outline

Course in a Nutshell

Customize It!

Aimed At

Prerequisites

Share this page with a colleague

BACK

Who are you? What are your credentials? Who are your clients?

What makes you better than your competitors?

What makes your classes more effective?

Who are your instructors? Do they know something about what they’re teaching, or are they just career trainers? Can I talk to the instructor before we commit?

How does this work? Can you help us narrow the choices, achieve our goals? How soon can we customize and host this class?

Can you tailor your course to our industry, business culture, work processes, and audience? Will you provide detailed, custom course outlines before we commit? Is our sensitive info safe with you?

How is your sales process different from that of your competitors?

Ok, so your courses and instructors are among the best available. But are you expensive?

Are your courses backed up by good service?

Will I be taking a chance by selecting Eogogics to teach this course? Are you as good as you sound? Is Eogogics a ‘safe’ choice?

BACK

What makes you better than your competitors? Are you cutting edge?

Who are you? Who are your clients? What are your credentials, standing in the industry?

Who are your instructors? Are they subject matter experts or just career trainers?

How does this work? Can you help us narrow the choices, achieve our goals? How soon can we customize and host this class?

Can you tailor your course to our audience, application, equipment, methodologies? Will you provide detailed, custom course specs before we commit? Is our sensitive info safe with you?

Can I talk to the instructor before we commit?

How is your sales process different from that of your competitors?

Ok, so your courses and instructors are among the best available. But are you expensive? Wouldn’t a public class, if available, be cheaper?

Are your courses backed up by good service?

Will I be taking a chance by selecting Eogogics to teach this course? Are you as good as you sound? Is Eogogics a ‘safe’ choice?