IP Security v2

Eogogics Legacy Courses Still Available on Request
  • Course:IP Security v2
  • Course ID:IPSEC Duration:2-3 days Where: Your Office (7+ Persons)
  • Available as a private, customized course for your group at your offices or ours and in some cases as a WebLive(TM) class.

  • Download Course Description (PDF)

Course Outline

Course Intro

  • Overview
  • ClearSight Analyzer
  • Logistics and Labs
  • Introductions

IPSec v2 Overview

  • RFC 2401 and 2412
  • Security and the OSI Model
  • Crypto Building Blocks
    • Crypto Concepts
    • Keys  and Key Management
    • Public/private Key Infrastructure
    • Key Recovery
  • Tunnels and L2TPv3
  • Virtual Private Networks (VPNs)
  • IPSec Architectural Model

L2TPv3 Lab: View setup of an L2TPv3 tunnel and logical multimedia connections within the tunnel. Lab covers appropriate parts of PPP, L2TPv3, PAP and CHAP protocols.

LAB Debrief: Group Discussion

IP Security Overview 

  • Encapsulating Security Payload (ESP)
  • Authentication Header (AH)
  • Internet Key Exchange (IKE)

IPSec Architecture

  • IETF IPSec v2 Roadmap
  • IPSec Implementation
  • IPSec Modes
    • Transport Mode
    • Transport Mode with NAT Traversal
    • Tunnel Mode
  • Security Associations (SAs)
  • IPSec Processing
    • Fragmentation
    • Internet Control Message Protocol (ICMP)

Encapsulating Security Payload (ESP)

  • ESP Header
  • ESP Modes
  • ESP Procedures

ESP Lab: View call traces of encrypted network traffic using the Encapsulating Security Payload. Lab includes introduction to key cryptographic techniques.

LAB Debrief: Group Discussion
Authentication Header (AH)

  • AH Header
  • AH Modes
  • AH Procedures


AH Lab: View call traces of traffic that uses the Authentication Header with and without Encapsulating Security Payload. Lab includes hacks against and countermeasures to ESP and AH security vulnerabilities.

LAB Debrief: Group Discussion

The Internet Key Exchange

  • ISAKMP
  • Public/private Key Exchange Systems
  • Diffie-Hellman and Variations
  • Internet Key Exchange (IKE)
  • IPSec ISAKMP Domain of Interpretation (DOI)

IKE/ISAKMP Lab: View call traces of completed and aborted tunnel establishment and key exchanges using IKE and ISAKMP.

LAB Debrief: Group Discussion

Security Policy for IPSec

  • Defining Policy
  • Policy Representation and Distribution
  • Policy Management System
  • Policy Deployment

IPSec Implementation

  • Implementation Architecture
  • IPSec Protocol Procedures
  • Fragmentation and Protocol Maximum Transmission Unit Length
  • ICMP
  • End-to-End Security View

Conclusion

Course Overview

Course in a Nutshell

This is an in-depth, heavily hands-on workshop on the technical aspects of IPSec v2 with special emphasis on protocols, implementation, and operations as described in RFC 2401 and 2412. It includes four protocol analyzer labs that will help you understand the internal workings of IPSec v2. The labs cover Layer 2 Tunneling Protocol version 3 (L2TPv3), Encapsulating Security Protocol (ESP), Authentication Header (AH), and Internet Key Exchange, and Internet Security Association Key Management Protocol (IKE/ISAKMP).

 

Customize It!

Customize this course to your group’s requirements at little-to-no added cost.  We can teach distinct versions of this course tailored for audiences such as network engineers and technicians, equipment/application designers, and less technical audiences such as managers, sales/marketing specialists, and operations/support personnel.  The specific topics discussed in the course, as well as the depth of treatment for each, can also be tailored to your need.

 

 

 

Audience / Prerequisites

Aimed At

Technical professionals who implement, test, support, or trouble-shoot IPSec v2 and related protocols. The course will also benefit technical sales and sales support personnel needing a more in-depth understanding of IPSec v2 to support secure networks and the needs of certain government agencies.

 

Prerequisites

To get the most out of the course, you should have a strong working knowledge of the IP protocol suite and an understanding of basic security concepts such as encryption, tunneling, and key management. These topics will be reviewed only briefly in this course.