IPSec provides authentication and data encapsulation services through the Internet Key Exchange Protocol (IKE). The IKE is a key management standard designed to specify separate key protocols for use during data encryption. IKE works within the Internet Security Association and Key Management Protocol (ISAKMP) which defines the key and authentication data appended to each transmitted packet.
IPSec provides authentication and data encapsulation services through the Internet Key Exchange Protocol (IKE). The IKE is a key management standard designed to specify separate key protocols for use during data encryption. IKE works within the Internet Security Association and Key Management Protocol (ISAKMP) which defines the key and authentication data appended to each transmitted packet.
−
IPSec provides two key services. The ''Authentication Header'' (AH) service provides a mechanism for checking the authenticity of a data packet header allowing the authentication of the sender to be verified. The ''Encapsulating Security Payload (ESP)'' provides authentication of both the sender in addition to the encryption of the data contained in the packet (i.e the ''payload'').
+
IPSec provides two key services. The ''Authentication Header'' (AH) service provides a mechanism for checking the authenticity of a data packet header allowing the authentication of the sender to be verified. The ''Encapsulating Security Payload (ESP)'' provides authentication of both the sender in addition to the encryption of the data contained in the packet (i.e. the ''payload'').
== 802.11x Wireless Connections ==
== 802.11x Wireless Connections ==
* '''Clear data''' - Unfortunately a number of Wireless Access Points are shipped with none of the security features activated. This means that all data is transmitted in clear text form, completely unencrypted and easily captured by malicious parties.
* '''Clear data''' - Unfortunately a number of Wireless Access Points are shipped with none of the security features activated. This means that all data is transmitted in clear text form, completely unencrypted and easily captured by malicious parties.
−
* '''Session Hijacking''' - The authentication process used with Wi-Fi is one-way making it is possible for a third party to break into an existing, previously authenticated session. This is achieved by sending a signal to the client after authentication has completed such that it believes it has been disconnected. The rogue system then continues the session with the access point as if nothing has happened.
+
* '''Session Hijacking''' - The authentication process used with Wi-Fi is one-way making it possible for a third party to break into an existing, previously authenticated session. This is achieved by sending a signal to the client after authentication has completed such that it believes it has been disconnected. The rogue system then continues the session with the access point as if nothing has happened.
* '''Man-in-the-Middle''' - Such an attack involves the use of a rogue access point which masquerades as the legitimate access point. The rogue WAP accepts the connection from a client and records all data transactions before passing the data on to the original access point.
* '''Man-in-the-Middle''' - Such an attack involves the use of a rogue access point which masquerades as the legitimate access point. The rogue WAP accepts the connection from a client and records all data transactions before passing the data on to the original access point.
== Terminal Access Controller Access Control System (TACACS) ==
== Terminal Access Controller Access Control System (TACACS) ==
