IPsec

IPsec

IPsec (IP for “Inter­net Pro­to­col” and sec for “secure”) is a group of pro­to­cols to ensure the integri­ty, con­fi­den­tial­i­ty and authen­ti­ca­tion of data com­mu­ni­ca­tions over an IP network.

IPsec is com­mon­ly used as a base for VPNs (Vir­tu­al Pri­vate Net­works), encrypt­ing IP pack­ets and authen­ti­cat­ing the source they come from.

  • IPsec includes pro­to­cols to estab­lish a mutu­al authen­ti­ca­tion between agents at the begin­ning of a ses­sion and nego­ti­ate the cryp­to­graph­ic keys to use dur­ing the session.
  • It can pro­tect data flows between a pair of hosts (host-to-host), between a pair of secu­ri­ty gate­ways (net­work-to-net­work), or between a secu­ri­ty gate­way and a host (net­work-to-host).
  • IPsec uses cryp­to­graph­ic secu­ri­ty ser­vices to pro­vide net­work-lev­el peer authen­ti­ca­tion, data-ori­gin authen­ti­ca­tion, data integri­ty, data con­fi­den­tial­i­ty (encryp­tion), and replay protection.
  • As a part of the IPv4 enhance­ment, IPsec is a lay­er 3 OSI mod­el or inter­net lay­er end-to-end secu­ri­ty scheme. Unlike inter­net secu­ri­ty tech­nol­o­gy used above lay­er 3, as for exam­ple Trans­port Lay­er Secu­ri­ty (TLS) and Secure Shell (SSH), IPsec can auto­mat­i­cal­ly secure appli­ca­tions at the IP layer.
  • The flex­i­bil­i­ty of the IPsec is one of the rea­sons behind its pop­u­lar­i­ty in com­mer­cial appli­ca­tions but comes with more prob­lems due to its com­plex­i­ty. Main­te­nance is impor­tant to pre­vent crit­i­cal sys­tem failures
  • IPsec may be used in three dif­fer­ent secu­ri­ty domains: vir­tu­al pri­vate net­works, appli­ca­tion-lev­el secu­ri­ty and rout­ing secu­ri­ty. How­ev­er, VPNs are the most com­mon appli­ca­tion of IPsec.
  • When used in appli­ca­tion-lev­el secu­ri­ty or rout­ing secu­ri­ty, IPsec must be cou­pled with oth­er secu­ri­ty mea­sures to be effec­tive, which com­pli­cates its deploy­ment in these domains.

Tags: , , , , , , ,

all entries sort­ed aplhabetically

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Any ques­tions about this?
Ask us!

    I have read and accept the Pri­va­cy Pol­i­cy*

    All per­son­al data that you sub­mit us via this form will be processed by Data Con­troller IGRID, S.L. and saved into CONTACTS pro­cess­ing activ­i­tie, with the pur­pose of answer­ing your inquiry, via email or phone, and for a lat­er fol­low up. Pro­cess­ing shall be law­ful because you give us your con­sent for these spe­cif­ic pur­pos­es. Your per­son­al data will not be dis­closed to third par­ties unless forced by law. You have right to access to, rec­ti­fy, or delete your per­son­al data, and oth­er rights as explained in our Pri­va­cy Policy

    Cyber Security

    IEC 62351 is a stan­dard devel­oped to han­dle the secu­ri­ty of TC 57 series of pro­to­cols includ­ing IEC 60870–5 series, IEC 60870–6 series, IEC 61850 series, IEC 61970 series & IEC 61968 series.

    The dif­fer­ent secu­ri­ty objec­tives include the authen­ti­ca­tion of data trans­fer through dig­i­tal sig­na­tures, pre­ven­tion of eaves­drop­ping and play­back as well as spoof­ing, and intru­sion detection.

    IPsec (IP for “Inter­net Pro­to­col” and sec for “secure”) is a group of pro­to­cols to ensure the integri­ty, con­fi­den­tial­i­ty and authen­ti­ca­tion of data com­mu­ni­ca­tions over an IP network.

    IPsec is com­mon­ly used as a base for VPNs (Vir­tu­al Pri­vate Net­works), encrypt­ing the IP pack­ets and authen­ti­cat­ing the source where the pack­ets come from.

    Ter­mi­nal Access Con­troller Access-Con­trol Sys­tem Plus (TACACS+) is a pro­to­col devel­oped by Cis­co to han­dle authen­ti­ca­tion, autho­riza­tion, and account­ing (AAA) ser­vices and was released as an open stan­dard begin­ning in 1993.

    It is an exten­sion of its pre­de­ces­sor TACACS, encrypt­ing the full con­tent of each pack­et and pro­vides gran­u­lar con­trol (com­mand by com­mand autho­riza­tion) whilst oper­at­ing over TCP.

    Open­VPN is a vir­tu­al pri­vate net­work (VPN) pro­to­col and soft­ware for both client and serv­er applications.

    It imple­ments tech­niques to cre­ate secure point-to-point or site-to-site con­nec­tions in rout­ed or bridged con­fig­u­ra­tions and remote access facil­i­ties enabling peer authen­ti­ca­tion using pre-shared secret keys, cer­tifi­cates or usernames/passwords.

    Pub­lic key infra­struc­ture (PKI) refers to a range of tech­nolo­gies for authen­ti­cat­ing users and devices in order to secure the dig­i­tal trans­fer of infor­ma­tion for a range of net­work activ­i­ties such as e‑commerce, inter­net bank­ing and con­fi­den­tial email.

    It includes a set of roles, poli­cies, hard­ware, soft­ware and pro­ce­dures need­ed to cre­ate, man­age, dis­trib­ute, use, store and revoke dig­i­tal cer­tifi­cates and man­age pub­lic-key encryption.

    Oth­er Chapters

    Expert Cyber Security 

    iGrid T&D enforces sev­er­al lay­ers of secu­ri­ty mea­sures guid­ed by the propo­si­tions of the IEC 62351 stan­dard to pro­tect its devices from all kinds of threats.

    Our hard­ened devices fea­ture Role Based Access Con­trol (RBAC) to avoid intrin­sic risks such as secu­ri­ty holes and unau­tho­rized actions by authen­ti­cat­ed users.
    In addi­tion to end-to-end encryp­tions via TSL/SSL, HTTPS, SSH and stan­dard pro­ce­dures for VPNs (e.g. Open­VPN), its com­mu­ni­ca­tion can also be secured with net­work con­trol meth­ods such as fire­walls, IP fil­ters, ACL or TCP port blocks.

    iGW‑S Substation Gateway

    Pow­er­ful and reli­able sub­sta­tion gate­way, able to run either in stand­alone or redun­dant modes, with an embed­ded Eth­er­net switch (4 ports) and IEC 61850 client and serv­er capabilities.

    iRTU – With I/Os for Direct Data Acquisition 

    Com­pact and scal­able bay con­troller which can act as IEC 61850 client or serv­er, fea­tur­ing con­fig­urable I/O boards for direct data acqui­si­tion, high-pre­ci­sion time­stamp­ing and an option­al Eth­er­net switch for addi­tion­al Eth­er­net ports.

    iControl SCADA

    High-per­for­mance SCADA for the visu­al­iza­tion and con­trol of sub­sta­tion data. It is able to run either in client/server or stand­alone modes, pro­vid­ing advanced func­tion­al­i­ties such as hot-stand­by redun­dan­cy, auto­mat­ic line col­or­ing, events noti­fi­ca­tion (via e‑mail and sms), SQL log­ging, and reports generation.

    iGrid Solutions and Applications

    Automation with IEC 61850 

    The IEC 61850 stan­dard is enabling new opor­tu­ni­ties for ven­dor inter­op­er­abil­i­ty and advanced sub­sta­tion automa­tion. Find out how you can take advan­tage of IEC 61850 with easy-to-use and adapt­able solu­tions for a sim­ple migra­tion or retrofit.

    IEC 61850 Automation

    HV Substation Automation

    Pow­er­ful sub­sta­tion automa­tion sys­tems often han­dle numer­ous com­mu­ni­ca­tion pro­to­cols and media with­in one net­work, which can result in expen­sive and com­plex projects.  Avoid these prob­lems with inter­op­er­a­ble tech­nol­o­gy and smart con­fig­u­ra­tion tools.

    HV Sub­sta­tion Automation

    MV Distribution Grid Automation

    It is often dif­fi­cult to find the exact solu­tion you need in a MV appli­ca­tion, lead­ing to high­er costs than nec­es­sary. With our scal­able and adapt­able solu­tions you will be able to only pay for what you real­ly need, with­out com­prim­is­ing on qual­i­ty or security.

    MV Dis­tri­b­u­tion Grid Automation

    Photovoltaic Power Station

    Using an open and scal­able SCADA sys­tem to mon­i­tor and con­trol a PV plant comes with many ben­e­fits on sev­er­al lev­els. Find out how advanced com­mu­ni­ca­tion tech­nol­o­gy affects PV oper­a­tion, main­te­nance, sys­tem design, invest­ment secu­ri­ty, profits…

    Pho­to­volta­ic Generation