Abbreviations And Terminology - LevelOne GBR-4001 User Manual

emerge, but IPSec VPN is currently one of the most widely used VPN security technologies.
IPSec is a set of open standards, protocols to create and maintain IP network secure
communication that provides two security mechanisms: encryption and authentication.
Encryption mechanism ensures the confidentiality of data, while authentication mechanism
ensures that data come from the original sender and are not destroyed and tampered with during
transmission.
IPSec can provide the following services:

Data confidentiality: The IPSec sender encrypts the packets before transmission across the
network.

Data integrity: The IPSec receiver authenticates the packets sent by the sender, to ensure that
the data has not been tampered with during transmission.

Data source authentication: IPSec can authenticate if the sending end for transmitting the
IPSec packet is legitimate in order to ensure the authenticity of data.

Anti-replay: The IPSec receiver can detect and reject to receive duplicate packets.

12.2.1.1 Abbreviations and terminology

IPSec (IP Security Protocol): IPSec is a series of protocols formulated by IETF, to ensure the
security and confidentiality of the data sent across the Internet, and the communicating parties can
guarantee the confidentiality, integrity and authenticity of packets sent across the Internet through
encryption and data origin authentication at the IP layer.
IKE (Internet Key Exchange): IKE is used for both communicating parties to negotiate and
establish security alliances, exchange keys. IKE defines the method for two parties to authenticate,
negotiate encryption algorithm, and generate shared keys.
DES (Data Encryption Standard): DES is a data encryption algorithm used by IPSec to encrypt
the packets.
3DES (Triple Data Encryption Standard): 3DES is a data encryption algorithm used by IPSec,
to encrypt the packets with a higher strength than DES.
AES (Advanced Encryption Standard): AES is a data encryption algorithm used by IPSec.
Compare with DES and 3DES, AES is more efficient and safer.
DH (Diffie-Hellman Group): Each party generates a pair of public and private keys, and only
needs to exchange the public key with the other party, and after calculation, a set of private keys
can be obtained for secure communications, which avoids the risk of direct transmission of keys in
the communications, thus improving the security of the whole IPSec system. DH has an important
property: group (components). There are 5 basic groups, and the commonly used groups are:
MODP Group (Group2) with the modulus of 1024 bits and MODP Group (Group5) with the
modulus of 1536 bits.
MD5 (Message Digest 5): The algorithm for generating a 128-bit hash (also known as a digital
signature or information arrangement) from any length information and the 16-byte key. The
http://www.level1.com
Chapter 12 VPN
Page 134