The Fundamentals of ISAKMP By Peter Garant At Isnare.com Ezine Articles

Because the Internet has become the ideal platform for expanding business opportunities, protocols need to be set up to ensure the stability and reliability of such an environment. It is with this goal in mind that ISAKMP was developed.

ISAKMP is the Internet Security Association and Key Management Protocol, It operates by creating Security Associations (SA) and utilizing cryptographic keys to establish a secure working atmosphere.

ISAKMP Security Associations

Because the World Wide Web is constantly evolving, adapting, utilizing new technologies, the Security Association protocol must be able to update itself regularly. It must, regardless of the setting, be able to make modifications, and take the necessary actions (i.e. negotiate, delete and create other SAs).

In simple terms, an ISAKMP Security Association is the interaction between two elements, in particular how it would make use of security features to ensure that the information and data that they share is kept discreet.

All SA have certain properties which can be accessed, by way of the Security Parameter Index (SPI) While security is crucial, it is essential that the admittance to the properties be reachable. The security system used by most is currently the Internet Assigned Numbers Authority (IANA).

Key Generation

Inasmuch as the Security Association must be robust, so to the key management protocol flexible. For public access the key must be able to cope with the demand, and at the same time meet the desired prerequisites of private networks operating within the Internet.

Ways of Authentication with ISAKMP

There are several ways that an element or entity can be verified through ISAKMP, but in general they are classified into two classes: strong and weak.

Weak is characterized by relaying cleartex keys through the system; also considered weak are those that utilize keys with inferior entropy, which can be easily cracked. For stronger protection ISAKMP uses encryption and digial signature algorithm. Another robust security option is the key distribution center (KDC).

Other ISAKMP Protection Devices

The following are some of the other security methods of ISAKMP.

Anti Clogging: this is an anti clogging token (ACT) that is used to preserve the resources of a computer while at the same time verifying the authenticity of the key. It complements the work of a garbage state collection device.

Connection Hijacking: one of the ways that hijacking of a network or connection can take place is when a hacker comes in and takes over the identification process. ISAKMP prevents this by linking both the SA and the key exchanges.

Man in the Middle Attacks: this method of attack is typified by intercepting, modifying or deleting incoming or outgoing messages. Again, ISAKMP curbs this attack by joining the key exchanges. In addition, the stringent requirements of ISAKMP makes it impossible for an SA to be created for anyone other than the intended receiver.

ISAKMP Terminology

The following words and phrases are utilized in ISAKMP terminology: security protocol: an element in the network that performs security checkups; protection suite: a database of services that must be used by the network security. Protocol location: the parameters of the security, including nodes and algorithms.

Published At: Isnare Free Articles Directory http://www.isnare.com
Permanent Link: http://www.isnare.com/?aid=321156&ca=Computers+and+Technology

Important Notice DISCLAIMER: All information, content, and data in this article are sole opinions and/or findings of the individual user or organization that registered and submitted this article at Isnare.com without any fee. The article is strictly for educational or entertainment purposes only and should not be used in any way, implemented or applied without consultation from a professional. We at Isnare.com do not, in anyway, contribute or include our own findings, facts and opinions in any articles presented in this site. Publishing this article does not constitute Isnare.com's support or sponsorship for this article. Isnare.com is an article publishing service. Please read our Terms of Service for more information.