One difference between authentication header (AH) and encapsulated security payl

Question

One difference between authentication header (AH) and encapsulated security payload (ESP) is that the header of AH is encrypted while that of ESP is not. O the payload of ESP is TLS and that of AH is IP OAH has two IP headers while ESP has only one OAH can't have ESP as payload. QUESTION9 A security association (SA) is a database entry for a simplex IPSec connection, simplex meaning one way. For two way connections, two SAs are used. These SAs have information such as what options for encryption are used for this connection. The SA in the SA database (SADB) is uniquely identified by the Security Parameter Index (SPI). The SPI is O simply a number or a pointer to the SA. O a complex data structure that contains definitions of mechanisms used for authentication, integrity and confidentiality. O protocol that IPSec devices use to exchange IPSec packets. O simply a packet sequence number. QUESTION 10 In the Internet Protocol (IP), the Header Error Checksum (HEC) is the only measure to check for errors of any kind. From its presence we can say that O there is at least some security in IP. O IP data field does not have reliability but the header does. OIP is a connectionless protocol. IP is a connection-oriented protocol

Explanation / Answer

8)

A) the header of AH is encrypted while that of ESP is not.

Authentication Header (AH)
Provides both authentication and integrity services and It does not encrypt any data at all and itsn’t wok through NATed network as it hashes both the payload and header of a packet while NAT changes the IP header of a packet during translation which reflect on the receiving device will believe the packet has been altered in transit, and reject the packet.

Encapsulation Security Payload (ESP)
Provides all of confidentiality, authentication, and integrity services; while ESP uses a hash algorithm for data integrity, the hash does not include the IP header of the packet, thus ESP will work normally through a NATed device.

9) protocol that IPSec used to exchange IPSec Packets.

Each SA consists of values such as destination address, a security parameter index (SPI), the IPSec transforms used for that session, security keys, and additional attributes such as IPSec lifetime. The SAs in each peer have unique SPI values that will be recorded in the Security Parameter Databases of the devices.

10) IP data field does not have reliabilty but the header does.

IP is a unreliable protocol because it does not guarantee the delivery of a datagram to its destination.

When you download files from the Internet you often have the option of checking a file’s integrity with a MD5 or SHA-1 hash. With the help of checksums on the network level we are able to detect if a bit was toggled, missing, or duplicated by network data transmission. Checksums assure that received data is identical to the transmitted data.

Packets with incorrect checksums aren’t processed by the receiving host. If the Ethernet checksum (CRC) is wrong the Ethernet frame is silently dropped by the network interface and is never seen by the operating system, not even with packet capturing tools. With the IP checksum and TCP checksum in the respective headers there are two additional supervisory bodies that can detect integrity errors. Be aware that despite the efforts of checksumming, there are some errors that can’t be detected.

Related Questions

Navigate

• Browse (All)
• Browse O
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.