Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

I want to know how they work together . for example , we implement IPSec tunnel

ID: 658975 • Letter: I

Question

I want to know how they work together . for example , we implement IPSec tunnel between 2 routers and we establish Snort IPS on Router 1. when Router 1 get the packets , they're encrypted . Now which one examine them first ? if IPS investigate the packets , it can not detect malicious content . so do we lost IPS because of IPSec tunnel ? my questions are

- Which one examine input packets first ?
- Does IPS examine packet after decryption ? or before decryption ?

I think my problem is that i have no idea about packet flow when they are received on interface .

Explanation / Answer

Linux Based Router

In Linux the key exchange (generally ISAKMP) is performed in user space, while the security policies, keys, and encryption/decryption are performed at the kernel level. When a packet arrives the kernel first processes this packet by checking to see if the SPI and IP match a security policy. If it does the packet is processed using the policy's stored keys, and the promoted up the network stack for processing. This is still performed at the kernel level.

Now where Snort sits in the network stack implementation is important. As it's a user space program it receives packets from the kernel. This is generally performed by the kernel's network filter. Then the packets from the kernel's netfilter get passed on to user space programs like snort [1] (search Snort).

What this means for you

1. Kernel sees encrypted packets
2. Kernel determines if it has a security policy matching these packets
3. If yes, kernel decrypts the packets and promotes them up the network stack
4. Netfilter processes them, and pushes the decrypted packets up to user space
5. Snort sees decrypted packets and processes them.

This isn't the full process, and I'm might have glossed over a bit of the Linux kernel network stack. But you really don't want those details anyway.

Related Questions

I want to do this in the right way to learn I have a few classes which have only
Question #645868
I want to do transient anyalys for Pseudo-PMOS in cadence, but which does not wo
Question #2080560
I want to doing PowerPoint. So I need some information about this question. Vert
Question #2453849
I want to doing PowerPoint. So I need some information about this question. Vert
Question #2453856
I want to draw a simple maze that is 10x10 in python but I am not sure where to
Question #3815816
I want to enable write-access in a Mac OS X installation for an NTFS partition i
Question #658953
I want to encrypt serialised customer details and store in a database to protect
Question #655999
I want to ensure they\'re not downloading any illegal content (torrent websites
Question #655920
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
I want to know how much time high school students are sleeping a day. I grouped
Next
I want to know how to create the bubble sort, selection sort, and insertion sort

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.