The IPSec protocol is configured in an organization’s network in order to maintain a complete
infrastructure for secured network communications. IPSec uses four components for this. Which of
the following components reduces the size of data transmitted over congested network connections
and increases the speed of such networks without losing data?
A.
AH
B.
ESP
C.
IPcomp
D.
IKE
Explanation:
The IP Payload Compression (IPcomp) protocol is a low level compression protocol for
IP datagrams defined in RFC 3173. The goal of IPcomp
protocol is to reduce the size of data transmitted over congested or slow network connections,
thereby increasing the speed of such
networks without losing data. According to the RFC requirements, compression must be done before
fragmenting or encrypting the packet. It
further states that each datagram must be compressed independently; so it can be decompressed
even if received out of order. This is
important because it allows IPComp to work with both TCP and UDP network communications.
Answer option A is incorrect. Authentication Header (AH) is an IPsec protocol. The AH provides
connectionless integrity and data origin
authentication of IP packets. It can also protect the IP packets against replay attacks by using the
sliding window technique and discarding
old packets. The AH protects the IP payload and all header fields of an IP datagram except for
mutable fields.
Answer option B is incorrect. Encapsulating Security Payload (ESP) is an IPSec protocol that provides
confidentiality with authentication,
integrity, and anti-replay. ESP can be used alone in combination with Authentication Header (AH).
ESP can also be used nested with the Layer
Two Tunneling Protocol (L2TP). Normally, ESP does not sign the entire packet unless it is being
tunneled. Typically, only the data payload is
protected, not the IP header.
Answer option D is incorrect. IKE (Internet Key Exchange) is the protocol used to set up a security
association (SA) in the IPsec protocol suite.
IKE uses a Diffie-Hellman key exchange to set up a shared session secret, from which cryptographic
keys are derived. Public key techniques or
alternatively pre-shared keys are used to mutually authenticate the communicating parties.