Windows PowerShell command on Get-command ipsecesp
MyWebUniversity

Manual Pages for UNIX Operating System command usage for man ipsecesp




Protocols                                            ipsecesp(7P)





NAME

     ipsecesp, ESP - IPsec Encapsulating Security Payload



SYNOPSIS

     drv/ipsecesp




DESCRIPTION

     The ipsecesp  module  provides  confidentiality,  integrity,

     authentication,  and partial sequence integrity (replay pro-

     tection) to IP datagrams. The encapsulating security payload
     (ESP)  encapsulates  its  data,  enabling it to protect data

     that follows in the datagram. For TCP packets, ESP  encapsu-

     lates the TCP header and its data only.  If the packet is an

     IP in IP datagram, ESP protects the inner IP datagram.  Per-

     socket  policy allows "self-encapsulation" so ESP can encap-

     sulate IP options when necessary. See ipsec(7P).


     Unlike the authentication header (AH), ESP  allows  multiple
     varieties  of  datagram protection. (Using a single datagram
     protection form can expose  vulnerabilities.)  For  example,

     only  ESP  can  be used to provide confidentiality. But pro-

     tecting confidentiality  alone  exposes  vulnerabilities  in

     both replay attacks and cut-and-paste attacks. Similarly, if

     ESP protects only  integrity  and  does  not  fully  protect
     against eavesdropping, it may provide weaker protection than
     AH. See ipsecah(7P).

  ESP Device

     ESP is implemented as a module that is auto-pushed on top of

     IP. Use the /dev/ipsecesp entry to tune ESP with ndd(1M).


  Algorithms

     ESPuses encryption and authentication algorithms.  Authenti-

     cation  algorithms  include HMAC-MD5 and HMAC-SHA-1. Encryp-

     tion algorithms include DES, Triple-DES, Blowfish  and  AES.

     Each  authentication  and  encryption  algorithm contain key
     size and key format properties. You can  obtain  a  list  of

     authentication  and  encryption algorithms and their proper-

     ties by using the ipsecalgs(1M) command. You  can  also  use
     the  functions  described in the getipsecalgbyname(3NSL) man
     page to retrieve the properties of  algorithms.  Because  of

     export  laws  in the United States, not all encryption algo-

     rithms are available outside of the United States.

  Security Considerations

     ESP without authentication exposes vulnerabilities  to  cut-

     and-paste  cryptographic  attacks  as  well as eavesdropping

     attacks. Like AH, ESP is vulnerable  to  eavesdropping  when
     used without confidentiality.





SunOS 5.11          Last change: 18 May 2003                    1








Protocols                                            ipsecesp(7P)





ATTRIBUTES

     See attributes(5) for descriptions of the  following  attri-

     butes:




     ____________________________________________________________

    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |

    |_____________________________|_____________________________|

    | Availability                | SUNWcs (32-bit)             |

    | Interface Stability         | Committed                   |

    |_____________________________|_____________________________|




SEE ALSO

     ipsecalgs(1M),   ipsecconf(1M),   ndd(1M),    attributes(5),
     getipsecalgbyname(3NSL), ip(7P), ipsec(7P), ipsecah(7P)


     Kent, S. and Atkinson, R.RFC 2406, IP Encapsulating Security
     Payload (ESP), The Internet Society, 1998.



































SunOS 5.11          Last change: 18 May 2003                    2



Contact us      |      About us      |      Term of use      |       Copyright © 2000-2019 MyWebUniversity.com ™