One of the following assertions is NOT a characteristic of Internet Protocol Security (IPsec)
Click on the arrows to vote for the correct answer
A. B. C. D.C.
IPSec provide replay protection that ensures data is not delivered multiple times, however IPsec does not ensure that data is delivered in the exact order in which it is sent.IPSEC uses TCP and packets may be delivered out of order to the receiving side depending which route was taken by the packet.
Internet Protocol Security (IPsec)has emerged as the most commonly used network layer security control for protecting communications.IPsec is a framework of open standards for ensuring private communications over IP networks.Depending on how IPsec is implemented and configured, it can provide any combination of the following types of protection: Confidentiality.IPsec can ensure that data cannot be read by unauthorized parties.This is accomplished by encrypting data using a cryptographic algorithm and a secret key a value known only to the two parties exchanging data.The data can only be decrypted by someone who has the secret key.
Integrity.IPsec can determine if data has been changed (intentionally or unintentionally) during transit.The integrity of data can be assured by generating a message authentication code (MAC) value, which is a cryptographic checksum of the data.If the data is altered and the MAC is recalculated, the old and new MACs will differ.
Peer Authentication.Each IPsec endpoint confirms the identity of the other IPsec endpoint with which it wishes to communicate, ensuring that the network traffic and data is being sent from the expected host.
Replay Protection.The same data is not delivered multiple times, and data is not delivered grossly out of order.However, IPsec does not ensure that data is delivered in the exact order in which it is sent.
Traffic Analysis Protection.A person monitoring network traffic does not know which parties are communicating, how often communications are occurring, or how much data is being exchanged.However, the number of packets being exchanged can be counted.
Access Control.IPsec endpoints can perform filtering to ensure that only authorized IPsec users can access particular network resources.IPsec endpoints can also allow or block certain types of network traffic, such as allowing Web server access but denying file sharing.
The following are incorrect answers because they are all features provided by IPSEC: "Data cannot be read by unauthorized parties" is wrong because IPsec provides confidentiality through the usage of the Encapsulating Security Protocol (ESP), once encrypted the data cannot be read by unauthorized parties because they have access only to the ciphertext.This is accomplished by encrypting data using a cryptographic algorithm and a session key, a value known only to the two parties exchanging data.
The data can only be decrypted by someone who has a copy of the session key.
"The identity of all IPsec endpoints are confirmed by other endpoints" is wrong because IPsec provides peer authentication:Each IPsec endpoint confirms the identity of the other IPsec endpoint with which it wishes to communicate, ensuring that the network traffic and data is being sent from the expected host.
"The number of packets being exchanged can be counted" is wrong because although IPsec provides traffic protection where a person monitoring network traffic does not know which parties are communicating, how often communications are occurring, or how much data is being exchanged, the number of packets being exchanged still can be counted.
Reference(s) used for this question: NIST 800-77 Guide to IPsec VPNs
Pages 2-3 to 2-4
The assertion that is NOT a characteristic of Internet Protocol Security (IPsec) is:
C. Data is delivered in the exact order in which it is sent.
Explanation:
IPsec is a protocol suite used to provide secure communication over the internet. The main characteristics of IPsec are:
A. Data cannot be read by unauthorized parties: IPsec provides confidentiality by encrypting the data before it is transmitted over the network. This ensures that only authorized parties can read the data.
B. The identity of all IPsec endpoints are confirmed by other endpoints: IPsec provides authentication by verifying the identity of the endpoints involved in the communication. This ensures that only authorized parties can establish a connection.
D. The number of packets being exchanged can be counted: IPsec provides integrity by ensuring that the data has not been modified during transmission. This is done by adding a message authentication code (MAC) to each packet, which allows the recipient to verify that the data has not been tampered with.
However, IPsec does not guarantee that data is delivered in the exact order in which it is sent. This is because IPsec operates at the network layer and does not provide any sequencing or ordering of packets. Any guarantees regarding the order of packet delivery must be provided by higher-level protocols, such as TCP.