An IP packet can be divided into two parts: the header and the payload. IPsec encapsulates IP packets in transport mode and tunnel mode and protects them through AH and ESP. AH supports authenticity only, while ESP, a mandatory requirement in IPsec implementation, supports confidentiality and authenticity. Which of the following is incorrect? (Wentz QOTD)
A. AH in the transport mode authenticates the IP packet
B. AH in the tunnel mode authenticates the new IP packet
C. ESP in the transport mode encrypts and authenticates the IP payload
D. ESP in the tunnel mode encrypts and authenticates the new IP packet
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is D. ESP in the tunnel mode encrypts and authenticates the new IP packet.
Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams, and an informative reference for security professionals.
ESP in the tunnel mode encrypts and authenticates the IP payload of the new IP packet instead of the new IP packet itself. AH authenticates the “IP packet,” while ESP encrypts and authenticates the “IP payload.” The IPsec tunnel mode, either using AH or ESP, creates a new IP packet, so the original IP packet becomes its “payload.”
A. 傳輸模式下的AH對IP packet進行真實性驗證
B. 隧道模式下的AH對新的IP packet進行 真實性驗證
C. 傳輸模式下的ESP對 IP payload進行加密和真實性驗證
D. 隧道模式下的ESP對新的IP packet進行加密和真實性驗證