TCP and UDP,ICMP and IPSEC PROTOCOLS

You are here: Technology Topics » Computer & Gadgets » Computer & Network Security » Firewalls - VPN » TCP and UDP,ICMP and IPSEC PROTOCOLS

TCP and UDP

TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) are used by applications. An application server typically listens at a fixed TCP or UDP port, while application clients typically use any of a wide range of ports—and as with other aspects of firewall rulesets, deny by default policies should be used for incoming TCP  (Transmission Control Protocol and UDP (User Datagram Protocol) traffic.

Less stringent policies are generally used for outgoing TCP and UDP traffic because most organizations permit their users to access a wide range of external applications located on millions of external hosts.

An applications traffic matrix can be used to record the details of which activities are permitted and denied.

In addition to allowing and blocking UDP and TCP traffic, many firewalls are also able to report or block malformed UDP and TCP traffic directed towards the firewall or to hosts protected by the firewall. This traffic is frequently used to scan for hosts, and may also be used in certain types of attacks. The firewall can help block such activity—or at least report when such activity is happening.

Internet Control Message Protocol (ICMP)

Attackers can use various ICMP types and codes to perform reconnaissance or manipulate the flow of network traffic. However, ICMP (Internet Control Message Protocol)  is needed for many useful things, such as getting reasonable performance across the Internet. Some firewall policies block all ICMP (Internet Control Message Protocol) traffic, but this often leads to problems with diagnostics and performance.

Other common policies allow all outgoing Internet Control Message Protocol (ICMP) traffic, but limit incoming ICMP to those types and codes needed for path Maximum Transmission Unit (MTU) discovery and destination reachability.

To prevent malicious activity, firewalls at the network perimeter should deny all incoming and outgoing ICMP traffic except for those types and codes specifically permitted by the organization.

For ICMP in IPv4 (Internet Protocol version 4) , ICMP type 3 messages (“destination unreachable”) should not be filtered because they are used for important network diagnostics. For ICMP in IPv6 (Internet Protocol version 6), many types of messages must be allowed in specific circumstances to enable various IPv6 features.

Internet Protocol Security (IPsec) Protocols

The the format of  Internet packets is publicly defined and well known and hackers can capture the information packets that traverses the Internet.They can read and modify the packet contents.  Even the checksums that are part of the Internet packet format cannot protect a packet from unauthorized alteration.

The solution to protect the information is to cryptographically protected Internet packets. The IPsec protocols are additions to IP that enable the sending and receiving of cryptographically protected Internet packets

ESP (Encapsulating Security Payload) and AH (Authentication Header) protocols are used for IPsec (Internet Protocol Security) VPNs, and a firewall that blocks these protocols will not allow IPsec VPNs to pass. While blocking ESP can hinder the use of encryption to protect sensitive data, it can also force users who would normally encrypt their data with ESP to allow it to be inspected—for example, by a stateful inspection firewall or an application-layer gateway.

Organizations should block Encapsulating Security Payload and Authentication Header except to and from specific addresses on the internal network—those addresses belong to IPsec gateways that are allowed to be VPN endpoints. Enforcing this policy will require people inside the organization to obtain the appropriate policy approval to open ESP and/or AH access to their IPsec routers. This will also reduce the amount of encrypted traffic coming from inside the network that cannot be examined by network security controls.



12 Responses to “TCP and UDP,ICMP and IPSEC PROTOCOLS”

1. Ryan says:

   What are the protections Provided by IPSEC Authentication Header (AH) ?
2. admin says:

   1. Connectionless integrity
   2. Data origin authentication
   3. Replay protection (optional)
3. Ryan says:

   What are the security associations (SA) for IPSEC ?
4. admin says:

   1. Source and destination addresses (IPv4 or IPv6)
   2. Name, either a user ID or a system name
   3. Transport Layer Protocol (TCP or UDP)
   4. Source and destination ports
5. Dada says:

   What are the Protections Provided by ESP header ?
6. admin says:

   1. Confidentiality
   2. Traffic analysis protection (Tunnel Mode only)
   3. Connectionless integrity;
   4. Data origin authentication;
   5. Replay protection.
7. Dada says:

   What are the field of an ESP header ?
8. admin says:

   1. SPI – The index into the receiver?s SA database
   2. Sequence Number field
   3. Payload Data field
   4. Padding
   5. Pad length
   6. Next header
   7. Authentication Data field
9. Luana says:

   What is PPTP ?
10. admin says:

    The Point-to-Point Tunneling Protocol (PPTP) [9] is a predecessor of L2TP that shares L2TP’s major goals. A version of PPTP, with proprietary Microsoft extensions, is found in most Microsoft Windows operating systems
11. Ike says:

    What is IKE ?
12. admin says:

    IKE is a stateful protocol, each message of an ongoing exchange is tied to the exchange’s previous messages and is evaluated within that context
13. Ken says:

    interesting post
14. P. Silva says:

    a very good article about TCP and UDP,ICMP and IPSEC PROTOCOLS