CConfidentiality makes sure that the data is given only to its intended recipients. When it is put in place, the Encapsulating Security Payload (ESP) format of IPSec packets is used. With ESP, the packet data is encrypted before it is transmitted. This makes sure that the data cannot be read while it is being transmitted. This is true even if the packet is sniffed or intercepted by a potential attacker. Only the computer that has the shared, secret key is able to open, read or change the data. The United States Data Encryption Standard (DES) algorithms, DES and 3DES, are used to make sure the security negotiations and the exchange of data are confidential.
Cipher Block Chaining (CBC), on the other hand, is used to disguise patterns of identical blocks of data that may occur within a certain packet. CBC does not increase the size of the data after it has been encrypted. The reason this is important is that repeated encryption patterns can actually compromise security by providing a clue that the attacker can use to try to discover the encryption key. An Initialization Vector, which is a fancy name for an initial random number, is used as the first random block to encrypt and decrypt a block of data. These different random blocks are then used with the secret key to encrypt each block. This makes sure that identical sets of unsecured data are changed into unique sets of encrypted data.
Was this article helpful?