[TODAY] Enabling the Mobile Workforce

Security Association (SA)

Definition - What does Security Association (SA) mean?

A security association (SA) is a logical connection involving two devices that transfer data. With the help of the defined IPsec protocols, SAs offer data protection for unidirectional traffic. Generally, an IPsec tunnel features two unidirectional SAs, which offer a secure, full-duplex channel for data.

A security association consists of features like traffic encryption key, cryptographic algorithm and mode, and also parameters required for the network data.

Techopedia explains Security Association (SA)

The Internet Security Association and Key Management Protocol (ISAKMP) provides the framework for establishing SAs, whereas the authenticated keying material is offered by protocols like Internet Key Exchange (IKE) and Kerberized Internet Negotiation of Keys (KINK).

With SAs, enterprises can manage specifically which resources can securely communicate as per the security policy. In order to execute this, enterprises can put together several SAs to facilitate various secure VPNs in addition to defining the SAs inside the VPN for supporting many different units as well as business partners.

Security associations use modes for their operation. A mode is a method wherein the IPsec protocol is applied to the packet. IPsec is used in transport or tunnel mode. In general, the transport mode is employed to protect the host-to-host IPsec tunnel, whereas the tunnel mode is implemented to protect the gateway-to-gateway IPsec tunnel.

In transport mode the payload of the packet is encapsulated by the transport-mode IPsec implementation; however, the IP header remains unchanged. The new IP packet includes the processed packet payload as well as the old IP header once the packet is processed with IPsec. The transport mode does not have the capability to shield the information carried in the IP header, which lets an attacker identify the source and destination of the packet.

In tunnel mode the IPsec implementation encapsulates the whole IP packet. The whole packet turns into the packet's payload that is processed using IPsec. The newly created IP header contains two IPsec gateway addresses. Use of the tunnel mode prevents an attacker from inspecting the information and decoding it, and it also hides the source and destination of the packet.
Share this:

Connect with us

Email Newsletter

Join thousands of others with our weekly newsletter

The 4th Era of IT Infrastructure: Superconverged Systems
The 4th Era of IT Infrastructure: Superconverged Systems:
Learn the benefits and limitations of the 3 generations of IT infrastructure – siloed, converged and hyperconverged – and discover how the 4th...
Approaches and Benefits of Network Virtualization
Approaches and Benefits of Network Virtualization:
Businesses today aspire to achieve a software-defined datacenter (SDDC) to enhance business agility and reduce operational complexity. However, the...
Free E-Book: Public Cloud Guide
Free E-Book: Public Cloud Guide:
This white paper is for leaders of Operations, Engineering, or Infrastructure teams who are creating or executing an IT roadmap.
Free Tool: Virtual Health Monitor
Free Tool: Virtual Health Monitor:
Virtual Health Monitor is a free virtualization monitoring and reporting tool for VMware, Hyper-V, RHEV, and XenServer environments.
Free 30 Day Trial – Turbonomic
Free 30 Day Trial – Turbonomic:
Turbonomic delivers an autonomic platform where virtual and cloud environments self-manage in real-time to assure application performance.