{"id":460,"date":"2016-06-02T17:41:39","date_gmt":"2016-06-02T14:41:39","guid":{"rendered":"http:\/\/www.bilisimonline.net\/?p=460"},"modified":"2017-05-30T16:09:54","modified_gmt":"2017-05-30T13:09:54","slug":"ipsec-internet-protocol-security","status":"publish","type":"post","link":"http:\/\/www.bilisimonline.net\/index.php\/2016\/06\/02\/ipsec-internet-protocol-security\/","title":{"rendered":"IPSec (Internet Protocol Security)"},"content":{"rendered":"

Merhaba bu yaz\u0131m\u0131zda sizlere IPSec Nedir, nas\u0131l \u00e7al\u0131\u015f\u0131r\u0131 anlataca\u011f\u0131z. IPSec (Internet Protocol Security veya Internet Protokol\u00fc g\u00fcvenli\u011fi) isminden de anla\u015f\u0131laca\u011f\u0131 \u00fczere Internet Protokol\u00fc (IP) kullan\u0131lan ileti\u015fimlerde do\u011frulama ve \u015fifreleme kullanarak g\u00fcvenli\u011fini sa\u011flayan, IETF (Internet Engineering Task Force) taraf\u0131ndan geli\u015ftirilmi\u015f bir protokold\u00fcr. Biraz tarih\u00e7esini inceledi\u011fimizde Aral\u0131k 1993’de Yaz\u0131l\u0131m Ip \u015eifreleme Protokol\u00fc swIPe John IOANNIDIS ve tak\u0131m arkada\u015flar\u0131 taraf\u0131ndan Columbia \u00dcniversitesi ve AT&T Bell Labs i\u015fbirli\u011fi ile ara\u015ft\u0131r\u0131lmaya ba\u015fland\u0131\u011f\u0131n\u0131, Temmuz 1994’de Trusted Information Systems’de \u00e7al\u0131\u015fan Wei XU (Plug and Play yani tak \u00e7al\u0131\u015ft\u0131r teknolojisini geli\u015ftiren ki\u015fi) bu ara\u015ft\u0131rmaya destek vererek \u00f6nemli katk\u0131 sa\u011flad\u0131\u011f\u0131n\u0131 g\u00f6r\u00fcyoruz. Daha sonra IETF taraf\u0131ndan standartla\u015ft\u0131r\u0131lm\u0131\u015ft\u0131r. Gelin IPSec k\u0131sa bir benzetme ile anlatal\u0131m. \u00d6rne\u011fin \u00e7ok de\u011ferli bir e\u015fya sizin ve al\u0131c\u0131 i\u00e7in e\u015fyan\u0131z var bunu \u0130stanbul’dan Ankara’ya g\u00f6dereceksiniz.\u00d6zel bir g\u00fcvenlik \u015firketi ile anla\u015f\u0131yorsunuz ve bu ta\u015f\u0131ma i\u015fini sizin i\u00e7in yap\u0131yorlar. Kap\u0131n\u0131za \u00f6zel kargo g\u00fcvenlik personeli geliyor. Kimlik bilgileri personelin size bildirilmi\u015f, bilgileri (kimlik kontrol\u00fc) kontrol ediyorsunuz, firma personeline paketinizi teslim ediyorsunuz, paket z\u0131rhl\u0131 kargo arac\u0131na koyuluyor. Ara\u00e7 kap\u0131s\u0131 \u015fifre ve anahtar ile kilitlendi. Kargonuz ara\u00e7 ile kar\u015f\u0131ya g\u00f6nderiliyor. Al\u0131c\u0131 paketin kendisine geldi\u011fini, sizden geldi\u011fini do\u011fruluyor. Al\u0131c\u0131 paketi kontrol ediyor. Paket g\u00fcvenli bir \u015fekilde korumal\u0131 bir \u015fekilde al\u0131c\u0131ya teslim edildi.<\/span><\/span><\/p>\n

\u0130\u015fte asl\u0131nda ger\u00e7ekte IPSec i<\/span><\/span>ki bilgisayar aras\u0131nda(host-to-host), iki g\u00fcvenlik kap\u0131s\u0131 aras\u0131nda(network-to-network), bir g\u00fcvenlik kap\u0131s\u0131 ve bir bilgisayar aras\u0131nda(network-to-host) sa\u011flanan ba\u011flant\u0131daki veri ak\u0131\u015f\u0131n\u0131 korumak i\u00e7in kullan\u0131l\u0131r. IPsec kriptografik g\u00fcvenlik servislerini kullanarak IP protokol\u00fc ile ger\u00e7ekle\u015ftirilen ba\u011flant\u0131lar\u0131 korumak i\u00e7in kullan\u0131l\u0131r. A\u011f seviyesinde do\u011frulama, veri kayna\u011f\u0131 do\u011frulama,veri b\u00fct\u00fcnl\u00fc\u011f\u00fc, \u015fifreleme ve replay sald\u0131r\u0131lar\u0131na kar\u015f\u0131 koruma g\u00f6revlerini \u00fcstlenir.<\/span><\/span><\/span><\/p>\n

A\u011f katman\u0131nda \u00e7al\u0131\u015fan IPSec uygulamadan ba\u011f\u0131ms\u0131z olarak her veriyi \u015fifreler ve \u015fifre sonras\u0131 olu\u015fturdu\u011fu ba\u015fl\u0131k ile verinin internette rahatl\u0131kla yolculuk edebilmesini sa\u011flar. G\u00fcn\u00fcm\u00fczde VPN(Virtual Private Network – Sanal \u00d6zel A\u011f) IPSec ile kar\u0131\u015ft\u0131rlmaktad\u0131r. VPN iki birim vb. aras\u0131nda kurulan sanal bir a\u011fd\u0131r. IPsec ise VPN ba\u011flant\u0131lar\u0131na korumal\u0131k yaparak g\u00fcvenli\u011fini art\u0131rmaktad\u0131r. <\/span><\/span><\/p>\n

IPSec a\u00e7\u0131k bir standart oldu\u011fundan dolay\u0131 bir\u00e7ok kimlik do\u011frulama(authentication) ve \u015fifreleme(encryption) algoritmas\u0131n\u0131 i\u00e7inde bar\u0131nd\u0131r\u0131r.<\/span><\/span><\/p>\n

A\u015fa\u011f\u0131daki resimde IPSec Framework yap\u0131s\u0131n\u0131 ve bu yap\u0131y\u0131 olu\u015fturan bloklar\u0131 ve kullan\u0131lan algoritmalar\u0131 g\u00f6rmektesiniz.<\/span><\/span><\/p>\n

\"IPsec<\/p>\n

\u015eimde bu bloklar\u0131 ayr\u0131 ayr\u0131 inceleyerek IPSec protokol\u00fcn\u00fcn nas\u0131ll \u00e7al\u0131\u015ft\u0131\u011f\u0131n\u0131 g\u00fcvenli\u011fin nas\u0131l sa\u011fland\u0131\u011f\u0131n\u0131 g\u00f6relim.<\/span><\/span><\/p>\n

\"Confidentiality2\"<\/p>\n

Gizlilik<\/span><\/span><\/strong> (Confidentiality)<\/span><\/span><\/strong><\/p>\n

IPSec \u015fifreleme metotlar\u0131n\u0131 kullanarak gizlili\u011fi sa\u011flar. G\u00fcvenli\u011fin derecesi \u015fifreleme algoritmas\u0131nda kullan\u0131lan anahtar\u0131n uzunlu\u011funa ba\u011fl\u0131d\u0131r. Anahtar ne kadar uzun olursa, \u015fifreyi k\u0131rmak o kadar zor olur ve g\u00fcvenlik a\u00e7\u0131\u011f\u0131 olu\u015fma riski ortadan kalkar. Anahtar uzunlu\u011fu k\u0131\u0131sa ise \u015fifrenin k\u0131r\u0131lmas\u0131 daha kolay olacakt\u0131r. A\u015fa\u011f\u0131da birbirinden farkl\u0131 algoritmalar\u0131n a\u00e7\u0131klamas\u0131 yap\u0131lm\u0131\u015ft\u0131r.<\/span><\/span><\/p>\n

\"Confidentiality1\"<\/p>\n