CISA Certified Information Systems Auditor – Question2176

Which of the following is the unique identifier within and IPSec packet that enables the sending host to reference the security parameter to apply?

A.
SPI
B. SA
C. ESP
D. AH

Correct Answer: A

Explanation:

Explanation:
The Security Parameter Index (SPI) is the unique identifier that enables the sending host to reference the security parameter to apply in order to decrypt the packet.
For your exam you should know the information below about the IPSec protocol:
The IP network layer packet security protocol establishes VPNs via transport and tunnel mode encryption methods.
For the transport method, the data portion of each packet is encrypted, encryption within IPSEC is referred to as the encapsulation security payload (ESP), it is ESP that provides confidentiality over the process.
In the tunnel mode, the ESP payload and its header’s are encrypted. To achieve non-repudiation, an additional authentication header (AH) is applied.
In establishing IPSec sessions in either mode, Security Associations (SAs) are established. SAs defines which security parameters should be applied between communicating parties as encryption algorithms, key initialization vector, life span of keys, etc. Within either ESP or AH header, respectively. An SAs is established when a 32-bit security parameter index (SPI) field is defined within the sending host. The SPI is unique identifier that enables the sending host to reference the security parameter to apply, as specified, on the receiving host.
IPSec can be made more secure by using asymmetric encryption through the use of Internet Security Association and Key Management Protocol/Oakley (ISAKMP/Oakley), which allows automated key management, use of public keys, negotiation, establishment, modification and deletion of SAs and attributes. For authentication, the sender uses digital certificates. The connection is made secure by supporting the generation, authentication, distribution of the SAs and the cryptographic keys.
The following were incorrect answers:
SA – Security Association (SA) defines which security parameters should be applied between communicating parties as encryption algorithms, key initialization vector, life span of keys, etc.
ESP – Encapsulation Security Payload (ESP) is used to support authentication of sender and encryption of data
AH – Authentication Header allows authentication of a sender of a data.
Reference:
CISA review manual 2014 Page number 353