Which of the following protocols can IPSec use to provide the integrity component of the CIA triad? (Select 2 choices.)
IP Security (IPSec) can use either Authentication Header (AH) or Encapsulating Security Payload (ESP) to provide the integrity component of the confidentiality, integrity, and availability (CIA) triad. The integrity component of the CIA triad ensures that data is not modified in transit by unauthorized parties. AH and ESP are integral parts of the IPSec protocol suite and can be used to ensure the integrity of a packet. Data integrity is provided by using checksums on each end of the connection. If the data generates the same checksum value on each end of the connection, the data was not modified in transit. In addition, AH and ESP can authenticate the origin of transmitted data. Data authentication is provided through various methods, including user name/password combinations, preshared keys (PSKs), digital certificates, and onetime passwords (OTPs). Although AH and ESP perform similar functions, ESP provides additional security by encrypting the contents of the packet. AH does not encrypt the contents of the packet.
In addition to data authentication and data integrity, IPSec can provide confidentiality, which is another component of the CIA triad. IPSec uses encryption protocols, such as Advanced Encryption Standard (AES) or Data Encryption Standard (DES), to provide data confidentiality. Because the data is encrypted, an attacker cannot read the data if he or she intercepts the data before it reaches the destination. IPSec does not use either AES or DES for data authentication or data integrity.
Generic Routing Encapsulation (GRE) is a protocol designed to tunnel any Layer 3 protocol through an IP transport network. Because the focus of GRE is to transport many different protocols, it has very limited security features. By contrast, IPSec has strong data confidentiality and data integrity features, but it can transport only IP traffic. GRE over IPSec combines the best features of both protocols to securely transport any protocol over an IP network. However, GRE itself does not provide data integrity or data authentication.