Systems Security Certified Practitioner (SSCP) — Question 29

While using IPsec, the ESP and AH protocols both provides integrity services. However when using AH, some special attention needs to be paid if one of the peers uses NAT for address translation service. Which of the items below would affects the use of AH and its Integrity Check Value (ICV) the most?

Answer options

• A. Key session exchange
• B. Packet Header Source or Destination address
• C. VPN cryptographic key size
• D. Crypotographic algorithm used B

Correct answer: B

Explanation

The correct answer is B, as the Packet Header Source or Destination address can change when NAT is used, which directly affects the integrity check performed by AH. The ICV includes these addresses in its calculation, so any modification can lead to validation failures. The other options, while relevant to security and integrity, do not directly impact the ICV in the same manner as the address changes caused by NAT.