Internet Protocol Security (IPsec) is a suite of protocols for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a data stream. IPsec also includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used to protect data flows between a pair of hosts (e.g. computer users or servers), between a pair of security gateways (e.g. routers or firewalls), or between a security gateway and a host.
Welcome to CWAnswers
CWAnswers is your guide to the sprawling world wide web. The directory aims to provide a useful guide made by users. You can share your knowledge as well - simply sign up and edit your first entry. For questions just contact the team at support - at - cwanswers.com.
Weblinks for Ipsec
Top 10 for Ipsec
Things about Ipsec you find nowhere else.
Select content modules
Internet Protocol Security (IPsec) is a suite of protocols for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a data stream. IPsec also includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used to protect data flows between a pair of hosts (e.g. computer users or servers), between a pair of security gateways (e.g. routers or firewalls), or between a security gateway and a host.
IPsec is a dual mode, end-to-end, security scheme operating at the Internet Layer of the Internet Protocol Suite, which is approximately Layer 3 in the OSI model. Some other Internet security systems in widespread use, such as SSL, TLS and SSH, operate in the upper layers of these models, SSL VPN being an example. IPsec is more flexible, operating as it does at a lower level in the stack. Hence it can be used for protecting more traffic (ie, all those at and above layer 3), and applications need not be specifically designed to use IPsec. The use of TLS/SSL, on the other hand, must typically be incorporated into the design of applications.
IPsec is a successor of the ISO standard NLSP (Network Layer Security Protocol). The NLSP protocol was based on the SP3 protocol that was published by NIST, but designed by the Secure Data Network System project of the NSA.
"IPsec" is officially specified by the Internet Engineering Task Force (IETF).
Security Architecture
The IPsec suite is a framework of open standards. IPsec uses the following protocols to perform various functions:
- Internet key exchange (IKE and IKEv2) to set up a security association (SA) by handling negotiation of protocols and algorithms and to generate the encryption and authentication keys to be used by IPsec.
- Authentication Header (AH) to provide connectionless integrity and data origin authentication for IP datagrams and to provide protection against replay attacks.
- Encapsulating Security Payload (ESP) to provide confidentiality, data origin authentication, connectionless integrity, an anti-replay service (a form of partial sequence integrity), and limited traffic flow confidentiality.
Authentication Header (AH)
AH is a member of the IPsec protocol suite. AH is intended to guarantee connectionless integrity and data origin authentication of IP packets. Further, it can optionally protect against replay attacks by using the sliding window technique and discarding old packets. AH protects the IP payload and all header fields of an IP datagram except for mutable fields (i.e. those that might be altered in transit).
