January 22, 2012

1.4.1 IPSec


IPSec is an Internet Engineering Task Force (IETF) standard suite of protocols that provides data authentication, integrity, and confidentiality as data is transferred between communication points across IP networks.

Its primary goals are data confidentiality, data integrity, and host authentication. The combination of integrity and authentication provides non-repudiation. IPSec also detects replay attacks.

IPSec also includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session.

Unlike protocols such as Secure Sockets Layer (SSL), Transport Layer Security (TLS) and Secure Shell (SSH), that operate in the upper layers of the TCP/IP model, IPSec operates in the Internet Layer of the Internet Protocol Suite and protects any application traffic across an IP network. Applications do not need to be specifically designed to use IPSec.

Because IPSec is integrated at the Internet layer (layer 3), it provides security for almost all protocols in the TCP/IP suite, and because IPSec is applied transparently to applications, there is no need to configure separate security for each application that uses TCP/IP.

IPSec, although not a tunneling protocol, provides encryption to tunneling protocols; it's often used to enhance tunnel security.

Internet Protocol Security Internet Protocol Security (IPSec) isn't a tunneling protocol, but it's used in conjunction with tunneling protocols. IPSec is oriented primarily toward LAN-to-LAN connections, but it can also be used with remote connections. IPSec provides secure authentication and encryption of data and headers; this makes it a good choice for security. IPSec can work in either Tunneling mode or Transport mode. In Tunneling mode, the data or payload and message headers are encrypted. Transport mode encrypts only the payload. IPSec is an add-on to IPv4 and built into IPv6.


No comments:

Post a Comment