Understanding IPSec

Printer Friendly Version

Internet Protocol Security (IPSec) is a collection of standards that was designed specifically to create secure end-to-end secure connections. The standards were developed by the Internet Engineering Task For (IETF) to secure communications over both public and private networks, though it is particularly beneficial to public networks. In this article I'll explain to you some of the fundamentals of IPSec, how it is used, and what products use it.

IPSec Basics
IPSec is framework that is built into various security products to provide end-to-end security in wide area networking communications. Using strong encryption, and public key cryptography, IPSec can secure data links that would otherwise be insecure and susceptible to exploitation.

IPSec is a bundle of protocols and algorithms and is a flexible framework that allows vendors who build it into their products to select the algorithms, keys, and authentication methods they want to use. One should assume that two different implementations of IPSec are not necessarily the same as far as protocols and algorithms go.

The bundle of protocols, hashing, and encryption algorithms used in IPSec include:

* IKE [Internet Key Exhange protocol]
* ISAKMP [Internet Security Assocation and Key Management Protocol]
* ESP [Encapsulating Security Payload]
* AH [Authentication Header protocol]
* ESP [Encapsulating Security Payload protocol]
* STS [Station-to-Station protocol]
* HMAC [Hash Message Authentication Code]
* MD5 [Message Digest 5]
* SHA-1 [Security Hash Algorithm]
* 3DES [Triple Data Encryption Standard]
* XAUTH [Extended Authentication]
* AES [Advanced Encryption Standard]

Though I won't be discussing these protocols and algorithms in much detail in this article, I have noted them in the event that you may want to research these individual components of IPSec yourself. To understand IPSec better, the two protocols worth understanding first are AH and ESP. AH is used to authenticate users, and ESP applies cryptographic protections that provide authentication, integrity, and confidentiality of messages.

There are two modes of operation for IPSec: transport mode and tunnel mode. In transport mode, only the payload of the message is encrypted. In tunnel mode, the payload, the header, and the routing information are all encrypted. Needless to say, using IPSec is transport mode is far more risky that using it in tunnel mode.

IPSec VPNs are network connections that are based on public and private key cryptography. Users of IPSec implementations are issued public keys and private keys that are associated with their respective identity. When a message is sent from one user to another, it is automatically signed with the user's private key. The receiver uses the sender's public key to decrypt the message. VPN endpoints essentially act as databases that manage and distribute keys and security associations in similar ways that a Certificate Authority (CA) does.

Benefits of IPSec
IPSec is typically used to attain confidentiality, integrity, and authentication in the transport of data across insecure channels. Though it's original purpose was to secure traffic across public networks, it's implementations are often used to increase the security of private networks as well, since organizations cannot always be sure if weaknesses in their own private networks are susceptible to exploitation. If implemented properly, IPSec provides a private channel for sending and exchanging vulnerable data whether the data is email, ftp traffic, news feeds, partner and supply chain data, medical records, or any other type of TCP/IP based data.

Go to page: 1  2  3