What is IPSec?
The IPSec protocols (AH and ESP) can be used to protect either an entire IP payload or only the upper-layer protocols of an IP payload. Transport mode is mainly for an IP host to protect the data generated locally, while tunnel mode is for security gateway to provide IPSec service for other machines lacking of IPSec capability. In this case, Transport mode only protects the upper-layer protocols of IP payload (user data). Tunneling mode protects the entire IP payload including user data. There is no restriction that the IPSec hosts and the security gateway must be separate machines. Both IPSec protocols, AH and ESP, can operate in either transport mode or tunnel mode.
IPSec is a set of IP extensions developed by IETF (Internet Engineering Task Force) to provide security services compatible with the existing IP standard (IPv.4) and also the upcoming one (IPv.6). In addition, IPSec can protect any protocol that runs on top of IP, for instance TCP, UDP, and ICMP. The IPSec provides cryptographic security services. These services allow for authentication, integrity, access control, and confidentiality. IPSec allows for the information exchanged between remote sites to be encrypted and verified. You can create encrypted tunnels (VPNs), or just do encryption between computers. Since you have so many options, IPSec is truly the most extensible and complete network security solution.
• Internet Protocol Security is a robust VPN standard that covers authentication and encryption of data traffic over the Internet. VPN technology using IPSec encrypts outgoing data and decrypts incoming data. IPSec has two encryption modes: transport and tunnel. Transport mode encrypts the packet data but leaves the header unencrypted. The more secure the tunnel mode encrypts both the header and the data. At the receiving end, an IPSec-compliant device decrypts each packet. For IPSec to work, the sending and receiving devices must share a key. IKE protocol is a key management protocol standard which is commonly used in conjunction with the IPSec standard. Unlike PPTP, IPSec is specific only to the Internet Protocol (IP) and does not provide security for other protocols. PPTP supports multiple protocols, but is not as secure. • What is a Security Association? • A group of security settings related to a specific VPN tunnel. A Security Association groups together all the necessary setting
