Introduction to Internet Protocol Security IPSec - What is IPSec?
This Lesson explains what is Internet Protocol Security (IPSec), goals of Internet Protocol Security (IPSec) and different ways of implemeting Internet Protocol Security (IPSec).
Internet Protocol has many weaknesses. The following points describe some of the weaknesses of Internet Protocol.
• IP data packet (Internet Protocol Datagram) contains the logical addressing information (IP addresses). It is easy to forge the logical addresses of IP datagram.
• It is possible to view the contents of an IP datagram, since there is no inbuilt encryption for IP datagram.
• It is possible to modify the contents of IP datagram.
•Replay attack is a type of network attack in which attackers capture packets whenever packets pass between two hosts on a network. The packets are then analyzed and passwords, encryption keys, or digital signatures are extracted from the captured packets. Later the attacker can send the captured password to the host and gain authentication.
Hence we cannot make sure that the IP datagram’s received by a computer are from the claimed sender, the data received is not tampered by an attacker and the datagram was not inspected by the attacker while the packet was travelling the network.
The purpose of Internet Protocol Security or IPsec is for protecting communications over Internet Protocol (IP) communications using cryptographic security services. IPsec is a security tunneling protocol, defining a mechanism that allows a device to encrypt and/or authenticate data packets and encapsulate the data packets. Internet Protocol Security (IPsec) enhances your network security to a very high level.
Goals of Internet Protocol Security (IPSec)
1) Authentication – Prove we are who we say we are.
2) Integrity – The data has not been tampered with.
3) Confidentiality – The confidential data cannot be inspected by others. The term confidentiality means the data expected to remain private should be seen only by those who should see it.
Different ways of implemeting Internet Protocol Security (IPsec)
• IPsec can be integrated into the TCP/IP protocol suit.
• IPsec can be added below the TCP/IP protocol suit.
• IPsec can be implemented as a stand-alone device, and can be implemented as a part of the router or firewall.
Key protocols associated with IPSec
Internet Protocol Security (IPsec) consists of three key protocols.
Authentication Header (AH):
AH is a protocol that provides data origin authentication, data integrity, and anti-replay protection.
Encapsulating Security Payload (ESP):
ESP is a a protocol that provides data origin authentication, data integrity, and anti-replay protection and it provides confidentiality by encrypting the traffic.
Internet Key Exchange (IKE):
IKE is a protocol that provides the key-management function. IKE helps in setting up Security Associations.
In this lesson you have learned what is Internet Protocol Security (IPsec), why we need Internet Protocol Security (IPsec), the goals of Internet Protocol Security (IPsec) and the ways Internet Protocol Security (IPsec) can be implemented. Authentication Header (AH), Encapsulating Security Payload (ESP and Internet Key Exchange (IKE) are the key protocols associated with Internet Protocol Security (IPSec). Click "Next" to continue.