What is IPsec?

IPsec (IP Security) is a protocol for securing VPN tunnels.

IPsec is described in RFC 3193: Securing L2TP using IPsec.

IPsec Transport Mode and Tunnel Mode

In Transport Mode, IPsec encrypts the payload of each IP packet, but not the packet headers.

In Tunnel Mode, IPsec encrypts the payload and the headers of each IP packet.

Many networks which are not able to support Tunnel Mode are able to successfully support Transport mode.

IPsec and ISAKMP

IPsec relies on ISAKMP (Internet Security Association and Key Management Protocol) for key exchange.

FreeS/WAN IPsec

FreeS/WAN is an implementation of IPsec and IKE for Linux.

The primary objective of the FreeS/WAN project is to help make IPsec widespread by providing source code which is freely available, runs on a range of machines including ubiquitous cheap PCs, and is not subject to US or other nations' export restrictions.

IPSec: The New Security Standard for the Internet, Intranets, and Virtual Private Networks

IPSec, the suite of protocols for securing any sort of traffic that moves over an Internet Protocol (IP) network, promises big things for online business. IPSec: The New Security Standard for the Internet, Intranets, and Virtual Private Networks catalogs the specifications that compose this suite and explain how they fit into intranets, virtual private networks (VPNs), and the Internet.

Authors Doraswamy and Harkins first treat IPSec as a system, explaining how its component parts work together to provide flexible security. Their approach to this task makes sense: They first explain why standard IP packets aren't secure; then they show how the IPSec improvements make secure transactions possible. Readers get full descriptions of how various network entities talk to one another. Where appropriate, concepts that aren't specific to IPSec are explained, including IPv4 and IPv6 packet structures and addressing schemes. There's some information on cryptography too.

IPSec's parts are explained individually: the Authentication Header (AH), Encapsulating Security Payload (ESP), Internet Key Exchange (IKE), and ISAKMP/Oakley protocols are detailed with lots of prose, supplemented with a smattering of packet diagrams and conceptual sketches. Sections on implementing IPSec protocols on networks remain fairly abstract and don't mention actual products, but should prove useful to programmers designing their own network security products around the IPSec specifications

Free White Papers on Networking

Vulnerability Management for Dummies

Our friends at Qualys are offering free copies of the electronic version of Vulnerability Management for Dummies to Tech-FAQ readers.

Vulnerability Management for Dummies:

Explains the critical need for vulnerability management
Details the essential best-practice steps of a successful vulnerability management program
Outlines the various vulnerability management solutions - including the advantages and disadvantages of each
Highlights the award-winning QualysGuard vulnerability management solution
Provides a ten point checklist for removing vulnerabilities from your key resources

Bookmark What is IPsec?

Latest Blog Posts

SolarWinds Advanced Subnet Calculator

How to Clean a Laptop

We're the 3,731st Most Popular Site on the Internet

Seven Things IT Professionals Must Know

New Cell Phones

Sony TZ Laptop Series Review

Send Free SMS Messages - Again

EASEUS Partition Manager

Yahoo Fails to Stop E-Mail Spam

Welcome Back Cox Communications!