IPsec

IPsec Technologies

IPsec is an IETF standard (RFC 2401-2412) that defines how a VPN can be secured across IP networks. IPsec protects and authenticates IP packets between source and destination. IPsec can protect traffic from Layer 4 through Layer 7.

Using the IPsec framework, IPsec provides these essential security functions:

  • Confidentiality – IPsec uses encryption algorithms to prevent cybercriminals from reading the packet contents.
  • Integrity – IPsec uses hashing algorithms to ensure that packets have not been altered between source and destination.
  • Origin authentication – IPsec uses the Internet Key Exchange (IKE) protocol to authenticate source and destination. Methods of authentication including using pre-shared keys (passwords), digital certificates, or RSA certificates.
  • Diffie-Hellman – Secure key exchange typically using various groups of the DH algorithm.

IPsec is not bound to any specific rules for secure communications. This flexibility of the framework allows IPsec to easily integrate new security technologies without updating the existing IPsec standards. The currently available technologies are aligned to their specific security function. The open slots shown in the IPsec framework in the figure can be filled with any of the choices that are available for that IPsec function to create a unique security association (SA).

 

Module Practice and Quiz