what is ipsec, how ipsec works
Home About Us Reference Product Service Sitemap

What is ipsec, how ipsec works?

What is ipsec?

IPsec, Internet Protocol Security, is an extension of the Internet Protocol (IP). It is a protocol suite for securing Internet Protocol communications by authenticating and encrypting each IP packet of a data stream. IPsec also includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used to protect data flows between a pair of hosts, for example, computer users or servers, between a pair of security gateways, for example, routers or firewalls, or between a security gateway and a host. IPsec is usually used for a protocol for securing VPN tunnels, that is, it covers authentication and encryption of data traffic over the Internet. VPN technology using IPSec encrypts outgoing data and decrypts incoming data.

IPSec contains the following elements:

1. Encapsulating Security Payload (ESP): Provides confidentiality, authentication, and integrity.

2. Authentication Header (AH): Provides authentication and integrity.

3. Internet Key Exchange (IKE): Provides key management and Security Association (SA) management.

IPSec also contains the following security features:

1. Authentication: Verifies that the packet received is actually from the claimed sender.

2. Integrity: Ensures that the contents of the packet did not change in transit.

3. Confidentiality: Conceals the message content through encryption.

How ipsec works?

IPSec has two encryption modes: transport and tunnel. Transport mode encrypts the packet data but leaves the header unencrypted. The more secure the tunnel mode encrypts both the header and the data. At the receiving end, an IPSec-compliant device decrypts each packet. For IPSec to work, the sending and receiving devices must share a key. IPsec can be used for protecting any application traffic across the Internet. Applications need not be specifically designed to use IPsec. The use of TLS/SSL, on the other hand, must typically be incorporated into the design of applications.

Most IPSEC implementations also provide some form of authorization. For example, in Windows you can do meaningful filtering of incoming IP packets based on the source IP address. This is normally easy for an attacker to skirt around because IP source addresses can be spoofed when not protected. Under IPSEC, however, the source IP address is authenticated, giving these sorts of filters some real teeth. In fact, IPSEC policies are chosen based on the peer's IP address, so it's possible to have a client that communicates with a secure server over IPSEC but also communicates over an unsecured channel with other machines on the network. IPSEC is not an all-or-nothing proposition. The IPsec works in the following way:

1. Local or group policy is applied to a computer during startup and periodically while the computer is on.

2. Any IPSec policies are retrieved by the IPSec Policy Agent.

3. When one or more IPSec policies exist, the IPSec Policy Agent monitors communication to the TCP/IP protocol from all applications. It's watching for traffic that matches the policy it is configured with?that is, network traffic that it must protect.

4. When network traffic that needs protection is identified, the IPSec Policy Agent communicates with the IPSec driver. It informs the IPSec driver of the type of protection required.

5. The IPSec driver then determines whether a Security Association (SA) exists that can be used to protect the traffic. For the purposes of this discussion, an SA is a set of IPSec settings and key material that is shared between this computer and the destination computer.

6. If no SA exists, the IPSec driver contacts the IKE service which is responsible for negotiating settings between the computers, performing mutual authentication, and establishing shared secret keys that conform to the security policy. IKE uses ISAKMP for this task.

7. IKE provides the SA to the IPSec driver, which then protects the network traffic.

8. The driver returns the protected traffic to the TCP/IP protocol for continued processing.

©1994 - 2010 Edusoftmax Inc. All rights reserved. Questions? Comments?    Visitors: