If not redirected, please click here https://www.thesecuritybuddy.com/vpn/what-is-ipsec-protocol-and-how-does-it-work/
One of the weakness of original Internet Protocol is, it cannot ensure authenticity and privacy of the data passed over the internet. Any IP datagram that travels between two devices over unknown network can be intercepted and changed. So, security enhancements were needed in IP for critical applications and IP Security or IPSec was developed for that purpose.
A number of methods have evolved over
the years to ensure security over the internet. Most of them deals
with higher layers of the OSI protocol stack. These solutions were
undoubtedly valuable for certain scenarios, but they are mostly
particular to certain applications. For example, Secure Sockets Layer
is good for World Wide Web access or FTP, but there are lots of
applications, where this technology is not intended to work with. We
needed a solution to ensure security in the IP layer, so that all the
layers above it in the OSI protocol stack can take advantage and
IPSec was developed.
IPSec
IPSec comprises two different components :
Authentication Header or AH : This protocol provides authentication services to IPSec. The recipient of the message can verify the authenticity of the sender. This protocol also enables verification of the received data, protecting it from 'replay attack' where the sent message is captured by an unauthorized user and re-sent.
IPSec
IPSec comprises two different components :
- Authentication Header or AH
- Encapsulating Security Payload or ESP
Authentication Header or AH : This protocol provides authentication services to IPSec. The recipient of the message can verify the authenticity of the sender. This protocol also enables verification of the received data, protecting it from 'replay attack' where the sent message is captured by an unauthorized user and re-sent.
Encapsulating Security Payload or
ESP : Authentication Header ensures authenticity and integrity of
the data, but not its privacy. Using ESP protocol, the payload of the
IP datagram is encrypted, so that no one can extract information from
it.
These two protocols can also be
implemented together.
Mode of Operation of IPSec
There are specific two modes of
operations defined for IPSec :
Selection of modes determines what specific parts of the IP datagram are protected and how the headers are arranged.
Transport Mode : When IPSec is used in transport mode, IPSec header is applied only on the IP payload and not on the IP header. AH and ESP headers appear in between the original IP header and the IP payload. This mode encrypts the data part of each packet and leaves the header intact.
Tunnel Mode : In this mode, the entire IP datagram is encrypted and encapsulated within another IP datagram. Here, the IPSec headers appear in front of the original IP header and new IP header is added in front of the IPSec header.
- Transport mode
- Tunnel mode
Selection of modes determines what specific parts of the IP datagram are protected and how the headers are arranged.
Transport Mode : When IPSec is used in transport mode, IPSec header is applied only on the IP payload and not on the IP header. AH and ESP headers appear in between the original IP header and the IP payload. This mode encrypts the data part of each packet and leaves the header intact.
Tunnel Mode : In this mode, the entire IP datagram is encrypted and encapsulated within another IP datagram. Here, the IPSec headers appear in front of the original IP header and new IP header is added in front of the IPSec header.
And when two devices communicate to
each other, they must share a public key to send and receive
information securely. To ensure that, a
protocol known as Internet Security Association and Key Management Protocol/Oakley (ISAKMP/Oakley) is used.
You would find more information on Internet Security Association and Key Management Protocol/Oakley (ISAKMP/Oakley) here : Internet Security Association and Key Management Protocol/Oakley (ISAKMP/Oakley).
This is the overall concept of IP Security or IPSec.
You would find more information on how IPSec Protocol works here : How does IPSec work ?
You would find more information on Internet Security Association and Key Management Protocol/Oakley (ISAKMP/Oakley) here : Internet Security Association and Key Management Protocol/Oakley (ISAKMP/Oakley).
This is the overall concept of IP Security or IPSec.
You would find more information on how IPSec Protocol works here : How does IPSec work ?
Read More
How do NAT and VPN work ?
PPTP vs L2TP vs OpenVPN vs SSTP vs IKEv2 VPN - How are they different from each other ?
What is SSL VPN and how is it different from IPSec VPN ?
How does IPSec protocol work ?
How do Proxy Servers work ?
How does Tor work and how does it help in anonymous browsing ?
No comments:
Post a Comment