Wiki

Clone wiki

packetdata / IPSec

IPsec

IPSEC is Internet Protocol SECurity. It uses strong cryptography to provide both authentication and encryption services. Authentication ensures that packets are from the right sender and have not been altered in transit. Encryption prevents unauthorised reading of packet contents.

These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted net is encrypted by the IPSEC gateway machine and decrypted by the gateway at the other end. The result is Virtual Private Network or VPN. This is a network which is effectively private even though it includes machines at several different sites connected by the insecure Internet.

For IPsec to work, the sending and receiving devices must share a public key. This is accomplished through a protocol known as Internet Security Association and Key Management Protocol/Oakley (ISAKMP/Oakley), which allows the receiver to obtain a public key and authenticate the sender using digital certificates.

The IPSEC protocols were developed by the IETF (Internet Engineering Task Force) and will be required as part of IPv6, the next generation. They are also being widely implemented for IPv4. In particular, nearly all vendors of any type of firewall or security software have IPSEC support either shipping or in development. There are also several open source IPSEC projects. Several companies are co-operating in the Secure Wide Area Network (S/WAN) project to ensure that products will interoperate. There is also a VPN Consortium fostering cooperation among companies in this area.

Updated