Internet Protocol Security (IPSec) is a framework of open standards for ensuring private, secure communications over Internet Protocol (IP) networks, through the use of cryptographic security services. IPSec is a suite of cryptography-based protection services and security protocols. Because it requires no changes to programs or protocols, you can easily deploy IPSec for existing networks.
The driving force for the acceptance and deployment of secure IP is the need for business and government users to connect their private WAN/ LAN infrastructure to the Internet for providing access to Internet services and use of the Internet as a component of the WAN transport system. As we all know, users need to isolate their networks and at the same time send and receive traffic over the Internet. The authentication and privacy mechanisms of secure IP provide the basis for a security strategy for us.
IPsec protects one or more paths between a pair of hosts, a pair of security gateways, or a security gateway and a host. A security gateway is an intermediate device, such as a switch or firewall, that implements IPsec. Devices that use IPsec to protect a path between them are called peers.
IPsec requires a PCI Accelerator Card (PAC) to provide hardware data compression and encryption. A PAC is a hardware processing unit the switch’s CPU controls.
IPsec provides the following security services for traffic at the IP layer:
- Data origin authentication—identifying who sent the data.
- Confidentiality (encryption)—ensuring that the data has not been read en route.
- Connectionless integrity—ensuring the data has not been changed en route.
- Replay protection—detecting packets received more than once to help protect against denial of service attacks.
Applications of IPSec
As we all know to help in the security of a network the Internet community has done lot of work and developed application-specific security mechanisms in numerous application areas, including electronic mail (Privacy Enhanced Mail, Pretty Good Privacy [PGP]), network management (Simple Network Management Protocol Version 3[SNMPv3]), Web access (Secure HTTP, Secure Sockets Layer [SSL]), and others. However, users have some security concerns that cut across protocol layers. For example, an enterprise can run a secure, private TCP/IP network by disallowing links to untrusted sites, encrypting packets that leave the premises, and authenticating packets that enter the premises. By implementing security at the IP level, an organization can ensure secure networking not only for applications that have security mechanisms but also for the many security-ignorant applications.
Benefits of IPSec
When IPSec is implemented in a firewall or router, it provides strong security whose application is to all traffic crossing this perimeter. Traffic within a company or workgroup does not incur the overhead of security-related processing.
IPSec is below the transport layer (TCP, UDP), and is thus transparent to applications. There is no need to change software on a user or server system when IPSec is implemented in the firewall or router.
Even if IPSec is implemented in end systems, upper layer software, including applications is not affected. IPSec can be transparent to end users.
There is no need to train users on security mechanisms, issue keying material on a per-user basis, or revoke keying material when users leave the organization. IPSec can provide security for individual users if needed. This feature is useful for offsite workers and also for setting up a secure virtual subnetwork within an organization for sensitive applications.
We provide CISSP training in the following cities: