Securing the Internet with IPsec (Internet Security Architecture)

A high-level introduction to the IP Security Architecture, IPsec.


You Can't Detect What You Can't See: Illuminating the Entire Kill Chain

On-Demand Webinar

Posted September 9, 1999

Pete Loshin

(Page 1 of 4)

Part 1 (page 1): The IP Security Architecture
Part 2 (page 2): How IPsec works - IPsec, IPv4 and IPv6
Part 3 (page 3): IPsec Protocols and Operations
Part 4 (page 4): Cryptographic Algorithms and Deploying IPsec

The IP Security Architecture

The IP Security Architecture, or IPsec, offers an interoperable and open standard for building security into any Internet application. By adding security at the network layer (the IP layer, or layer 3 in the OSI reference model), IPsec enables security for individual applications as well as for virtual private networks (VPNs) capable of securely carrying enterprise data across the open Internet.

IPsec and its related protocols are already being widely implemented in virtual private network products. Despite its growing importance to existing deployed systems, not too many people truly grok IPsec, probably because it is complicated (a solid couple of dozen RFCs describe IPsec and its related protocols--please refer to the list of related RFCs at the end of the article).

Saying that IPsec specifies protocols for encrypting and authenticating data sent within IP packets is an oversimplification, and even obscures IPsec's full potential.

IPsec offers the following security services:

  • Data privacy (encryption)
  • Data authentication (strong authentication)
  • Access control
  • Connectionless integrity
  • Data origin authentication
  • Replay protection
  • Limited traffic flow confidentiality
  • End-to-end security for IP packets
  • Security tunneling (VPN functionality)
  • Altogether, IPsec provides for the integration of algorithms, protocols, and security infrastructures into an overarching security architecture.

    The stated goal of the IP Security Architecture is "to provide various security services for traffic at the IP layer, in both the IPv4 and IPv6 environments." [RFC2401]. This means security services that are: interoperable, high-quality, and cryptographically-based.

    The IP security architecture allows systems to choose the required security protocols, identify the cryptographic algorithms to use with those protocols, and exchange any keys or other material or information necessary to provide security services.

    Page 1 of 4

    1 2 3 4
    Next Page

    0 Comments (click to add your comment)
    Comment and Contribute


    (Maximum characters: 1200). You have characters left.



    IT Management Daily
    Don't miss an article. Subscribe to our newsletter below.

    By submitting your information, you agree that datamation.com may send you Datamation offers via email, phone and text message, as well as email offers about other products and services that Datamation believes may be of interest to you. Datamation will process your information in accordance with the Quinstreet Privacy Policy.