2. Contents
1. Definition / Overview
2. Application of IP Security
3. Benefits of IP Security
4. Modes of Operation
a. Transport Mode
b. Tunnel Mode
5. IP Security Services
Acronyms :
AH = Authentication Header
ESP = Encapsulating Security Payload
IPsec = IP Security
3. Definition / Overview
• IPSec is a collection of protocols designed by the Internet EngineeringTask
Force (IETF) to provide security for a packet at the network level.
• IPSec provides the capability to secure communications across a LAN,
across private and public WANs, and across the internet.
• IPSec Covers three functional areas : authentication, confidentiality and key
management.
4. Application of IP Security
1. Secure branch office connectivity over the Internet : - A company can
build a secure virtual private network over the Internet or over publicWAN.
2. Secure remote access over the Internet : - An end user whose system is
equipped with IP security can make local call to an Internet Service
Provider and gain access to a company network.
3. Establishing extranet and intranet connectivity with partners.
4. Enhancing electronic commerce security.
5. Benefits of IP Security
• Some of the benefits of IPsec : -
1. When IPsec is implemented in a firewall or router. It provides strong
security that can be applied to all traffic crossing the perimeter.
2. IPsec in a firewall is resistant to bypass if all traffic from the outside must
use IP and the firewall is the only means of entrance from the Internet into
the organization.
3. IPsec can be transparent to end users.There is no need to train users on
security mechanisms.
4. IPsec can provide security for individual users if needed.
6. Modes of Operation
A.Transport Mode : -
• Transport mode provides protection primarily
for upper-layer protocols.That is, transport
mode protection extends to the payload of an
IP packet.Typically, transport mode is used for
end-to-end communication between two
hosts.
B.Tunnel Mode : -
• Tunnel mode provides protection to the entire
IP packet.To achieve this, after the AH or ESP
fields are added to the IP packet, the entire
packet plus security fields is treated as the
payload of new outer IP packet with a new
outer IP header.The entire original, inner,
packet travels through a tunnel from one point
of an IP network to another.
8. IP Security Services
• IPsec provides security services at the IP layer by enabling a system to select
required security protocols determine the algorithm to use for service and put in
place any cryptographic keys required to provide the requested services.
• The services are : -
1) Access control
2) Connectionless integrity
3) Data origin authentication
4) Rejection of replayed packets
5) Confidentiality
6) Limited traffic flow confidentiality