IPSec
Overview

IPSec is a framework of security protocols and algorithms used to secure data at the network layer . Prior to the IPSec standard, Cisco implemented its proprietary Cisco Encryption Technology (CET) to provide protection at the packet level. RFC 2401 describes the general framework for this architecture. Like all security mechanisms, RFC 2401 helps to enforce a security policy. The policy defines the need for security on various connections, which will be IP sessions. The framework provides data integrity, authentication, and confidentiality, as well as security association and key management.

IPSec consists of two protocols , . The first protocol is Encapsulating Security Payload (ESP). It encapsulates the data, but does not provide protection to the outer headers. ESP encrypts the payload for data confidentiality. The second protocol is Authentication Header (AH). The AH protocol provides protection to the entire datagram by embedding the header in the data. The AH verifies the integrity of the IP datagram. AH and ESP use symmetric secret key algorithms, although public key algorithms are feasible.

The advantages of IPSec displayed in Figure allow implementation in a wide range of scenarios, as shown in Figure .


Web Links