IPSec is a framework of security protocols and algorithms used to
secure data at the network layer
. Prior to the
IPSec standard, Cisco implemented its proprietary Cisco Encryption Technology
(CET) to provide protection at the packet level. RFC 2401 describes the general
framework for this architecture. Like all security mechanisms, RFC 2401 helps
to enforce a security policy. The policy defines the need for security on
various connections, which will be IP sessions. The framework provides data
integrity, authentication, and confidentiality, as well as security association
and key management.
IPSec consists of two protocols
,
. The first
protocol is Encapsulating Security Payload (ESP). It encapsulates the data, but
does not provide protection to the outer headers. ESP encrypts the payload for
data confidentiality. The second protocol is Authentication Header (AH). The AH
protocol provides protection to the entire datagram by embedding the header in
the data. The AH verifies the integrity of the IP datagram. AH and ESP use
symmetric secret key algorithms, although public key algorithms are
feasible.
The advantages of IPSec displayed in Figure
allow
implementation in a wide range of scenarios, as shown in Figure
.