IPSec (Internet Protocol Security) is a set of protocols developed by the Internet Engineering Task Force (IETF) to secure communications over IP networks.
It ensures the confidentiality, integrity and authenticity of exchanged data by using cryptographic security services.
IPSec operates mainly at the network layer (layer 3 of the OSI model), which makes it independent of applications and enables secure communications without requiring any modifications to users' computers.
IPSec is :
- a suite of protocols which provides security mechanisms for communications on an IP network.
- a tool which encrypts data, verifies its authenticity and ensures its integrity.
- protection against eavesdropping, tampering and identity theft on the network.
IPSec is both a protection and a tool.
To understand this better, let's imagine a parcel that you send by post. IPSec would be both :
- The secure box It protects the contents from prying eyes and damage.
- The tool which allows you to lock the box and guarantee its integrity during transport.
How IPSec works
IPSec uses two main protocols to ensure data security:
- Authentication Header (AH) This protocol authenticates the origin of IP packets and guarantees their integrity.
- Encapsulating Security Payload (ESP) This protocol encrypts data and ensures both authentication and confidentiality of packets.
IPSec can be used in tunnel or in transport. Tunnel mode encrypts the entire IP packet, while transport mode encrypts only the payload, leaving the IP header visible to routers, which is useful in trusted networks.
Examples of using IPSec
- IPSec VPN IPSec is often used to create virtual private networks (VPNs), enabling a secure connection between two networks via the Internet. An IPSec VPN encrypts data at the source and decrypts it at the destination, ensuring a secure transfer.
- Securing business communications IPSec: companies use IPSec to protect their sensitive data against unauthorised interception, particularly for remote connections
