c





   

„


 
 

 „     „  
 



As people rely more on digital communication to interact with one another, the need for

secure methods to transfer data has driven the evolution of the Internet Protocol Security (IPSec).

IPSec is a group of measures put in place to secure the transport of all data across IP networks

between two or more parties. These networks can include LANs, public and private WANs, and

the Internet (Stalling, 2006). IPSec can also be applied to secure remote access connections as

well as communications between different organizations and businesses. Along with this, it can

also play a key role in internal routing structures. With IPsec standards in place, the integrity of

data communications is ensured to be secure and authentic.

IPsec was developed to help address security concerns associated with remote data access

and transmissions. Its main purpose is to secure all data transports by encrypting, authenticating,

or a conjunction of both over all IP networks. IPSec covers all network traffic, and can be

applied to address VPN, application-level, and routing security concerns (Thomas, 2004). It can

be implemented on in routers, firewalls, and also integrated with other applications such as

email, remote login, and web access servers that have IPSec capabilities. This gives IPSec the

flexibility to be applied to many different access levels.

IPSec is used in two modes of operation. These modes are Tunnel mode and Transport

mode. There is one major difference between these two methods. In Transport mode, all of the
  

encryption functions occur between the sending and receiving parties within a single secure

tunnel. Using this technique helps create end-to-end security (Thomas, 2004). In Tunnel Mode,

encryption functions not only are performed by sender and recipient, but also through multiple

tunnels created between special gateways, which help ensure that the data being transmitted is

authentic. Using this method, all data that is not valid is discarded, which creates what is known

as gateway-to-gateway security.

IPsec uses two security protocols to secure data. These packet encoding protocols are

commonly known as the Authentication Header (AH) and the Encapsulation Security Payload

(ESP), and can operate in both transport or tunnel modes. AH uses message authentication

coding, which helps verify messages are not altered by external sources and ensure a secure path

between sender and recipient. In addition, authentication headers can be applied to multiple

hosts and gateways, providing a secure link between all participants if all are implementing AH.

ESP provides encryption or a combination of encryption and authentication by attaching a header

and trailer to the data, helping to maintain data integrity and confidentiality. Using either AH or

ESP in either transport or tunnel mode can provide encryption and authentication to data being

transferred over and IP network.

Implementing IPSec can provide a number of benefits. Enforcing IPSec on a router or

firewall can provide a top-level method to ensure the integrity of all data passed is authentic.

Implementing IPsec can be seamless to users and application, as it is below the transport layer,

which eliminates the need for special software configurations or end user security training. Also,

using IPSec in routing strategies can help combat attacks associated with the redirection of

messages and network traffic.

  

èverall, IPSec provides a means to secure all data transmissions over IP networks. Due

to its flexibility to integrate with routers, firewalls along with authentication server applications,

IPSec has become a standard in securing data communications. It offers multiple avenues on

implementation, and when used in conjunction with other security techniques, can create a

secure environment for transmitting data.

  

Stallings, W. (2006). -
 


   
  
  (5th ed.).

Upper Saddle River, NY: Prentice Hall.

Thomas, J., & Elbirt, A. (2004). Understanding Internet Protocol Security.    


 
, (4), 39-43. Retrieved from Academic Search Premier database.