Professional Documents
Culture Documents
As people rely more on digital communication to interact with one another, the need for
secure methods to transfer data has driven the evolution of the Internet Protocol Security (IPSec).
IPSec is a group of measures put in place to secure the transport of all data across IP networks
between two or more parties. These networks can include LANs, public and private WANs, and
the Internet (Stalling, 2006). IPSec can also be applied to secure remote access connections as
well as communications between different organizations and businesses. Along with this, it can
also play a key role in internal routing structures. With IPsec standards in place, the integrity of
IPsec was developed to help address security concerns associated with remote data access
and transmissions. Its main purpose is to secure all data transports by encrypting, authenticating,
or a conjunction of both over all IP networks. IPSec covers all network traffic, and can be
applied to address VPN, application-level, and routing security concerns (Thomas, 2004). It can
be implemented on in routers, firewalls, and also integrated with other applications such as
email, remote login, and web access servers that have IPSec capabilities. This gives IPSec the
IPSec is used in two modes of operation. These modes are Tunnel mode and Transport
mode. There is one major difference between these two methods. In Transport mode, all of the
encryption functions occur between the sending and receiving parties within a single secure
tunnel. Using this technique helps create end-to-end security (Thomas, 2004). In Tunnel Mode,
encryption functions not only are performed by sender and recipient, but also through multiple
tunnels created between special gateways, which help ensure that the data being transmitted is
authentic. Using this method, all data that is not valid is discarded, which creates what is known
as gateway-to-gateway security.
IPsec uses two security protocols to secure data. These packet encoding protocols are
commonly known as the Authentication Header (AH) and the Encapsulation Security Payload
(ESP), and can operate in both transport or tunnel modes. AH uses message authentication
coding, which helps verify messages are not altered by external sources and ensure a secure path
between sender and recipient. In addition, authentication headers can be applied to multiple
hosts and gateways, providing a secure link between all participants if all are implementing AH.
and trailer to the data, helping to maintain data integrity and confidentiality. Using either AH or
ESP in either transport or tunnel mode can provide encryption and authentication to data being
firewall can provide a top-level method to ensure the integrity of all data passed is authentic.
Implementing IPsec can be seamless to users and application, as it is below the transport layer,
which eliminates the need for special software configurations or end user security training. Also,
using IPSec in routing strategies can help combat attacks associated with the redirection of
èverall, IPSec provides a means to secure all data transmissions over IP networks. Due
to its flexibility to integrate with routers, firewalls along with authentication server applications,
IPSec has become a standard in securing data communications. It offers multiple avenues on
implementation, and when used in conjunction with other security techniques, can create a
Thomas, J., & Elbirt, A. (2004). Understanding Internet Protocol Security.