IPSec stands for Internet Protocol Security. It is a suite of protocols between two communication points across the IP network that provides data authentication, data integrity, and confidentiality. It was developed by Internet Engineering Task Force(IETF) in 1995. It defines the architecture for security services for IP network traffic and gives a framework for providing security at the IP layer, as well as the suite of protocols designed to provide security through authentication and encryption of IP network packets.IPsec includes the protocols that define the cryptographic algorithms used for encryption, decryption, and authentication.
Types of Securities
It defines two mechanism for security on IP packets:
- ESP Protocol(Encapsulating Security Payload Protocol): It provides method for encrypting data in IP packets.
- AH Protocol(Authentication Header Protocol): It defines method for digitally signing IP packets.
Example: IPSec can be used for providing security for routers sending routing data across the public internet securely.
Characteristics of IPSec
- Anti-Replay Protection: IPSec assigns unique number to each packet when a packet with duplicate sequence number is detected then it is replayed and dropped.
- Data Authentication-The Hash based Message Authentication Code (HMAC) verifies that the packets are not changed.
- Transparency: IPSec works below the transport layer so it is transparent to users and applications.
- Confidentiality: Data packets are encrypted by the sender before transmission so the sensitive data will only reach to intended recipient.
- Dynamic Re-Keying: Re-Keying procedure at set intervals replaces manual reconfiguration of secret keys.
Advantages of IPSec
- IPSec operates at layer 3, that is the network layer, as a result it has no impact on higher network layers. It provides transparency to application. The end-user need not to bother about the IPSec or its configurations.
- As it is implemented at the network layer, IPSec allows monitoring all the traffic that passes over the network.
- During any data exchange, IPSec uses a public key that helps in the safe transfer of confidential data, as a result securing the keys ensures safe data transfer.
- IPSec only requires modifications to the operating system, so IPSec based Virtual Private Networks do not need to worry about the type of application.
Disadvantages of IPSec
- One of the greatest disadvantages of IPSec is its wide access range, giving access to a single device of IPSec based network, can give privileges for other devices too.
- IPSec causes some compatibility issues with software if software developers do not adhere to the standards of IPSec.
- IPSec has high C.P.U usage when the data packet size is small, the performance of the network diminishes due to large overhead used by IPSec.
- Security of certain algorithms used in IPSec is a concern, if someone uses broken algorithm, the server will be at a greater risk of a hack.
Unlock the Power of Placement Preparation!
Feeling lost in OS, DBMS, CN, SQL, and DSA chaos? Our Complete Interview Preparation
Course is the ultimate guide to conquer placements. Trusted by over 100,000+ geeks, this course is your roadmap to interview triumph.
Ready to dive in? Explore our Free Demo Content and join our Complete Interview Preparation