Encyclopedia > IPSec

  Article Content


IPSec (abbreviation of IP security) is a standard for securing internet protocol communications by encrypting and authenticating all IP packets.

IPSec is a protocol suite (a set of protocols) consisting of protocols for securing packet flows, and of key exchange protocols being used for setting up those secure flows. Of the former there are two: Encapsulating Security Payload[?] (ESP) for encrypting packet flows, and the rarely used Authentication Header[?] (AH) which provides authentication and message integrity guarantees for such flows, but does not offer confidentiality[?]. See Information security for definitions of these terms. Currently only one key exchange[?] protocol is defined, the IKE protocol.

IPSec is required as a part of IPv6. As IPv6 is more widely used, IPSec will become more widely available.

IPSec protocols operate at layer 3 of the OSI model, which makes them suitable for protecting UDP-based protocols. The down side is that compared with transport-layer protocols, such as SSL, the IPSec protocols need to deal with reliability and fragmentation issues, which are normally solved by TCP.

IPSec was intended to provide both portal-to-portal communications security in which the security overhead is provided to several machines (even whole LANs) by a single node, and end-to-end security in which the endpoint computers do the security processing. It can be used to construct Virtual Private Networks, and this is the most popular use.

End-to-end communication security use on an Internet-wide scale has been slower to develop than many had expected. Part of the reason is that no univeral, or universally trusted, [public key infrastructure]] has emerged (DNSSEC was originally envisioned for this), part is that many users (perhaps most) understand neither their needs nor the available options well enough to force adoption, and part is probably due to degradation of Net responsivity[?] due to bandwidth loss from such things as spam. The Free S/Wan[?] Project has developed an open source implementation of IPSec.

IPSec protocols are defined by RFCs 2401-2409, currently (2003) these documents are slowly being replaced by newer versions.

External Links

All Wikipedia text is available under the terms of the GNU Free Documentation License

  Search Encyclopedia

Search over one million articles, find something about almost anything!
  Featured Article
Dana International

... - Wikipedia <<Up     Contents Dana International Dana International (born Yaron Cohen February 2, 1972) is an Israeli transsexual pop ...

This page was created in 25.3 ms