The Internet Protocol Security, or IPsec, framework is a set of protocols designed to add security capabilities to TCP/IP. Learn how IPsec reaches deep into the protocol stack and provides security for the entire payload of encrypted communications. This includes the use of the Encapsulating Security Payload (ESP) and Authentication Headers (AH) protocols.
- [Instructor] When the developers of network technology created the TCP/IP Protocol Suite, they honestly didn't pay too much attention to the security. Now to be fair, when they developed those standards in the 1970's, security really wasn't an issue. This has created a dilemma for cyber security professionals ever since. We have a set of protocols that we rely upon every day that were designed without security in mind and we now need to retrofit them to add on security capabilities.
The Internet Protocol Security or IPSec Framework is a set of protocols designed to add security capabilities to TCP/IP networking. Unlike TLS, IPSec reaches deep into the protocol stack and provides security for the entire payload of encrypted communications. IPSec uses two protocols to protect information. The Encapsulating Security Payload or ESP Protocol provides both confidentiality and integrity protection for the payloads of packets.
The Authentication Headers or AH Protocol uses an integrity check value to provide tamper-proofing for IP packets. It ensures that no changes are made to the header or payload of a packet while it is in transit over a network. A single communication may combine both ESP and AH to achieve confidentiality for packet payloads in conjunction with integrity verification for the entire packet including the header. You may recall from my discussion of transport layer security, that TLS uses a concept known as Cipher Suites to allow systems to communicate the encryption and hashing algorithms that they support to other systems.
IPSec performs a similar function, but uses a different name. IPSec uses Security Associations or SAs to describe the cryptographic technologies that a system supports. IPSec may be used to support Virtual Private Network or VPN connections of two different types. First, administrators may create IPSec tunnels to connect two different sites together. In this approach, the connection is transparent to end users.
It's a site-to-site VPN. From the user's prospective, the two sites are simply connected to each other and may be contacted directly over the network. However, when traffic moves between the two sites, it travels through the encrypted IPSec tunnel, which protects the traffic, so that it may safely travel over a public network without worrying about confidentiality. The second option is that end-users may use IPSec VPN clients to connect individual computers to a remote network.
IPSec based VPNs were once quite common, but are not falling out of use, in favor of easier to use TLS based VPNs.
Learn about communication and networking best practices, including TCP/IP networking, network security devices, and secure network design and management. Instructor and cybersecurity expert Mike Chapple also includes coverage of converged protocols, network encryption, and wireless networking. You can find Mike's companion study books for this series at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
- IP addressing
- Switches and routers
- Content distribution networks
- Designing secure networks
- Specialized networking
- Managing secure networks
- Working with virtualized networks like SDNs
- Detecting and preventing network attaches
- Transport encryption
- Wireless networking
- Host security