Site home page
Get alerts when Linktionary is updated
Book updates and addendums
Get info about the Encyclopedia of Networking and Telecommunicatons, 3rd edition (2001)
Download the electronic version of the Encyclopedia of Networking, 2nd edition (1996). It's free!
Contribute to this site
Electronic licensing info
IPSec (IP Security)
Note: Many topics at this site are reduced versions of the text in "The Encyclopedia of Networking and Telecommunications." Search results will not be as extensive as a search of the book's CD-ROM.
IPSec has the goal of providing security services at the IP layer in the Internet protocol stack. Network communication is open to a variety of attacks as discussed under "Security" and "Hacking and Hackers." IPSec is designed to provide end systems with a method of authenticating one another and to protect data in transit from eavesdropping and attacks.
IPSec relies on cryptography to protect communications in a variety of environments, including communication links between computers on private networks, links between corporate sites, and links between dial-up users and corporate LANs. IPSec is also used between trading partners (extranet connections) and for electronic commerce applications.
IPSec is a tunneling protocol designed for both IPv4 and IPv6. Tunnels are "paths" between a pair of hosts, between a pair of security gateways (typically firewalls), or between a security gateway and a host. One tunnel can be created to carry all traffic, or multiple tunnels can be created between the same endpoints to support a variety of TCP services.
An important feature of IPSec is that it provides end-to-end security across IP networks. Lower-layer security protocols only provide protection across a single link. But IPSec should be differentiated from upper-layer session protocols such as SSL (Secure Sockets Layer). SSL has been a mainstay of secure communication, primarily between Web servers and clients. SSL is still the preferred method for short client transactions such as buying a book from Amazon.com. But SSL only secures sessions, not the IP connections between hosts, as IPSec does. See "SSL (Secure Sockets Layer)" for more information.
IPSec has multiple modes and services, as outlined here:
IPSec has been slow in coming. Part of the reason is that it was originally designed for IPv6 and IPv6's release date has been moved many times. There are problems with interoperability between vendor products. Encryption is processor intensive and may not be supportable in some environments. But vendors such as Intel have developed security adapters that speed up IPSec processing by offloading encryption.
RFC 2401 (Security Architecture for the Internet Protocol, November 1998) specifies the base architecture for IPsec-compliant systems. RFC 2411 (IP Security Document Roadmap, November 1998) describes the interrelationship of IPSec documents. The following IETF working groups are developing IPSec and related protocols and extensions:
Copyright (c) 2001 Tom Sheldon and Big Sur Multimedia.