IPsec (Internet Protocol Security)

What is IPsec (Internet Protocol Security)?

IPsec is a group of various protocols used together to set up encrypted connections between devices. As a result, data transmitted across open networks is kept secure.  VPNs are frequently set up using IPsec, which operates by encrypting IP packets and authenticating the source of the packets.

The letters “IP” and “sec” in the phrase “IPsec” stand for “Internet Protocol” and “secure,” respectively. The primary routing mechanism used on the Internet is the Internet Protocol, which uses IP addresses to specify the destination of data. Due to the addition of encryption and authentication, IPsec makes this procedure more secure.

What is an IPsec VPN?

A virtual private network (VPN) is a secure link between two or more computers. VPN connections use open networks, but because the data being shared is encrypted, they remain private.

Secure access and data sharing over an open network infrastructure, like the public Internet, are made feasible through VPNs. VPNs frequently use the IPsec protocol suite to create and manage these secure connections.

How Does IPsec Work?

IPsec connections include the following steps:

• Key exchange
  A key is a string of random characters that can be used to "lock" (encrypt) and "unlock" (decrypt) communications; keys are required for encryption. In order for each connected device to be able to decrypt the communications from the others, IPsec sets up keys with a key exchange between the linked devices.

• Packet headers and trailers
  Each piece of data that is transmitted over a network is divided into smaller units called packets. Packets contain both a payload—the actual data being sent—and headers, which are descriptions of the data. 

• Authentication
  IPsec provides authentication for every packet. This guarantees that packets are coming from a reliable source and not an attacker.

• Encryption
  A packet's payload and IP header are both encrypted by IPsec. By doing this, data delivered through IPsec is kept secret and safe.

• Transmission
  Using a transport protocol, encrypted IPsec packets move between one or more networks to reach their destination. At this point, IPsec transmission differs from standard IP traffic because it most frequently uses UDP rather than TCP as its transport protocol.

• Decryption
  Applications can now use the provided data after the packets are encrypted at the other end of the link.

What is IPsec Used for?

IPsec can be applied to secure one or more peer-to-peer data exchanges. Data confidentiality, integrity, origin authentication, and anti-replay are all made possible via IPsec.

IPsec modes: IPsec Tunnel vs. IPsec Transport

When two dedicated routers are deployed in IPsec tunnel mode, each router serves as one end of a virtual "tunnel" over a public network. In IPsec tunnel mode, the original IP header containing the packet's final destination is also encrypted in addition to the packet content. IPsec adds a new IP header to instruct intermediary routers where to forward the packets. The routers at either end of the tunnel decipher the IP headers to send the packets to their intended locations.

Each packet's payload is encrypted in transport mode, but the original IP header is not. So, unless a different tunneling protocol (like GRE) is employed, intermediary routers can see where each packet ends up.