Overview
IP Security (IPsec) is a security framework defined by the Internet Engineering Task Force (IETF) for securing IP communications.
IPsec provides the following security services at the IP layer for two communication parties:
Confidentiality—The sender encrypts packets before transmitting them over the Internet, protecting the packets from being eavesdropped en route.
Data integrity—The receiver verifies the packets received from the sender to make sure they are not tampered with during transmission.
Data origin authentication—The receiver verifies the authenticity of the sender.
Anti-replay—The receiver examines packets and drops outdated and duplicate packets.
IPsec delivers these benefits:
Reduced key negotiation overheads and simplified maintenance by supporting the Internet Key Exchange (IKE) protocol. IKE provides automatic key negotiation and automatic IPsec security association (SA) setup and maintenance.
Good compatibility. You can apply IPsec to all IP-based application systems and services without modifying them.
Encryption on a per-packet rather than per-flow basis. Per-packet encryption allows for flexibility and greatly enhances IP security.
IPsec comprises a set of protocols, including Authentication Header (AH), Encapsulating Security Payload (ESP), Internet Key Exchange (IKE), and algorithms for authentication and encryption. AH and ESP provides security services and IKE performs automatic key exchange.
IPsec can protect both IPv4 and IPv6 packets.