IPsec Fundamentals Part 1
•IPsec is a framework of open standards for creating highly secure virtual private networks (VPNs).
•IPsec provides security services such as peer authentication, data confidentiality, data integrity and replay detection.
IPSec Security Services
Peer authentication , Verifies the identity of the VPN peer through authentication.
Data confidentiality, Protects data from eavesdropping attacks through encryption algorithms. Changes plaintext into encrypted ciphertext.
Data integrity, Prevents man-in-the-middle (MitM) attacks by ensuring that data has not been tampered with during its transit across an unsecure network.
Replay detection, Prevents MitM attacks where an attacker captures VPN traffic and replays it back to a VPN peer with the intention of building an illegitimate VPN tunnel.
IPsec uses two different packet headers to deliver security:
• Authentication Header — The authentication header ensures that the original data packet (before encapsulation) has not been modified during transport on the public network.
The authentication header does not support encryption, and is not recommended unless authentication is all that is desired.
- Encapsulating Security Payload (ESP) — ESP ensures that the original payload (before encapsulation) maintains data confidentiality by encrypting the payload and adding a new set of headers during transport across a public network.
Follow me on:
Linkedin, Github, Twitter, Hashnode and Medium for more insights.