Internet Protocol Security (IPsec) is a set of protocols designed to protect the confidentiality and integrity of data as it flows over a network. The set of protocols is designed to operate at the Network layer of the OSI model and process packets according to a predefined group of settings.
Some of the earliest mechanisms for ensuring security worked at the Application layer of the OSI model. IPsec is a new technology that has proven to be more successful than many of the previous methods. IPsec has been widely adopted not only because of its tremendous security benefits but also because of its ability to be implemented without major changes to individual computer systems. IPsec is especially useful for implementing virtual private networks and for remote user access through dial-up connection to private networks.
IPsec provides two mechanisms for protecting information: Authentication Header and Encapsulating Security Payload. The two modes differ in what they provide:
- Authentication Header (AH) provides authentication services and provides a way to authenticate the sender of data.
- Encapsulating Security Payload (ESP) provides a means to authenticate information as well as encrypt the data.
The information associated with each of these services is inserted into the packet in a header that follows the IP packet header. Separate key protocols, such as the ISAKMP/Oakley protocol, can be selected.