IPsec
IPsec is a security system operating at a low level common to both IPv4 and IPv6. It has only recently risen out of relative obscurity with the advent of commonly-available virtual private networks (VPNs), but is deserving of more attention than it gets since it attempts to solve the key security problem of today: application independent encryption and authentication of data. In essence it munges headers and encrypts data packets to provide the following services:
- Authentication
The Authentication Header (AH) provides a way to check that a packet came from a given source and that it has not been modified in transit.
- Confidentiality
The contents of packets may be encrypted, preventing people from determining their contents. This is provided by a protocol called Encapsulating Security Payload (ESP).
Both of these services use shared secret keys. These keys can be manually configured, but automatic configuration is generally more flexible, so IPsec defines a protocol for the management of these keys. This allows the use of certificates for the generation and authentication of these shared secrets. IPsec also defines a compression protocol to get around the problem that encrypted traffic is rarely compressible.
To reiterate a point from Section 3.9, the important aspect of IPsec is that it operates far below the application layer. Combined with the system-wide configurability of IPsec, this means it can be used to provide security services to legacy applications. Its use is also required ...
Get IPv6 Network Administration now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
