One of the weaknesses of the original Internet Protocol is that it cannot ensure the authenticity and privacy of the data passed over the Internet. Any IP datagram that travels between two devices over an unknown network can be intercepted and modified. So, security enhancements were needed in IP for critical applications, and IP Security or IPSec was developed for that purpose.
What is the IPSec Protocol?
A number of methods have evolved over the years to ensure security over the internet. Most of them deal with higher layers of the OSI protocol stack. These solutions were undoubtedly valuable for certain scenarios but are most specific to certain applications. For example, Secure Sockets Layer (SSL) is good for World Wide Web (WWW) access or FTP, but there are many applications that this technology is not intended to work with. We needed a solution to ensure security in the IP layer so that all the layers above it in the OSI protocol stack could take advantage. So, the IPSec protocol was developed.
IPSec comprises two different components :
- Authentication Header or AH
- Encapsulating Security Payload or ESP
Authentication Header or AH: This protocol provides authentication services to IPSec. The recipient of the message can verify the authenticity of the sender. This protocol also enables verification of the received data, protecting it from the ‘replay attack’ where the sent message is captured by an unauthorized user and re-sent.
Encapsulating Security Payload or ESP: The Authentication Header ensures the authenticity and integrity of the data, but not its privacy. Using the ESP protocol, the payload of the IP datagram is encrypted so that no one can extract information …
0 Comments