Here IP stands for 'Internet Protocol and 'Sec' for secure. The Internet Protocol is the main routing protocol used on the Internet and it designates where data will go using IP addresses. IPSec is secure because it adds encryption and authentication to this process.
IPSec is not a single protocol in itself rather it is a group of protocols which are used together to set up encrypted connections between devices. It helps keep data sent over public networks secure. IPSec is often used to set up VPNs, and it works by encrypting IP packets, along with authenticating the source where the packets come from.
In my very recent post, I have already explained that a VPN is an encrypted connection between two or more computers. VPN connections take place over public networks, BUT the data exchanged over the VPN still remains private because it is encrypted.
VPNs allow us to securely access and exchange confidential data over shared network infrastructure, such as the public Internet. For instance, when your employees are working remotely instead of in the office, they often use VPNs to access corporate files and applications.
Many VPNs use the IPsec protocol suite to establish and run these encrypted connections. However, not all VPNs use IPSec. Another protocol for VPNs is SSL/TLS, which operates at a different layer in the OSI model than IPsec. However, most corporate VPNs would incorporate IPSec Tunnels to get the secure communication happening across critical nodes.
What Protocols Are Used In IPSec?
In networking, a protocol is a specified way of formatting data so that any networked computer can interpret the data. IPSec is not one protocol, but a suite of protocols.
Kindly note that while the Internet Protocol (IP) is not part of the IPSec suite, But IPSec runs directly on top of IP.
The following protocols make up the IPSec suite:
1. Authentication Header (AH):
The AH protocol ensures that data packets are from a trusted source and that the data has not been tampered with, like a tamper-proof seal on a consumer product. These headers do not provide any encryption; they do not help conceal the data from attackers.
2. Encapsulating Security Protocol (ESP):
ESP encrypts the IP header and the payload for each packet — unless transport mode is used, in which case it only encrypts the payload. ESP adds its own header and a trailer to each data packet.
3. Security Association (SA):
SA refers to a number of protocols used for negotiating encryption keys and algorithms. One of the most common SA protocols is Internet Key Exchange (IKE).
IPSec Tunnel Mode Vs IPSec Transport Mode
IPSec tunnel mode is used between two dedicated routers, with each router acting as one end of a virtual "tunnel" through a public network. In IPsec tunnel mode, the original IP header containing the final destination of the packet is encrypted, in addition to the packet payload. To tell intermediary routers where to forward the packets, IPSec adds a new IP header. At each end of the tunnel, the routers decrypt the IP headers to deliver the packets to their destinations.
In transport mode, the payload of each packet is encrypted, but the original IP header is not. Intermediary routers are thus able to view the final destination of each packet — unless a separate tunneling protocol (such as GRE) is used.
-
Now we are all set to understand--
How does IPsec work?
IPSec connections include the following steps:
-
Key Exchange between devices: You know that keys are necessary for encryption; a key is a string of random characters that can be used to "lock" (encrypt) and "unlock" (decrypt) messages. So, the first step is that IPSec sets up keys with a key exchange between the connected devices, so that each device can decrypt the other device's messages.
-
Packet Headers and Trailers: All data that is sent over a network is broken down into smaller pieces called packets. All Packets contain both a payload, or the actual data being sent, and headers, or information about that data so that computers receiving the packets know what to do with them. So what happens here is that IPSec adds several headers to data packets containing authentication and encryption information. IPSec also adds trailers, which go after each packet's payload instead of before.
-
Authentication: IPSec provides authentication for each packet, like a stamp of authenticity on a collectible item. This ensures that packets are from a trusted source and not an attacker.
-
Encryption: IPSec encrypts the payloads within each packet and each packet's IP header (unless transport mode is used instead of tunnel mode (I have explained earlier). This keeps data sent over IPSec secure and private.
-
Transmission: Encrypted IPSec packets travel across one or more networks to their destination using a transport protocol. At this stage, IPSec traffic differs from regular IP traffic in that it most often uses UDP as its transport protocol, rather than TCP. TCP, the Transmission Control Protocol, and sets up dedicated connections between devices and ensures that all packets arrive. IPsec usually uses port 500. It is worth remembering that UDP itself, does not set up these dedicated connections. IPSec uses UDP because this allows IPsec packets to get through firewalls. Yet it maintains the confidentiality of data packets.
[My advice:
UDP port 500 should be opened as should IP protocols 50 and 51. UDP port 500 should be opened to allow for ISAKMP to be forwarded through the firewall while protocols 50 and 51 allow ESP and AH traffic to be forwarded respectively.]Decryption at the destination: At the other end of the communication, the packets are decrypted, and applications (e.g. a browser) can now use the delivered data.
When properly configured, an IPSEC VPN provides multiple layers of security that ensure the security mode and integrity of the data that is being transmitted through the encrypted tunnel. This way your organization can feel confident that the data has not been intercepted and altered in transit and that your users can rely on what they are seeing.
-
Guys, what do you think of think about this special post on IPSec? What's your opinion on its value an enterprise setup?
Kindly leave me your thoughts in the comment section.
This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
30,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM