IPSec protocol is a comprehensive set of protocols for encryption, authentication, data integrity, and tunneling. The security is implemented on the OSI reference network layer (Open System Interconnection), and therefore it provides transparent security for any transmission or network application.
Basic IPSec components include:
IPSec offers two working modes:
In a transport mode, only the content of a given IP packet is usually encrypted or authenticated. Routing information remains unchanged, unless the IP packet header is modified or encrypted. When an AH (Authentication Header) is used, IP addresses cannot be translated, because the hash value is always lost. Transport and application layers are always secured by hash function, so they cannot be modified (e.g. by changing the port number).
In the tunneling mode, the entire IP packet is encrypted or authenticated by ESP (Encapsulating Security Payload). It is then encapsulated in a new IP packet with a brand new header using the AH authentication header. This mode is used to create VPNs for communication between individual Site-to-Site networks (e.g., between routers linking different networks), Host-to-Site communications (e.g., remote user access) and Host-to-Host communications e.g. private chat).
The tunneling mode supports NAT (Network Address Translation) and PAT (Port Address Translation).
IPSec does not contain in its header any field for the specification of an operating mode. The operating mode is set based on the value of the Next Header field ("IP" value specifies the tunneling mode; "TCP, UDP, ICMP" values (or other) identify the transport mode).
The benefits of IPSec include its transparency, there is no need to modify higher layer protocols, IPsec can secure any IP protocol, it secures “older” protocols that are unsecured and is widely supported by HW (Hardware) a SW (Software).
Disadvantages of IPSec include overhead, necessity of installing the client in case of remote access. It does not deal with user authentication; problematic NAT and PAT (possible to use only in the tunneling mode) and multicast and broadcast traffic.
IPSec protocol: