IPSEC, The Future of Secure Communications…

IPSEC, The Future of Secure Communications…

Communications through the use of the Internet has become a normal day-to-day operation.  The data sent over the Internet and private networks includes passwords, credit card numbers, social security numbers and other private and personal information.  When sending this crucial information, one wants to ensure that no third party manipulates or accesses this data.  With the advancement and vast growth of networks whether they are a part of the large scale Internet or of a small local network; security issues will always arise.

The Internet Protocol (IP) has enormous advantages in the use of packets. Each packet contains data that is small, easily handled and maintained. However with these advantages of IP come the disadvantages.  The routing of these packets through the Internet as well as other large networks makes them open to security risks such as:

Spoofing: a machine on the network acts as another

Sniffing: another person is listening in on another’s activity

Session Hijacking: an attacker completely takes over another users activities

Internet Protocol security (IPSec) is a framework of open standards for helping to ensure private, secure communications over Internet Protocol (IP) networks through the use of cryptographic security services. IPSec supports network-level data integrity, data confidentiality, data origin authentication, and replay protection. Because IPSec is integrated at the Internet layer (layer 3), it provides security for almost all protocols in the TCP/IP suite.

Packet Filtering

IPSec can perform host-based packet filtering to provide limited firewall capabilities for end systems. You can configure IPSec to permit or block specific types of unicast IP traffic based on source and destination address combinations and specific protocols and specific ports. For example, nearly all the systems can benefit from packet filtering to restrict communication to only specific addresses and ports. You can strengthen security by using IPSec packet filtering to control exactly the type of communication that is allowed between systems.

You can also use IPSec with the IP packet-filtering capability or NAT/Basic Firewall component of the Routing and Remote Access service to permit or block inbound or outbound traffic, or you can use IPSec with the Internet Connection Firewall (ICF) component of Network Connections, which provides stateful packet filtering. However, to ensure proper Internet Key Exchange (IKE) management of IPSec security associations (SAs), you must configure ICF to permit UDP port 500 and port 4500 traffic needed for IKE messages.

End-to-End Security Between Specific Hosts

IPSec establishes trust and security from a unicast source IP address to a unicast destination IP address (end-to-end). For example, IPSec can help secure traffic between Web servers and database servers or domain controllers in different sites. Only the sending and receiving computers need to be aware of IPSec. Each computer handles security at its respective end and assumes that the medium over which the communication takes place is not secure. The two computers can be located near each other, as on a single network segment, or across the Internet. Computers or network elements that route data from source to destination are not required to support IPSec.