What is IPSec?
IPSec is a set of communication rules or protocols for setting up secure connections over a network. Internet Protocol (IP) is the common standard that determines how data travels over the internet. IPSec adds encryption and authentication to make the protocol more secure. For example, it scrambles the data at its source and unscrambles it at its destination. It also authenticates the source of the data.
Why is IPSec important?
The Internet Engineering Task Force developed IPSec in the 1990s to ensure data confidentiality, integrity, and authenticity when accessing public networks. For example, users connect to the internet with an IPSec virtual private network (VPN) to access company files remotely. The IPSec protocol encrypts sensitive information to prevent unwanted monitoring. The server can also verify that the received data packets are authorized.
What are the uses of IPSec?
IPsec can be used to do the following:
- Provide router security when sending data across the public internet.
- Encrypt application data.
- Authenticate data quickly if the data originates from a known sender.
- Protect network data by setting up encrypted circuits, called IPsec tunnels, that encrypt all data sent between two endpoints.
Organizations use IPSec to protect against replay attacks. A replay attack, or man-in-the-middle attack, is an act of intercepting and altering ongoing transmission by routing data to an intermediary computer. IPSec protocol assigns a sequential number to each data packet and performs checks to detect signs of duplicate packets.
What is IPSec encryption?
IPSec encryption is a software function that scrambles data to protect its content from unauthorized parties. Data is encrypted by an encryption key, and a decryption key is needed to unscramble the information. IPSec supports various types of encryptions, including AES, Blowfish, Triple DES, ChaCha, and DES-CBC.
IPSec uses asymmetric and symmetric encryption to provide speed and security during data transfer. In asymmetric encryption, the encryption key is made public while the decryption key is kept private. Symmetric encryption uses the same public key for encrypting and decrypting data. IPSec establishes a secure connection with asymmetric encryption and switches to symmetric encryption to speed up data transfer.
How does IPSec work?
Computers exchange data with the IPSec protocol through the following steps.
- The sender computer determines if the data transmission requires IPSec protection by verifying against its security policy. If it does, the computer initiates secure IPSec transmission with the recipient computer.
- Both computers negotiate the requirements to establish a secure connection. This includes mutually agreeing on the encryption, authentication, and other security association (SA) parameters.
- The computer sends and receives encrypted data, validating that it came from trusted sources. It performs checks to ensure the underlying content is reliable.
- Once the transmission is complete or the session has timed out, the computer ends the IPSec connection.
What are the IPSec protocols?
IPSec protocols send data packets securely. A data packet is a specific structure that formats and prepares information for network transmission. It consists of a header, payload, and trailer.
- A header is a preceding section that contains instructional information for routing the data packet to the correct destination.
- Payload is a term that describes the actual information contained within a data packet.
- The trailer is additional data appended to the tail of the payload to indicate the end of the data packet.
Some IPSec protocols are given below.
Authentication header (AH)
The authentication header (AH) protocol adds a header that contains sender authentication data and protects the packet contents from modification by unauthorized parties. It alerts the recipient of possible manipulations of the original data packet. When receiving the data packet, the computer compares the cryptographic hash calculation from the payload with the header to ensure both values match. A cryptographic hash is a mathematical function that summarizes data into a unique value.
Encapsulating security payload (ESP)
Depending on the selected IPSec mode, the encapsulating security payload (ESP) protocol performs encryption on the entire IP packet or only the payload. ESP adds a header and trailer to the data packet upon encryption.
Internet key exchange (IKE)
Internet key exchange (IKE) is a protocol that establishes a secure connection between two devices on the internet. Both devices set up security association (SA), which involves negotiating encryption keys and algorithms to transmit and receive subsequent data packets.
What are IPSec modes?
IPSec operates in two different modes with different degrees of protection.
Tunnel
The IPSec tunnel mode is suitable for transferring data on public networks as it enhances data protection from unauthorized parties. The computer encrypts all data, including the payload and header, and appends a new header to it.
Transport
IPSec transport mode encrypts only the data packet's payload and leaves the IP header in its original form. The unencrypted packet header allows routers to identify the destination address of each data packet. Therefore, IPSec transport is used in a close and trusted network, such as securing a direct connection between two computers.
What is IPSec VPN?
VPN, or virtual private network, is a networking software that allows users to browse the internet anonymously and securely. An IPSec VPN is a VPN software that uses the IPSec protocol to create encrypted tunnels on the internet. It provides end-to-end encryption, which means data is scrambled at the computer and unscrambled at the receiving server.
SSL VPN
SSL stands for secure socket layer. It is a security protocol that protects web traffic. An SSL VPN is a browser-based network security service that uses the built-in SSL protocol to encrypt and safeguard network communication.
What is the difference between IPSec VPN and SSL VPN?
Both security protocols work on different layers of the open systems interconnection (OSI) model. The OSI model defines the layered structure of how computers exchange data on a network.
IPSec protocols apply to the network and transport layers in the middle of the OSI model. Meanwhile, SSL encrypts data on the topmost application layer. You can connect to an SSL VPN from a web browser but must install separate software to use IPSec VPNs.
How does AWS support IPSec connections?
AWS Site-to-Site VPN is a fully managed service that creates a secure connection between your data center or branch office and your AWS resources using IPSec tunnels. When using Site-to-Site VPN, you can connect to both your Amazon Virtual Private Clouds (VPC) as well as AWS Transit Gateway, and two tunnels per connection are used for increased redundancy. AWS Site-to-Site VPN brings many benefits such as:
- Visibility into local and remote network health with performance monitoring.
- Secure and easy migration of local applications to the AWS cloud.
- Improved application performance when integrated with AWS Global Accelerator.
Get started with AWS VPN by signing up for an AWS account today.