What is IPSec (Internet Protocol Security)

IPSec (Internet Protocol Security)

IPSec is built-in security policy of Windows 2000 and higher versions and it is part of TCP/IP.  It can be use in the domain and workgroup network even in client OS like Windows XP. It must be apply on both sides,  source and destination.  IPSec policy is use to save our data from software threats.

The main objectives for high security in network are :-

1. Integrity of route

2. Integrity of data

3. Confidentiality

4. Authentication with cryptography

5. Anti-Replay

Benefits of IPSec policy are :-

1. Integrity of route    It means route should not be modify by unauthorized users and data must be deliver to the proper destination.

2. Integrity of data   It means data should not be modify by unauthorized users and destination must receive data in the same format as it was sent from source.

3. Confidentiality     It means data should  not be read by unauthorized users and information should not be leak.

4. Authentication with cryptography   It means authentication process must include cryptography method for high security.

NOTE: Cryptography means two asymmetric keys are use together for high security, public key which is to be shared and private key which is to be closely held.

5. Anti-Replay    It means there must be session between source and destination for better performance.  When a destination will receive data, then it will send acknowledgment to source but this acknowledgement should not be send again and again.

IPSec Protocol :-

1. IP-AH (Internet Protocol Authentication Header)   It can provide integrity, confidentiality, anti-replay but cannot encrypt data, it is faster and it is not use by default.

2. IP-ESP (Internet Protocol Encapsulating Security Payload)     It can also encrypt data and use by default.

3. ISAKMP (Internet Security Association Key Management Protocol)    It can provide cryptography automatically.  It actually generate the pre-shared key.  Preshared key  is code word or mutual agreement between source and destination so that data can be deliver to genuine party.

4. Oakley    It is use during communication to authenticate pre-shared key so that data can be deliver to the proper destination.