What is IPsec (Internet Protocol Security)? IPsec (Internet Protocol Security) is a suite of protocols and algorithms…
What is IPsec?
IPsec stands for Internet Protocol Security. The IP part tells the data where to go, and the sec encrypts and authenticates it. In other words, IPsec is a group of protocols that set up a secure and encrypted connection between devices over the public internet.
IPsec protocols are usually grouped by their tasks:
- Authentication Header (AH);
- Encapsulating Security Payload (ESP);
- Security Association (SA).
What is IPsec made of?
Asking what it is made of is similar to asking how it works. IPsec’s singular goal is to encrypt and establish a secure connection; that singular goal can be dissected into (and achieved by) three smaller groups of protocols. Each of those three separate groups takes care of separate, unique tasks.
Security Authentication Header (AH) ensures that all the data comes from the same origin and that hackers aren’t trying to pass off their bits of data as legitimate.
Imagine you get an envelope with a seal. If the seal isn’t broken, nobody has tampered with the letter, right? Authentication Headers do the same for all the data transmitted over the IPsec VPN. However, this is but one of two ways IPsec can operate. The other is ESP.
Encapsulating Security Payload (ESP) — it’s an encryption protocol, meaning that the data package is transformed into an unreadable mess. Aside from encryption, ESP is similar to Authentication Headers — it can authenticate the data and check its integrity.
To get back to the letter and seal, if someone were to intercept the letter and open it, they’d find just a bunch of gibberish no human could read. On your end, the encryption happens on the VPN client, while the VPN server takes care of it on the other.
Security Association (SA) is a set of specifications agreed upon between two devices that establish an IPsec connection.
The Internet Key Exchange (IKE) or the key management protocol is part of those specifications. IKE negotiates with security associations of other devices and authenticates them. IKE provides secure communication channels by exchanging a cryptographic key with the SA of another device.
To explain in layperson’s terms, SAs are like the cipher between two spies — it tells them how to interpret the coded message and to whom they are supposed to relay it. It’s the agreement between two devices about how to protect information during communication.
How does IPsec transmit information?
After IPsec is set up to use AH or ESP, it chooses the transmission mode: transport or tunnel.
IPsec Transport Mode: this mode encrypts the data you’re sending but not the info on where it’s going. So, while malicious actors couldn’t read your intercepted communications, they could tell when and where they were sent.
IPsec Tunnel Mode: tunneling creates a secure, enclosed connection between two devices using the same old internet. Therefore, the connection is made safe and private. IPsec VPN works in this mode, creating the IPsec VPN tunnel.
A VPN protocol is a set of rules describing how a VPN works and the steps to secure your connection. Using IPsec is one of them. A VPN using an IPsec protocol suite is called an IPsec VPN.
