IP SECURITY: ( IPSEC )
IPSEC is a protocol to provide security for a packet at a Network layer which is often referred to as the Internet Protocol or IP layer.
IPSEC helps to create confidential & authenticated packets for the IP layer.
It can enhance the security of those client / server programs such as electronic mail, that use their own security protocol.
It can enhance the security of those client / server programs such as HTTP, that use the security services provided at the transport layer.
It can also be used to provide security to those client /server programs that do not use the security services provided at the transport layer.
It can provide security for node to node communication programs such as routing protocols.
Modes of IPSEC
- Transport mode: - (it only protects the information coming from Transport layer)
- In this mode, IPSEC protects only the packet from the transport layer not the whole IP packet. Here the IPSEC header & trader are added to the information coming from the transport layer. The IP header is added later.
- This mode is normally used when we need host to host (end to end protection of data)
- Tunnel Mode : ( IPSEC in this mode protects the original IP header )
- In this mode, IPSEC protects the entire IP packet. It takes an IP packet, including the header , applies IPSEC security methods to the entire packet & then adds a new IP header.
The new IP header, has different information than the original IP header.
Tunnel mode is normally used between two route, between a host & a router or between a router & a host.