Certifications / Security

What is IPSec?

What is IPSec? picture: A
Published on January 27, 2022

We have all heard of SSL. SSL is what enables things like e-commerce to thrive. SSL lets us communicate with websites securely, but what do we do if we need to connect to another network privately instead of a website? That's when you use IPSec.

A lot of new IT techs and system admins don't fully understand IPSec. Of course, we all know IPSec is a type of secure data communication, but what kinds of applications use it? And how does IPSec work?

Let's look at that today. This article will discuss what IPSec is, what it is for, how it works, and how it is different from things like SSL and TLS.

What is IPSec?

IPSec is a method of secure, encrypted communications between a client and a network. That communication is sent through public networks such as the internet. IPSec is typically used for VPNs as well as connecting two private networks. IPSec itself is not a singular protocol but rather a collection of protocols used together. Those protocols are:

  • Authentication Header

  • Encapsulating Security Protocol

  • Security Association

  • Internet Protocol

An Overview of IPsec [VIDEO]

In this video, Keith Barker covers IPsec, specifically comparing and contrasting it to transport layer security. This clip serves as a brief introduction to the concept and basic tenets of IPsec, which is divided into two approaches: IKEv1 and IKEv2.

How does IPsec work?

IPSec is a way for a client to communicate securely with another network. Note that this communication isn't typically used for inter-device communication but instead for connecting a laptop to a private network by utilizing a public network like the internet. IPsec can connect two private networks as well.

IPsec itself isn't a protocol but rather a handful of protocols used together. Those protocols are:

  • Authentication Header

  • Encapsulating Security Protocol

  • Security Association

  • Internet Protocol

Notice that we aren't using things like HTTP or TCP for communications. That's because IPSec travels over Layer 3 of the network within the OSI model. That means that IPSec can potentially be more secure than other methods of secure communication.

IPSec connections are still made between the client and host through other networks, however. Those other networks are typically public networks like the internet, too. So, all communications between the client and host are encrypted. Encryption keys are not negotiated with each new connection, in any case. Both the client and the host need to know the private encryption key before connections can be established.

That last bit is essential. That's because the entire packet of data is encrypted during communications. That includes the packet header, too.

You might think that all packets need readable headers to get to their destination properly, and you would be right. That's why ESP is used, though. ESP adds new header information and trailers (similar to headers but at the end of a packet) for transport while the actual header stays encrypted.

Likewise, each packet is authenticated too. The IPSec host will confirm that each packet of data received was sent by the entity that the host thinks sent it. Otherwise, that packet of data is rejected.

What is IPSec Used for?

IPSec is used to create a secure method of communication between a client and a host. That client could be something like a laptop. Likewise, that client could also be a private network. The host is typically a private network, too.

So, we know how IPsec works, but what is IPSec used for? What does that paragraph above even mean?

IPSec is typically used for VPNs. A VPN is a virtual private network. A VPN will let a client connect to a private business network through the public internet, like an employee’s laptop. Once that employee's laptop is connected via the VPN to the business network, that laptop is now located on that private business network itself for all intents and purposes.

Otherwise, that laptop is now able to access internal IT resources once connected to a business network. It can print to network printers in the business. Any internet traffic going to and from that laptop will flow through that private business network to the internet.

IPsec connections and VPNs can also be used to connect two distant private networks too. For example, if you have a business with two different locations (one in Pennsylvania and California), how do you connect them? Those businesses are too far apart to run a cable between. In the old days, those businesses could pay for an expensive dedicated line like a T1 connection. Today, though, they can communicate over the open internet using an IPsec connection.

The Differences Between IPsec and TLS or SSL

In many ways, an IPsec connection and a TLS or SSL connection are similar. Both provide a way for secure, encrypted communications. Both can use public networks for communication. Etc.…

In many other ways, though, IPsec and TLS or SSL connections are incredibly different, too.

For example, IPsec connections are part of Layer 3 of the OSI model, where TLS and SSL connections are part of layer 7. Thus, IPsec connections start at the basic connection level of the OSI model. In contrast, TLS and SSL connections start higher up the stack. Second, TLS and SSL connections depend on the application layer (HTTP) and layer 4 (TCP) to work. That means they are also susceptible to exploits in those layers, whereas IPsec may not be.

Another big difference between IPsec and SSL or TSL is how connections are negotiated. Because TLS and SSL connections use TCP, those secure connection types need to be negotiated first. Once negotiated, the client and host will agree on an encryption key, too.

IPSec is different. Communication is encrypted immediately. In fact, the secret key used for encryption needs to be shared between the client and host separately before any communications can be attempted. It can also be transmitted through DNS as well (hopefully used DNSsec). The method used for key exchanges in IPsec is called IKEv1 or IKEv2. IKEv2 is what is commonly used today.

This also raises another interesting point. Because IPsec connections are encrypted immediately, the entire header of the IP packet can be encrypted, too. IP packets still need a readable header so they can be transported to the correct destination, though. So, additional headers and trailers are added to the IPsec-encrypted packet for that transportation. That means the MSS and MTU sizes for each packet will change. Network admins need to take care to make allowances for those size differences in their network.

Wrapping Up

We covered a lot of information in this article! So, let's review it quickly. IPSec is a method of secure, encrypted communication between a client and a host. That client can be a device like a laptop or a private network. The host is typically a private network.

IPsec itself is not a protocol but rather a handful of protocols used together. The protocols that IPsec uses start at Layer 3 of the OSI model, making IPsec possibly more secure than things like TLS or SSL.

IPsec is typically used for VPNs. However, it can also be used to connect two private networks together.

Recommended Articles