Internet Protocol security (IPSec) is used to encrypt IP traffic.  The IP Security (IPsec) architecture comprises a suite of protocols developed to ensure the integrity, confidentiality and authentication of data communications over an IP network.

IPSec may be used in three different security domains: virtual private networks, application-level security and routing security.  IPsec is predominately used in VPNs where anonymity is a high business requirement such as is found in financial transactions, banking, etc.

It is native to IPv6 but also works with IPv4.

IPSec encapsulates and encrypts IP packet payloads and uses Tunnel mode to protect virtual private network (VPN) traffic.

IPSec includes two main components:  Authentication Header (AH) identified by protocol ID number 51 and Encapsulating Security Payload (ESP) identified by protocol ID number 50. It uses the Internet Key Exchange (IKE) over UDP port 500 to create a security association for the VPN.

IPSec technology encrypts the entire content you are sending over the network to your desired host, no matter which application you are using to send it. Such a technology requires to be implemented in the layered architecture of networking, as you want to encrypt the complete communication between two parties over wire.

IPSec is such an implementation, which encrypts the entire ip packet itself. Do not forget the fact that any application layer data (any data send by any application) is already encapsulated inside the IP packet, along with the data and headers added by transport layer. So if an IP packet is encrypted, everything is encrypted. Key features of IPSEC are mentioned below.

  • IPSec provides confidentiality in communication with the help of encryption
  • IPSec provides integrity in communication by checking data modification, which is done through message authentication codes (MAC)
  • IPSec provides authentication of both the parties in the communication
  • IPSec protects the ip packets from analysis, which means you can’t say who is communicating with whom by simply looking at the packet

The most common use of IPSec is to provide secure VPN services (Virtual Private Networks), which means you can use this technology to connect to a remote network very securely through the internet itself.

Firewalls identify IPSec ESP traffic with protocol ID 50 and AH traffic with protocol ID 51.  Similarly, you can restrict traffic to only packets encrypted with IPSec ESP using a rule that allows traffic using protocol ID 50, but blocks all other traffic.

For an excellent description of IPSec, see this article from Computing World.