< Back to Article List
By: Laura Taylor
June 13, 2002
Internet Protocol Security (IPSec) is a collection of standards that was designed specifically to create secure end-to-end secure connections. The standards were developed by the Internet Engineering Task For (IETF) to secure communications over both public and private networks, though it is particularly beneficial to public networks. In this article I'll explain to you some of the fundamentals of IPSec, how it is used, and what products use it.
IPSec is a bundle of protocols and algorithms and is a flexible framework that allows vendors who build it into their products to select the algorithms, keys, and authentication methods they want to use. One should assume that two different implementations of IPSec are not necessarily the same as far as protocols and algorithms go.
The bundle of protocols, hashing, and encryption algorithms used in IPSec include:
Though I won't be discussing these protocols and algorithms in much detail in this article, I have noted them in the event that you may want to research these individual components of IPSec yourself. To understand IPSec better, the two protocols worth understanding first are AH and ESP. AH is used to authenticate users, and ESP applies cryptographic protections that provide authentication, integrity, and confidentiality of messages.
There are two modes of operation for IPSec: transport mode and tunnel mode. In transport mode, only the payload of the message is encrypted. In tunnel mode, the payload, the header, and the routing information are all encrypted. Needless to say, using IPSec is transport mode is far more risky that using it in tunnel mode.
IPSec VPNs are network connections that are based on public and private key cryptography. Users of IPSec implementations are issued public keys and private keys that are associated with their respective identity. When a message is sent from one user to another, it is automatically signed with the user's private key. The receiver uses the sender's public key to decrypt the message. VPN endpoints essentially act as databases that manage and distribute keys and security associations in similar ways that a Certificate Authority (CA) does.
Benefits of IPSec
Limitations of IPSec
IPSec session hijacking can occur when an authenticating header is not used. In this type of attack, malicious data can be insert into the payload, say an rm -r command (on a Unix system) that would remove every file on the recipient filesystem.
Because IPSec traffic is routable, IPSec implementations may also be susceptible to source routing exploits, depending on security safeguards (or lack thereof) that have been put in place on the routers over which it travels. When used in tunnel mode, IPSec is not as vulnerable to routing exploits since the routing information is encrypted.
Steve Bellovin of AT&T Research has pointed out that many of the weaknesses of IPSec are inherent to the limitations of the encryption modes used in the implementation (*1). One can conclude that if the embedded encryption modes used in the IPSec framework were stronger, IPSec would be more secure.
Though IPSec is currently not part of IPv4, it is part of IPv6. The good news is that some of the weaknesses in IPSec have been corrected in IPv6. In IPv4, fragmentation fields in the IP header are allowed to change. In IPv4, when IPSec is used in transport mode, a hacker could potentially intercept a packet, change the fragmentation field introducing malicious data, and then insert the packet back into the data stream. In IPv6, intermediate routers are not supposed to allow packet fragmentation.
IPSec Technology Challengers
SSL was originally designed by Netscape to secure (HTTP) traffic passing through web browsers and is a session layer protocol. Unlike IPSec, SSL is based on a client/server model and is typically used for host-to-host secure transport. Because IPSec works at the network layer, it can be used to secure subnet-to-subnet, network-to-network, or network-to-host communications. This means that IPSec traffic can be routed, while SSL traffic cannot.
While many people see SSL as a technology competitor to IPSec, this view is not entirely accurate. In most cases, IPSec and SSL are used to solve different types of problems. Also, while IPSec based connections require a substantial amount of planning and implementation time, SSL implementations are relatively quick to use, and sometimes require no planning at all, depending on what browser someone might be using and how it is currently configured.
IPSec Market Implications
Signature based intrusion detection systems can only work on unencrypted links making them virtually unusable on IPSec based connections. Host-based intrusion prevention systems work just as you would expect them to in an IPSec based infrastructure, since host-based intrusion prevention systems are not implemented on network links. Since IPSec and network based intrusion detection systems cannot interoperate with each other, the adoption of wireless networks will likely create less demand for network based intrusion detection systems, and more demand for host based intrusion prevention systems.
While some vendors see IPSec and SSL going head-to-head to solve security problems, they actually both have their own place in the world of information technology infrastructure.
Products that Use IPSec
|Copyright 1997-2015 Relevant Technologies. All rights reserved | Legal and Privacy | Sitemap
Email: email@example.com | Tel: 240.786.4858 | Fax: 855.451.5466 | 8160 Maple Lawn Blvd, Suite 200, Fulton, MD 20759