Home > Ask the Enterprise Linux Experts > Security Questions & Answers > The pros and cons of IPsec
Ask The Enterprise Linux Expert: Questions & Answers
EMAIL THIS

The pros and cons of IPsec

James Turnbull EXPERT RESPONSE FROM: James Turnbull

Pose a Question
Other Enterprise Linux Categories
Meet all Enterprise Linux Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 27 October 2005
What are the advantages and disadvantages of IPSec? How does it work?


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary


IPSec is a series of protocols that allow the secure exchange of packets at the IP layer. This is principally designed to assist in the implementation of VPNs (Virtual Private Networks) between hosts or networks.

IPSec consists of two sub-protocols: Encapsulated Security Payload (ESP) and Authentication Header (AH). ESP provides packet-level encryption using symmetric cryptography algorithms like 3DES. AH provides protection for the IP packet header. It also prevents spoofing by computing a cryptographic checksum and performing hashing on the header fields. You can use ESP and AH on their own or together. IPSec also has two modes -- transport mode and tunnel mode. Transport mode is used to directly encrypt traffic between two hosts. Transport mode only encrypts the packet itself -- not the IP header. Tunnel mode, which is used in most VPNs, creates virtual tunnels between two subnets. This mode encrypts the payload and the IP header.

The principal advantage of IPSec is that it offers confidentiality and authentication at the packet level between hosts and networks. It provides this functionality using an exchange, either manually or using a protocol called IKE, of public keys. This means, if you are sure about the security of your keys, that traffic secured with IPSec can be assumed to have come from the correct host and has not be spoofed. Therefore, the content of those packets has been secured from prying eyes and no data has been substituted.

However, IPSec has two major drawbacks. First, it relies on the security of your public keys. If you have poor key management or the integrity of your keys is compromised then you lose the security factor. The second disadvantage is performance. IPSec can add overhead to your network and application traffic, hence the use of hardware appliances such as VPN Concentrators.

You can find an excellent explanation, including theory, of IPSec functionality and a "how-to" for Linux-based IPSec here.




Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice



Linux Migration Advice: Unix-to-Linux, Windows-to-Linux
HomeNewsTopicsITKnowledge ExchangeTipsBlogsAsk the ExpertsMultimediaWhite PapersIT Downloads
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts