Please Whitelist This Site?
I know everyone hates ads. But please understand that I am providing premium content for free that takes hundreds of hours of time to research and write. I don't want to go to a pay-only model like some sites, but when more and more people block ads, I end up working for free. And I have a family to support, just like you. :)
If you like The TCP/IP Guide, please consider the download version. It's priced very economically and you can read all of it in a convenient format without ads.
If you want to use this site for free, I'd be grateful if you could add the site to the whitelist for Adblock. To do so, just open the Adblock menu and select "Disable on tcpipguide.com". Or go to the Tools menu and select "Adblock Plus Preferences...". Then click "Add Filter..." at the bottom, and add this string: "@@||tcpipguide.com^$document". Then just click OK.
Thanks for your understanding!
Sincerely, Charles Kozierok
Author and Publisher, The TCP/IP Guide
|
NOTE: Using software to mass-download the site degrades the server and is prohibited. If you want to read The TCP/IP Guide offline, please consider licensing it. Thank you.
|
|
|
|
IP Security (IPSec) Protocols
One of the weaknesses of the original
Internet Protocol is that it lacks any sort of general purpose mechanism
for ensuring the authenticity and privacy of data as it is passed over
the internetwork. Since IP datagrams must usually be routed between
two devices over unknown networks, any information in them is subject
to being intercepted and even possibly changed. With the increased use
of the Internet for critical applications, security enhancements were
needed for IP. To this end, a set of protocols called IP Security
or IPSec was developed.
In this section I provide a brief
description of IPSec concepts and protocols. I begin with an overview
of IPSec, including a discussion of the history of the technology and
defining standards. I describe the main components and protocols of
the IPSec suite, and its different architectures and methods for implementation.
I then move to actually discussing how IPSec works, beginning with a
description of the two IPSec modes (transport and tunnel) and how they
differ. I describe security associations and related constructs such
as the Security Parameter Index (SPI). The last three topics cover the
three main IPSec protocols: IPSec Authentication Header (AH), IPSec
Encapsulating Security Payload (ESP) and the IPSec Internet Key Exchange
(IKE).
Note: IPSec was initially developed with IPv6 in mind, but has been engineered to provide security for both IPv4 and IPv6 networks, and operation in both versions is similar. There are some differences in the datagram formats used for AH and ESP depending on whether IPSec is used in IPv4 and IPv6, since the two versions have different datagram formats and addressing. I highlight these differences where appropriate. |
Note: There are many subjects in this Guide that are so involved that many large books have been written about them. Security on IP networks and IPSec is definitely in this category. Due to the already large size of this Guide and the complexity of IPSec, I can only provide here a very limited description of how it works. For more comprehensive information you will need to supplement with a reference specific to this technology. |
Quick navigation to subsections and regular topics in this section
|
If you find The TCP/IP Guide useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider purchasing a download license of The TCP/IP Guide. Thanks for your support! |
|
|
Home -
Table Of Contents - Contact Us
The TCP/IP Guide (http://www.TCPIPGuide.com)
Version 3.0 - Version Date: September 20, 2005
© Copyright 2001-2005 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.
|