IPSec is the IP Security Protocol Working Group. It is defined by RFCs 1825 through 1829. RFC 1825, 1826, and 1827 are replaced by RFCs 2401, 2402, and 2406 respectively. IPSEC services are implemented at the IP network layer. Therefore protocols Using IP or above are protected. IPSec provides:
- Host to Host
- Gateway to gateway.
IPSEC uses two channels:
- Key exchange channel - UDP to/from port 500
- Data channel
IPSEC uses one of more of the following:
- Authentication Headers (AH) - RFC 2402
- Encapsulation Security Protocol (ESP) header - RFC 2406
- Key Exchange (ISAKMP) - RFC 2408
Since IPSEC is designed to be able to use various security protocols, it uses Security Associations (SA) to specify the protocols to be used. SA is a database record which specify security parameters controlling security operations. They are referenced by the sending host and established by the receiving host. An index parameter called the Security Parameters Index (SPI) is used. SAs are in one direction only and a second SA must be established for the transmission to be bi-directional.