IPsec is a structure in which expands IP packet header it uses extra protocol numbers instead of options for the security which operates the network layer. It can also be defined as the framework which works on the protocol set for the security at the network. It is an end-to-end security plan to operate the layer of the internet protocol suite. It is not just limited to the certain applications it is compatible with any network whether it is limited like LAN or across the globe.
How IPsec Protocol works?
On every computer a local IP security policy can be configured it adds the efficiency of work but the specific hard wares are needed like if two operating systems of windows 2000 are working then the domain numbers can be used on two windows 2000 professional. One of them acts as a client and the second one behaves as a server but both should be member of the same domain otherwise it does not works. A local area network (LAN) or a WAN (wide area network) is required. A particular program specially designed to control windows 2000 server domain. In this condition IPSEC works better. It gives most authentic gateway to gateway connections in WAN in the internet based connection it uses L2TP tunnels for access. Operating systems like windows 7, windows vista windows XP, windows server 2003 and 2008 support it.
Modes of IPsec Protocol:
In IPsec there are two choices in security. And there are two modes of operation.
In this mode the whole packet is certified and a new packet is used with a new header rather than the old one. Basically this mode is used to make virtual private network when using a network-to-network communication like it happens in link sites and routers. It is also used in private chat technically known as host-to-host communication and host-to-network.
This mode is generally used in, for the communications between host to host. In this mode routing is entire because of unmodified and unscripted header usage but if the authenticated header is used then one can not translate the IP address of the computer because of unapproved hash value. Hash secures the traffic and layers of application so they can not be upgraded like it is not possible to translate port numbers. If here is host-to-host connection then it is used to protect the flow of data as well as in network to network and network to host connections.
- Internet protocol security provides privacy, makes it more authentic and anti-replay protection for network traffic.
- In client-to-client server it provides complete security
- In IPsec transport mode it provides complete security in server-to server and client-to-client.
- In wide area network (WAN) and the connections based on internet it provides full privacy.
- It can be used in all sizes networks like LAN (local area network) and global networks.
- Things like applications, protocols which carry low level data, users and transporting technology performance does not effect because it works on low level of network.
Though it is very useful and it has revolutionized the sector still it has some disadvantages.
- Most of the operating system kernels do not allow direct manipulation of IP headers hence it requires operating system support.
- It is very complex because it has lots of options and features which opens the gates of the chances of a hole and a shortcoming.
- If there are great replay attacks then IPsec becomes weak against it.
- If the firewall is not used along the IPsec it creates problem because it burns the role of firewall.