IP Network - Security - Overview




Let's suppose two parties try to communicate each other and at the same time they don't want those communication being hacked by others in any way.

Just in terms of communication method, they can use roughly two different method.

One is to use a dedicated line which is open only to the two parties. Communication over this path can safely protected since it is extremly difficult for any intruder to sniff into this kind of path. However, as you may easily guess.. it would be very expesive especially those two parties are located geographically very far from each other.

Another way of communication would be to use the existing internet which is almost everywhere. Since all the physical path is already there, you can communicate each other with almost no cost. But the problem is that anybody can easily hijack the communication and use it for malicious purpose. Simply put, we can say "Communication over Internet" can be "Unsafe" or "In-Secure".

Then you may ask "Is there any way to use such a open/cheep media but keep all the communication securely protected at the same time ?". That's the motivation of 'Security' algorithms... the security algorithm specially designed for IP layer communication is called 'IPSec'.

IPSec has three major subfields as shown below. Each of these fields will be the topic for this posts.



Technically AH and ESP are the algorithm designed for IPSec and IKE is a kind of protocol that is used to exchange secrete keys which will be used for AH/ESP algorithm. So AH/ESP and IKE has a little bit different functionality.



Recommended Video :



Engma Simulator