Internet Protocol Security (IPsec) is a set of protocol for establishment of securing Internet Protocol (IP) communications. Safety on data was established through process of authentication and encryption of each IP packet in every communication session. At the beginning of the session, mutual authentication between agents will established and cryptographic keys to be used will arbitrated during the session. IPsec can be applied in protecting data flows not only between pair of hosts and pair of security gateway but also for between a security gateway and a host.
IPsec provided end-to-end security in the Internet Layer of the Internet Protocol Suite. It is different to other Internet security systems which is being use all over the place, such as Secure Sockets Layer (SSL), Transport Layer Security (TLS) and Secure Shell (SSH), operate in the upper layers of the TCP/IP model. Therefore, IPsec will protects any application traffic that came across in network. To use IPsec, applications do not need to be specifically designed.
IPsec uses the following protocols to allow it to perform various vital functions such as Authentication Headers (AH) is to provide connectionless integrity, data origin authentication and protection against replay attacks, Encapsulating Security Payloads (ESP) provide confidentiality, data-origin authentication, connectionless integrity and an anti-replay service (a form of partial sequence integrity) and Security Associations (SA) provide the bundle of algorithms and data that provide the parameters necessary to AH or ESP operations.
IPsec can be carry out in a pair of host transport approach, as well as in a network tunnel approach. In transport approach, only the payload of the IP packet is usually encrypted or authenticated. The routing is unharmed, since the IP header is neither changed nor encrypted. But, when the authentication header is used, the IP addresses cannot be rendered, as this will abrogate the hash