Networking / Beginners

IP and IPSEC

IPsec provides security services for either IPv4 or IPv6, but the way it provides those services is slightly different in each. When used with IPv4, IPsec headers are inserted after the IPv4 header and before the next-layer protocol header.

IPv6 simplifies header processing: Every IPv6 packet header is the same length, 40 octets, but any options can be accommodated in extension headers that follow the IPv6 header. IPsec services are provided through these extensions.

The ordering of IPsec headers, whether within IPv4 or IPv6, has significance. For example, it makes sense to encrypt a payload with the ESP Header and then use the Authentication Header to provide data integrity on the encrypted payload. In this case, the AH Header appears first, followed by the ESP Header and encrypted payload. Reversing the order, by doing data integrity first and then encrypting the whole lot, means that you can be sure of who originated the data but not necessarily certain of who did the encryption.

[Previous] [Contents] [Next]

In this tutorial:

  1. IP Security
  2. IP Security Issues
  3. Security Goals
  4. Encryption and Authentication Algorithms
  5. Symmetric Encryption
  6. Public Key Encryption
  7. Key Management
  8. Secure Hashes
  9. Digital Signature
  10. IPSEC: The Protocols
  11. IP and IPSEC
  12. Security Associations
  13. Using Security Associations
  14. Tunnel and Transport Mode
  15. Encapsulating Security Payload (ESP)
  16. Authentication Header
  17. Calculating the Integrity Check Value (ICV)
  18. IPsec Headers in Action
  19. Implementing and Deploying IPSEC