Overview and Objectives

This chapter covers the basic topics of the IPSec protocol. IPSec is not a protocol per se, but rather a suite of protocols used to secure data as it traverses an untrusted network. For example, if we want to get confidential data from Los Angeles to New York, we can send the data via email, but email crosses the network in plaintext, which means anyone listening on the wire can obtain our confidential data. What we need to do is garble the data right before we send it and have some way to reconstruct the data on the opposite end. That is the basis of encryption . Encryption garbles the data to create ciphertext , which is what we call the meaningless data after it has been encrypted. The peer at the other end decrypts the ciphertext to its normal text state. To encrypt this data, both ends need to agree on an encryption key to use. This is where IPSec comes in handy. Encryption is easy to implement because the algorithms are well established, but creating and sharing the encryption key is difficult to perform in a secure manner.

Most of IPSec is designed to secure the creation and exchange of encryption keys. But that's not all: IPSec also performs integrity checks on our encrypted data. In this way, we can be sure that our ciphertext has not been modified while in transit. Even though people cannot read our ciphertext, that doesn't mean they cannot modify it. Integrity checks make sure that we receive the data in exactly the same form as it was sent.

IPSec defines many protocols to help secure keys and data as they traverse the network. We discuss these protocols throughout this chapter.