While the Internet is inherently insecure, businesses still need to preserve the privacy of data as it travels over the network. To help do that, the Internet Engineering Task Force an international group of network designers, operators, vendors and researchers concerned with the evolution of Internet architecture has developed a suite of protocols called Internet Protocol Security (IPsec).
IPsec creates a standard platform to develop secure networks and electronic tunnels between two machines. Secure tunneling via IPsec creates circuitlike connections in a network through which data packets can move. It creates these tunnels between remote users and within a local network. It also encapsulates each data packet in a new packet that contains the information necessary to set up, maintain and tear down the tunnel when it's no longer needed.
Encryption is used to ensure the confidentiality, integrity and authenticity of the two end points in the private network. The Internet Key Exchange (IKE), an application-layer protocol, authenticates each peer in an IPsec transaction. IKE negotiates security policy, determining which algorithm may be used to set up the tunnel. It also handles the exchange of session keys used for that one transaction.
Networks that use IPsec to secure data traffic can automatically authenticate devices by using digital certificates, which verify the identities of the two users who are sending information back and forth. IPsec can be an ideal way to secure data in large networks that require secure connections among many devices.
Users deploying IPsec can secure their network infrastructure without affecting the applications on individual computers. The protocol suite is available as a software-only upgrade to the network infrastructure. This allows security to be implemented without costly changes to each computer. Most important, IPsec allows interoperability among different network devices, PCs and other computing systems.
Will Wilgus, CEO of Slocum & Spray, a security consultancy in Ardsley, New York, says that, as with any encryption system, information technology managers must evaluate IPsec on its technical strengths and determine how well it fits into their organizations. He says IT managers must also evaluate the protocols used within their organizations, such as user identification and key management. In addition, he says, managers should look at the algorithms used with IPsec and provisions for message integrity and sender authentication.
IPsec is also useful when setting up remote users. These workers can use an IPsec client on their PCs in combination with other secure tunneling protocols such, as Layer 2 Tunneling Protocol, to connect back to the network. This reduces the cost of remote access and offers greater security than is possible over dial-up lines.
The International Computer Security Association (ICSA) in Reston, Virginia, is running IPsec interoperability tests for an extranet project of the Automotive Industry Association Action Group's Automotive Network Exchange. The ICSA (http://www.icsa.net) posted a list of IPsec-compatible products that meet its interoperability specifications.
Wilgus warns that IPsec alone isn't enough. Simply because it will be a standard, merely using IPsec-compliant software will not solve your security problems, he says.
DEFINITION
Internet Protocol Security (IPsec) is a suite of protocols used for secure private communications over the Internet. The proposed suite of IPsec protocols would create a standard platform for securing IP connections on private networks.