Overview
On the Internet, most data is transmitted in plain text, causing potential security risks. For example, bank accounts and passwords may be intercepted or tampered, user identities may be counterfeited, networks may be attacked. IPSec can protect transmitted IP packets, reducing risks of information leakage.
Internet Protocol Security (IPSec) is a security protocol suite defined by the Internet Engineering Task Force (IETF). IPSec secures data transmission on the Internet through data origin authentication, data encryption, data integrity check, and anti-replay functions.
- Data origin authentication: The receiver checks the validity of the sender.
- Data encryption: The sender encrypts data packets and transmits them in cipher text on the Internet. The receiver decrypts or directly forwards the received packets.
- Data integrity check: The receiver validates received data to check whether the data has been tampered.
- Anti-replay: The receiver rejects old or duplicate packets, preventing malicious attacks initiated by resending obtained packets.
In Figure 19-1, IPSec VPN allows users to connect to the VPN over the Internet in any mode with no geographical limitations. IPSec VPN applies to the access of mobile office users and partners, and is used for communication between enterprise branches.
Previous
