📖 What is Internet Protocol Security (IPsec)?
Internet Protocol Security (IPsec) is a suite of protocols used to secure IP communications by authenticating and encrypting each IP packet in a communication session. It operates at the Network Layer (Layer 3) and supports both Transport and Tunnel modes.
"Pay close attention to the difference between Transport mode (host-to-host) and Tunnel mode (gateway-to-gateway), as this is a common point of confusion on the exam."
📚 Certification: Certified Information Systems Security Professional (CISSP)
🔑 What are the Key Concepts of Internet Protocol Security (IPsec)?
- ▸ Authentication Header (AH) provides connectionless integrity and data origin authentication, ensuring packets aren't tampered with, but it does not provide confidentiality through encryption.
- ▸ Encapsulating Security Payload (ESP) offers confidentiality via encryption, while also providing optional authentication and integrity, making it the primary choice for secure VPNs.
- ▸ Internet Key Exchange (IKE) automates the negotiation of security associations (SAs) and the secure exchange of session keys using the Diffie-Hellman algorithm.
- ▸ Transport Mode encrypts only the IP payload, keeping the original IP header visible, which is typically used for host-to-host communication.
- ▸ Tunnel Mode encapsulates the entire original IP packet within a new IP header, effectively hiding the internal network topology in gateway-to-gateway VPNs.
🎯 How does Internet Protocol Security (IPsec) appear on the CISSP Exam?
You may be asked to identify the correct IPsec protocol when a requirement specifically calls for data confidentiality and encryption between two remote offices.
A scenario might describe a site-to-site VPN implementation; you will need to determine if Tunnel mode or Transport mode is appropriate for hiding internal IP addresses.
Expect questions comparing IPsec to SSL/TLS, where you must identify that IPsec operates at the Network Layer to secure all traffic between hosts.
❓ Frequently Asked Questions
What is the primary difference between IPsec and SSL/TLS in a VPN context?
IPsec operates at Layer 3, requiring specialized client software for full network access, whereas SSL/TLS operates at the Application/Transport layers and is typically clientless via a web browser.
Why would a designer choose AH over ESP?
AH is used when only integrity and authentication are required without the overhead of encryption, though ESP is generally preferred as it can provide both.
What is a Security Association (SA) in IPsec?
An SA is a one-way logical connection that defines the security parameters, such as encryption algorithms and keys, agreed upon by two peers to communicate securely.