Overview
Français
ABSTRACT
Where the communication of a company is carried out via a public network it is important to remain extremely cautious. In order to address this safety issue, the Ipsec protocol, the secured version of IP appears to be the most comprehensive solution meeting the largest amount of scenarios. The compatibility issues of the IPsec suite with basic mechanisms are presented in this article. The use made of IPsec in order to secure the VPNs in the case of the interconnection of remote private networks and of remote access are also detailed.
Read this article from a comprehensive knowledge base, updated and supplemented with articles reviewed by scientific committees.
Read the articleAUTHOR
-
Maryline LAURENT-MAKNAVICIUS: Professor GET/INT, Institut national des télécommunications, Evry
INTRODUCTION
To facilitate inter- and intra-company communications, and thus improve business relations and productivity, many companies are looking for efficient, secure communication tools. Companies generally subscribe to VPN (Virtual Private Network) services from specialized companies (Internet service providers, operators, etc.).
In the future, these companies would like to offer their employees even greater flexibility, enabling them to communicate with any type of equipment (controlled, of course), anywhere and even on the move. Today, the techniques associated with mobility and security do not offer such flexibility, but the scientific community is working on it.
Whenever a company's communications are routed over a public network, it's important to be extremely cautious. Indeed, what is the proof that these exchanges will not be subject to eavesdropping during transfer, and that their content will not be revealed to a third party? This is just one of the many forms that industrial espionage can take.
What's more, what's to ensure that the traffic received actually comes from the declared terminal, and not from a malicious terminal that has usurped the identity of a legitimate terminal? This last question is all the more problematic as, in the long term, it is highly likely that users will be able to connect to their corporate network from any type of terminal.
The IPsec (IP security) protocol, the secure version of IP, is the most comprehensive solution for this security issue, covering the widest range of scenarios.
This protocol, standardized by the IETF, makes it possible to authenticate communicating entities, ensure the authenticity, integrity and confidentiality of exchanged data, and maintain an acceptable level of security throughout connections, by periodically updating security parameters. IPsec is widely used today, in a VPN context, to secure the interconnection of remote private networks and, to a lesser extent, to secure remote access by a nomad to his or her private corporate network. On this latter point, IPsec is competing with SSL (Secure Socket Layer) VPN.
If this trend continues, operators' network infrastructures should gradually evolve towards "all-IP", and the IPsec solution should see new uses.
This file describes the IPsec protocol suite, in particular the three sub-protocols: AH (Authentication Header), ESP (Encapsulating Security Payload), and...
The Ultimate Scientific and Technical Reference
This article is included in
Networks and Telecommunications
This offer includes:
Knowledge Base
Updated and enriched with articles validated by our scientific committees
Services
A set of exclusive tools to complement the resources
Practical Path
Operational and didactic, to guarantee the acquisition of transversal skills
Doc & Quiz
Interactive articles with quizzes, for constructive reading
IPsec protocol suite for VPNs and mobility
Safety issues and initial responses
Bibliography
The Ultimate Scientific and Technical Reference
