IPsec, or IP security is the implementation of security and authentication based enhancements on top of the internet protocol.
Internet Protocol was not designed with security in mind, as such it lacks the inherent security to make data transmission private and authenticated. The growth of world-wide web internet was never fully realised which is why we have the problem today of migrating the rapidly exhausting IPv4 addresses to IPv6.
IPsec is a protocol suite that incorporates many different protocols to ensure maximum security over IPv4 and uses the following underpinning protocols to do so –
Authentication Headers (AH) – Authetication information placed within the header of a packet enables the receiving host to know where the packet has come from and can protect against IP replay attacks.
Encapsulating Security Payloads (ESP) – ESP protects what is called the IP payload by signing the packet and using integrity verification, however it does not protect the header of the packet unless in tunnel mode.
Security Association(AS) – Security association is a group of security focused algorithms and corresponding parameters that is implemented upon data transmission.
IP security can implemented in a host to host environment or network tunneling. One of the major differences being that tunnel mode encapsulates the entirely ‘new’ packet, with a new header. A place you might find tunneling is use in VPN(virtual private networks)