Another very important topic to VPN administrators is the IETF IPSec project, which is a working group committed to the design requirements necessary for Internet Protocol security. IPSec provides cryptographic security methods to undergird authentication, integrity, access control, and confidentiality. Current thoughts on the implementation of IPSec will include both the IPv4 realm and the newer IPv6 one. For the greatest flexibility, the specific protocol formats are independent of the cryptographic algorithms used to protect the data.
Most of the VPN implementations that we cover in this book all use a software, host-based encryption scheme, which places the bulk of the burden to protect the data right on a person’s desktop. The goals of IPSec coincide nicely with those of future VPNs: to elegantly integrate the security underpinnings used to protect privacy with routing machinery and to provide security in a simple way to an entire class of hosts or networks. Further, by utilizing authentication and access control, a true VPN can be established between almost any two devices or subnets without the need for specialized software, configuration, and firewalling.
The best place to read up on the continued work done on IPSec is the IETF’s web site at http://www.ietf.org/html.charters/ipsec-charter.html.