VPN Protocols

Coming from different directions and supporting different products and services, several security protocols have been in development over the last few years. We will start with one that has firmed up only recently, but will probably become nearly universal—the IPSec standard.

IPSec

Over the years as vendor after vendor labored over reinventing wheels, trying to hide IP packets in a secure protocol, people began to wonder why the TCP/IP protocol itself wasn’t updated to support authentication and encryption. That way, the network itself is secure and everything built upon it must also be secure. IPSec is the answer to this question.

The Internet Security Protocol (IPSec) is a generic structure initiated and maintained by a working group of the Internet Engineering Task Force (IETF) to provide various security services for the Internet Protocol (IP), for both IPv4 (the current standard) and IPv6 (the upcoming one). IPSec presents design goals for a top-level component-oriented structure, rather than detailing specific encryption algorithms or key-exchange methodologies.

Conceptually, IPSec was created to secure the network itself, presenting no real changes to the applications that run above it. Since the TCP/IP protocol is so ubiquitous, it is a natural evolution to produce a secure network system developed almost in parallel to the existing system. Upgrading to IPSec products and services will only enhance security, as current network-oriented applications can still be ...

Get Virtual Private Networks, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.