IP Security, or IPsec, has been in use for a number of years now to protect sensitive data as it flows from one location to another. The evolution of corporate communications has changed the way that private data is exchanged and maintained. Most companies have distributed resources and personnel. It is important that corporate data remains private during transit. IPsec offers a standards-based mechanism to provide such secure data transmission.
Typically, IPsec is associated with Virtual Private Networks (VPN). A VPN creates a private connection, or network, between two endpoints. This is a virtual connection because the physical means of connectivity is indifferent to the safety of the data involved. IPsec adds a layer of protection to the data that travels across the VPN.
Many years ago, wide-area network (WAN) connections between branch offices was accomplished with point-to-point (p2p) circuits. A single port of a router at one site would connect, via a provider, to a single port of a router at a remote site. The introduction of X.25, ATM, and Frame Relay introduced the virtual circuit. With this technology, one router interface could have many virtual circuits, or connections, to many other sites.
Today, practically every site has Internet connectivity. Rather than lease a p2p or virtual circuit between sites across a carrier's network, most sites simply lease access to the Internet. The ability to send data packets from one location to another is simply a matter of knowing the destination IP address.
However, due to the "open" nature of the Internet, it is not considered safe to simply send packets from one site to another. IPsec is used as a means of safeguarding IP data as it travels from one site to another. Note that IPsec can be used on any type of connectivity—not just Internet links. But IPsec is predominantly used on data that traverses insecure or untrusted networks, such as the Internet.
Was this article helpful?